Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Re:It's Internet Time all over again... (Score 1) 990

I really liked internet time. It was great because I had a widget in my menubar that showed the @time and when I met people in chat rooms, it was easy to synchronize...

for those of you not in the know: http://en.wikipedia.org/wiki/Swatch_Internet_Time

I've spent the better part of the last year trying to bring this back. Not to use as a primary time-telling device, but as a way of easily synchronizing across timezones, mostly for IRC/IM and teleconference meetings.

I also think we need to completely kill daylight savings (as many people are suggesting). It is definitely time to do that worldwide.

Comment Re:You Are The Product (Score 3, Informative) 283

A very large problem with this forcing of real names is when the sites in question have blacklists for certain names. I have a friend who's real, birth certificate name is "Aragorn" (his parents are HUGE LOTR geeks) and facebook does not allow that name, so he goes by Aragor. It's incredibly annoying to me, but he doesn't really care that much. facebook wants him to send a copy of his driver's license as proof so they'll allow him to use the name.

I'm just glad that they let me use Spike. I mean, it may not be on my birth certificate, but it's the only name I use. It's on my bank accounts (BofA doesn't seem to care), credit cards, cell phone, work ID, everything. My parents have called me that since before I was born and it's all anyone calls me.

Comment Re:What is the point of OSX server? (Score 4, Interesting) 365

docs were read. mass-googling was done. I'm talking about apple's utilities... `networksetup` in the instance of the LOM and the network port bonding. There's no consistency in the docs about what they mean by "Service Name" which is what they call the "interface." However, there are 2 names for the interface... the user-specified one ("Ethernet 2") and the bsd name ("en1"), but the docs call them both the servicename. The only way I was able to figure out which gets used where is by trial and error.

in many cases, apple has provided their own tools that completely replace the standard toolset. hdiutil and networksetup are 2 prime examples.

another thing I forgot to bring up is ipmitool which mostly works unless you try to do serial-over-lan (sol) connections; it's completely unusable and you have to go to sourceforge and build your own ipmitool to do that stuff.

I mean, I'm not an OSX n00b. Typically I'm a linux engineer, but I've been OSX on the desktop since the developer previews and the server I've had running at home for a while and I've done contract server set up on versions going back to jaguar... the thing is that this is the first time that I've had to do seriously low-level shit (building a large xserve infrastructure with customized management and deployment tools) and it's like running into a concrete wall headfirst every time a new task comes down the pipe.

Comment Re:What is the point of OSX server? (Score 4, Interesting) 365

Apple has no real interest in the enterprise market.

And this is terrible news.

Content providers for apple MUST provide video files in Apple ProRes fileformat which is ONLY able to be encoded using apple's tools which only run in OSX. I don't know how apple expects large content producers to encode high-volumes of videos for them without the xserves. MacPros are not an option as they are not enterprise ready (single PSU, no management port, they're HUGE and must be de-"racked" in order to swap drives, etc). MacMinis are not suitable for this as they don't have enough CPU/RAM. The xserves weren't even that great, but they were the right form factor.

Apple's been seriously fucking up with regard to the enterprise lately. I've been running into issues with their commandline admin utilities --they don't give access to everything that you can do with the GUI. You can't configure which port to use for management from the CLI (the docs say you can, but it doesn't work), it renames your interface when you bond network interfaces by appending " Configuration" to the name, which doesn't happen in the gui... and now, 10.6.6 doesn't properly image using System Image Utility (http://support.apple.com/kb/TS3665)

Now, they're bundling OSX Server into OSX Lion. Who knows whether they'll continue to support ALL of the non-home user features of server like OpenDirectory. WTF.

Comment Re:Cool idea (Score 1) 286

apple's mobileme has had this since at least 2003. It was the one feature (but not the only reason) that has kept me from migrating my email over to gmail or other provider. They have an email aliasing feature which allows you to not only create new aliases for your main account, but you can choose what address is in the reply-to field in Mail.app or through the web app.

This has been great since I signed up for MobileMe (then, .Mac) in 2000 when I was 19 and used spike666 as my moniker, and was able to use a more professional name when the time came without needing to create a separate account.

I really wish gmail would add that. There's no way to change my google account's login (according to their faq) and I'm not about to get a new account and lose my entire search history and everything else that's tied to that account.

I would use an email address on one of my domains, but after having the same email address for 11 years, it's kinda hard to switch.

Comment proper use of hashing algorithms (Score 5, Informative) 217

So this also proves that, ultimately, this list of passwords was not properly hashed.

People jump up and down and scream that SHA1 and MD5 are broken, but if properly used, they still offer significant password security. One trick is to use salts when storing passwords in the database.

password: 'foo'
salt: '2010-11-16T08:39:05Z - some_random_string$#@!'
password-hash (md5): 14e80778512f578a5fe263abe4b58e9c

that increased the amount of time required to brute-force the password significantly. Also, the use of a database of hashes is largely worthless since each password in the list would have a completely unique hash. for the sake of brute-forcing the data, short passwords don't matter (on the other hand, brute-forcing login to the application is not affected). Having a different salt for each password makes the time spent on each other password completely worthless once the cracker gets to the next item in the list.

to improve that, we can say... hash the result 1000 times in a row. For someone trying to brute force the hash, they would spend 1000x the CPU resources creating the hash. It's mostly not a big deal to run that hash 1000 times when creating the information for the database or authenticating the user.

of course, SHA1 and MD5 are still broken when it comes to file integrity checking (when it comes to tampering) since there are documented collisions. For this case, cryptographic signatures are where it's at. You can guarantee that not only was the file not tampered with, but also that the person who supplied the signature was who they say they were. Gotta love public key encryption.

Comment Re:What automobile ? (Score 1) 1141

hooray for public transportation!

since moving to NYC in 04, I haven't had a car and it's AWESOME. no more insurance, worrying about people breaking in, parking, oil changes, cleaning it, gas, etc etc etc.

plus I walk like 10x more than I used to. it's great.

I'd get a bike, but I've been hit by a car on my bike in the past and I don't want to deal with that again. I value my safety too much.

Comment Re:IE? Seriously? (Score 2, Insightful) 142

The worst thing is that, when it comes to upgrading their browser, their assumption IS valid. They shouldn't HAVE to install a 3rd party browser. I'm not saying that there shouldn't BE 3rd party browsers, but the browser that comes with your OS should at least work properly.

One of my semi-techie friends saw those Chrome commercials and said to me "you told me that google was NOT a browser, but look, it is! You don't know what you're talking about!" I seriously think that it's a conspiracy to confuse consumers lately. Between confusing branding (Motorola Droid vs HTC Droid Incredible vs Android OS vs "Droid Does" and this whole 4G thing) and confusing metrics that are difficult (if not impossible) to explain to non-technical users (4MP vs 8MP camera, it's possible that the 4MP takes better pictures... and the difference between 4" and 5" display, when the 4" has higher pixel dimensions). And don't get me started on the difference between a fast internet connection, fast network connection, fast computer and fast browser.

So now you have uninformed users throwing terms around that they think they understand, you've got companies leveraging these misunderstandings to sell overpriced, sub-par electronics, and all these inexpensive electronics that you buy every year that are incompatible with each other (chargers, data cables, etc).

Keep consumers in the dark and confused so you can sell them whatever you want.

Comment Re:IE? Seriously? (Score 1) 142

Although I still feel that way, I've been forced on several occasions to make things look and function in IE (8 or newer only, luckily). One customer hounded us to get their site working in 6, and after we spent a week building a system to detect the browser and output different HTML and were only 1/2 done, they changed their minds.

It's sometimes difficult for non-technical customers to understand that each version of IE is a different beast and requires you do do much of the front-end work over again for each version.

If it was up to me, I'd just say that we don't support IE, but a good chunk of windows users on the public internet have not installed an alternate browser. I just don't get it.

Youtube

YouTube Hit By HTML Injection Vulnerability 224

Virak writes "Several hours ago, someone found an HTML injection vulnerability in YouTube's comment system, and since then sites such as 4chan have had a field day with popular videos. The bug is triggered by placing a <script> tag at the beginning of a post. The tag itself is escaped, but everything following it is cheerfully placed in the page as is. Blacked out pages with giant red text scrolling across them, shock site redirects, and all sorts of other fun things have been spotted. YouTube has currently blocked such comments from being posted and set the comments section to be hidden by default, and appears to be in the process of removing some of these comments, but the underlying bug does not seem to have been fixed yet."
Crime

Geologists Might Be Charged For Not Predicting Quake 375

mmmscience writes "In 2009, a series of small earthquakes shook the region of L'Aquila, Italy. Seismologists investigated the tremors, but concluded that there was no direct indication of a big quake on the horizon. Less than a month later, a magnitude 6.3 earthquake killed more than 300 people. Now, the chief prosecutor of L'Aquila is looking to charge the scientists with gross negligent manslaughter for not predicting the quake."
Image

ACLU Sues To Protect Your Right To Swear Screenshot-sm 698

The ACLU is suing the police in Pennsylvania for issuing tickets to people who swear. They argue that it is every American's constitutional right to drop an F-bomb. From the article: "'Unfortunately, many police departments in the commonwealth do not seem to be getting the message that swearing is not a crime,' said Marieke Tuthill of the ACLU of Pennsylvania. 'The courts have repeatedly found that profanity, unlike obscenity, is protected speech.'" This is a big f*cking deal.

Slashdot Top Deals

In any formula, constants (especially those obtained from handbooks) are to be treated as variables.

Working...