Follow Slashdot stories on Twitter


Forgot your password?

Comment: Re:So let me get this straight (Score 1) 675

by TopherC (#49540507) Attached to: Except For Millennials, Most Americans Dislike Snowden

The claims that Snowden attempted to use the proper channels are disputed by the NSA. I think it's extremely likely that Snowden's version of the story is closer to the truth, but I have to keep in mind that there's some uncertainty there. The outcomes of the leaks are harder to dispute, and I think the net effect was a positive outcome.

And I still recall Obama's speeches that change had to come to Washington, not from it. Heh. But did he live up to his campaign promises any less or any more than other presidents have? I guess good presidents need to work with compromise and internal politics well while in office. I think Nixon was pretty good by that measure.

Comment: Don't... (Score 2) 315

by MetricT (#49442855) Attached to: Ask Slashdot: How To Introduce a 7-Year-Old To Programming?

I'm as geeky as they come. Most of a Ph.D. in theoretical physics, and have spent over a decade working in high-performance computing.

When I was 7 years old, I was wandering through the woods, looking under rocks for creepy crawlies, playing hide-and-seek, and playing baseball with my brother and cousins. Not only did it *not* set me back in anyway, but it is some of my fondest memories of being a child.

Let kids be kids for goodness sake. Take him to a science museum, and let *him* tell *you* what interests you. When I was a kid and hyped about computers, my dad thought computers were a fad only used to play Pac-Man. Not only do I have a good-paying career, but any time dad can't connect to the internet, I get an emergency telephone call.

Let your child steer his future. He's the one who has to live it.

Comment: Re:Users are *bad* at choosing passwords (Score 1) 159

by MetricT (#49349551) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

Passphrases *can* be done securely; most people won't. They will concatenate simple words, which means if I have a dictionary of, say, the top 1,000 words, it's still reasonably feasible to crack.

For instance, here are some long passphrase-like passwords that I cracked from the LinkedIn debacle. They used plain MD5 as the hash, which admittedly helps cracking a lot. I haven't tried the depleted hash list in a long time, but I'm willing to bet with advances in both OCLHashcat and my own skills, I could get quite a bit more.

24 sociological imagination
24 linkedinlinkedinlinkedin
23 newlinkedinpassword1234
22 harekrishnaharekrishna
21 networknetworknetwork
21 managerialeconomics23
20 vaffanculovaffanculo
20 serafimovaserafimova
20 Restoration Hardware
20 powerpowerpowerpower
20 keepitrealkeepitreal
20 kazakhstankazakhstan
20 internationalnetwork
20 crisscrossapplesauce

At the end of the day, there's just no substitute for a long random password.

Comment: Users are *bad* at choosing passwords (Score 5, Insightful) 159

by MetricT (#49346699) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

I run a GPU cracker on my user's password hashes to preemptively weed out weak passwords. Several times I have seen them try to change it from (for example) "password" to P@ssw0rd99", which in a certain sense is significantly more complex, but OCLHashCat has rules for capitalization, leet-speak, appending/prepending numbers. You've only changed the time it takes to crack that hash from fractions of a second to a few minutes.

The only highly secure password requires long, random characters. Given a choice, users will always prefer an easy-to-remember password because it makes their life easier. Unfortunately, it also makes the bad guy's life easier, and the sysadmin's life harder.

Websites should be required to disclose the hash format they are storing user's passwords in, to hopefully prevent another Linkedin plain-md5 type debacle.

Comment: Mostly academic... (Score 1) 68

by MetricT (#49270435) Attached to: GCHQ Builds a Raspberry Pi Super Computer Cluster

I manage a large compute cluster for my job. I also have a Pi and love it for what it is. Building a Pi cluster could give people an opportunity to try parallel programming, and learn the sysadmin side like getting a scheduler working or using Salt or similar management tool to manage a cluster.

However, I imagine a single Intel i5-4960 would smoke a 64-node Pi cluster. It's a worthwhile experiment, but probably not the best thing for most real-world use.

Comment: Re:Lift the gag order first... (Score 1) 550

I think Comcast and others like them argue that our thought-model of the internet is too simplistic. It's not the case that if Netflix just buys more bandwidth, all content consumers benefit. Comcast says that they want Netflix to pay for them to add additional infrastructure so that their bandwidth-intensive traffic is handled on new routes that are more direct for various residential areas.

But your arguments are also correct, that by Comcast charging Netflix an additional fee for this infrastructure (or worse, for the right not to be throttled), they are creating an unfair means of passing costs onto customers and perhaps also being anti-competetive with respect to other residential ISPs. In some ways Comcast wants to be free to use extortion (pay us to not throttle your traffic), but in other ways there is real potential for building out better internet service.

I think the trick is finding a fairer means of economically building out the kind of infrastructure that best delivers content to the consumers. I suppose it would be fair if Comcast added the extra infrastructure for those companies like Netflix that consumers are pulling heavy traffic from, and then being honest and public about this -- using it as a selling point to differentiate them from their competition. This should lead to a higher demand for their service, which should lead to them justifying the capital investment.

The "stifle innovation and restrict freedom" argument is very typical GOP BS. They feel like less regulation is a panacea and are blind to anti-competitive tactics and the kinds of regulations that would keep a free market both free and efficient.

Comment: Re:What is systemd exactly? (Score 1) 765

by TopherC (#49199201) Attached to: Ubuntu To Officially Switch To systemd Next Monday

The problem is that a lot of the behind-the-scenes tinkering and established-over-decades code in scripts is going out of the window and one huge set of binaries are trying to replace it WHILE also stepping in to replace an awful lot of other pseudo-related systems. Systemd is tying into everything from initial boot to how to configure your soundcard.

Those established-over-decades init scripts are fragile and difficult to maintain. My observation is that this is what drives system developers to push for systemd. Well, this and the order of startup, dependencies, etc.

Maybe we need a fork of systemd that takes some of the more common complaints seriously enough to do something about them. I see limitations of plain-text logging systems, but can't these be addressed with a text-based, human-readable log that uses some kind of mark-up for timestamps, PIDs, etc? While there may be some small efficiency gains by incorporating more services into systemd like networkd and such, we could set a higher bar for module inclusion -- there has to be an overwhelming argument for tight integration. And so on.

Comment: Re:Strange (Score 1) 80

by TopherC (#49175213) Attached to: Linux and Multiple Internet Uplinks: a New Tool

I wonder how this is different from channel bonding / link aggregation? I looked into this a few months ago and don't remember all the details but there's a "bonding" kernel module, which can run in some modes entirely in kernel space, or in a user-space-assisted mode. There is a round-robin mode but there are several others that include fault tolerance and load balancing. LACP can be used in cooperation with other network elements including switches if you want something that spans a local network.

I had limited success with this myself, so I wonder what new technology the Fault Tolerant Router brings?

Comment: Re:Parody (Score 1) 255

by TopherC (#49174343) Attached to: Gritty 'Power Rangers' Short Is Not Fair Use

I doesn't sound to me like it's specific enough in its references to be primarily a satire or parody. IMO If it isn't obviously and specifically satirical, then Kahn should have obtained permission before publishing. Failing that, leave the power rangers tie in an unwritten one that's strongly hinted at. A fair use(?) Austin Powers clip: "It looks like Godzilla, but due to international copyright laws - it's not."

Comment: Re:Parody (Score 2) 255

by TopherC (#49174233) Attached to: Gritty 'Power Rangers' Short Is Not Fair Use

So it's a parody of the response that it would evoke by being an arguably infringing work? That's prescient! If this were actually enough to prove that it's non-infringing (it's not IMO) then maybe the parody fails and then makes the short infringing again on the original grounds, which ...

Sorry I tried to make a temporal paradox out of it. Best I could do.

Comment: Re:c++? (Score 1) 407

But don't forget the context. It isn't "I want to write a program that splits a string on commas," but "I want to write a program that will grow in complexity." Like most programmers, I read a whole lot more code than I write. I like to read code that is expressive enough that the little things (like string splitting) are simple statements while the over-arching objectives and design issues are stated in comments. Also anything that's subtle should be commented, but not "// This splits a string. Check my work please!" Or "// Opening a TCP socket," etc.

C++ allows you to write very clever code, which is admittedly fun to do. But it's wearisome to read that stuff because you have to both figure out what it's doing and also prove to yourself that it's correct and handles malformed data properly. Unless you're optimizing some crucial piece of code (which C++ is potentially good for), it's much better to write expressive code.

I haven't done too much with QT, but I think it is well structured and helps you to learn to write good C++. Some will say that's an oxymoron. But I've seen what can only be judged bad C++, and know that QT could have been a whole lot worse than it is.

Library dependencies -- that's another subject. You're going to have them one way or another. Picking your libraries well is a matter of taste and what you're long-term plans are.

Comment: I'm not saying it's aliens, but it's aliens... (Score 1) 28

by MetricT (#49137773) Attached to: Ceres' Mystery Bright Dots May Have Volcanic Origin

When I was younger, I remember reading a sci-fi novel about aliens in our solar system who were overseeing mankind's growth.

The aliens chose their base on Ceres because the asteroid field offered nigh-unlimited resources outside the confines of a gravity well, because Ceres had water for living and powering fusion engines, and because it was far enough away from earth to stay out of sight.

While those two white spots *could* be an example of cryovolcanism, I think that we can all agree that ancient abandoned alien city is really the more likely choice ;-)

Comment: Re:who uses stock os? (Score 1) 144

by TopherC (#49091517) Attached to: Superfish Security Certificate Password Cracked, Creating New Attack Vector

I'm not sure what models you're referring to. My last three or four laptops have been Lenovos, and I never experienced any roadblocks installing Linux on them. I think the BIOS on at least one of these supported a whole-disk encryption but that doesn't even try to prevent you from reformatting and installing an OS.

My vague understanding is that Superfish is Windows software, not part of BIOS or the Windows bootloader, and certainly not grub. You can also apparently uninstall superfish:

My current model is a T440, which is fine except for the tragicomical touchpad. It's by far the worst touchpad I've ever, well, touched. I keep a wireless mouse with me at all times because that pad is nearly useless. Previous models were good.

The only problem with being a man of leisure is that you can never stop and take a rest.