Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:installed by a contract third-party IT speciali (Score 1) 44

The $15,000 in "cumulative savings" I referred to will probably cost more in the long term. In the router case, the issue did cost them more in the end. I had to bill them for an unscheduled emergency call, troubleshoot what was going wrong, then I had to take out the $50 router and walk around and reboot every terminal. In this instance, they did save the $250 initially quoted ($200 if you count the $50 they gave the bartender's nephew) but ended up paying $400 and the money spent prior was also wasted (because the hardware is now just collecting dust on a shelf).

This is what the customer thinks (almost uniformly):
Every time I have to call this guy, it costs me $150, if I can do it myself, it costs me $0 (or $25-50 for cousin IT to do it).

For small-midsize organizations, you're dealing with perhaps a couple or so contractors charging you $50k or more for IT services, still cheaper than hiring a dedicated IT. So one of the HR people "knows about computers" and becomes the "IT guy", they don't have to "pay" the contractors anymore for small stuff because "that guy from HR" knows about computers, right? That "IT guy" can probably "save" the organization $15k over a year, which he obviously makes very clear to his superiors which is technically true, they don't have to call the contractor nearly as often because "that guy from HR" knows about computers.

That is, until things go wrong. Then suddenly, the $15,000 savings last year becomes a mandatory $50,000 PCI or HIPAA (or whatever your regulation is) audit or a huge fine from Microsoft or Adobe. The issues still have to be fixed because the number of 'fixes' accumulates and you're dealing with an extra 100 systems that have never been updated, no patch management etc. That could easily cost $15,000 if not more depending on licensing costs.

Comment Re:"In the wild" - slight exaggeration (Score 1) 87

Say it with me: Hashing is not Encryption. Hashing is not Encryption. Hashing is not Encryption.

Very high level:
Hashing is the irreversible mapping of a set of bits onto a (usually smaller) set of bits in order to obfuscate the original set of bits (one-way)
Encryption is the mapping of a set of bits onto another equally sized set of bits where the mapping is reversible through some process (two-way)

Hashing can be done with salts so that using rainbow tables is harder or impossible, but there will always be another set of bits that maps into the same set of bits. It's good enough for hiding a password or for reducing the complexity of finding matches. If you were writing a file system you could use it to do things like de-duplication but when you have a collision, you should ideally still do a bit-by-bit check when a collision occurs.

Calculating a collision with actual useful content - if I want to insert a "return 0" on a particular line somewhere in the Linux kernel) is still as hard if not impossible to do as before without also inserting a load of weird, binary comments. We just know that these collisions can now be calculated faster, but it's not like adding an arbitrary string will break the calculation and produce a predefined hash.

Comment Re:"In the wild" - slight exaggeration (Score 1) 87

If someone checked in, that means they have permissions to do so. It's not like Git just blindly accepts commits with the same hash but different contents. We know it's possible, it's even possible with SHA256 to create a collision, as long as you're making a hash, you can create a collision as you're mapping an infinite set of bits onto a finite set of bits, there will always be a second set of bits that creates a collision as the number of sets approaches infinity regardless of the hash function you use.

The fact that it's "easier" for a certain definition of "easy" doesn't mean the thing is broken, it just means people should be more careful when accepting particular hashes (eg. if you're using a cloned repo of whatever software you want to use) but even then, a bit-by-bit comparison can easily weed them out.

As far as mainstream repo's a) you would notice someone suddenly inserting a very oddly shaped document into your repo's b) that person would require permission to do so and c) you should never automate a repo to pull in and compile something into production. Not sure if that's what happened here, the summary is very unclear as to what actually happened besides someone intentionally pushing a broken thing and it broke other things.

Comment Re: Not a problem at all (Score 1) 887

Depends on your definition of feminism indeed. I'm taking the current "modern" feminists (third wave feminism) which you can see in action on Twitter (eg. the GamerGate instigators). Relying on the dictionary definition of a feminist depends largely on your dictionary and your area, some still say it's about equality between the sexes, more modern definitions leave the equality out of it.

A traditional feminist movement in modern eras would be primarily focused on countries around the world where women don't have the rights yet to run for president, dress how they want or drive a car (or go to school for that matter), but that appears to be lost on modern feminists.

Obviously if you disagree with the definition that these are hate groups, you could just be a part of it and not see the issue of what your group represents (eg. if your definition of feminism comes from AmiMojo or PopeRatzo on these forums) which is the same perspective as being a member of the KKK, they don't see the issue either.

Submission + - In the 21st century, we still have education systems for the 18th century. (

golden_hands writes: The education system in most countries is still designed for a world that has ceased to exist- long term employment for someone else, industries which need people to make a profit are all vanishing over the horizon. We need an education system which will help children survive and thrive in the modern economy and teach them how to innovate, co-operate, collaborate and survive in today's age.

Comment Re: Monopolies hurt everyone but (Score 1) 78

Non-exclusive doesn't mean anyone can get a franchise agreement. The problem is that even with massive complaints, the exclusivity agreements remain in effect. It's simply impossible for any other provider to get an agreement with the same terms TWC gets. And though technically illegal, NY courts only allow for local arbitration of said contracts which are adjudicated by local politicians. By the time this is even permitted to go to a non-local judge you spent a good 10 years in court.

Comment Re: Not a problem at all (Score 1) 887

Just because something is mainstream vs fringe doesn't make it any more moral. Feminism and Christianity is relatively mainstream as is BLM but that doesn't make them any less dangerous, hate-groupy or morally superior to the KKK or Black Panthers which both are having a resurgence due to the former. Nazis were pretty mainstream, it was just those crazy SS and Hitlerjugend that were fringe by that definition.

Comment Re:What does Apple get? (Score 1) 181

Those foundations are just legal money laundering establishments. There never was any money in the foundation nor did it spend it on charity. The layoffs happen in response to a political need to save face but I you can be assured by the time Chelsey runs for office it will be twice the size to handle the "donations".

Comment Re:installed by a contract third-party IT speciali (Score 1) 44

It's an accumulation of "little things" that some bozo decides he can do himself resulting in initial savings until the shit hits the fan.

I've gone to plenty of customer sites (I'd say 75% of them) where routers and switches, backup drives and even servers appear all on their own. "Oh yeah we bought that to do x" and often I unplug it and have to tell them "well this is your problem" "but it worked for a couple of weeks" "and then you had a power outage and now there are 2 different DHCP ranges on your network"

Submission + - First victim of SHA-1 collisions: Subversion. Technique was reverse engineered

Artem Tashkinov writes: A WebKit developer who tried to upload "bad" PDF files generated from the first successful SHA-1 attack broke WebKit's SVN repository because Subversion uses SHA-1 hash to differentiate commits. The reason to upload the files was to create a test for checking cache poisoning in WebKit.

Another news story is that based on the theoretical incomplete description of the SHA-1 collision attack published by Google just two days ago, people have managed to recreate the attack in practice and now you can download a python script which can create a new PDF file with the same SHA-1 hashsum using your input PDF. The attack is also implemented as a website which can prepare two PDF files with different JPEG images which will result in the same hash sum.

Comment Re:installed by a contract third-party IT speciali (Score 3, Insightful) 44

As an independent IT specialist myself, you can't believe the boneheaded clients that will either demand an uncomplicated "no password" policy, fail to follow directions or too cheap to update or go in and make these type of setting themselves after the fact.

Could easily be that the IT contractor set it up for a particular IP range and then the customer wanted to do something from home or allow remote workers, saw the bill and said "removing this line makes it work", became the office IT fixer and then at their next employee review "I saved the company $15000/year in consulting cost".

There are plenty of idiots in IT, but the cheap-skate know-it-all customers are way worse. I think computers and "IoT" devices should go back to defaulting to a command prompt only accessible by serial cable or local terminal and bring nothing online unless explicitly configured.

Comment Re:Only? (Score 4, Insightful) 143

If we persisted then they would accede, but it always felt like we were forcing them to alter their well-worn lunch cycle and throwing the balance of the Universe out of whack.

Because you were.
What we call routine, they call ritual.

Just hand someone from Japan your business card improperly*... if it's someone high enough then your boss and your boss's boss may have to bow in apology** for not teaching you correctly the protocol of etiquette. Of course then you get bitched at for it. (totally worth it, my boss was a dick and this was a beautifully PA opportunity to make him suffer).

* Two hands, both corners of card pinched in index finger and thumb, card facing recipient, face up. Bow (30-60 deg, depending on your back, rank, etc.), look approx at recipients feet, present card.

** hold a 90 degree bow for 30 seconds.

Slashdot Top Deals

If they can make penicillin out of moldy bread, they can sure make something out of you. -- Muhammad Ali