Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:My experiences of Android Studio (Score 1) 115 115

Note: AS highlights errors just fine, you don't need to build to get told your method params are wrong. Its code inspection is generally much smarter than Eclipse's and you can go in and turn things on/off. More inspection = more CPU while you type stuff. Also, if you're working on non-Android components simultaneously as you suggest, try IntelliJ IDEA (Community Edition) instead, it's exactly the same IDE, same support for Android stuff, plus everything else Java. Also see the plugin browser in the settings for specialized support for certain frameworks.

Comment: Passwords should not be handled by people. (Score 1) 223 223

We have hundreds of accounts scattered across the net, and each's security relies on a secret that is supposed to be unguessable and shared only between you and that site. Such is the primary assumption of passwords, and yet such a system can never work for people.

The only solution is to stop using passwords as passwords and instead consider them as "symmetric keys". Master Password is a password generator that takes the name of your site and generates a unique key for you and it which you use as the password for the site. The awesome thing is that it's a generated key and thus doesn't rely on any form of storage, be it cloud or require backups and sync, nor can it ever be lost. It uses the scrypt KDF to protect itself against off-line reversal attacks.

Comment: Re: KeePass? (Score 2) 114 114

That is very dangerous: when the master password is trivial to reverse from the site password, an attacker could easily set up a hoax site, get your site password and reverse your master key. Master Password above uses a hmac-sha-256 of a 64 byte master key which is something you can't just reverse. It also uses an expensive scrypt based salted key derivation to get that key from your master password, which is also something you can't reverse.

Comment: Re:KeePass? (Score 1) 114 114

How about no keyfile at all? Keeping backups of a keyfile in secure locations, syncing a keyfile between multiple devices and handhelds securely and without conflict, etc all needlessly complicate password management and eventually affect overall security. Also, if an authority obtains your keyfile through any form of search, they are legally within their right to force you to provide the key to unlock it. Not so if there is no encrypted vault.

Comment: Re:Thyroid problem (Score 1) 625 625

Aggression is a wholly ineffective behavioural change effector. You are just being a short-sighted ass, and the fact that your simplistic opinion is shared by most of the citizenry is most likely the largest cause of obesity.

You won't understand why until you consider that the biggest cause of obesity is psychological.

Many people have a hard time understanding what psychological issues are and how real they manifest themselves. It's not unlike the middle ages where ignorant healers would bleed you to try and get rid of the sickness. These are opinions based on whatever common sense they had at the time combined with a general ignorance. These people were not dumb, they were just uninformed. Now you straighten yourself out.

People get fat because their psychological state drives them to consume things that produce dopamine (the hormone that makes you happy). Probably because they either don't have enough of it (they're sad) or because they've grown addicted to it (nearly everything you buy nowadays will make you addicted to dopamine). To solve the "getting fat" problem, people need to stay away from unhealthy things that produce dopamine (sadly, these are also the "easy" things), and start finding the healthy things that produce dopamine (going out with friends, learning, experiencing new things). Sadly, this becomes harder and harder as your weight increases.

But that's not all. Once you're heavy, solving the "getting fat" problem not only gets tougher, it also won't actually make you skinny. Even if you stop eating anything unhealthy, you will not lose weight. You could eat half the calories a healthy skinny person eats and not lose weight. That's because your body is designed to not go down in weight. You can do crazy things to go down temporarily, but your body will be fighting you all the way and as soon as it gets the chance it will reset your weight back to what it was. This is why nearly every dieter regains their weight. To lose weight permanently, you need to either fight your body's set-point permanently or undergo a certain type of surgery, such as a gastroscopic bypass or duodenal switch.

As for why your attitude is what causes obesity: simplification of the issue, making it taboo and agressively pushing skinnyness are all factors which cause both the psychological environment where a person will start to obsess over the importance of their weight, as well as the bad sources of dopamine and the physical situation of people starving themselves for no good reason which will have the result of your body going into panic mode, shut down its metabolism and build stores of fat for anything it can possibly get its hands on.

The best way to make your population fat is to tell them being fat is horrible, all your own fault and eating food is bad for you. For the love of all that is good, DO NOT TELL ANY CHILD TO NOT GET FAT. Just teach them to live happy and healthy. Being happy means you need no bad sources of dopamine.

Comment: Re:Security by Obscurity only... apk (Score 1) 127 127

First of all, none of this has anything to do with "Linux". These are all user-land libraries and tools you're referring to. They are all available for Linux, BSD and Windows alike; including OpenSSL and GnuTLS.

Secondly, "top dog" has nothing to do with any of this either. Software such as OpenSSL and GnuTLS needs to be secure. That means that there should be no exploits. The amount of people "attacking" it is irrelevant given those constraints. Whether 1 researcher is looking for bugs or 10.000 criminals are trying to exploit it is irrelevant. None of them should be able to find anything useful.

Lastly, Windows as much as any other proprietary solution is completely irrelevant to this discussion to anyone with a sensible opinion on the topic. That's not because proprietary software is worse than free software, it's because proprietary software can never offer the kinds of security guarantees that free software can by mere virtue of their insistence on secrecy. What that means is, even if there is a proprietary replacement of OpenSSL for which no exploit is published in 10 years, you could never trust that the NSA, the Russians, the Chinese or the Iranians don't have a way in. You can't even trust that they haven't forced the company to add in back-doors and keep them secret. Essentially, proprietary software loses by default and free software is the only useful thing we have left, even if it sometimes fails at keeping its promises.

Comment: Re:Bjarne Stroustrup (Score 1) 636 636

If the world ever advanced when it came face-to-face with a problem it could not solve with current models we wouldn't have reached much of anything.

Obviously the "it doesn't solve any problems" statement is utterly false. It solves all the same problems Objective-C solved.

So why a new programming language? First of all, new programming languages allow you to express the abstract concepts you're trying to convey in a more optimal fashion. Each time we improve a programming language, we have an opportunity to further close the hole of cognitive dissonance between what we want to do and how we describe that intent to a computer. We have an opportunity to remove whole classes of bugs that were possible in the previous generation languages. We have the opportunity to learn from what we don't like about our current situation and make it more comfortable for ourselves.

The less we need to worry about how to do the things, the more we can focus on what things we could do.

Don't be so conservative.

Comment: Open Governance (Score 1) 582 582

The same argument can be applied to government. Just because all laws are visible to the public doesn't mean we don't ever put and keep bad laws in effect. The solution to bad laws is not hiding them, it's more publicity. Similarly, more review on each commit would help the OpenSSL project.

Comment: Re:SuperGenPass (Score 1) 445 445

The idea is great, the implementation horrible.

Master Password is an implementation of the same idea which takes care of all the flaws.

In my opinion, what you need from a password manager is:

  - The output passwords need to be strong against attacks and the solution needs to be strong against attacks.
  - You need to be able to trust the algorithm and the implementation that implements it, and any involved parties.
  - Being safe from loss is just as important. If you can get locked out of everything the day your apartment catches fire, it sucks.
  - It needs to be sufficiently easy to use so that I won't get lazy and skip it.

Doing 10 MD5's (SuperGenPass) offers NO strength against attacks on the solution at all. In fact, if I want all your passwords, all I need to do is make a website, get you to sign up with me, and brute-force your master password from the site password you gave me. A day's work, at most.

Master Password implements several techniques to solve all of the above security problems: http://masterpasswordapp.com/s...

Comment: Re:Confusing summary (Score 5, Informative) 210 210

Evasi0n7 is the name of the method used to apply a tethered jailbreak to the phone. The 7 is for iOS 7. The jailbreak is what disables the security features that lock people out of their own device.

TaiG is the name of a "store" the distributes Chinese applications, similar to Cydia, the store that is currently considered to be the "default" for distributing applications on jailbroken devices. Aside from using Cydia or TaiG, you can also put apps on the device manually or use other stores / distributions.

The deal with TaiG was not a result of any stealing. Evasi0n (the team that made the Evasi0n7 method) had been approached by TaiG with an offer of bundling their store instead of Cydia (which doesn't have a lot of Chinese content) for Chinese users only. Terms of the deal included that TaiG would not be allowed to distribute any "pirated" applications. Evasi0n's rational was that without TaiG on the device, most Chinese users would proceed to install an app store that did provide "pirated" apps and this way they would be condoning a "non-pirating" app store to the huge Chinese jailbreak audience. In exchange for bundling TaiG and therefore giving TaiG a huge userbase in China, Evasi0n was offered a lump of money.

Unfortunately, it turns out after the fact that some pirated apps were spotted on TaiG. Evasi0n reported these to TaiG ASAP and they were removed. You can imagine the trolling that ensued especially from competing jailbreak teams.

Other teams working on a jailbreak method in parallel to Evasi0n were also given this offer from TaiG. In fact, another team was getting a jailbreak release ready with a similar, stolen or different method, I don't know, but since they were getting close to a release, Evasi0n decided to fast-track their working method and release a jailbreak early. The up-side of an early release was that they'd get TaiG's money and they'd get the credit for the jailbreak. The down-side is that the huge volume of apps written for jailbroken devices hadn't been tested and fixed to work on iOS 7 yet, including "Cydia". iOS compatibility is even more crucial for jailbroken apps than for standard iOS apps since they often use undocumented API which is obviously very volatile across iOS versions.

As a result of Evasi0n's early release, a bunch of people jailbroke their device only to find that almost all of the apps written for jailbroken devices that they were installing crashed or cashed their phones to break - since, as I said, they weren't updated for iOS 7.

TL;DR - Evasi0n worked really hard to find a method for jailbreaking, figured they deserved some money for their effort, figured in the mean time they'd condone a safe store to the Chinese, saw their chance at success slip away as other teams were gearing up to steal the glory and released before the developer community was ready, causing breakage and mayhem, never mind the trolling about the sudden appearance of a Chinese app store instead of Cydia.

For Evasi0n's side of the story, read http://evasi0n.com/l.html

Comment: Re:iOS 7.1 (Score 0) 110 110

It's really not so much about "all the cool stuff Cydia offers".

It's all about freedom and control. A non-broken device is effectively a leased piece of hardware where the owner tells you what you can and cannot do with it. It's like renting your house rather than owning it. Sure, it's nice that maintenance is taken care of for you; but most of us actually prefer to know that the thing we live in/with is controlled by us, not somebody with a different agenda whose interest in your happiness and satisfaction is nothing more than a side-effect of their interest in profit.

It's about wanting to do something with this computer in your pocket that's more powerful than a mainframe when I was a kid, and not having to wonder whether Apple's sandbox will agree to it. It's about wanting to run a daemon on start-up and being able to. It's about wanting to ssh into your phone when you left it at home and get the thing off of it that you need. It's about it locking up and you being able to see why. It's about breaking the display but still being able to put VNC on it and use it like the powerful computer that you payed for minus the display. It's about POSSIBILITY and FREEDOM to do as you please with the thing you payed 750$ for.

Never say you know a man until you have divided an inheritance with him.

Working...