Please create an account to participate in the Slashdot moderation system


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:This... is a very good idea. (Score 1) 110

Sorry I do enterprise identity management for a living, I might have over-though in the context of a random webapp and skip some random words here and there as I write here with a beer or a scotch after work....
In an enterprise setting you usually have to have reversibility, to synchronized systems, as not everything is sso enabled or ldap friendly, complexity in that setting is unavoidable.
The weird part about daily salt was put into that system by decree by our clueless management that has paid a consultant (read snake-oil dealer) to review and "improved" our security. And agree with you, that part only increase complexity, not security.

Comment Re:That's sorta up to you; (Score 1) 314

it's impossible to create your own concurrent access primitives . At best you can invent a new concept, like Dijkstra did with the semaphore. As I don't recall reading a completeness proof of the set of known concurrent access primitives you might have a chance.

You probably meant implement an existing one, like the Semaphore in java before the JSR-166 RI.

Comment Re:This... is a very good idea. (Score 1) 110

It's a mall part of defense in depth, any sensitives information that is not atomic should be stocked separated. Every speed bump you put into an attacker road is an opportunity for detection, a point for auditing.

It's only going to get faster generating those rainbow table, see the post on gpu somewhere lower...
The true solution is proper keys derivation and management using a dedicated security equipment, ex.: a java card with a keypad to enter the master key. Re-keying capability is a most and a currently safe algorithm like AES-256 in CBC with PKCS7 padding, have someone random from the company enter a new key each year and now your approaching password storage security. From there calculate MD5/SH1/RC4... using a daily one time use salt to populate your identity database across your systems that refuse to be federated.
The keys in the java card are quite safe, those cards are not like the plugin...

Comment Re:it contradicts the definition (Score 1) 209

But that snippets does warrant a comment that include a tag to disable the warning. This is what I like the most about static analysis; worst case: it forces my developers to comment the hairy pieces of code, typical case: they residing to avoid the need to comment and we have a more maintainable code base. To the same goal, I also use the static analyzer to limit cyclomatic complexity the ennemy #2 of maintenance. #1 being useless shorthanded naming convention or lack of.

Comment Re:Good luck with that (Score 1) 112

a lot of what is considered AI by the people that do AI has nothing to with intelligence.

No it has to do with automating reasoning. Intelligence is so vaguely defined that two people could have an opposite opinion on the importance of rational tough in the definition of intelligence and they would both be right be right depending on which school of thoughts you belong. I suggest you read a little bit in the following encyclopedia : starting at that page

Comment Re:Poor naming (Score 1) 176

I bought it for my laptop, my father bought it for his htpc and my brother-in law bought it for his laptop. At 39 it was money well spent for a measurable speedup.
However, none of us will buy it for our desktop. I like windows 7 on my desktop and my father love is mint/debian/ubuntu frankendistro workstation. Just because some disagree with you it do not mean they are astroturfers.

Slashdot Top Deals

He who steps on others to reach the top has good balance.