Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:And this is good why? (Score 2) 150

by hankwang (#48809289) Attached to: Wireless Keylogger Masquerades as USB Phone Charger

"the claim that this can work against all Microsoft Wireless Keyboards is 100% BS, and has been since 2007, when the issue was first uncovered; covered in depth by Schneier, and remedied in all versions of the Microsoft Wireless Keyboard created since then, which use at minimum 128-bit AES; NOT XOR."

The only meaningful hits on 'schneier microsoft wireless keyboard' is just a few broken links to a Dreamlab study: http://www.google.com/search?q...,

Those were using a 27 MHz transmitter (near field, i suppose) and an association process that at least uses a different xor key each time. TFA claims that the newer 2.4 GHz keyboards always use the same xor key, 0xCD. TFA mentions at least two recent keyboard models that use this protocol. (Maybe I overlooked other ones)

It seems that there is only the MS "2000 AES for business" keyboard that is explicitly marketed as using AES. http://www.microsoft.com/hardw...

Comment: Re:Hope the muslims win then. (Score 1) 329

There are a few of them that grew up exactly like that. They show little difference with the rest of the politicians. Why? Because if they got to their position, anyone can, and those who don't become part of the 1% are clearly just lazy moochers.

Being poor in the US is either a temporary embarrassment or proof of being a bad person. It's quite amazing how alive Calvinism is in the US.

Comment: Re:Who gives a fuck (Score 5, Insightful) 104

by Mr_Silver (#48791947) Attached to: Chrome For OS X Catches Up With Safari's Emoji Support

I consider then harmful.
I suspect Emoji are like those smileys with mustaches, beer steins, and birthday cakes that show up in skype chat. I hate that garbage. Many a time, I write a sentence that contains a parenhtesis, using grammar correctly, and then my message comes across as some random retarded shit sprinkled with smileys. I have a hard enough time avoiding typos, I don't really need the client mucking it up even worse.

That's not the fault of Emoji, that is the fault of the client replacing things like ":)" and ";P" with pictures in order to simulate Emjoi.

As bizarre as it sounds, you actually want to be embracing the support of Emoji! This is because all the searching and replacing logic (which, as you rightly pointed out, tends to make unwanted changes to your text) is now redundant and can be removed by the developers.

The net result is that people can still insert smileys with moustaches, beer steins, and birthday cakes and you can still type grammatically correct messages (or code) without fear of them being replaced with pictures. A win for everyone.

Comment: Re:"which had 12 people killed." WTF? (Score 2) 512

by hankwang (#48769053) Attached to: Publications Divided On Self-Censorship After Terrorist Attack

"Turkey -- 99.8% Muslim"

Where did you get that number? Walk around in a big city and you will see less than 50% of the local women wearing head scarves, in most neighborhoods. In some places, it's less than 10%.

Turkey does register most citizens as "muslim" as a default value, unless they are christian or jewish, but it has little to do with the beliefs of those citizens. Many Turks are atheistic (and utterly despise the present muslim government).

Source: my Turkish S.O., who has "Islam" in her passport despite coming from a family that has been secular for several generations.

Comment: RC4, how weak is it? (Score 4, Informative) 148

by hankwang (#48755887) Attached to: Tips For Securing Your Secure Shell

TFA: "... RC4 are broken. Again, no need to wait for them to become even weaker, disable them now."

Is that really so? I think RC4/arcfour is only known to leak secret data in the first 2 KB of the cipher stream, and for that reason SSH will simply feed it 2 KB or so of garbage data before encrypting the actual payliad. Or am I mistaken?

RC4 has a big advantage: it is by far the fastest cipher, which is relevant if you want to do large file transfers over slowish hardware (home-grade NAS, Raspberry Pi, old Atom CPU, etc.).

Comment: Oh dear (Score 1) 391

by Mr_Silver (#48746635) Attached to: Sony Thinks You'll Pay $1200 For a Digital Walkman

At some point, my iPod Classic is going to bite the dust and I'd love something that is a similar size that can store my large music (and video) collection and have a decent battery life.

This could have been it, but with an old version of Android and a stupid price point, I think I'll pass. Hopefully they'll come up with something that is less audiophile and more useful for the masses.

Comment: Re:No... (Score 1) 598

by Mr_Silver (#48739177) Attached to: Tumblr Co-Founder: Apple's Software Is In a Nosedive

But they are right about the software, never has it been more insecure and more geared towards grabbing up your data and marketing/profiting from it.

The only thing I can think of that involves "grabbing up your data and marketing/profiting from it" would be iAd and that's hardly a large part of Apple.

What's your proof that Apple are making a massive play to slurp up your personal data and use it in the way Google would?

Comment: Partial solution (Score 1) 598

by Mr_Silver (#48738389) Attached to: Tumblr Co-Founder: Apple's Software Is In a Nosedive

Part of the solution would be for Apple to decouple application updates from operating system updates.

I see no reason why a bug fix to Safari (of which there are plenty required) has to be delivered in the same way as an iOS update when they already have a perfectly good app updating mechanism (the App Store). Plus customers are used to apps updating frequently and automatically, adding Apple to the mix isn't going to be something strange for them.

Comment: Re:Give the man some slack (Score 2) 119

by hankwang (#48726933) Attached to: Bots Scanning GitHub To Steal Amazon EC2 Keys

The mistake he made was not understanding the tools he was using. (...) Signing up for a service and then using it without reading the documentation is foolish.

I assume that you also blame the subprime borrowers for signing a contract that they didn't fully understand without putting most of the blame on the banks that knew damn well what they were doing?

The fact that one person can be blamed for a mistake due to lack of experience does not mean that there is not someone else (i.e., Amazon and the people who actually abused the keys) who deserves a lot more blame.

What this country needs is a good five cent ANYTHING!