Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:Is this unique to Java? (Score 1) 130 130

I agree that 4 -> 5 was difficult, 5 -> 6 and 6 -> 7 was easy, but 7 -> 8 is difficult again. Mostly due to app server containers like Tomcat and JBoss -- specifically the JSP compiling part needs a lot of love for Java 8 in servlet containers.

Stats

CDC: Americans Getting Heavier, Average Woman Weighs As Much As 1960s Man 409 409

schwit1 writes: New statistics from the Centers for Disease Control and Prevention show that the average American has packed on the pounds in the past 50 years. Both men and women have gained a considerable amount of weight since 1960, with the average American woman now weighing 166.2 pounds — nearly identical to what American men weighed in the 1960s. U.S. men have been getting bigger too, gaining nearly 30 pounds from the 1960s to 2010 — 166.3 pounds to 195.5 pounds today. The good news is that both sexes have gained almost an inch in height since then, so that accounts for some of the overall weight gain.

Comment: Hash and Salt (Score 4, Interesting) 206 206

We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.

Salting is nice, but when the attacker gets both the hash and the salt, they can attack specific users. Still, the 100k rounds of SHA256 seem decent.

Would bcrypt be any better than PBKDF2 here?

Democrats

Trade Bill Fails In the House 413 413

schwit1 writes: President Obama suffered a major defeat to his Pacific Rim free trade initiative Friday as House Democrats helped derail a key presidential priority despite his last-minute, personal plea on Capitol Hill. "In a remarkable rejection of a president they have resolutely backed, House Democrats voted to kill assistance to workers displaced by global trade, a program their party created and has stood by for four decades. By doing so, they brought down legislation granting the president trade promotion authority — the power to negotiate trade deals that cannot be amended or filibustered by Congress — before it could even come to a final vote." This was after Silicon Valley heavyweights made a last minute push to pass the bill and the White House got personal with many Democratic lawmakers.

Comment: End to End Crypto (Score 4, Interesting) 205 205

Is there a market in the world for strong cryptographic file sharing? Meaning only the end users control their private keys and the "network" just connects users -- it never knows the keys.

Or does that only work on the small scale such as one user sharing some files with a few friends. If that same user shared those files with ten thousand friends, then would the sharing would be public as the keys would be "leaked" by nature of lots of people having them? (And thus those files could be examined for copyright infringement.)

Comment: Re: Lol (Score 3, Interesting) 248 248

And since some characters have different lengths, even counting characters might not be good enough. (Can't use max_bytes=80, nor max_chars=40.)

The message could be "displayed" in memory with the chosen font and size to calculate it's length, then truncate the string in character mode to fit within the limited area.

Comment: Re:See it before (Score 1) 276 276

There are multiple layers of virtualization that could be used. A BSD jails approach could be used for sandboxing and library dependency (lib X.Y for Jail 1, lib X.Z for Jail 2). A Docker style approach could be used. Or whatever awesome new micro-virt someone can come up with that's not as heavy as a traditional virtual machine.

Comment: Re:See it before (Score 2) 276 276

The VM for each application is a good idea. Android got close, by at least creating a user for each app using the standard unix permission model where each user can't see another user's files so each app is separate. But they still have all the "what APIs does this device allow" and "what APIs have this program implemented" problems similar to "what libraries does this distro have".

Comment: Re:There will always be a need... (Score 1) 276 276

I know of one large company that maintains it's own "drop" like service where you can upload confidential files, and share them with other employees or clients. There are sensible defaults for the maximum allowed users as well as a time delay (after X days the files are deleted).

Here is another option if you want to outsource: https://www.sendthisfile.com/i...

Comment: Re:See it before (Score 3, Interesting) 276 276

Linux Package Deployment

I don't think the parent was complaining about not being able to modify his own linux desktop because there are other shared users. I think the problem might be around distributions that only release certain versions of software. For example, I run an "old" Ubuntu 10.04 LTS release. It is nearly impossible to install the latest Chromium build due to package dependencies and management. However, I can run the latest Firefox since I can download the tarball directly. (And no, I shouldn't have to upgrade the entire operating system just to run a simple userspace program.)

Klein bottle for rent -- inquire within.

Working...