Forgot your password?
typodupeerror

Comment: Re:You don't git it (Score 1) 312

by msaavedra (#37276854) Attached to: Kernel.org Compromised

Most distributions (ie the archlinux one you linked to) digitally sign their packages with private keys, so the people who compromised kernel.org wouldn't be able to tamper with them without causing verification failures by the package management system.

One huge problem could be downloadable ISOs for live images or installer DVDs. Since you are booting up your system with them, there would be no reliable automatic signature verification.

I downloaded a Centos-6 ISO from the kernel.org mirror just the other day, and broke out in a cold sweat when I saw this story. However, Centos and just about everyone else publishes checksums of their ISOs. I compared my download against the checksum, and, to my relief, it matched.

It would be wise if everyone compared checksums immediately after downloading something like this. Alternately, you can use a protocol like BitTorrent for the download, which compares checksums automatically.

Comment: Re:DNS and the world of wonders.. (Score 2) 289

by msaavedra (#36419424) Attached to: US Funding Stealth Internets to Circumvent Repressive Regimes

I often wonder what would happen if a group of nerds..like ourselves.. decided to start our own root DNS.. I would suspect that it would be shut down by the FCC in short order under some new or trumped up mangled misinterpretation of some law.

Alternative root servers have existed for years. The largest is probaby OpenNIC.

Education

+ - The $25/£15 computer from the UK->

Submitted by rrohbeck
rrohbeck (944847) writes "Electronics Weekly brings us a report on the Raspberry Pi, a computer the size of a USB stick with USB (for keyboard/mouse/network/storage), composite/HDMI video out and power connectors and a memory card slot. It runs a 700MHz ARM11 with 256MB of memory and is designed as a teaching tool, envisioned to boot Ubuntu right into interactive Python like the BASIC computers that got many of us hooked on programming.
There is a lot of interest from developing countries and chances are that there will be a buy one, give one program.

"There is an energy barrier at the start of the learning curve," said Upton. With the Spectrum or the BBC micro, even if you only wanted it to run a game, you turned it on and it immediately said 'BASIC' and you could write
>10 print "Hello world"
>20 goto 10.
A lot of us got sucked in by that and became programmers."

PCs just don't cut the mustard."

Link to Original Source

Comment: Re:Does SHA2 still produce the same results? (Score 1) 60

by msaavedra (#35252316) Attached to: New SHA Functions Boost Crypto On 64-bit Chips

I'm not an expert on crypto, but it seems to me that, for instance, SHA-512/256 would not produce the same digest from the same input as SHA-256. I just conducted the following test on the linux command line:

$ echo hello | sha512sum
e7c22b994c59d9cf2b4 8e549b1e24666636045 930d3da7c1acb299d1 c3b7f931f94aae41edd a2c2b207a36e10f8bcb 8d45223e54878f5b316e 7ce3b6bc019629 -

$ echo hello | sha256sum
5891b5b522d5df086d0ff 0b110fbd9d21bb4fc716 3af34d08286a2e846f6be03 -

The first is the SHA-512 hash of the word "hello" (with spaces inserted to defeat the slashdot lameness filter) and the second is the hash for SHA-256. I don't see any way to truncate the the 512-bit output and get one that matches the 256-bit output. Therefore SHA-512/256 would not be compatible with plain SHA-256.

I don't see much utility in these new algorithms. Since we would already be calculating the 512-bit hash, why not just use it instead of truncating it? I suppose there are a few situations where for externally imposed reasons you just need a value of a certain length, but that's about it.

Comment: Re:This is just another waiver (Score 1) 332

by msaavedra (#34734728) Attached to: Do Sleepy Surgeons Have a Right To Operate?

They can't dump the responsibility on the patient, especially by shoving an informed consent form under his hand in the 15 minutes before surgery.

Oh yes they can (legally speaking)

This is a very questionable statement, and depends a lot on the locale and the situations of the case. Contractually waiving your rights is something that the courts often frown upon.

Here is my experience. I live in California, and my old apartment was accidentally burned down by a maintenance worker who was not qualified to do the task he had been assigned. The landlord refused to reimburse me for my lost property, because I had signed a lease waiving my right to damages in such a case. I contacted a lawyer, who told me that one can't contract away responsibility for one's own negligence. The landlord was clearly negligent in the case, and the waiver clause in the lease would not hold up in court. I hired the lawyer, and we successfully sued the landlord

Wine

Wine 1.2 Released 427

Posted by Soulskill
from the pop-the-cork dept.
David Gerard writes "Stuck with that one Windows app you can't get rid of? Rejoice — Wine 1.2 is officially released! Apart from running pretty much any Windows application on Unix better than 1.0 (from 2008), major new features include 64-bit support, bi-directional text, and translation into thirty languages. And, of course, DirectX 9 is well-supported and DirectX 10 is getting better. Packages should hit the distros over the weekend, or you can get the source now."
Networking

Nmap 5.20 Released 36

Posted by Soulskill
from the more-and-better dept.
ruphus13 writes "Nmap has a new release out, and it's a major one. It includes a GUI front-end called Zenmap, and, according to the post, 'Network admins will no doubt be excited to learn that Nmap is now ready to identify Snow Leopard systems, Android Linux smartphones, and Chumbies, among other OSes that Nmap can now identify. This release also brings an additional 31 Nmap Scripting Engine scripts, bringing the total collection up to 80 pre-written scripts for Nmap. The scripts include X11 access checks to see if X.org on a system allows remote access, a script to retrieve and print an SSL certificate, and a script designed to see whether a host is serving malware. Nmap also comes with netcat and Ndiff. Source code and binaries are available from the Nmap site, including RPMs for x86 and x86_64 systems, and binaries for Windows and Mac OS X. '"

Comment: Re:Could have told you writing analysis was bogus. (Score 1) 96

by msaavedra (#29137929) Attached to: Writing Style Fingerprint Tool Easily Fooled

Signatures written on paper are not all that helpful...Where they actually are accurate, however, is when written on pressure sensative pads (such as those seen on new-fandangled credit card swipers)

This may be slightly offtopic (but hopefully interesting to the slashdot crowd), so I apologize in advance. I've been trying to figure out how to use electronic signature pads to verify job authorizations, and haven't been able to come up with a way that they seem airtight to me if a customer denies issuing the authorization. Perhaps you or another reader can enlighten me.

I can record the data coming in from the signature pad and associate it with the job ticket in our database easily enough. However, if the customer denies authorizing the work, and we show them the signature data, they can just claim we copied it from another ticket. That seems like a reasonable defense to me, and one that very well might hold up in court if it came to that

I've tried to think of various ways to hash the signature data with unique information from a job ticket, but can't think of anything that can get around the fact that we have access to the raw data that comes from the signature pad, and can do what we want with it. Therefore, I don't see how they can be used for anything like signing a contract.

Of course, a signature on paper (which is what we currently do) can be forged, but there are ways to tell that have been mentioned elsewhere in this story.

Comment: Re:No Really Definite Confirmation of This Yet (Score 1) 465

by msaavedra (#28616143) Attached to: Microsoft Puts C# and the CLI Under "Community Promise"

I think pygtk is great. In fact, as I write this I'm taking a break from the cross-platform application I maintain as one of my job duties.

However, some people don't like python as much as you and I. For instance, they may prefer not to use a dynamically-typed language or need something with better performance. Also, I don't see why pygtk would be any more cross-platform than C# using the gtk bindings. At least in theory, both should work on many platforms, and look identical (since they would both use gtk widgets).

I've been deeply skeptical of Mono since it's inception, because of the patent issues hanging over it, so I see the latest happenings here as a positive thing. I'm not likely to abandon python any time soon, but more choice is a good thing for those of us who like using Free software but still need things to run under Windows.

Comment: Re:Work Experience (Score 1) 834

by msaavedra (#27911015) Attached to: Go For a Masters, Or Not?

Generally, to teach HS and below, the only degree allowable is an education degree. A PHD in math will not be allowed to teach algebra, and a Nobel prive winning physicist will not be allowed to teach physics, unless of course they additionally have a BA in education.

Where do you live? My wife is a high school English teacher, and has a degree in English. I have a friend who teaches elementary school who double-majored in Psychology and Italian. Here in California, teachers who teach specialized subjects (English, math, foreign languages, etc) generally have a degree in the subject they teach, while teachers who don't specialize (elementary school teachers, for example) might have a degree in education. There is a lot of flexibility, though.

All teachers here, except in rare circumstances, have to have teaching credentials, though. These are usually acquired after the bachelor's degree by completing graduate-level coursework that can be finished in a year, as well as taking an exam and getting some real classroom experience (usually through student teaching). The credential is not a degree, but it does require continuing education, and many teachers end up eventually getting a Master's in education due to all the additional education classes they need to take.

My wife did have a friend at her former school who ran into a problem similar to what you're describing. He was a 7th and 8th grade biology teacher, but had a doctorate in some branch of biology from Oxford University. Aside from having a solid background in the science, he was an excellent teacher, having been selected as Teacher of the Year for the district. However, he received notice that he wasn't "highly qualified" for his position and would have to take additional classes to keep his job. Apparently due to some bureaucratic snafu, the powers-that-be didn't recognize his Oxford degree because it wasn't a PhD, but a DPhil, DSc, or something similar that we never see in America. They couldn't be reasoned with, though, so he ended wasting a bunch of time taking classes that he had *taught* when he was a grad student.

Comment: Re:Work Experience (Score 1) 834

by msaavedra (#27909897) Attached to: Go For a Masters, Or Not?

Notice anything striking there? Of all my "Education" professors, none had taught in a non-college classroom in the last two decades. Some never had. What made them *qualified* to teach me? A PhD in Education. Did they have anything useful to teach? No. How could they, when their entire background was full-time immersion in college-level educational philosophy? My "Education" professors were philosophers,(PhD) not teachers.

My wife, who is a teacher, would definitely agree with you. She often refers to the following quote: "Those who can, do. Those who can't, teach. Those who can't teach, teach teachers."

Anyone can do any amount of work provided it isn't the work he is supposed to be doing at the moment. -- Robert Benchley

Working...