Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Stupidity (Score 1) 8

Refusal by the US and EU to engage with Russian law enforcement, in order to forment the appearance of conflict, in the insane attempt to sell more guns and bullets for no other reason than insensate greed, blocks the ability to mutually cooperate to end the problem, fucking morons.

Comment Re:pointless (Score 1) 25

Higher resolution, frame rate, curve, 3D, fuck it all, more power, more power, more power. Lots of ram, user installable OS, play right on the TV no console, mass storage, when the TV screen is off it might as well be a file server. Really, really, big screen all in one Android at a pinch, preferably Linux or Steam OS or even Mac OS. Fuck the pretty picture I want more power, more ram, more storage and definitely no fixed camera or microphone (removable with manual on off switch). Ohh and a tablet tied to the system as a remote control and keyboard and remote visual unit, preferably the TV being able to handle more than one tablet connected at a time for group play. MORE POWER

Comment Re:For variable values of "practical" and "relevan (Score 1) 127

So out of 172 root CAs only 14 include any path length restrictions, and even the ones who do still allow some chaining.

O_o

We're doomed.

I don't think the SHApocalypse will be tomorrow. This was an identical-prefix attack instead of a chosen-prefix which constrains the attacker considerably, and the computation required is much higher even to generate simple collisions. However, (again, please correct me if I'm missing something) it does seem plausible that that further weaknesses will be found which provide just enough leverage to forge a signature with one of those 172 CAs, and we may eventually see a rogue sha1WithRSAEncryption CA issued.

I concur, completely.

Comment Re:My experiences in other companies and opinions. (Score 1) 186

The problem is that it is a shitty manager who insults any subordinate. If you have a problem with a member of your team, you take them aside and try to deal with it. If it rates disciplinary action, then so be it, but that can still be done respectfully. Either we are adults who can behave with some decorum, or we are unruly children. I won't have unruly children as managers, period. Behave appropriately or you will be demoted. Calling anyone a "fag", get into shouting matches with them, and I will be making you apologize to the persons involved and to anyone who overheard them, and do it repeatedly, and you'll be shown the door. A work place should not be a place where people with power feel some right to behave badly to other people.

Comment Re:What should happen and what will happen (Score 1) 127

Using memory dependent hashes works better if one is a small server since one will rarely have a lot of people sending in their passwords at the same time, so the RAM space you need isn't that large. If you are a large organization then this doesn't work as well because you then need room to be able to do many such calculations functionally simultaneously.

Meh. If you are a large organization, you can afford more.

Anyway, the point is that you should turn it up as much as you can afford.

I agree that there's a linear v. exponential difference there(although for many of these it is more like linear and subexponential due to algorithms like the number field sieve),

Yes, NFS is subexponential, but not very "sub". And anyway, RSA is old, broken crypto which should be migrated away from.

but the rest of your comment is essentially wrong. We keep keys just long enough that we consider it to be highly unlikely that they are going to be vulnerable, but not much more than that.

I hate to resort to appeal to authority, but the actual analysis required to prove it is way more effort than I have time for this morning. Take a look at keylength.com, it has a host of authoritative references.

In fact, it would be a lot safer if we increased key sizes more than we do, but there are infrastructural problems with that. See e.g. discussion at http://crypto.stackexchange.com/questions/19655/what-is-the-history-of-recommended-rsa-key-sizes

Heh. In my previous reply I actually typed a long section about why RSA is a weak counterexample to my argument, but deleted it because it's nitpicking. Since you chose to pick that nit...

It's a valid counterexample because RSA key generation, and, to a much lesser extent, RSA private key operations, are computationally expensive enough to stress low-end devices (an issue I often have to deal with... I'm responsible for some of the core crypto subsystems in Android). But it's a weak counterexample because RSA is not modern crypto. It's ancient, outmoded, we have some reasons to suspect that factoring may not be NP hard, using it correctly is fraught with pitfalls, and it's ridiculously expensive computationally. And even still, the common standard of 2048-bit keys is secure for quite some time to come. As that stackoverflow article you linked mentions, the tendency has been to choose much larger-than-required keys (not barely large enough) rather than tracking Moore's law.

So, yeah, if you use an outdated, ridiculously expensive algorithm, and you do it on very low-spec hardware, and you want it to be secure for a very long time then, yeah, you might end up having to use barely-large-enough key sizes.

Don't do that. For asymmetric crypto use ECC. Preferably with an Edwards curve, so you don't have to deal with niggling suspicions that the curve is weak in some obscure way known only to the NSA.

Comment Re:Hard wired (Score 1) 169

As hunter-gatherers (you know, in the time before writing and the invention of religion)

Before writing, yes. I strongly suspect that religion existed even then. All of the hunter-gatherer societies that survived to historical times had religions, often quite sophisticated ones.

Comment Re:Talk about a subset of a subset (Score 1) 58

Total computer installs M$ is destroyed by Linux. That is installs on TVs, Tablets, Phones, Servers and whole range of appliances. M$ is now just hanging in there on the desktop based upon nothing but lock in via applications and existing data and that is real bad, in new markets in only has the Xbone and the Xbone will come under real threat from more and more powerful smart TVs and smart phones. Keep in mind, with smart phones, with portable custom fitted VR glasses (still to hit the market), you have a big screen in your pocket and that is doom for game consoles.

Business, there are real problems there, no business wants to be spied on and it business practice advantage put up for sale to the highest bidding competitor and that does not even touch medical practices, where M$'s spying is against the law and both the medical practice and M$ come under real legal threat.

M$ is now wildly uncool and that is doom in the consumer market. M$ does not maintain the privacy of business and that is a real problem. The desktop market will shrink to power users and they are a really fussy, demanding market and as far as M$ gross invasion of privacy and demands for control over power users, they have a great big ole 'fuck you' coming.

There were much smarter directions to go in, they were just stupidly arrogant and it is unlikely they will be able to come back from that. Never forget desktop PCs and the consumer market are parting ways, so M$ will lose the bulk of the PC market right there, not to competitors but to smart phones, smart TVs, tablets and cheap simple notebooks running Android (way good enough for what most of them will be doing). So not so much M$ losing the desktop market, just the desktop market pretty much shrinking back to early 2000 levels and M$ is pissing that market right off, so screwed and they deserve it.

Comment Re:Talk about a subset of a subset (Score 2) 58

Not to mention that Valve knows well enough that Microsoft is working hard to throw as many obstacles between their feet to make Steam as unusable as possible in Windows to promote their own game store.

Valve, of all companies on the planet, has a VERY good reason to push for full blown Linux support in gaming. And that's basically what Linux needs if it wants to take off.

Because, face it: What reason does Joe Average still have to use Windows? Internet? Nope. Every major browser, mail system, video player you might want is available. Document writing? Nope. Libreoffice is good enough for personal use.

What's left for Joe that ties him to Windows is gaming. Yes, there are a lot of other applications that are not available on Linux, or not at the same quality. But they are mostly things that are niche products that are interesting to a very small subset of users. The only big issue that remains is actually gaming.

Slashdot Top Deals

The F-15 Eagle: If it's up, we'll shoot it down. If it's down, we'll blow it up. -- A McDonnel-Douglas ad from a few years ago

Working...