Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:I don't even know my passwords (Score 2) 652

Using 2FA authentication won't work to stop them.

They ALREADY ask you to allow inspection of electronics. If you refuse to give them the password, expect to not get your phone, laptop, or tablet back till you either give them the password or they image the whole thing for NSA's "enhanced decryption".

Comment Okay, what's the business model then? (Score 4, Insightful) 234

Which leaves us with the interesting question of LastPass's business model.

1) Advertising? Knowing every site you visit - AND YOUR PASSWORD?

2) "We have a benefactor". Yeah. Except that maybe that benefactor is the NSA. Or is it the GRU? Or is it the MSS (China's NSA)?

No matter how I slice it, I can't figure out an angle that isn't kinda creepy.

Comment Re:Is the implication that fresh water is bad? (Score 1) 159

Submerging plants in drinking water reservoirs is doubleplusbad. Not because of the carbon emissions, but because the rotting plants will give the water a bad taste for fifty years or so.

When the state of Massachusetts built the Quabbin reservoir in the 1930's, they did their level best to take out all of the wood and plants that would rot; clearcutting the forests, relocating, demolishing and carting, or burning farm buildings in place. Only the stone foundations remained. They even removed the railroad ties of rail lines. The result was a reservoir that is still the major reservoir of Boston to this day.

Comment Yet another reason why Adblocking and Scriptblocki (Score 4, Insightful) 96

Yet another reason why adblockers and scriptblockers are essential.

Not just because ads chew up your pay-by-the-byte bandwidth, but because they are actively serving up malware.

Sorry, all you ad-supported sites... find another business model. Your current methods are dying a very painful death.

Submission + - ORWL Open and secure computer Not So Open.

Dr. Crash writes: ORWL (the open-sourced physically secure computer) crowdsourced on CrowdSupply has revealed their licensing model.... which isn't closed, but not much better.
* Schematics only "rendered" — as PDF, impeding mechanized analysis for holes. "Source" (i.e. Cadence files) requires an NDA
* PCB layouts are available only as Gerber files. "Source" (i.e. Allegra files) again requires an NDA
* Mechanical CAD files and BIOS: Only via NDA.
Is it just me, or does it strike other readers that for a computer that's supposed to be open-sourced and inspectable, releasing only the equivalent of "assembly code" (PDFs of the schematic, Gerber files) and requiring an NDA for the BIOS and mechanical security just doesn't cut it? in particular, revealing only the PDF'ed schematics and the Gerbers make it essentially impossible to improve the device, and without the BIOS being inspectable, the security of the whole system is completely compromised.

Read the release info yourself at:

Comment Don't bother - even if your password is strong.... (Score 1) 210

Unless there's money involved, I don't bother with a strong password.

Why? Because even if my password protocol and tradecraft are bulletproof, most sites aren't. Sites get
compromised so often that even a good password will fall in a year or two. Or your password _manager_ gets

So... why bother? Start with "Password#1!" (which almost all sites will accept as "strong" and
when (not if, when) that compromises, move to "Password#2". And so forth.

Okay.... don't use the word "password". Use "Starbucks#1". Or "Galactica#!".

Other than a very few sites worthy of _trying_ to protect (your bank and maybe your primary email) one password
shared across all sites is more than adequate because compromise is inevitable. Make the cost of
compromise as close to nil as possible; that's the optimal behavior. I mean, who cares if your brownie
recipe gets trashed?

And never, ever store a password that can be turned into money on anything more connected than a
post-it note in your wallet next to your Benjamins.

Comment Advertising is DEAD. Find another business model (Score 5, Insightful) 398

The unfortunate truth is that once someone experiences the speed and cleanliness of adblocking, they simply won't go back. Not ever.

And, as explained in a previous post, the second thing they do is show their friends. And their relatives. And their social contacts.

And so it expands, like neutrons in a nuclear warhead; the chain-reaction gain is greater than 1 and the constraint of business models
("we don't take your word for the claim that the ad was shown") will either have to break down, or the whole business is "game over".

My advice to webvertizers: update your resume and find another line of work.

Comment Blockng ads for years.... (Score 1) 307

I've been blocking ads for years.

Every so often, I have to use my wife's computer and it's slow and grindy and the web pages take forever to load and forever just to switch tabs. Even though her computer is newer, bigger, and faster than mine, hers might be more convenient.

And the web pages are so full of ... crap. It's hard to see what the good stuff is. Just so busy.

Then I realize the problems... she's not running Adblock. She's not running Noscript. She's letting Flash run. She's not running Ghostery or Privacy Badger. Her computer is getting POUNDED by a few hundred sites all doing PUSH notifications and similar crap.

All of which counts as bytes trying to get down that DSL pipe. No wonder I can't watch Netflix on the Wii if she's got fifty tabs open, forty-nine of which she's not looking at but which are still running ther Javascript "just in case she looks".

Advertisers, you killed the Web by a steady diet of saturated-fat video ads and flash animations and strung it out on the taut wires of a thousand tracking sites. Your deserve to eat the rotting corpses of your clients, your competitors, and finally yourselves, for you have made the web UNUSABLE without adblocking and scriptblocking.

No, I won't comment that the web content is a continuous flow of "will someone PLEASE think of the !!!" angst-stream articles written in coffeeshops upon macbooks, nor buzz-generating puffpieces meant to assuage the doubts of nvestors, nor the unending ur-narcissism of Facebook.

No, that's a whole 'nother rant.

Comment Re:Israel hasn't vowed to "wipe Iran off the map" (Score 1) 441

We weren't celebrating the killing of 350,000 Japanese.

We were celebrating the not-having-to-kill 70,000,000 Japanese.
Remember what had happened just five months earlier, in March of 1945?

A little test invasion on an island called Iwo Jima. Iwo Jima was defended by 20,000+ Japanese.

Of that 20,000+, only 216 survived.

On that scale, killing _only_ 350,000 people starts looking like the best deal in town.

Comment Open Source == DOES get a fine tooth comb. (Score 1) 73

I am the prime author of CRM114 (the spam filter) and IT DEFINITELY GOT CHECKED BY SMART PEOPLE. There were at least a dozen people who would dependably read the code, and they'd find the pickiest things (luckily, not anything serious; thank you Valgrind!)

So, it's absolutely, demonstrably, provably (read the mail archive!) the case that at least SOME mail-oriented open source gets the all-orifices examination, and that examination is effective.

Whether or not security software gets the same thing, I can't say for sure, but I'd be surprised that it didn't. The recent set of security vulnerabilities only shows that old code didn't get the same care as newer code.

Comment Been EXACTLY there. Here's the right way to do it (Score 1) 224

I've been in EXACTLY that situation.

The solution is to make the license explicit and separate from the employment agreement.

This avoids situations where the IP license does (or does not!) expire when you leave the company.

Is it a paid-up-once license, valid forever, or renewable on a yearly (or even monthly) basis?

Does the license include the right to relicense (i.e. can the company sell a license to produce stuff based on your IP to third parties to manufacture and sell)

Does the license follow the company, if the company is bought out by $MEGACORP?

Yes, we had lawyers on it. Yes, everyone agreed that this was the way to go.

Comment Re:How is a password written down "worse than noth (Score 1) 169

Most people don't have a private, lockable office.

Most people don't even have an office that has a door.

They have a cubicle, and one without a lockable file drawer... (as though typical office furniture locks weren't jokes to anybody with two paper clips and the MIT Lock Picking Guide)

Some people don't even have a cubicle. Look at an "Open Architecture Office"... they have one two floors down. I'm not sure if I would pick that or pick McDonalds as better or worse.

That's the problem. You need to keep the security token (be it a yellow stickie-note or an RSA key) on your person, all the time.

And it still doesn't stop a good phish, or the next Heartbleed.

      - Dr. Crash

Comment Strong passwords == useless (Score 1) 169

Strong passwords are useless - well, they're useful only against a brute-force attack and that's not the big threat anymore. A 64-character password is worth nothing against a phishing attack, and is worse than nothing if you have to write it down.

Maybe the cure is to have the incoming mail server destroy all clickable links (or point them at an internal "you will need to navigate to that URL manually" warning page, and simply delete anything executable.

Comment I got a Velleman K8200 - and LOVE it. (Score 1) 251

I bought a Velleman K8200 ($750) essentially on "impulse", as
I have access to a StrataSys 3D printer at work and so it might
seem "redundant".

Guess what? I LOVE IT! Sure, there is no reason why I couldn't
make this or that by hand-carving it out of a solid block of acrylic,
or wait till Monday morning to run the parts on the StrataSys at work,
but now I can drop into OpenSCAD (or my wife can drop into Blender),
design the thing, hit "print", and then cook dinner while the machine
does the drudge work. A few minutes of hand clean-up later (mostly
reaming holes if we want snug fits) and the part is done- or more
likely, we decide we want to change it. Some parts go through
three or four iterations before we decide it's perfect. That's the
seductive part of 3D printing - the cost of a prototype approaches

I'm probably $1200 into this by now (filament goes typically for
$40 a kilogram, and some of the stuff like the extrudable rubber
and the water-clear, FDA-approved PET is almost twice that), but
darn it, this is fun!

Sure, you can spend a lot of bucks on the toolchain but you
absolutely don't have to spend anything at all. (Solidworks $8000?
Got it at work. Don't need it; OpenSCAD and Blender and FreeCAD
are adequate for me, and free for the download).

Yeah, my wife has dreams of making gee-gaws and knick-nacks to
sell at her conventions, but I'm happy to spin out replacement ladders
for my son's toy fire engine and custom rail crossings for his railroad, and
"companion cubes" and little unicorns for my daughters.... as well
as the occasional screen door handle, refrigerator shelf holder,
cellphone mount, consumer electronics case / case replacement,

Note- there's no "driver issue" - with rare exception, all cheap
3D printers all talk G-code via RS-232 or USB-TTY at 250,000
baud (yeah, nonstandard baud rate because most 3D printers are
based on Arduino cores, and that's one baud rate that has essentially
zero error due to CPU clock speed). The printer control "front panel"
is a big Python script (several options are there; Repetier-host and
Pronterface both are nice); the slicer that turns STL models into
G-code is open-source (I use Slic3r at home and Cura at work).

It's a big, big win. Really. I can sit down with one of my kids and
make something they want and have the printer spit it out while
we read a book or watch a show. Maybe every home doesn't
need one, but I'd rate it right next to "belt sander" in the home arsenal.

Slashdot Top Deals

The biggest difference between time and space is that you can't reuse time. -- Merrick Furst