Become a fan of Slashdot on Facebook


Forgot your password?
Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Comment Re:Programming error (Score 5, Informative) 146

The salt is stored with the encrypted password, in cleartext. When the user logs in, the system combines the password they typed with the salt it knows in order to get the key. The main thing salt does is to prevent people with the same password from ending up with the same key, so that everyone needs to be attacked individually. Here's what a bcrypt key looks like from the AM files:


The salt is p9Ctp8EvU1x9jc09dqslHe, the 22 characters that follow the $2a$12$. If you want to crack this password, make a guess, use bcrypt to combine it with that salt, and if they match you've cracked this password. This one is not hard to guess.

Comment Re:Why not in English? (Score 2) 162

If he's really solved the problem, he's probably in a hurry to get it written up as he may believe that others are close, using similar methods. In that case, he'd write it up in his native Russian and make it public. That way, he's got priority, and the translation can come anytime. But there will certainly be a translation, because many English speaking mathematicians will want to give his work close scrutiny.

Submission + - Adobe's giant-sized cryptographic blunder (

An anonymous reader writes: Everyone knows you hash passwords instead of encrypting them, right? Right? Not Adobe it seems. Paul Ducklin from Sophos takes apart the Adobe breach data to show just how bad for us Adobe's mistakes were.

Comment Re:I consider that a pretty good analogy... (Score 2) 248

Your distinction between life safety and computer security is good, but I think it's mainly due to the maturity of the two fields.

People have been making buildings for thousands of years, and the first ones fell down for all kinds of reasons. The notion that a building should survive an airplane impact would have been ridiculous twenty years ago, now it sounds desirable. And twenty years from now, some other unforseen hazard will add to the list of design parameters.

Computer security has a lot of threats which are understood and well described (brute force password attacks, man-in-the-middle, SQL injections, etc.) and many that aren't. And it's totally reasonable to blame software engineers if their systems fall to a well known, easily avoidable attack, that they left open by ignorance or incompetence.

Comment Re:Levels in a book (Score 5, Interesting) 124

I've been working on and teaching a course (Math and the Art of M.C. Escher) from a non-linear online textbook for years now. The book we're using could never be a paper book, because it is too heavily illustrated, animated, and linked. It's also based of of learning modules (Explorations) rather than a linear read-through.

I would love to provide paths through the book - my coauthor and I teach the course in quite different ways, and the other users of the 'book' do as well. But it's proven technically challenging. We host our book with Mediawiki, and maybe that was the wrong choice, but it's worked well in many ways. Is there a good model of how to provide discourses or ontologies? I haven't really seen such a thing in a serious text. WikiBooks, for example, doesn't really have such a thing - if they did, we'd jump on board.

Unlike the book from TFA, though, we're not charging an arm and a leg for a dubious license. This makes me wonder how much of this 'innovative' biology book is really just to make a boatload of cash for the publisher. They must save a considerable sum on production costs, and the maintenance of this book sound quite a bit easier than the usual 'new edition every five years' model. They can gradually replace smaller parts when needed, rather than rebuild the whole book to justify selling a bunch of new copies.

Comment Case in point - City Museum (Score 5, Interesting) 493

The City Museum in St. Louis is a crazy, dangerous, and incredibly fun "playground" in an old industrial building. Most people who go there think it's incredibly fun. Some people who go there get seriously injured (often by exhibiting stupidity they should have learned to avoid on the playground).

The musem's founder, Bob Cassilly, says that $1 of every $12 admission ticket goes to pay insurance, and he has posted a 'wall of shame' listing all the lawyers who have sued the museum.

There's an excellent and relevant article in the WSJ about it:

Comment Mathematica rules, CDF drools (Score 2) 167

I'm a huge fan of Mathematica, and use it all the time for mathematical work. The manipulate command they're leveraging for the CDF is incredibly elegant and simple, as advertised. However, from the Wolfram CDF faq:

Can I remove the welcome screen, toolbar, or watermark logo I see when opening CDFs in CDF Player or viewing CDFs online with the web browser plugin?
The presence of Wolfram branding is part of the FreeCDF licensing terms...

They've got to be kidding if they expect anyone to make serious use of an 'open' format that requires a proprietary player with advertising all over it. Compare with PDF, which is not 'free' but at least seamlessly operates with, say LaTeX.

Comment Re:We got in at a good time (Score 1) 527

Those good times are coming back. For the '90s and most of 00's, home computers got harder to program and universities used C/C++ to introduce programming, which meant novices were faced with a steep learning curve and got to write code that produced, say, and ASCII histogram of some random numbers. Now, there's a trend towards Python, Java, and other languages with simple, powerful library sets built in so that students can write easy programs that do interesting things - in particular graphics and/or games. I think it's kind of a waste of time to "de-emphasize" programming, though - the more coding you do the better you get. But that doesn't mean you're wasting your time if you code in some very high level game description language. As long as you're being required to handle abstract concepts and explicitly describe what you mean, you're learning how to program.

Comment Inherent Speculation (Score 1) 262

I get paid in US$, and expect to get paid in US$ for some time. If I get myself some bitcoin, I'm now involved in currency speculation whether I like it or not. I don't go out and buy a bunch of Euros so I'm ready to purchase things from France at some point - I wait until I (rarely) need to, and then convert at that moment. AT discourages speculation, but that is the only thing to see here!

Comment Threading standard (Score 1) 385

One of the best things that I see as a CS educator is that the threading package is now part of the STL. Teaching threading using PTHREADS always hid the concepts in a layer of obscurity. And usually, if something's obscure when you teach it, it will be a source of mistakes for novices and pros alike. Just the simplicity of async() and the creating of threads and mutexes makes this worth the price of admission.

"There are things that are so serious that you can only joke about them" - Heisenberg