Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:Turn it off (Score 1) 227

Yep, that's the problem, Windows 7 on a machine designed for Windows 10. Microsoft require basic stuff like USB to work for the computer to carry the "designed for Windows" sticker, but of course only the version that it ships with.

You say that as though it makes sense. I installed a several-year-old copy of Debian Linux on the same machine without trouble. The USB controller chipset is newer than that old kernel, for example, but the generic controller drivers in the kernel work fine.

Comment Re:MozColonSlashSlashA is at it again! (Score 2) 70

No, it isn't. Or at least it shouldn't be. When their entire goal was to make a browser, they did good work. Everything since then has watered down their effort and caused them to lose focus on the one thing they absolutely needed to have win in order to achieve their goals. They should be completely shut down other than Seamonkey/Firefox.

Comment Re:Turn it off (Score 1) 227

I have no idea how a Windows guy would have solved that.

You can make a Windows live CD (called Windows PE). It's rarely necessary though.

It sounds like the version of Windows you were trying to install was not officially supported by your hardware.

I was installing a purchased copy of Win7 on a machine that came with Win10, because the tools I needed to use (for which I purchased the machine) only run on Win7. Of course, the vendor of said tools didn't bother to document that anywhere.

For your scenario. downloading the drivers onto a USB flash drive is usually the simplest option. In a pinch you can download on your phone and simply connect a USB cable to the computer, or the flash drive to the phone.

As I said in my post above, Windows didn't have drivers for the USB controller. USB was not available.

Comment Re:People without a clue commenting on crypto (Score 1) 195

> If an attacker gets the hash, he can almost certainly recover the password.

How, other than brute force?

Why do you exclude brute force? Brute forcing typical user passwords given a cryptographic hash of them, even salted, and regardless of the hash function used, is very easy. Brute force is exactly the attack I was talking about.

It's best to assume that possession of a hash of a low-entropy secret is equivalent to possession of the low-entropy secret itself.

Comment Re:Why (Score 1) 1092

Wanting to eject Muslims from the US is a political aim

Bullshit. As of now I've yet to see any policy about ejecting muslims from the US.

I was making the point that one need not seek policy in order to be working towards a political goal... and you respond that you don't see anyone seeking policy, apparently completely missing the point.

Comment Re:"In the wild" - slight exaggeration (Score 2) 159

Umm, that is an uncited claim in the summary. Nothing of the sort is stated in any of the links. The summary links to a paper that provides more details of the attack. Very heavy and technical though a few inital takeaways from it is that implementations only take a few days to run on gear they have so does seem safe to assume that SHA-1 collisions are pretty much pwned.

The Python script in question doesn't find new SHA-1 collisions. It takes two input PDFs and produces two output PDFs that hash to the same value. It uses some quirks of how PDFs work, plus that original SHAttered collision generated by the Google researchers. Finding another collision is a lot of work. Using a known collision to generate PDFs with the same hash value is not.

https://github.com/nneonneo/sha1collider

Comment Re:Turn it off (Score 3, Insightful) 227

I've spent this weekend trying to repurpose an old laptop as a media/streaming machine, and decided to go Linux rather than Windows. It most certainly has not been easier. Maybe if you've worked with the system for years and know the ins-and-outs it is second nature, but Linux has caused all sorts of issues I wouldn't have had on Windows.

If you've worked with Windows for years and know the ins-and-outs of that system, it's a lot easier to set Windows up than something else. Personally, when I have to set up a Windows system, I have a lot of issues I wouldn't have on Linux.

I know because I had to install a Windows system for the first time in about a decade a few months ago. It took me all day and lots of hair-pulling to figure out how to find and install all of the drivers needed to make the thing run. At the end I was still left with a few devices showing errors in the device manager, which I was simply unable to get working. It worked enough, so I gave up on the rest. The worst part of the process was that right after installation Windows had no functioning drivers, for ethernet, Wifi or USB, which made it really hard to get drivers onto the box. I solved this by booting a Linux LiveCD (which worked out of the box), creating a small FAT32 partition, downloading the ridiculously bloated 250MB (WTF?!?) ethernet driver onto it, then booting Windows again and installing from the FAT32 partition. I have no idea how a Windows guy would have solved that.

Comment Re:What's wrong with public domain code? (Score 1) 48

Stallman may argue that you need to make sure the code is free in the future, but I'd settle for the code being free now.

I don't see any reason they shouldn't do both. They should release it under a good copyleft license, but note on their repository that all source code from the DoD is in the public domain. Those who wish to take the federal code and carefully verify that no non-federal contributions have been added (or who are willing to strip out all of the non-federal code) can use it in whatever way they like, since it's in the public domain. Contributions by others, however, will by default be owned by the contributor but licensed under the copyleft license. In the event someone uses their code in a way that violates the license, they'll have standing to sue for infringement, though the DoD will not.

Comment Re:People without a clue commenting on crypto (Score 1) 195

There's nothing wrong with that use of SHA1, but I can't think of a threat model in which it actually accomplishes anything useful, not because SHA1 is defective, but because passwords are. If an attacker gets the hash, he can almost certainly recover the password. Further, your implied threat model seems to assume that an attacker may be inside the system (which is a good assumption), where he can grab the in-flight hashes. But if that's the case, what prevents the attacker from replaying the hashes? At that point in the system, the hashes are the passwords, they unlock access. So the attacker doesn't even need the user's password.

Also, have you benchmarked SHA256? On modern hardware it's generally cheaper than SHA1. Assuming there actually is a good reason for hashing, you may be able to quiet the complainers and improve performance with one change.

Comment Re:Why (Score 4, Insightful) 1092

Did this man claim to be a member of some political group?

He clearly considers himself to be part of the American political group that hates/fears Islam. (Also part of the group who confuses all brown people with Middle Easterners, too, but that's not a political group.)

Was there any implication that this kind of violence would be repeated unless some public policy changed?

You don't have to be seeking a policy change to be seeking a political aim. Wanting to eject Muslims from the US is a political aim, and doing it by making them afraid they'll be shot is just as good as governmental action.

Comment Re:Time for USPS to sue him for defamation (Score -1, Troll) 150

USPS DID loose the package!

They they also lose your elementary school text books in transit right at that critical moment when your teacher was trying to get you to understand the difference between "loose" and "lose?"

the box was sitting in a Atlanta for over a month

Which was probably the same week when you'd have been learning about using "an" in front of words that start with vowels, though that still doesn't help that sentence make any more sense. An Atlanta what?

the recipient who's address is on the box

The recipient who is address on the box? Or did you mean "whose?"

It's getting pretty bad out there. It's a good thing people are spending thousands of dollars and hours reviving old 8-bit video games! Whew!

Comment Re:motivation (Score 1) 192

Yeah, he'll never get around, for example, to orders reducing regulatory burdens. Oh, right! Already done. Or any movement at all to start to undo the financial stranglehold that Obamacare has put onto people forced to fear IRS enforcement if they don't go broke buying insurance they can't use ... oh, right! Already done, with more under way. I guess we could run down the long list, but you already know it and you're pretending you don't so you can engage in more lefty denialism. Carry on! It obviously is your coping mechanism.

Slashdot Top Deals

Money is better than poverty, if only for financial reasons.

Working...