Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×
User Journal

Journal Journal: Slowness of Slashdot

Slashdot used to be superfast

No matter where I happened to be - be it in America, in Asia, in Europe, in Africa or in Australia, - Slashdot loads up fast

No matter if the device is a smartphone or a desktop PC, you could almost always count on Slashdot to load fast

But no more

Now Slashdot takes something like 10+ seconds to load, and sometimes it took more than half a minute to load

What happened?

Has Dice shrunk the pipe to the Slashdot server?

Submission + - The 'Page 63' Backdoor to Elliptic Curve Cryptography 3

CRYPTIS writes: The security of Elliptic curve cryptography is facilitated by the perceived 'hard' problem of cracking the Discrete Logarithm Problem (DLP) for any given curve. Historically, for FIPS (Federal Information Processing Standards) compliance it was required that your curves conformed to the FIPS186-2 document located at . Page 63 of this specifies that the 'a' and 'b' elliptic curve domain parameters should conform to the mathematical requirement of c*b^2 = a^3 (mod p).

Interestingly, back in 1982, A. M. Odlyzko, of AT & T Bell Laboratories, published a document entitled “Discrete logarithms in finite fields and their cryptographic significance” ( ). Page 63 of this document presents a weak form of the DLP, namely a^3 = b^2*c (mod p).

It seems then, that the National Institute of Standards and Technology (NIST), driven in turn by the NSA, have required that compliant curves have this potentially weak form of the DLP built in; merely transposing the layout of the formula in order to obtain what little obfuscation is available with such a short piece of text.

Submission + - Is running mission-critical servers without a firewall a "thing"?

An anonymous reader writes: I do some contract work on the side (as many folks do), and am helping a client set up a new point of sale system. For the time being, it's pretty simple: selling products, keeping track of employee time, managing inventory and the like. However, it requires a small network because there are two clients, and one of the clients feeds off of a small SQL Express database from the first. During the setup the vendor disabled the local firewall, and in a number of emails back and forth since (with me getting more and more aggravated) they went from suggesting that there's no NEED for a firewall, to outright telling me that's just how they do it and the contract dictates that's how we need to run it. This isn't a tremendous deal today, but with how things are going odds are there will be e-Commerce worked into it, and probably credit card transactions.. which worries the bejesus out of me.

So my question to the Slashdot masses: is this common? In my admittedly limited networking experience, it's been drilled into my head fairly well that not running a firewall is lazy (if not simply negligent), and to open the appropriate ports and call it a day. However, I've seen forum posts here and there with people admitting they run their clients without firewalls, believing that the firewall on their incoming internet connection is good enough, and that their client security will pick up the pieces. I'm curious how many real professionals do this, or if the forum posts I'm seeing (along with the vendor in question) are just a bunch of clowns.

Submission + - The county sheriff who keylogged his wife ( 3

SternisheFan writes: From Ars Technica:

On April 22, 2013, Miles J. Stark of Clay County, West Virginia made a bad decision. Stark was going through a divorce at the time and had grown concerned about his wife's relationship with an "unnamed individual." So he entered his wife's workplace after normal business hours, located her PC, and installed a tiny keylogger between her keyboard cable and her computer. The keylogger would record his wife's e-mails and her instant messaging chats as she typed them out letter by letter, along with the usernames and passwords she used for various online services. Stark left the office without getting caught.

Installing hardware keyloggers can be risky even in low-security circumstances, but Stark had made his offense far worse by installing the device on a computer belonging to the West Virginia Supreme Court. Stark's wife worked for the Clay County Magistrate Court and often had occasion to enter the financial details of defendants convicted in court—including the credit cards they used to pay their fines. Stark's bid to spy on his wife's e-mails was also vacuuming up private court information, which the government was bound to take extremely seriously if it found out.

Making the whole situation just that much worse was the fact that Stark was a cop. Not just any cop, either; Stark was the county sheriff. He had served as a Clay County deputy sheriff for 16 years and in November 2012 won an election to become the chief law enforcement officer in all of Clay County. At the time of the keylogger job, Stark had been in office only three months, and if the device were ever found, Stark stood to lose his career.

It took less than three weeks. On May 6, a Supreme Court technician was out at the magistrate office doing a scheduled replacement of many of the machines; he noticed the keylogger and reported it. When the West Virginia State Police questioned Stark about the matter, the sheriff "pretended not to know what a keystroke logger was," according to a later government court filing, "a response unworthy of a law enforcement officer."

Stark held out for several months before resigning, but eventually quit his job and pleaded guilty to a federal charge of wiretapping. Federal prosecutors, outraged that a county sheriff was essentially wiretapping the judiciary, wanted a tough sentence. Anything more modest "would erroneously equate this offense with the wiretap of a private citizen by a private citizen." But Stark argued that, stupid as his scheme was, the goal had only been his wife's information—not the court's. He asked for probation.

On December 19, Stark was sentenced to two years of probation and a $1,000 fine. "You have lost your position as sheriff, lost your career in law enforcement... That alone is enough," said Judge John Copenhaver, according to the Charleston Gazette. Stark's ex-wife requested leniency and hugged Stark after the ruling.

Original Charleston Gazette story here:

Submission + - SPAM: Increase Conversion by traffic

jmarley writes: If you already have significant traffic coming to your site, there are two options that will increase revenue. You [spam URL stripped] conversion and get more profit out of existing visitors or 2. Increase ad spend and get more visitors to the site.

Here’s what most online businesses typically do when they want to increase revenue & profit

They throw more money at traffic generation.Let me show you why this is putting the cart before the horse.

Let’s say you have the following key [spam URL stripped] visitors per month
1% conversion to sales @ $100 each (100 sales x $100 = $10,000 in revenue)
$5,000 marketing expense per month (.50 per visitor)
$10,000 – $5,000 = $5,000 profit
ROI = 100%When you simply throw more money at traffic generation without optimizing [spam URL stripped] visitors per month (traffic increase due to spending more on marketing)
1% conversion to sales @ $100 each (140 sales x $100 = $14,000 in revenue)
$7,000 marketing expense per month (we assume the same .50 per visitor)
$14,000 – $7,000 = $7,000 profit
ROI = 100% (so you increased your profit by $2,000 per month but ROI is the same)When you optimize conversions BEFORE you spend more on traffic generation:(let’s use the same numbers from above and assume conversion rate lift from 1% to 2%)10,000 visitors per month
2% conversion to sales @ $100 each (200 sales x $100 = $20,000 in revenue)
$5,000 marketing expense per month (.50 per visitor)
$20,000 – $5,000 = $15,000 profit
ROI = 300%You just increased profit by $10,000 per month and tripled your ROI without spending a dime on additional marketing or advertising (and that is only on an increase of conversions from 1% to 2%).Here’s what the numbers look like when you spend more on traffic generation AFTER you’ve optimized for [spam URL stripped] visitors per month (traffic increase due to spending more on marketing)
2% conversion to sales @ $100 each (280 sales x $100 = $28,000 in revenue)
$7,000 marketing expense per month (we assume the same .50 per visitor)
$28,000 – $7,000 = $21,000 profit
ROI = 300%Throwing money at more traffic BEFORE optimization: $7,000 profitThrowing the SAME AMOUNT of money at more traffic AFTER optimization: $21,000 profitIn this case study, you are losing $14,000 every month by doing things in the wrong order.

Link to Original Source

Submission + - EPA makes most wood stoves illegal

Jody Bruchon writes: The Environment Protection Agency has lowered the amount of fine-particle matter per cubic meter that new wood stoves are allowed to release into the atmosphere by 20%. Most wood stoves in use today are of the type that is now illegal to manufacture or sell, and old stoves traded in for credit towards new ones must be scrapped out. This shouldn't be much of a surprise since more and more local governments are banning wood-burning stoves and fireplaces entirely, citing smog and air pollution concerns.

Submission + - Why is math not constant.

ruckc writes: So, why does math vary? int ans = -1 % 5; Should ans be -1 or 4? Depending on the tool I use I get different results.

Submission + - Silicon Valley could be heading for a new stock collapse. (

billcarson writes: Even though for most of us the recession is far from over, analysts are worried the technology sector might be heading for its next bubble. Technology stocks are at records highs at the moment. Companies that have no sound business plan have no difficulty in raising capital to fund their crazy dreams. Even Yahoo is again buying companies without real profit (Tumblr). Andreessen Horowitz, a major venture capitalist in Silicon Valley is already pulling up the ladder. Might this be an indicator for more woe to come?

Submission + - It's All UpTo You (

An anonymous reader writes: See what becoming part of the community of Mary Kay Independent Beauty Consultants can offer you. Flexibility with your time. The latest technology. Friendship and support from an inspiring community of successful businesswomen. Open-ended earning potential. And of course, innovative of looking good , cosmetics and skin care products.And the 50% you will make . What are you waiting for? Learn more about the Business opportunity.

Submission + - Feds confiscate investigative reporter's confidential files during raid (

schwit1 writes: Using a warrant to search for guns, Homeland security officers and Maryland police confiscated a journalist’s confidential files.

The reporter had written a series of articles critical of the TSA. It appears that the raid was specifically designed to get her files, which contain identifying information about her sources in the TSA.

        “In particular, the files included notes that were used to expose how the Federal Air Marshal Service had lied to Congress about the number of airline flights there were actually protecting against another terrorist attack,” Hudson [the reporter] wrote in a summary about the raid provided to The Daily Caller.

        Recalling the experience during an interview this week, Hudson said: “When they called and told me about it, I just about had a heart attack.” She said she asked Bosch [the investigator heading the raid] why they took the files. He responded that they needed to run them by TSA to make sure it was “legitimate” for her to have them. “‘Legitimate’ for me to have my own notes?” she said incredulously on Wednesday.

        Asked how many sources she thinks may have been exposed, Hudson said: “A lot. More than one. There were a lot of names in those files. This guy basically came in here and took my anonymous sources and turned them over — took my whistleblowers — and turned it over to the agency they were blowing the whistle on,” Hudson said. “And these guys still work there.”

Submission + - PHP.Net Confirms Compromise (

whtghst1 writes: confirmed today their servers where compromised.


As it's possible that the attackers may have accessed the private key of the SSL certificate, we have revoked it immediately. We are in the process of getting a new certificate, and expect to restore access to sites that require SSL (including and in the next few hours.

To summarise, the situation right now is that:

JavaScript malware was served to a small percentage of users from the 22nd to the 24th of October 2013.
Neither the source tarball downloads nor the Git repository were modified or compromised.
Two servers were compromised, and have been removed from service. All services have been migrated to new, secure servers.
SSL access to Web sites is temporarily unavailable until a new SSL certificate is issued and installed on the servers that need it.

Submission + - Rural Population Not Needed For Farming But For Cannon Fodder (

An anonymous reader writes: US Secretary of Agriculture Tom Vilsack wants to increase rural farmers in the US, but not to grow more food. "In 2012, for the first time ever — rural America lost population in real numbers — not as a percentage but in real numbers. Although rural America only has 16 percent of the population, it gives 40 percent of the personnel to the military." See more at:

Submission + - Network Scientists Discover the 'Dark Corners' of the Internet (

KentuckyFC writes: Network theorists have always simulated the spread of information through the internet using the same models epidemiologists use to study the spread of disease. Now Chinese scientists say this isn't quite right--it’s easy to infect everybody you meet with a disease but it’s much harder to inform all your contacts of a particular piece of information. So they've redone the conventional network simulations assuming that people only ever transmit messages to a certain fraction of their friends. And their results throw up a surprise. In these models, there are always individuals or clusters of individuals who are unreachable. These people never receive the information and make up a kind of underclass who eke out an information-poor existence in a few dark corners of the network. That has implications for organisations aiming to spread ideas who will have to think more carefully about how to reach people in these dark corners. That includes marketers and advertisers hoping to sell products and services but also agencies hoping to spread different kinds of messages such safety-related information. It also raises the interesting prospect of individuals seeking out the dark corners of the internet, perhaps to preserve their privacy or perhaps for more nefarious reasons.

Submission + - How to FIx Healthcare.GOV: Go Open-Source! ( 1

McGruber writes: Over at Bloomberg Businessweek (, Paul Ford explains that the debacle known as makes clear that it is time for the government to change the way it ships code: namely, by embracing the open source approach to software development that has revolutionized the technology industry.

"Let's show this prehistoric bitch how we do things downtown!" -- The Ghostbusters