Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Proven Yes. (Score 1) 498

I finally had the opportunity to write my preferred password enforcement when it came time to update a site I work on.

I got to what I believe it the root of the issue. What do we want? We want a password that would take a long time to guess. How long? Well that's easy... Take Hashcat's current hashing speed for your chosen hashing algorithm (hopefully including iterations) on an enthusiast cracking setup (8 x $1,000 GPUs) and extrapolate the speed of the machine in the future using past speed gains (I came up with a simple curve from 2006-2016) so the algorithm doesn't need tuning in the future. Once you know how many hashes you can guess per second with this, you can take the proposed user password and figure how many seconds it would take to guess at worst case scenario. We insist on 200 years to guess the password and we're off to the races!

There are no character limits on length or what type of characters, etc. SUPER long passwords are fine. ALL special characters are fine. If you want a password with all digits (the least secure) that's fine as long as it is long enough. The way things work out with the 200 year requirement the actual shortest password you can have right now is 8 characters, but that's a side-effect, not a limit. If we upgrade our hashing algorithm that would go down. Or if computers got slower... =P

Comment YouTube has a long way to go with HTML5 player. (Score 1) 96

I'd love to ditch flash and use the HTML 5 player on YouTube, however they are using a whitelist to decide who can see HD content on YouTube with the HTML 5 player, and in their infinite hubris, Pale Moon is not on their whitelist. When will this user-agent sniffing/whitelist bullshit ever end?!

Comment Re:200 Million Yahoo "Users" (Score 1) 169

There is another way to move to modern solutions without inconveniencing the users. I know, because I've just implemented it on a system I work with.

How to move from a plaintext or otherwise insecure password storage system to a modern solution:
1) The user tries to log in.
2) Check if they've already had their password updated to your more secure solution. (Salt is the correct length? or similar)
3) Assuming they are using the old style, authenticate the user with the old style of authentication, keeping their password around in memory.
4) Update their password hash, salt, IV, etc. in the database at this time since you have the password in memory as cleartext as if they were a new user being created.
5) Present the user with the normal landing page.

1) The user tries to log in.
2) Check if they've already had their password updated to your more secure solution. (Salt is the correct length? or similar)
3) Assuming they are using the new style, authenticate the user with the new style of authentication.
4) Present the user with the normal landing page.


This seamlessly updates users to the new style as the log in. Eventually, you can get rid of the old style of authentication and clean things up after some time. Send e-mails to those still using the old style to log in (haven't logged in during your transition period) soon or their account will expire. If expiring account sis not an option, then you will have to reset passwords, but only the rarely used accounts that didn't participate in the transition period.

Comment Re:Heading the wrong way (Score 1) 187

This is completely false. We have Netflix, and we can get ALMOST EVERYTHING, including "The Path", "Man in High Tower" along with most anything else you can think of (minus a few esoteric, rare, or foreign movies/shows). Sure, you have to plan a few days ahead of time and wait for them to come in the mail, or wait a year for the season to come out on DVD, but being an adult I have no problem delaying gratification as such.

Comment Re:So there's nothing wrong with the diagnostic .. (Score 1) 74

There is no such thing as a "fast" lane in the United States. Calling it such is part of the problem. There are "travel" lanes and "passing" lanes (and in some cases slow-vehicle lanes for steep grades). It's not a "left" lane. It's not a "fast" lane. They are "passing" lanes.

Also, I think it was Abraham Lincoln who said(?) "The best way to get rid of an unjust law is to enforce it strictly."

Forcing others to abide by an unjust law as a form of civil disobedience in an attempt to get the law repealed is something I will applaud every time.

Comment I wrote and used a CD the other day. (Score 1) 385

I was setting up a brand new laptop for a client. It's a Dell with Wind7 Pro 64-bit but obviously came with the silly WIn10 installation media.
The plan was to install a new SSD in the laptop, and then get WIn7 back on there fresh with no bloatware (as you do).

After the SSD install, I tossed in a Dell-branded Win7 SP1 DVD I happen to have, and installed from there. However, the laptop is so new that the DVD did not contain any network drivers (typical) but surprisingly didn't include the proper chipset drivers either for the USB controllers/hubs/ports. I almost always have either network, or more typically the USB ports working after a Windows 7 install.

Without either of those, I was reduced to throwing some of the drivers on a write-able CD. Thankfully I still insist on recommending laptops with optimal drives. If the laptop had not come with an optical drive, and had I not had writable CDs laying around, I guess I would have taken the SSD out and plugged it into my desktop to transfer over the drivers...

I was not excited about having to write a CD, but at least it was an option.

As for DVDs, I write those ALL the time. =D

Comment Re:Openstreetmap.org (Score 4, Interesting) 149

Open Street Map was truly an answer to my prayers. Being able to modify the maps based on my personal experiences is nothing short of a miracle. The wiki aspect of maps really works well here, and the end result are maps that the every-person can use well, and those of us who are just geeky as shit about maps and cartography can also get things done that we need to.

As a general question to all commentators; if you're not using Open Street Maps, what is your reason?

Comment Re:There Is A Single Answer (Score 1) 222

CaptainLard is correct. Brake rotors do not warp. When they get hot, they "cone" and when the cool off they return to their normal shape.

Any and all run-out is due to uneven pad material transfer. Uneven pad material transfer is due to overheating the rotor which crystallizes the cast iron and promotes continued and early overheating after the fact. Even if you resurface the rotor to remove all pad buildup, you're going to get uneven pad transfer soon again at lower temps because the rotor has localized hot spots built in now.

The pad material is very often metallic (not ceramic) on performance setups as shown in that YouTube video. The material is molecularly bonded to the iron rotor. This makes it indistinguishable on the surface of the metallic rotor.

Slashdot Top Deals

The faster I go, the behinder I get. -- Lewis Carroll

Working...