Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Jobs (Score 2) 16 16

What's funny to me is, I liked the "Dice Jobs in your area" side-bar (before it was recently removed).

It's interesting to see what jobs are available in my area, without hunting for them, especially if I'm not actively searching for a job. The original idea of Dice/DHI buying Slashdot Media seemed logical to me: lets connect all these tech folk with competing employers; a win for everyone.

Unfortunately StackOverflow does their job matching MUCH better, mostly due to the nature of measuring skilled volunteers with quantified "karma" in select knowledge domains. I don't see how DHI can compete with LinkedIn (their scale) nor StackOverflow (their data). If I was hiring a DBA, I would totally go to SO where my pool of applicants are already vetted based on their posts.

Also unfortunately GitHub does code hosting MUCH better than SourceForge, mostly due to SF not improving anything for the last 10 years. (And no one likes bundling anything in their downloads, so hopefully the new owner will end that horrible practice, or just shut SF.net down.)

Long time reader of /. and I still love the content. Hopefully it lives on!

Comment Re:"privacy of North Koreans" (Score 1) 100 100

I don't think encryption would help here. Assume the user is still using Red Star Linux which in addition to watermarking, has tweaked the prngs so that all private keys (including symmetric keys and session keys) are created with a known set of values, thus making the user think they are secure but allows the government to still eavesdrop on all communication.

Comment Re:Is this unique to Java? (Score 1) 130 130

I agree that 4 -> 5 was difficult, 5 -> 6 and 6 -> 7 was easy, but 7 -> 8 is difficult again. Mostly due to app server containers like Tomcat and JBoss -- specifically the JSP compiling part needs a lot of love for Java 8 in servlet containers.

Comment Hash and Salt (Score 4, Interesting) 206 206

We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.

Salting is nice, but when the attacker gets both the hash and the salt, they can attack specific users. Still, the 100k rounds of SHA256 seem decent.

Would bcrypt be any better than PBKDF2 here?

Comment End to End Crypto (Score 4, Interesting) 205 205

Is there a market in the world for strong cryptographic file sharing? Meaning only the end users control their private keys and the "network" just connects users -- it never knows the keys.

Or does that only work on the small scale such as one user sharing some files with a few friends. If that same user shared those files with ten thousand friends, then would the sharing would be public as the keys would be "leaked" by nature of lots of people having them? (And thus those files could be examined for copyright infringement.)

Radioactive cats have 18 half-lives.