Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:Root cause = speed over security (Score 1) 71

by thogard (#49740597) Attached to: 'Logjam' Vulnerability Threatens Encrypted Connections

There are things that can be done and things that shouldn't. For example there is a byte table of sines in MD5 that help scramble bits. If you scramble that table at all then you have a hash that is as strong as MD5 but unique as if someone tacks on a 2^2048 extra seed. It also keeps off the shelf hardware from trying your hash.

If you do the same thing with the DES S-boxes you can end up with a cryto that is so weak you might be able to decrypt it by inspection.

Comment: Icky water? (Score 2) 278

This works so well on cruise ships as hardly anyone ever gets sick on those. A tiny hole in a filter membrane is huge to bactera and viruses.

Lots of people are worried about bacteria but 99% of the bacteria on the planet doesn't like humans and is safe to consume. The bacteria that lives with humans or comes out of humans is what will kill people.

Then there are prions which will pass through these filters which is why the systems that don't concentrate diseases always have a large natural buffer that is full of creatures that mess with whatever manages to get pass the sewage treatment systems. The places that are talking about bypassing a large natural reserve is asking for trouble. A large lake or a river have plenty of life that will kill off most of the nasty things but if that cycle is short circuted, there are plenty of things that survie in fairly pure water for days or weeks.

With the cost of deslinating water, it makes more sense to use ocean water than water with too high of human waste and the health risks are far lower as well.

Comment: Copays? How about cash price? (Score 2) 78

by thogard (#49605051) Attached to: Hacking the US Prescription System

When you try to get a prescription filled in a pharmacy they take your ID and insurance card and send that off to your insurance company. If you have a prescription for something simple and cheap like penicillin that cost say $3 the conversation looks something like this:
Pharmacy (to insurance co): Joe Sucker gave me a $25 co pay card for penicillin.
InsCo: Tell him that it is $30 and you now owe us $22.
Pharmacy to Joe: You owe us $25.

If Joe had asked cash price, the conversation would have been:
Pharmacy (to Joe): That will be $3.
Joe: But I have a $25 co pay
Pharmacy: Do you want to pay $3 or $25?

Comment: Re:Tesla battery also far larger than needed (Score 1) 334

by thogard (#49573901) Attached to: Why Our Antiquated Power Grid Needs Battery Storage

Then you are neither the problem nor the solution.

Oddly enough though, I am the market.

I expect my numbers are right on the sweet spot for a 10 kWh system. Large battery systems should help but most of the rest of the costs will scale linearly with maybe a 10% drop at 4 times the size.

So if the numbers don't really make sense for you, imagine how stupid they are for me?

My power generator will sell me power for $.025 a kwh under a contract. The rest of the $.22 is the grid, billing system, peak cost overruns and taxes so I don't see this a an electricty generation problem but more of a middleman problem and those tend to get worse as time goes on. I expact that since the grid goes past the house that in 30 years I'll get an electricty bill for about $100/mo (in todays dollars) even if I'm not cnnected.

Comment: Re:Tesla battery also far larger than needed (Score 1) 334

by thogard (#49567617) Attached to: Why Our Antiquated Power Grid Needs Battery Storage

I only use about 10 kwh a day. A 5 kw solar system is about $3600 plus inverter. The 10 kWh system complete with install and the 5 kw of panels would cost a bit less than $20k. I currently pay about $.22 a kwh plus about $1 a day just to have the grid there. The ROI is 16.6 years assuming no maintenance cost, interest or increase in grid costs assuming I can go fully off grid. It goes over 20 years if I still have to pay to have the grid hooked up (or some "grid goes by the house so pay" type fee)

Comment: Re:Is that proven? (Score 1) 442

by thogard (#49557199) Attached to: Debian 8 Jessie Released

Lots of useful things can happen even if most file systems don't mount.

I have systems in data centers half way around the world. I want sshd to wake up as soon as the networking is up. Once the whole thing is up and stable, I want the initial sshd to be killed off and the normal production one started. The sshd started early uses no shared libraries and uses a config that lets root login. This means that if the machine is screwed up, I can get in if things are broken without depending on the lights out management card or some other virtual console hack.

Remember that on very large systems there are always errors on a disk and some systems are large enough that their mean time between failures is always now. That doesn't mean the systems aren't still useful in production.

Comment: Re: Figures (Score 2) 368

by thogard (#49540877) Attached to: iTunes Stops Working For Windows XP Users

I find it odd that there isn't a well known man in the middle SSL-> TLS 1.2 proxy for XP that can fake things enough to work for most programs.

The entire XP TCP/IP stack can be replaced and there are replacement WINSOCK versions for XP.

With the large number of programs that talk to specific hardware that simply won't run on anythign newer than XP, combined with how many machines are still functional for their users, it will be around for a very long time. Remember that Microsoft has only dropped free support for the consumer version of XP and paid support (and some free support) will be going on for another 4 years.

Comment: Re:How about basic security? (Score 2) 390

by thogard (#49517613) Attached to: Why the Journey To IPv6 Is Still the Road Less Traveled

Scanning IPv6 isn't as hard as you make it out to be. I look at it more like using dictionary attacks rather that sequential scans. The 1st 64 bits are known if your after a specific target. It is also trivial to know if a given /64 is even used. A tree of all known used /64 shouldn't take long to create.

The 64 bits of the host is a bit different. They could be fully random (which is rare) or they are allocated based on mac address or statically assigned. The mac addresses means that 40 bits of the address are known if you know anything about the targets buying habits (i.e. they tend to buy Dell or Polycoms). That leaves 16 million guesses which can be reduced based on the vendor or the product version you which you intend to exploit once you find a target.

You may not be looking for one in 2^64, but a network of devices that all may have many addresses and you might only need one.

The static address assignment space isn't very large as well as netadmins like using :: when they type in addresses so they are unlikely to be random. That means their 1st network will be 0::something and their second is likely to be 0001::something. Oddly enough you might find they skip ::a and use ::8,::9,::10 as well or use something that match with their existing ip v4 address so things like ::192:168:1:1 is very likely.

All these things mean that Monte Carlo scans of a specific IPv6 allocation on a remote network is well within the ability of small time hackers.

Throw in a firewall that isn't filtering IPv6 properly and that will result in remote exploits of internal devices.

Each new user of a new system uncovers a new class of bugs. -- Kernighan