Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:Wherefore art thou Slashdot? (Score 1) 113

The physics are sound but the engineering practicalities may not be. For example, the original design requires air to be actively pumped from in front of the vehicle out the back, because even in low pressure the air resistance is problematic. You can't get much lower air resistance without a much more complicated, and thus expensive and failure prone, tube.

The issue of the pylons subsiding is also rather severe. On Japanese high speed railways they inspect every metre of track every night, and repair it as necessary. Repairing subsided track is relatively quick and easy, you just shove some spacers under it. Fixing a subsiding pylon... It's an engineering challenge that needs a clever solution.

The economics are also questionable. The capacity is low, even with multiple cars. High speed rail carries hundreds of people and their luggage in comfort, and in Japan it leaves every 15 minutes. The new maglev trains are going to start at 550kph and are expected to reach over 900kph in time, once the company has experience running them and maintaining the track. So actually they are going to run much larger trains at similar speeds to this design on a much cheaper, lower tech track, and presumably with their usual excellent safety record. And they are building it now, with proven technology.

Comment Re:Let's be certain first,.. (Score 1) 372

Stories such as Linus specifically having to avoid spending any time with females one on one as he's been "targeted for take down". Situations of outright false claims against people, proven clear and still people write incorrect articles about them, deliberately.

You should take your own advice. The claims about Linus were one blog post by someone who has been largely discredited. Yet you seem to consider it of equal journalistic quality and value as things written by actual journalists in respected outlets.

Ever since gamergate my concepts of fair reporting, harassment, he said she said have been seriously adjusted.

Yes, you now seem to take the word of people on social media as being as valid as that of multiple respected journalists and assume that when they disagree there must be some conspiracy by the journalists to hide the truth.

I will no longer blindly leap into "condemn them, silence them!!" mode as is intended.

People, especially journalists reporting on the events, have been asking for comment from Appelbaum since the very beginning. Quite the opposite of silencing him, his silence has been frustrating them.

Comment Re:Cui Bono and To What End? (Score 2, Insightful) 372

Tor is now shit, because the good people were chased away.

Complete bollocks. Name some of these "good people" who have left. The project founders and all the major technical contributors are still there, as well as many new ones.

China, the US, the UK, and just about everyone else suddenly has no problem finding people on Tor networks.

Also complete bollocks. The only known instances of this happening were via browser vulnerabilities, not problems with Tor itself. And those vulnerabilities could easily have been mitigated if people has set their browsers up properly, disabling Javascript as recommended.

Comment Re:"Sexual mistreatment"? (Score 1) 372

Details here: http://jacobappelbaum.net/

There were formal proceedings, the Tor Project organization investigated. It's difficult to involve the police because many of its members are regularly harassed by law enforcement and some are wanted in various countries. It's likely that there is a grand jury investigation in the US into Appelbaum himself for involvement with the Snowden leaks, for example. The victims live in different countries too, although there are some in Germany where Appelbaum currently resides.

Comment Re:Really lousy article (Score 1) 372

The situation they are faced with is that their staff are regularly harassed by law enforcement, so going that route is not really an option. The evidence is out there for anyone to evaluate themselves (google his name), and many of the victims have come forward publicly with their real identities.

They can't just ignore this and they can't really take it to the police. FWIW no defence has been offered in the face of multiple, consistent and credible reports. It is what it is, but if you have a workable way of prosecuting the guy we would love to hear it.

Comment Re:The actual abuse exist, but ... (Score 1) 372

I think we can take their resignation at face value. There was serious abuse in their organization by its most public member and they failed to stop it. The people taking over aren't government stooges, they are well respected and highly competent people like Bruce Schneier.

They did the right thing. Fresh start, get some good people in, free up some of the old board members to work on the technical side.

Comment Re:Hatchet jobs aside (Score 3, Insightful) 372

Tor is backdoored.

No. You don't understand what Tor is or what the vulnerabilities used by attackers are.

Tor is secure. Where people have been located, it was due to bugs on the bundled browser and not following best security practices like disabling Javascript and not using a maximized browser window (to thwart canvas based fingerprinting). But the underlying network itself is secure.

Don't mistake compromised Tor exit notes as flaws in the network. Tor was designed on the assumption that exit nodes would be compromised and are inherently untrustworthy. Even if you use Tor, you still need to encrypt the traffic leaving the exit node because, as the documentation makes extremely clear, the exit node can see everything that passes in and out of it.

Once you understand what Tor is and the limits of what it does, you can see that it is highly effective and has proven secure.

Comment Re:Same vulnerability every password manager has (Score 1) 133

It's a slightly different problem. Imagine a site with a hidden login form that impersonated Twitter and made Lastpass auto-fill your Twitter username and password. So at a minimum you should disable auto form filling in Lastpass.

Now imagine an ad network serving up this malware to millions of people.

Comment Re:Who is spying on me? (Score 2) 88

This feature runs on the phone, built in to the telephone app, so to use it for spying your phone would already have to be compromised. In which case they can already turn your GPS on whenever they like anyway.

Generally speaking though there is no need for them to bother hacking your device. The phone company is legally required to track your phone at all times anyway.

Comment Re:Why not a password hasher? (Score 2) 133

True, but how exactly would they get your master password? You never need to enter it anywhere online, just your offline, one-way hashing algorithm.

Exactly the same as an offline password manager, so no benefit.

Except this file does not need to be secure in any way.

It does. If someone has your salt and the URL of the site, and say that site gets compromised so they have the hash of your hash too. Now they can brute force your master password, and then get into every other site you used it with, and your file has a handy list of URLs where it will work.

It's actually worse than using the master password to encrypt the password file. It's less convenient too; with an encrypted file you can store the user name, secret question answers etc.

Comment Re:Why not a password hasher? (Score 4, Informative) 133

Because password hashers are no more secure than password managers that auto-generate long random passwords. If an attacker steals your master password they still get everything. Due to the requirement to meet password length and other requirements, and to allow for changing compromised passwords you still need a file containing those details. There is no benefit over simply encrypting that file with the master password.

You are right about online password managers though, they are an absolutely terrible idea as multiple Lastpass breaches go to show. Use an offline password manager, optionally storing the encrypted file in the cloud if you need it to be portable, but with all the decryption happening outside your browser.

Comment Re:Solution found (Score 1) 83

Even with batteries my wireless keyboard at work goes for about a year on a set, and the mouse maybe 6 months. It's worth it to just be able to chuck the keyboard out of the way when I want to write, and to free up some space where cables would need to pass.

As for security, while it's obviously quite important I'd point out that I rarely type any of my passwords these days. They are mostly very long and impossible to remember, and simply copy/pasted out of Keepass.

Slashdot Top Deals

Help fight continental drift.