Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Cognitive Load (Score 1) 210

Unfortunately, if I understand correctly, most of the publicised password breaches aren't due to intercepting the password in flight; they are due to successfully finding plaintext that matches the salted hash in the stolen database.

But still that's an interesting idea for protection against intercepting passwords in flight or recovered from RAM later.

Not only are passwords in plaintext in-flight behind a TLS terminator, typically on the LAN or virtual LAN or unix socket going to authentication services, but they also linger in kernel, router and middleware memory long after they have been transported around. Good security software knows to erase its own memory of sensitive data after use, but in between the TLS-terminating load balancer or web server (NginX, Apache etc) and back-end application processing of security URLs, usually there are a great many subsystems that transport the data of HTTP requests in plaintext, and don't have special provisions to erase their memory of them. So they linger in RAM afterwards until randomly overwritten. This can be made more secure than it usually is, but it's quite advanced.

The encryption part of your idea can be implemented today by sending Javascript to the client to encrypt the password.

But unfortunately if there's a real-time breach on the server, the attacker can probably change the Javascript as well.

Comment Re:Or the actual reason(s) (Score 1) 761

And other than the connector itself a Lightning headphone is worse in every way, [...] I guess this lets them use a little extra power but there was already more than enough output to damage your ears.

Noise cancelling headphones/earphones need power and have their own batteries. Some for those with mics in for making calls without removing them, or where they use a DSP to, hopefully, improve the sound of imperfect drivers. With lightning they can use the phone's battery.

That said, they could have done the same over a backward-compatible 3.5mm jack if they'd wanted to.

"do these phones work with other things? do other phones work with this?" easily dominate that area.

When they started talking about "courage" in the keynote, I got a little excited that maybe, just maybe, they meant they were couragously opening up Lightning for their competitors to use and make it a universal standard.. But no. That would have been courage, imho.

Comment Re:All Chrome pages are not secure (Score 1) 86

Last time I checked, yes it did send messages to Google, even running Chromium, on Ubuntu Linux, with all the undocumented command-line options I was able to find to disable various functions. That surprised me.

I was wanting to use Chromium to view local applications without any inappropriate network traffic; it wasn't suitable.

Comment Re:RIP OpenOffice (Score 1) 137

LibreOffice is great, and some of its tools (I'm thinking of the change history) are in some ways better imho than MS Office.

But I wish it was more reliable. I had to subscribe to MS Office recently because LibreOffice (even the latest versions) was corrupting images in documents and screwing format around them (unrecoverable once saved), and mis-displaying basic highlighting in even very simple documents wth nothing obviously fancy. As these were contracts and things like that, some of my colleages were getting the wrong information, with quite serious consequences.

The first problem - corrupting images - has no excuse. You shouldn't be able to edit inside LibreOffice, save, load, and get back something different, no matter what quirks of file format compatibility there are.

I had to not only switch to MS Office to read documents sent, and edit documents to send, but I had to work out which branches had been edited by a colleage with LibreOffice and find the parent version that wasn't corrupted to redo all the edits on that branch.

I say "colleagues" but I'm talking about a non-profit, where I don't get paid and neither do they. To save money, my job now includes "editor of important documents like that" just because I've got "the" MS Office licence :/

Comment Re:My N900 is getting long in the tooth. (Score 1) 139

I've been using mine daily since they were first released, and it doesn't crash or hang.

It's slow to start apps, and due to lack of updates the browser is no longer compatible with some current sites, annoyingly including some that used to work fine.

I'm in the market for something more modern to replace it, but like the GP, still haven't found an appealing replacement.

Android makes me uncomfortable due to the Google-mothership thing, or any other proprietary service for that matter,
I know you don't have to, but at every turn it practically begs you to link up with them to use it properly, and it doesn't
come with options to link to your own generic services instead.

I have an Apple laptop but the iOS walled garden is even less appealing.

But hardware keyboard is probably the #1 feature I'm looking for.
An Android 4g device with one of the current top quality cameras, a fast CPU, enough storage, and a hardware keyboard (that doesn't replace half the screen - sorry Blackberry) is probably what I'll end up with - when someone makes one.

Comment Similar to harmonic drive (Score 2) 148

It reminds me of the harmonic drive - a low backlash, high ratio compact gear.

Other comments have noted that a very high ratio would need very strong matariels to transfer significant power.
That's true, but sometimes the point isn't power, the point is to move things over very small distances precisely.

Comment Re:So.. Why? (Score 1) 309

Because they have TRADE SECRETS to protect. Secretes which are both theirs and ones that they have licensed and contractually are bound to protect.

I don't think they are anti-open source, they are just trying to protect their intellectual property. They are still releasing drivers for these devices and although you may not be entitled to see the source, you can still use that open source operating system with that shiny new video card.

I keep receiving mailouts which suggest that US patent rules have changed in recent years such that keeping trade secrets is an increasingly advisable business strategy, instead of acquiring patents.

I don't know if that's true, but it could be part of what's going on.

Comment Re:Watching systemd evolve (Score 1) 765

That is not what I said. I never claimed that rsyslogd cannot cause corruption. I just claimed that there are not-so-rare cases where rsyslogd and alternatives work, while systemd causes corruption.

If that's what you said I'm afraid it wasn't obvious to me. I took "Systemd causes log corruption where sane alternatives do not have such issues" at face value.

In addition, the corruption by rsyslogd is usually what you describe, namely things cut short. With the binary log-format from systemd, the damage is far more extensive, so, yes, rotating them is "right", but having binary logs is deeply wrong in the first place.

I don't know anything about journald's format, but if it suffers 'extensive' damage under challenging conditions that syslog handles fine then it's not an appropriate binary format for this job. That's not a fault of binary (which can be as robust as you want), that's a fault of the wrong kind of binary.

Comment Re:Watching systemd evolve (Score 1) 765

I make no defence of systemd, I only respond to implications that syslog doesn't have its own problems with lost and corrupt messages.

Personally, I would prefer an investigation into why logs are being corrupted like this and a willingness to take it seriously rather than a 'corruption happens, rotate' attitude, but I'm just funny like that.

Good engineering would be to do both, not assume it's to be one or the other. This thread seems to be derived from 'Lennart said if there's corruption we rotate', I didn't see anything factual about the frequency and circumstances of corruption compared between different logging systems. It is a fact in my experience that all systems experience it occasionally.

You may know better than I do about systemd, which I don't currently use.

For Linux systems where the power is cycled often without warning, I have to use other kinds of logging for some things because syslog is too unreliable.

Comment Re:I use it for the extensions.. the price is righ (Score 2) 300

Have you looked at the data Chrome sends around?

I have and I wasn't happy about it when using Chrome for something that should have remained private to the application's users.

I tried every combination of command-line options, including undocumented ones, to turn off reporting to Google, including the options that are for this purpose, and there was still a trickle of reporting things that I didn't want reported.

But that was a few years ago. Maybe Chrome is more privacy respecting now :-)

I don't mind that it talks to Google by default, after all there are some good services if you like them, and phishing protection (for example) is a good thing.
But I was surprised and disappointed that using all the options to turn off reporting didn't turn it all off.

Comment Re:Still My Favorite (Score 1) 300

It could be OpenGL.

I have a Linux laptop where X crashes killing everything, and the system effectively locks up when visiting any page that launches WebGL in _either_ Chrome or Firefox.

That's with the Nvidia driver too.

Strangely, other OpenGL applications don't cause any problems, they even work. Only Chrome and Firefox.

Imho until that sort of thing is fixed I don't consider WebGL is safe to use on a public web page. I reported it, but there didn't seem to be much interest in fixing it. "Oh it works for most people".

Slashdot Top Deals

An inclined plane is a slope up. -- Willard Espy, "An Almanac of Words at Play"