Please create an account to participate in the Slashdot moderation system


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:Practical? (Score 1) 111

The fact that we aren't talking about time or energy requirements that are on the order of lifetimes of stars or the mass energy of a star should tell you that it broken.

This is probably the best layman explanation of cryptographic security I have ever seen. If the numbers involved in breaking something crypto related can be expressed in easily understandable terms without doing something like this:

Then the crypto thing you are talking about is broken and shouldn't be used.

Comment Re:Are two hashes better than one? (Score 1) 111

Taking the MD5 and the SHA1 of something isn't significantly more secure than just taking the SHA1 of said something. This was demonstrated in 2004 here: This was then further elaborated and improved upon here: So, don't concatenate hashes kids. It doesn't do what you think it does. Using a proper hash from the start is the only safe way to do things. Even if nobody has figured out how to do it yet the math conclusively shows that breaking SHA1+MD5 is not significantly harder than just breaking SHA1. This is why TLS 1.1 and earlier need to go away.

Comment Re:GigEconomyScam (Score 1) 726

As I understand it that is why Uber is something you do three or four times a week when you happen to have free time and are already in the area with the car that you already own. You know, a side gig, separate from your regular full time benefit providing job. Something you do to earn an extra $60-70 per week so you can go to a nice dinner once in a while or save up for a new TV a bit faster or something. Sure Uber should be faulted (and punished) for selling a false picture of lease terms and personal profitability, but this guy has to be faulted as well for quitting his job to go try and make a living on something that is simply not meant to be able to provide a living on its own. Not every job is able to provide a living wage because some jobs just aren't worth that much. Simple as that. Maybe that means that those job shouldn't exist (automation/minimum wage) or maybe it means that the government should pay the difference for people working those jobs (socialism). Maybe there is some other solution that hasn't been thought of yet. I don't know.

Comment Re:It is a server OS but now nerfed (Score 1) 280

Maybe if you're going to do things that belong on a server you should run a server operating system rather than desktop? Like Windows Server or, better yet, Linux?

Win2k and Windows XP were Microsoft's answer to that, giving people a server operating system based on NT instead of a relative toy like Win98/ME. MS Windows 10 has gone back to the approach of a toy that just happens to be built on what used to be a server operating system.

No. Microsoft's answer to that was Server 2000 and Server 2003. Win2k and XP were built on NT4 Workstation, an OS intended for client machines, not NT4 Server, which became the aforementioned Server OS's. Windows client OS's were never intended to be used for server like tasks. Use the correct tool for the job and install a server OS if you are doing server things, be it Windows or *nix.

Comment Re:About time. (Score 1) 656

Bullshit. There is no such restriction on freedom of speech.

Here is my question, have you ever seen a study (double blind) on the safety of the full schedule of vaccines. Here is the CDC version ...

22 Vaccines from Birth to 15 months alone. You are so 100% sure that 22 schedule is safe and effective? Without Proof or even evidence? That is sciency, not science.

Bullshit. Sure there is. Try yelling "FIRE!" in a crowed movie theater and see how long it takes you to end up in trouble for inciting panic and causing a clear and present danger to those around you. People in trusted positions of authority on medical matters are doing the same thing when they discourage people from getting their vaccines.

Also if you had even the slightest understanding of science and ethics you would know both why such rigorous testing cannot be done and why it isn't necessary. We have mountains of historical data showing that vaccines work.

Your uneducated ravings on this topic are pseudo sciency BS at its worst.

Comment Re:About time. (Score 3, Insightful) 656

Considering that the only way to really test a vaccine is to give one group of people the vaccine, another group of people a placebo, and then expose both groups to the disease I think you can see why vaccines cannot be tested in the traditional sense. Doing so would be horribly unethical. Unless you would like to volunteer for a new HIV or Zika vaccine trial. No? Didn't think so. How about a rotavirus vaccine trial for you infant son/daughter? Still no? Darn.

However we do have mountains of evidence showing that vaccines do prevent the occurrence of a disease in a population of people. Ever wonder why there hasn't been a case of smallpox, arguably the deadliest disease humanity has ever known, since 1977 despite it plaguing our civilization for thousands of years? Its got nothing do with with eating more natural food or people getting exercise. The same goes for polio here in the states, and measles, and a bunch of other things that used to kill and cripple people all the time. Did you know that it was common practice not to name kids until they were about 5 as recently as the early 1900's? It was to try to avoid getting to attached to them while they were young because so many kids didn't make it to that age until the advent of vaccines against common childhood diseases.

Your flagrant disregard for ethical considerations and clearly established historical data that gets in the way of your world view sounds an awful lot like religion to me.

Comment Re:I have been roling my own for years (Score 1) 247

I have a pfSense router built on a C2758 Atom CPU (specifically this board: paired to a couple of Unifi APs ( Its the best home network I have ever had. And that is including some DD-WRT stuff that I used to use for wifi in conjunction with some actual Cisco gear that I used to use. (ASA 5505 firewall, 3745 router, ect...) I can't see myself ever going back to a consumer grade wifi router. Sure its total overkill. But being able to set up a Site to Site VPN to my friend's place and an OpenVPN server for remote access without having to worry about CPU usage is pretty nice. Being able to have separate SSIDs and corresponding VLANs for guests and my kids and such is also nice. The Unifi APs give better wifi than any consumer grade device I have ever used. I am seriously considering upgrading to dual band AC models.

Comment Re:It Depends on Why You Are Using Hash Codes (Score 1) 87

And TLS 1.0 and 1.1 both use md5(data).sha1(data) to sign the initial handshake. And since concatenating hashes provides no real additional security this lets an attacker muck around with the initial TLS exchange and perform a protocol downgrade attack by defeating TLS_FALLBACK_SCSV and/or also choose the symmetric cipher used in the TLS session. While its not a full plaintext recovery of the TLS session contents it is certainly not a good thing.

Slashdot Top Deals

Sendmail may be safely run set-user-id to root. -- Eric Allman, "Sendmail Installation Guide"