Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: Too many security issues. (Score 5, Insightful) 176

The command placement and directory browsing is cool, but I don't want any command line that accidentally runs things when I click on them. I don't want any command line that tries to interpret my input as multiple scripting languages. Both of those sound like a security disaster.

Comment: Example one... (Score 4, Insightful) 182

This is the reason we can't have a real conversation about Global Warming. It is a fact that islands sink. Little islands are commonly sinking slowly back into the ocean. This is long established, proved, and accepted. Erosion near cost lines is also well understood and a likely explanation. However, a bunch of "journalists" are using this story to promote Global Warming without ever even mentioning the most likely explanation. The resulting story gets promulgated across the internet because if fits a theme, that is popular and the media likes. This is simply unacceptable from a side that likes to claim "science" at every turn.

Comment: Numbers? (Score 1) 410

"Civil rights groups dispute those figures and say other states have seen fewer African-American and Hispanic students attending highly competitive schools, especially in graduate level fields like law, medicine, and science."

I'm sure that is all about racism, and has absolutely NOTHING to do with whole "minority" thing, and there being less of them as a percentage of the population...

Comment: Re:Low even for Slashdot (Score 1) 313

Nice try,

Facebook changing THEIR privacy policy directly affects users. The outcry is justified and has nothing to do with the politics of their CEO or board. This issue is entirely different. People are calling for boycotts and pressure because a perfectly capable board member used to work for the Bush administration which started a wiretapping program. It has NOTHING to do with what she personally has done nor what she has done as a board member of the Dropbox company.

Thanks for playing, next time try using your head...

Comment: Low even for Slashdot (Score 2, Insightful) 313

Let's quit pretending this is anything but an attempt to force her out because she is/was a Republican.

If she were a Democrat, the article would talk about the racist/sexist Republicans that were trying to force her out.

The Democrats have only enhanced the spying and wiretapping, but you don't get outcry's about the likes of Facebook the Zuckerberg's of the world who are huge Democrat donors.

I love to see that "tolerance" the left is famous for.

Comment: First, XFCE (Score 2) 452

by shellster_dude (#46716219) Attached to: Ask Slashdot: How To Start With Linux In the Workplace?
First, I'd recommend going with XFCE for your desktop. It's simple, looks kinda like windows and doesn't change looks constantly with each release.

If you are going to be managing these things, you might want to go with some sort of thinclient architecture with a beefy server, serving the old ex-XP boxes. This will reduce the configuration hassle long term, and make those crappy XP boxes seem pretty snappy. The downside, and it can be a doozy, if the server goes down or the networking is lousy, no one will be able to work.

Comment: Seriously? RTFM (Score 1) 90

Am I the only one who read the read the article?

The Mylar system supports searching of the encrypted data and encryption with multiple, separate keys allowing multiple users to have access to specific records without requiring any key sharing.

The server can operate in a completely compromised fashion (in theory), as the data is all encrypted on the client side, before it goes to the server, and the server will never have the plaintext or the key to decrypt the ciphertext.

They seems to be operating under the assumption that it is much harder to compromise all the clients than a single server...unfortunately I don't think that claim holds up as there is nothing to prevent compromise of the clients if the server is compromised, via simple XSS-like attacks, which will be trivial since it will be same-origin.

IMHO, the only way to make something like this really work, would be hardened browser clients, with special encryption APIs which cannot be directly accessed by code that the server can inject (NOT JavaScript).

Comment: Not useful (Score 4, Insightful) 914

The foremost point of prison is to keep bad individuals where they can't harm the general populace, and to punish them for their actions, with the hope that they will correct their behavior.

Using a time dilation drug does in lieu of actual time served does nothing to help keep them off the street.
Using a time dilation drug as well as a normal sentence amounts to psychological torture or near torture, and won't help with any corrective process which might have prevented repeat offense.

Bottom line: drugs like this have no place in or penal system, regardless of the ethical ramifications of using them on prisoners.

Comment: Understanding PRNG (Score 2) 143

by shellster_dude (#46487027) Attached to: Weak Apple PRNG Threatens iOS Exploit Mitigations
When cryptographers say that a PRNG is deterministic (in a bad sense), they usually mean it violates one of the following rules (or similar):

1) It should be realistically impossible for an outsider to determine or guess all the values that constitute a seed.
2) No matter how much of the "random stream" an attacker has seen, they should not be able to realistically determine the next value in the stream (without all the sources of entropy throughout the process).
3) Given the initial seed, an attacker should not be able to determine the random value at a point in the future because that value should constantly be affected by both new "entropy" inputs including the number of times, size, and amount of random data previously requested.

Comment: Cyber Security Analyst here... (Score 1) 572

My company does it, and it isn't for malicious reasons of spying on their users. It is done so that IDS and IPS can actually detect malware downloads and C2 communication over SSL. I suspect that's the primary reason most other companies do it as well. If they don't the company can't adequately detect or remediation most modern malware.

Detection of exploit kits via HTTP monitoring is one of our primary indicators of compromise, so this information is vital.

It is much harder to find a job than to keep one.

Working...