Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Not so fast (Score 1) 111

by jeffmeden (#49384961) Attached to: World's Largest Aircraft Seeks Investors To Begin Operation

I wonder how it would survive a missile strike. OK, the helium is not going to explode, but if it leaks out through a big hole in the hull, you're going to go down anyway. You'll need lots of compartments to limit that, and those compartments would add quite a lot of weight.

They probably mean that a missile strike is basically the missile shooting through one side and out the other since the skin isn't thick enough to trigger a detonator. A small missile sized hole is enough to down it, but not very fast.

Comment: Re:I find author's "facts" dubious (Score 1) 338

by jeffmeden (#49380363) Attached to: Why America's Obsession With STEM Education Is Dangerous

In developing countries, the upper half (maybe) can afford it, but the lower half live without even reliable electricity, much less a computer to grant them access to rich information/education/entertainment/etc.

While I largely agree with you, what I have seen also is that our [western] definition of development isn't necessarily other people's definition.

Case in point: We may be really technologically developed but the way of life that comes with the development has also brought with it serious issues of mental illness and a breakdown in family. I remember being in one village and the elders there told me categorically, that they do not need electricity or running water. It *IS* their choice. I was baffled! The business of refrigeration was foreign to them though some liked it.The elders were not sure how to service the equipment after we left. They didn't like the whole concept of relying on other people's tech. So, values are different.

I see a problem for us Americans. With Russia's lead, some Asian countries are beginning to conduct trade without the dollar. If this spreads, we as USA are done. The days of dominating currency markets won't last for ever. That will be ugly.

So, you think it's the mark of an advanced society that allows for parts of itself to be community oriented and reject technology? We've got plenty of that in the US.

And Russia leading a currency revolution? I spit coffee on the keyboard, thanks for that. The ruble is worth less than 2 cents, and dropping as we speak. Russia isn't leading anything but their own fading influence.

Comment: Re:I find author's "facts" dubious (Score 4, Insightful) 338

by jeffmeden (#49379661) Attached to: Why America's Obsession With STEM Education Is Dangerous

From the linked piece...

And yet over these past five decades, that same laggard country has dominated the world of science, technology, research and innovation.

When I travel especially in Asia, (read China, South Korea, Singapore etc), I find better employment of technology than in USA right from the airport! This technology isn't necessarily American at all!

What I find we Americans have, is the view that we are at the epitome of the best. You can't compare the subway system in NY to that in Shanghai in terms of deployed tech for example! NY is in the dark ages. I know because engineers from NY go to Shanghai to "learn" how things are done on such scale.

The Koreans have come to dominate ship building not using western tech, but their home grown solutions to enormous problems.

What I find is that we in America are really one confident lot, right from school kids. We also have a spirit of "self congratulation." But trust me, those Asian folks beat us in many ways.

"I find author's facts dubious" sums up your comment rather nicely. Other (asian) nations might appear to be technological leaders because their airports are new and shiny (at least, the one airport at the capitol that you visited) and that's all well and good but as soon as you get away from the metropolis you see where the actual differences lie: in the US you have technology accessible to nearly 100% of the population, in terms of cost and functionality. That shit ain't easy. In developing countries, the upper half (maybe) can afford it, but the lower half live without even reliable electricity, much less a computer to grant them access to rich information/education/entertainment/etc.

Comment: Re:Why is penetration in quotes? (Score 1, Informative) 308

by jeffmeden (#49371461) Attached to: Attempted Breach of NSA HQ Checkpoint; One Shot Dead

Being dressed as women has nothing to do with putting 'penetration' in quotes, unless there is some sort of joke I'm missing. Why is it in quotes?

Because it's not clear from the statement what exactly took place. Did they bump a barricade lightly while trying to peacefully leave the checkpoint, and in turn get pursued by the guards and shot to death despite being unarmed and showing no actual malice? We will have to wait for more details to emerge.

Comment: Re:Easy Solution (Score 2) 221

by jeffmeden (#49355735) Attached to: Broadband ISP Betrayal Forces Homeowner To Sell New House

I guess it depends on what the fine is for not complying. For your above scenario to make sense, the fine itself would have to be more than the cost of installing the line. Otherwise, they would just pay the fine and forget about it. Also, there would need to be timelines for how long they can take to get the service working. If you have to live in the house a year without good internet before they get the service up and running then the law isn't very helpful. Also, what happens if you move in in December and they can't install the lines until March when the ground has thawed? Also, there's no law saying how much they are allowed to charge you, and they often don't charge the same fees for everybody. Once they've installed your lines, you're basically a slave to paying that provider's rates. If they want to jack up the rate 6 months down the road to recoup costs, there isn't much you can do about it, other than try to get some other provider to put in lines as well.

Actually there was only one important caveat: "Pass a law that if a service provider says that they offer service to an address they must do so by law." So the goal is not to get service to every address in the US, the goal is to make paying the fines more painful than generating a correct national broadband map. Correct map in hand, consumers can make a more informed choice and national providers will have a more flimsy straw man from which to argue behind.

Comment: Re:Ancient Chinese wisdom (Score 0) 114

Any civilisation that in 5000 years never managed to invent the fork and carried on using 2 sticks to eat with isn't that great.

Any civilisation that after 5000 years still makes food so hard to eat that it needs to be poked, chopped, ripped, etc AFTER the chef is done, isn't that great. Chopsticks are not a symptom of lack of refinement, the food that passes as "prepared" in western cultures is.

/flame on

Comment: Re:I wouldn't mind the NSA so much if... (Score 4, Interesting) 167

by jeffmeden (#49347377) Attached to: NJ School District Hit With Ransomware-For-Bitcoins Scheme

...they went after these criminals.

If our government actually did something about stuff like this, I think people would believe in their government a bit more, but as it stands, it seems like the NSA and such only want to either spy on us or topple governments that don't tow the line for the US.

I cannot imagine that finding these criminals is beyond the abilities of the US Government, it just seems like they don't even try.

The thing is, if they did, you would never know about it. It may seem like they don't even try, and they might not be, but they could also be defeating 95% of it. With a mission that is by design clandestine, no one may ever know until our kids get a peek at the public records dump 50 years from now.

Comment: Re:Trade secret? (Score 2) 74

by jeffmeden (#49347205) Attached to: Facebook Sued For Alleged Theft of Data Center Design

Yes, but if they had an NDA they should be suing for breaking the NDA, not theft of trade secrets.

Given that they had to redact a good bit of the material in the suit, my guess is that they are doing both. And why not? Trade secrets are internationally recognized as property, and property law is pretty easy to assert. If they can show a clear paper trail, they will probably win.

Comment: Re:Still waiting for a "hackability meter" (Score 1) 159

by jeffmeden (#49347085) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

You're a fucking shitheel. The vast majority of passwords are cracked offline. The only things saving you, the user, when (not if) shit gets hacked are using strong passwords and not reusing them across services. "2-factor" authentication doesn't do fuck shit because the company got fucking hacked anyway - you can't trust that the keys for the RSA clocks weren't taken at the same time the user table was.

Of course any passwords that get cracked are cracked offline, it has been a long long time since even the most poorly architected of sites had an auth service capable of responding fast enough to brute force. The point is that more often still, passwords are lifted out of databases that don't bother to encrypt them at all, or passwords are "Cracked" by exploiting a poorly built password reset system to overwrite them. In those cases (which account for almost all of the malicious per-account activity), it doesn't matter at all how complex (or uncomplex) your password is.

Comment: Re:Still waiting for a "hackability meter" (Score 1) 159

by jeffmeden (#49346917) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

What we need is a meter on a web site describing how much effort they put into server security, how big their target profile is (how many entry points they have) and a sign that says "??? days since a total data breach!", and then the user can decide if they want an account there at all. How's that coming?

Are you secretly planning to use it as a Dunning-Kruger meter and avoid all that self-rate as 10 out of 10? Because if you think you'll get anything else useful out of it, I want some of what you're smoking...

Both are farcical. Good catch.

The point is that a site could very easily be giving you great password strength advice and then proceed to do something totally stupid with it (storing it with such a poor cipher that can be bruteforced in seconds.)

Comment: Re:Still waiting for a "hackability meter" (Score 1) 159

by jeffmeden (#49346615) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

Sorry, but password complexity matters a great deal. When a website's passwords get hacked, they're going to compare hashes and find all the easiest ones first (password, hunter2, 123456, etc). If yours is 15 characters of random letters, numbers, etc, yours will not get cracked first. Now, if someone like the NSA is targeting YOU, then it doesn't matter how complex it is; it will get cracked. But in a list of 5,000,000 passwords, having a complex password can help make sure yours is not one of those cracked.

This is my exact point. You are right if and only if the provider didn't bother to use an effective salt, which renders rainbow tables pointless. Why isn't that part of the meter? "Your password is stored in a hash of type XXX that is ### bits long, hashed for ### rounds, and salted with ### bits during each round." would tell the user all they need to know about how well their password is going to be protected, and they can make a more informed decision.

Comment: Re:Still waiting for a "hackability meter" (Score 1) 159

by jeffmeden (#49346559) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

In that case, even a password of 'veronica' should be strong enough to last until the breach is discovered (days?), the user notified

Considering how awfully many cases there have been where it has taken the company weeks or even months to notify anyone of the breach I'm going to have to disagree on that.

That's my exact point. If a system is compromised and they are going after user data unnoticed, you are boned even if can't brute force your 5000 character epic passpoem, detailing the life and works of seven mythical Norse heroes (apologies to http://www.schneierfacts.com/f...). The only thing keeping you safe in that instance is staying the fuck away from downright terrible and negligent providers.

Comment: Re:Still waiting for a "hackability meter" (Score 1) 159

by jeffmeden (#49346449) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

The plain simple truth is that complexity of a password is barely relevant at all when compared to the threat of an outright data breach at a provider. Who cares if your password is 'veronica' (your daughters name) or `myL1ttleBr0ny%` since an attacker isn't going to bother with brute forcing anything but '123456' and 'password' because they will get tarpitted by any reputable provider before they can guess anything out of a dictionary more than 5 entries long.

Your basis for saying bassword-complexity is irrelevant is that bad people would be doing online brute-forcing? They do matter somewhat when it comes to online-cracking, but the real relevancy doesn't lie there. The passwords matter when it comes to offline brute-forcing: the more complex the password the longer it'll take to crack it even if you have the hash for it. With good passwords and well-done hashing and salting you may end up cracking them for weeks by which time whoever you obtained them from will hopefully already have made their users change their passwords.

Brute forcing offline is only a scenario that can take place after a breach has occurred. In that case, even a password of 'veronica' should be strong enough to last until the breach is discovered (days?), the user notified(http://techcrunch.com/2015/01/...) make complexity 100% pointless, which is what I am getting at here.

Felson's Law: To steal ideas from one person is plagiarism; to steal from many is research.

Working...