Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:Why (Score 1) 921

Wanting to eject Muslims from the US is a political aim

Bullshit. As of now I've yet to see any policy about ejecting muslims from the US.

I was making the point that one need not seek policy in order to be working towards a political goal... and you respond that you don't see anyone seeking policy, apparently completely missing the point.

Comment Re:"In the wild" - slight exaggeration (Score 1) 125

Umm, that is an uncited claim in the summary. Nothing of the sort is stated in any of the links. The summary links to a paper that provides more details of the attack. Very heavy and technical though a few inital takeaways from it is that implementations only take a few days to run on gear they have so does seem safe to assume that SHA-1 collisions are pretty much pwned.

The Python script in question doesn't find new SHA-1 collisions. It takes two input PDFs and produces two output PDFs that hash to the same value. It uses some quirks of how PDFs work, plus that original SHAttered collision generated by the Google researchers. Finding another collision is a lot of work. Using a known collision to generate PDFs with the same hash value is not.

https://github.com/nneonneo/sha1collider

Comment Re:Turn it off (Score 2) 172

I've spent this weekend trying to repurpose an old laptop as a media/streaming machine, and decided to go Linux rather than Windows. It most certainly has not been easier. Maybe if you've worked with the system for years and know the ins-and-outs it is second nature, but Linux has caused all sorts of issues I wouldn't have had on Windows.

If you've worked with Windows for years and know the ins-and-outs of that system, it's a lot easier to set Windows up than something else. Personally, when I have to set up a Windows system, I have a lot of issues I wouldn't have on Linux.

I know because I had to install a Windows system for the first time in about a decade a few months ago. It took me all day and lots of hair-pulling to figure out how to find and install all of the drivers needed to make the thing run. At the end I was still left with a few devices showing errors in the device manager, which I was simply unable to get working. It worked enough, so I gave up on the rest. The worst part of the process was that right after installation Windows had no functioning drivers, for ethernet, Wifi or USB, which made it really hard to get drivers onto the box. I solved this by booting a Linux LiveCD (which worked out of the box), creating a small FAT32 partition, downloading the ridiculously bloated 250MB (WTF?!?) ethernet driver onto it, then booting Windows again and installing from the FAT32 partition. I have no idea how a Windows guy would have solved that.

Comment Re:Too good to be true. (Score 2) 175

It doesn't work like that. Radiative heating/cooling works via exchange of IR. You're not just giving it up; everything you're radiating at is proportionally radiating back at you. So you cool the most when you're radiatively exchanging with something that's very cold. Aka, you want to be radiatively exchanging with the cosmic microwave background, not with low-altitude clouds. That's the whole point of radiating at low absorption frequencies in the atmosphere: so that you're exchanging with space, not with atmospheric air.

Comment Re:What's wrong with public domain code? (Score 1) 39

Stallman may argue that you need to make sure the code is free in the future, but I'd settle for the code being free now.

I don't see any reason they shouldn't do both. They should release it under a good copyleft license, but note on their repository that all source code from the DoD is in the public domain. Those who wish to take the federal code and carefully verify that no non-federal contributions have been added (or who are willing to strip out all of the non-federal code) can use it in whatever way they like, since it's in the public domain. Contributions by others, however, will by default be owned by the contributor but licensed under the copyleft license. In the event someone uses their code in a way that violates the license, they'll have standing to sue for infringement, though the DoD will not.

Comment Re:People without a clue commenting on crypto (Score 1) 185

There's nothing wrong with that use of SHA1, but I can't think of a threat model in which it actually accomplishes anything useful, not because SHA1 is defective, but because passwords are. If an attacker gets the hash, he can almost certainly recover the password. Further, your implied threat model seems to assume that an attacker may be inside the system (which is a good assumption), where he can grab the in-flight hashes. But if that's the case, what prevents the attacker from replaying the hashes? At that point in the system, the hashes are the passwords, they unlock access. So the attacker doesn't even need the user's password.

Also, have you benchmarked SHA256? On modern hardware it's generally cheaper than SHA1. Assuming there actually is a good reason for hashing, you may be able to quiet the complainers and improve performance with one change.

Comment Not sticky: ethically obvious (Score 3) 227

That's a stickier problem in electronics because of drm and other various anti piracy measures. At what point does an antipiracy device become a hinderance to repair?

From the point where it is actually implemented, onwards.

Which is higher priority?

The rights of people who have done no wrong are (okay, should be) higher priority.

Ideally, create fair laws that describe the bounds of legitimate behavior. Punish people who break these laws. Don't do things to people who are not breaking the law that prevent them from doing legitimate things based on the idea that someone, somewhere, might break the law.

The problem with DRM (Digital Rights Management) as it is presently constituted, is that the only rights that are being managed are those of the publishers. The rights of the consumer are being roundly trampled. It's appalling, really.

Comment Broken business models? (Score 1) 227

A business model that needs laws to prop it up is broken.

Copyright and Rights Licensing

Upon which the GPL is based, as well as just about the entire entertainment industry. It's difficult to imagine a studio spending tens or hundreds of millions on a production based on the hope that no one would copy and distribute the resulting product without seeing to it that they were compensated.

Patents

Upon which the drug industry, chip industry, etc., is based.

While these mechanisms are clearly not optimum, they do seem to benefit society in general. Certainly they are strong supporting factors for progress in the fields that they act as rights bulwarks for.

I really don't see that business models based on associated laws are inherently broken. Would you care to elaborate on your position?

Comment Re:Why (Score 4, Insightful) 921

Did this man claim to be a member of some political group?

He clearly considers himself to be part of the American political group that hates/fears Islam. (Also part of the group who confuses all brown people with Middle Easterners, too, but that's not a political group.)

Was there any implication that this kind of violence would be repeated unless some public policy changed?

You don't have to be seeking a policy change to be seeking a political aim. Wanting to eject Muslims from the US is a political aim, and doing it by making them afraid they'll be shot is just as good as governmental action.

Comment Re:Can't sue cops *personally* for requesting ID (Score 1) 168

On the other hand: Two weeks after a police station in Dallas is shot at, a guy is hiding in bushes across the street from a police station near Dallas. Cops approach to see what's going on. The guy is filming the police station (casing it?). Cops ask for ID. The guy asks to speak to a supervisor. The cops call their supervisor to come over, handcuffing the guy for five minutes until the supervisor arrives. Did they violate his Constitutional rights? Maybe. Does every reasonable officer *know* that what they did violates his civil rights? No, an officer might reasonably *think* it's okay to cuff the guy for five minutes. There's not *clearly established law* that in the situation described, they can't cuff him while awating the supervisor he requested. Therefore he can sue the city the cops work for, but can't sue the individual cops personally.

The second scenario above, in which a reasonable cop might mistakenly think cuffing him for a minute is okay, is patterned after the actual events in this case. In reality, he wasn't hiding in the bushes. I added that to make it a better example, an example of a scenario where a reasonable cop might be unsure of what they can and can't legally do.

Actually, I don't think that would be legal, and there is clearly established law that the cuffing is at least a detention requiring reasonable suspicion. It's been well established that they can pat the guy down for weapons legally, and that should be sufficient to assuage their concerns - cuffing someone simply because they refuse to give their ID would be unreasonable.
In this particular case, you'll note that the officers actually won the appeal (affirming qualified immunity) on the first amendment claim and the fourth amendment claim for unlawful detention, but lost on the fourth amendment claim for unlawful arrest. As the court noted, "an investigative detention must be temporary and last no longer than is necessary to effectuate the purpose of the stop.” Specifically:

... the officers were not taking investigative steps to determine who he was (aside from repeatedly asking him for identification) or what threat he might have posed. Neither does anything in the amended complaint suggest that Turner had a weapon, was using his hands in a threatening way, or otherwise posed a threat that required such restraint. The officers’ handcuffing Turner and placing him in the patrol car, as alleged in the amended complaint, were not reasonable under the circumstances. We conclude that a reasonable person in Turner’s position would have understood the officers’ actions “to constitute a restraint on [Turner’s] freedom of movement of the degree which the law associates with formal arrest.”

In your hypothetical, the cops handcuff the guy while waiting for the supervisor that he asked for. They're not taking further investigative steps to determine who he is or what threat he might have posed, and he hasn't done anything to indicate he poses a threat. Just like in this case, handcuffing the guy would be unreasonable, and would likely be considered retaliation for 'being uppity' and 'contempt of cop' for daring to ask for a supervisor.

Slashdot Top Deals

"There... I've run rings 'round you logically" -- Monty Python's Flying Circus

Working...