Follow Slashdot stories on Twitter


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Tipping point? (Score 1) 16

Platter technology will end up being pushed to the NAS/SAN, which is why WD is making their red line of drives.

Perhaps HDDs, now that speed and capacity are secondary, they will start evolving down the path of reliability, perhaps replacing tape as an archival medium.

NAS drives are going to be a big market, especially with devices like Apple's new MacBook with limited expansion capability, so people will use WiFi Direct hard drives as their main backup source, as opposed to USB drives. In this use, capacity is limited on the MacBook, and speed is limited, so drive makers (hopefully) will end up working on leapfrogging each other for reliability and security.

Comment: Re:Safe from the bearded evil ones (Score 1) 625

by Grishnakh (#49350227) Attached to: Germanwings Plane Crash Was No Accident

Where? Unless you're like the other responder trying to paint our governments as "terrorists" (which has merit, I'll concede, but it's really beside the point, we're talking about non-state actors here), I can't think of very many still operating. The IRA in Ireland really isn't a problem any more (I haven't heard of any car bombings there in ages), the Tamil Tigers in Sri Lanka seem to have gone away (plus, they were highly focused, and only attacked targets in Sri Lanka or nearby southern India; they didn't run around hijacking airplanes all over the planet), and that's really all I can think of. All the other groups called terrorists by some government are Islamic.

There have been some lone-wolf nutjobs here and there, but it's inaccurate to call them "terrorists" IMO. Terrorists are people who are part of some kind of group which is pushing an ideology, and to further that goal use violent attacks to terrorize civilians in countries they have an issue with. Some lone nutjob shooting up a school is not part of a network of people. Even someone like Timothy McVeigh really wasn't a true terrorist, he had one buddy and decided to attack a government building because he was mad at the government for some reason. He wasn't part of any kind of organization with any socio-political goals. Same goes for the Unabomber, he was just a nutjob thinking he was making some kind of change by assassinating people through the mail. When you look at groups like the IRA, LTTE, Al Qaeda, ISIS, Boko Haram, etc., these are pretty large (relatively) organizations, with dozens or hundreds of members or more (ISIS has tens of thousands), clear leadership and structure, clear goals, etc. They aren't just some lone guy with mental problems who lives as a hermit. There's a really big difference.

Comment: Re:Prepare to restore from backup often (Score 1) 119

by mlts (#49350169) Attached to: Generate Memorizable Passphrases That Even the NSA Can't Guess

I have a third option: An admin passphrase that is a lot longer than my user passphrase, but had more retry attempts. That way, if the short passphrase gets typoed, I can still unlock the device with the admin one.

You are right about backups... that is why I have three of the USB tokens, just in case.

Comment: Re:Why SSD in a "do-nothing" PC ? (Score 1) 16

Had a similar choice when giving a laptop to a relative. I went SSD instead of SSHD because SSDs are physically more resistant to shock.

However, if given the choice with a desktop... I'd probably still use SSD, just because when I delete a file and fstrim the drive, the file is -gone- for good, since the drive controller will come around, write "1"s to all the pages that file used and call it done. Of course, keeping good backups when using SSDs is wise, just due to this exact thing.

+ - Amazon Requires Non-Compete Agreements...For Warehouse Workers

Submitted by Rick Zeman
Rick Zeman (15628) writes "Amazon, perhaps historically only second to NewEgg in the IT nerdling's online shopping heart, not only has treated their warehouse workers to appalling working condtions, but they're also making them sign a non-compete agreement for the privilege. Excerpt from the agreement:
During employment and for 18 months after the Separation Date, Employee will not, directly or indirectly, whether on Employee’s own behalf or on behalf of any other entity (for example, as an employee, agent, partner, or consultant), engage in or support the development, manufacture, marketing, or sale of any product or service that competes or is intended to compete with any product or service sold, offered, or otherwise provided by Amazon (or intended to be sold, offered, or otherwise provided by Amazon in the future)...."

Comment: Re:Yes, but.... (Score 2) 117

by khasim (#49349791) Attached to: Generate Memorizable Passphrases That Even the NSA Can't Guess

Let's be a bit more specific about that.

If they're restricting the length to something like 8 or 12 or 16 instead of 128 or 256 then they are PROBABLY not hashing the passwords.

Which means that your password is PROBABLY being stored in plain text (or possibly encrypted). NEITHER of which are acceptable methods today.

Comment: Re:change your username (Score 1) 117

by khasim (#49349671) Attached to: Generate Memorizable Passphrases That Even the NSA Can't Guess

Seconded on the different email addresses. And you don't have to own your own domain for that. Just make some random'ish gmail account and use that ONCE for more secure requirements (like your bank).

The trick is to prepare them in advance. And write them down in a PHYSICALLY secure location.

If you're using the same email account for your bank as you use on Facebook then your security could be improved.

Comment: Re:Black and White (Score 1) 118

by khasim (#49349595) Attached to: German Auto Firms Face Roadblock In Testing Driverless Car Software

Well because the mass amount of data that would be grabbed in the event of an accident would far overshadow a reasonable amount of capture memory during normal driving, which would utilize a lesser set of sensors and maybe lower grade video, which didn't have to factor into the explanation for the accident.

256GB of flash is just over $100 right now. Storage is not a problem. Even AIRCRAFT do not have a problem with storage and they have a LOT more data to store.

Step 2 would include choices such as hit the breaks if it would work. I just used summary steps to make it easy to understand.

Taking power from the engine is NOT the same a braking.

Taking your foot off the gas is NOT the same as stepping on the brake.

Seriously. Try it on a hill. You might end up going FASTER at the bottom of the hill than at the top.

Your plates store information about your car, hence you know from looking the number up, everything to know about the car via reference lookup.

Make/model/year/VIN/owner/owner's address. And maybe whether it passed inspection or not.

How will knowing the VIN tell you anything about hitting it?

Or the owner's address?

Or the owner's name?

Or any of the other information?

And what happens when the site you're trying to use to look up that useless information is slow?

Comment: Re:Still not allowed by many places. (Score 1) 119

by mlts (#49349543) Attached to: Generate Memorizable Passphrases That Even the NSA Can't Guess

I wonder if the ideal password manager would be one that would use a typed in password as a seed/IV (hash a seed and the sitename), with exceptions stored for sites which don't allow passwords generated with that tool to work. Some sites require a number, a capital letter, lower case letter, a symbol (well, not all symbols work), or some other random, annoying combination of the above.

Of course, the ideal password manager would store the password database with a master volume key, then each device accessing it would have the MVK encrypted to its public key. This way, if someone wants to add a device, they just allow access on another device. If someone wants to remove access, it is doable, but it would be wise to re-encrypt the DB to a new key for security. This is how PGPDisk did its encryption, and it completely deters brute-forcing, should someone get access to the data stored on the cloud, since there is no password, so the attacker has to deal with the entire key's keyspace.

Since the private key is on the device, the user just needs a PIN to unlock (with a timeout after too many wrong attempts), rather than a longer passphrase. Both iOS and Android have secure storage (KeyChain for example) which makes this easy to implement securely.

Comment: Re:Bummer (Score 1) 178

by K. S. Kyosuke (#49349519) Attached to: RSA Conference Bans "Booth Babes"
Described what? Like this? "Esp. of a woman: sexually promiscuous or provocative, esp. in a manner regarded as vulgar or distasteful.". So you're injecting your subjective views into what looks mean and attaching a value judgement into that. How is saying that someone looks distasteful not prescribing is beyond me.

Comment: Re:Memorizing site-unique passwords isn't possible (Score 5, Informative) 119

by mlts (#49349459) Attached to: Generate Memorizable Passphrases That Even the NSA Can't Guess

I prefer 2FA when possible. Even a very tough password means nothing if by some means, it gets sniffed by some keylogger, or the password database on a cloud provider gets brute-forced.

For storage where one is using a passphrase for encryption, as opposed to authentication, I like using cryptographic tokens. TrueCrypt used to work with a PKCS#11 library so I could store a keyfile on a set of Aladdin/SafeNet eTokens. This not just made the key immune to brute force guessing... someone who physically possesses the token has three guesses of my unlocking passphrase before the token locks itself forever and zeroes out the stored keyfile. This also works with Symantec's PGP version, except that generates a public/private keypair, the private keypair always remaining on the token, while the public part is used for the file/drive encryption.

If 2FA isn't possible, then as above, some mechanism to help with password reuse is very wise. This is useful just in case some website decides to store passwords in plain text, so a person's secure "correct horse battery staple" is now compromised and added to every blackhat's brute forcing library.

The perversity of nature is nowhere better demonstrated by the fact that, when exposed to the same atmosphere, bread becomes hard while crackers become soft.