Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:SRP/Nonce puts an end to Phishing (Score 1) 43

Properly implemented, SRP does not store the the secret on the server end. It only stores v=pow(g,x) mod N, where "x" is a secret needed on the client end (derived from the password), and can't be extracted from v without either using a brute-force algorithm (try all weak passwords), or solving the discrete logarithm problem. You may want to read https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol more carefully.

I hadn't looked at SCRAM before, but from at a quick glance it looks like the only thing preventing an attacker from brute forcing weak passwords from nothing but a passively captured login session is an expensive-to-compute hash function (PBKDF2). It isn't as bad if SCRAM is wrapped in an SSL/TLS session with associated certificate, but if you really trust nothing has MITMed (i.e. incorrectly trusted certificate) or otherwise broken TLS (from the perspective of the client authenticating the server), then why not just send the password directly through the tunnel (from client to server), and avoid extra complexity?

Note that capturing a login session is generally a much lower bar than obtaining the password database, and SRP does not allow brute forcing even trivially weak passwords from just a captured login exchange. (As long as there aren't any huge breakthroughs in quantum computing or other discrete logarithm algorithms.)

All that said, you are correct that SRP or other low level single-connection authentication mechanisms do nothing for the cross-party authentication issue discussed in the article.

Comment Re:Hell, even Wikipedia is more accurate than this (Score 3, Informative) 472

But they most certainly are not selling a 4 year old computer.

They actually are. As of this writing, the non-retina Macbook Pro is still available for sale on Apple's site. Go to apple.com, click Mac -> Macbook Pro -> Buy and then scroll about halfway down the page. That model, which is being sold for $1099, hasn't been updated since June 2012, though it did have a $100 price cut in July 2014.

Comment Re:Question about the logs (Score 3, Informative) 219

I don't know if all of the logs do, but a substantial amount of them do. This is the "fleet learning" that Tesla talks about. Even when Autopilot isn't active, it's still watching, and comparing what it would do with what the human driver actually does as part of that fleet learning system.

Note that this is opt-in. When you purchase a Tesla, one of the forms they ask you to sign gives them permission to collect this data. You can decline to sign it, which will result in much of the online functionality of the car being disabled, but it doesn't stop the purchase and you can still use the car as a car.

Comment Re:Thanks to (Score 2) 369

I'd be OK with an editing function if the edit history is also available. Meaning, the old version of the comment isn't buried, and can be easily accessed by anyone that wants to read it. The edited version will show by default, but with a clear indication that it is edited and a link present to view the entire edit history. Nothing is ever deleted.

People will be called out pretty quickly if they try "revisionism", and the edit history would be there to debunk any potential claims about what they really said.

Comment Upgrade from 8, but not necessarily 7 (Score 1) 982

My advice, for whatever it's worth, is that if you are running Windows 8 or 8.1, you should go ahead and update. 10 fixes many of the issues that people have with 8, and it will be supported for longer.

As for upgrading from 7, I used to recommend it, but I've changed my mind on that one. The way Microsoft is being extremely pushy about the update is a huge turnoff, and I don't want to support that behavior. If you are running 7, and you are happy with it, then stick with it. Just keep in mind the end of support date for Windows 7 (January 14, 2020) and make sure you migrate from it to something else before then. You still have 3 and a half years, so it's not yet urgent, but it is something you should have in mind.

(On a related token, no machine running XP should be connected to the internet at all, and if you have one you can be certain that it is compromised. Windows Vista support ends in about a year on April 11, 2017, so it is getting to the urgent stage to replace if you are still running that)

Comment iPhone 5s with dying battery (Score 1) 183

Interesting timing on this story, considering the situation I find myself in and was considering options just this morning. I own a 3+ year old iPhone 5s that has a dying battery, meaning it will suddenly shut off with a dead battery even though it was reporting a 40% or greater charge just a few moments earlier. I obviously need to do something, so I decided to take stock of my options:
  • Replace the battery in my existing phone and continue to use it.
    • Apple quotes $80. The nearby Batteries+Bulbs quotes $60. I could do it myself for about $30, but I'm not sure if I want to mess with it.
  • Replace the entire phone with a newer model.
    • The iPhone SE is the only option I'm seriously considering, as I have no interest in Android and the 6 and 6S are too big for my liking. The SE starts at $400, but I can get a $150 credit by trading in my existing phone, bringing the out of pocket cost to $250 (I wouldn't do financing on it).

I haven't yet decided, though I am leaning to keeping the 5S. My existing phone, with a new battery, would probably have at least 2 years of useful life left in it. The SE doesn't really have anything in it that is all that compelling to me compared to the 5S except for Apple Pay support, but I don't shop at Apple Pay locations very often. If my phone were a 5 or 5C, it would be a different story, but the 5S has aged remarkably well and holds up well to Apple's more recent offerings.

Comment Re:Ignore 99.9% of the recommendations (Score 1) 1839

In general I agree. Major changes should be avoided, but minor tweaks here and there would be good. I support adding Unicode support, as that doesn't change the nature of the site at all but adds some useful functionality. HTTPS support should be there as well.

I also feel that the site should be IPv6 enabled. This wouldn't change a thing about how the site operates, as most users (even those that understand the difference) won't know whether they are connected to it with IPv4 or IPv6 unless they specifically check, but as a tech site, it should be blazing the way on this, not lagging behind.

In any case, I'm glad the beta site has been scrapped.

Comment Recovering Apple ][ disks without an Apple ][ (Score 1) 277

Possibly useful if you have old Apple ][ disks laying around:

Many years ago I graduated and lost access to Apple ][ machines at school, but still had a bunch of floppy disks for them.

Then just a few years ago I happened to stumble across a tool called disk2fdi http://www.oldskool.org/disk2fdi for MS-DOS, that can read Apple disks using IBM hardware. I was able to use the trial version of that (from MS-DOS on an old IBM compatible) to recover images of my disks.

I transferred the images to a newer Linux machine, and was able to use dos33fsprogs https://github.com/deater/dos33fsprogs to extract individual files and confirm that the recovery was successful. I also tested some of the disk images in an Apple ][ emulator.

I also have a couple of old TRS-80 disks (possibly a version of CPM?) that I have not been able to recover, although I haven't really tried very hard either.

Comment Re:Kid account (Score 1) 540

iOS can do this as well. It's under the iCloud Family Sharing system. There is an "Organizer" account, and then each member of the family gets their own account that is linked to the family, either as an Adult or Child account. Every account shares payment information. Adult accounts are able to make purchases without oversight, whereas when a Child account attempts to make a purchase, it sends a request to the Organizer to approve/deny the purchase. When a child comes of age, their account should be removed from the family sharing, at which point they can add in their own payment information.

I don't let my kids know my password for any service, and this article illustrates one of the main reasons why.

Comment Re:just plain old xterm, with this (Score 1) 352

I agree with plain xterm. Others tend to annoy me.

It's true there are a number of oddities about xterm that might put off people who've never used it before. By default no scrollbar, and once you enable it, it is kind of odd in that you don't use "modern" conventions to interact with it. Its menus and other features are hidden by keystroke combinations that are probably hard to discover if you don't already know about them. I don't like some aspects of the default configuration. I've heard the code is a mess internally, although I haven't checked. Etc.

But I still think xterm is the best. Some emulators flicker when scrolling; not xterm. It just seems faster, and I'm spoiled: even a small fraction of a second response time seems excessive to me. Uses very little RAM. Very configurable if you actually take the time to search through the man page. No superfluous decorations around the terminal (even a scrollbar) unless you want them. Doesn't depend on any huge modern GUI toolkits; if you can run X at all, then you can run xterm. It's available everywhere; get used to it once, and you aren't constantly getting used to other terminal idiosyncracies. Etc.

My personal configuration:

xterm*saveLines: 3000
xterm*scrollBar: true
xterm*boldFont: 6x10
xterm*foreground: white
xterm*background: black
xterm*font: 6x10
! Very useful to quit out of vi or less, and still refer to
! what you were seeing while typing next command:
xterm*titeInhibit: true
xterm*pointerMode: 0
! works better with the black background I like above:
*VT100*color4: blue
*VT100*color12: lightblue
*VT100*colorUL: yellow
*VT100*colorBD: white

Comment Re:Good for the Orchestra, and for music (Score 3, Interesting) 111

I thought someone might say something like this, but there is a clear response to it that fits the theme of my original post.

Yes, it is true that most movie and video game music is pretty boring without being attached to its original material (much like Beethoven's Egmont suite I mentioned in my original post - with the exception of the overture, essentially the equivalent of a Main Title theme in modern terms - it's not all that interesting). That said, the vast majority of music written during the 17th through 19th centuries (the period of time that what people now call "classical" was written) is not heard any more. What we hear now is the best music, the music that has survived the test of time. The same will be true in 100 years - most video game music will be virtually lost, never heard again unless someone happens to dig up the actual game. Some of it, however, is actually quite good, and will survive to become part of the standard classical repertoire. I think the Zelda Symphony alluded to in the article is a potential example of this.

Comment Good for the Orchestra, and for music (Score 5, Insightful) 111

I am a performing professional classical musician who also happens to enjoy video games.

I am saddened by the attitude that many people have that by performing music such as what comes from games that the orchestras are somehow "cheapening their brand" or that it is "diluting the culture." To claim this is to completely ignore why people listen to music in the first place, and where much of "classical" music came from. This elitist attitude is what has significantly contributed to the decline in attendance numbers seen over the last few decades.

Mozart was a party animal. He was essentially a 18th century rock star, complete with the fame and lavish lifestyle that implies. As much as he was a musical genius, he was terrible at managing his personal affairs and died penniless, buried in an unmarked grave.

Beethoven, who is often called the "Father of the Modern Symphony" (thanks to his groundbreaking work in his 9 Symphonies), was also very much involved in the popular music scene of his day. His Egmont is music that was written to be performed alongside a production of a play of the same name (only the overture is performed with any regularity today, as the play itself is pretty awful). This makes it essentially 19th century movie music.

When Stravinsky's Rite of Spring was first premiered, a riot broke out among the audience. This wasn't just because of the nature of the music itself, but because that was the culture of performance at the turn of the 20th century - the audience was looking for something to get riled up over, and the music hit that emotional chord perfectly.

Modern performances are often formal affairs that remove the context of the music from its original conception. This isn't always a bad thing, as a good performance of a Mozart Symphony can be very exciting, but to try to stick to that because of some idea that it's meant to be that way is to ignore what the music actually is. Modern orchestral composers don't compose symphonies any more, they compose for movies and video games. That movie and video game music of today will be tomorrow's classical music. I've already seen performances of movie music from 50 years ago or so programmed into classical performances (not the pops concerts where such music usually resides), and such will become more and more common as time goes on.

In any case, something that increases awareness of the medium is a good thing. Today's kid that attends a video game concert performance might be tomorrow's grandmaster concert soloist, inspired by the music they heard when they were young. Even someone just making the leap from attending a video game concert to deciding to attend a classical concert isn't a very big one, but is extremely important to the long-term health and survivability of the genre.

Comment I hope they succeed, but... (Score 5, Interesting) 426

I hope that this effort of GM's succeeds at least well enough for them to continue R&D into EV's, but there are 2 significant problems I see that they'll need to overcome:

First, they'll need a high-speed charging network that will allow for long-distance road trips. Public charging infrastructure is too slow to realistically allow for a trip that is further than what one can do on a single charge. Granted, with 200 miles instead of 40, this is significantly better than what's out there now, it's still not good enough for someone that wants to occasionally take their car on a multi-state road trip. Tesla's supercharger network gives them a competitive advantage, and GM will need something similar. Tesla has said that they are willing to share access, but it has to be on their terms. If GM is willing to buy in on that, we might see a Bolt capable of using Tesla superchargers - this would solve this issue for GM.

Second, the established dealer network has no interest in selling EV's. Most of their profits come from after-market service, and EV's have (theoretically) significantly less service needs. To this end, the dealers are motivated to push traditional ICE's over EV's in virtually every case. This is the major reason why Tesla does not use the traditional dealership sales model. No car salesman will direct you to a Bolt - you'll only get one if you come in specifically wanting one and push past their sales tactics to get you into something else. Buyers of the Nissan Leaf have reported resistance to and sometimes outright hostility from dealerships over wanting to purchase an EV. Unless GM is somehow able to break the dealership cartel and begin direct sales themselves, this issue won't be overcome anytime soon.

Another thought: at $30,000, I strongly suspect it is priced as a loss-leader, meaning it is being sold under cost. Tesla needs the economies of scale of their massive battery factory they call their "gigafactory" now under construction in Nevada in order to achieve a $35,000 price point for the Model 3. It seems unlikely to me that GM has managed to bring the cost down so much without a gigafactory of their own. It seems likely to me that the Model 3, at $5000 more expensive, will be superior to the Bolt in virtually every respect (Tesla has repeatedly said that their 200 mile range will be a real-world figure, while the Bolt's 200 mile range will probably be an ideal figure in perfect conditions, though I'd love to be proven wrong about the Bolt).

All this assumes that GM actually delivers as promised, which is far from guaranteed.

That said, more competition in the EV space is a good thing, so I hope the Bolt does at least well enough for GM to continue research in the area.

Slashdot Top Deals

: is not an identifier

Working...