Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Cheap chargers (Score 1) 192

I feel I should point out that the items you've linked to are not being sold by Amazon but by third parties using Amazon's website. The same problems occur anywhere you allow Tom, Dick and Harry to sell things using your website.

Last year I bought some LED Christmas tree lights from E-bay. When they arrived I immediately was concerned about the mains cabling not being of sufficient quality so I cut off the moulded plug to inspect the cable cross section. That confirmed my suspicions - the cables were the cheapest possible things with the thinnest slither of metal surrounded by dodgy insulation that could break far too easily.

My attention then turned to the inline box with a CE stamp that was advertised as being a transformer. It was very light so, having already decided there was no way these things are getting used in my house, I started to cut open the box and it practically fell open without much effort. Inside discovered that there was in fact no transformer. Instead there was just a single 1/4w resistor in series with the mains, held in place with a blob of hot glue with incredibly bad soldering. If/when the glue melts the resistor would have been free to pull out of the hole exposing the unfused mains voltage to the outside.

The scary thing for me is that 99% of people will just plug these things in not realising the potential dangers.

Comment Re:He basically said "give us a back door" (Score 1) 546

Aah, yes. I had jumped ahead in my thinking imagining that everyone was on the same page! Doh. Sorry. :-)

In the event of the password being lost, the phone would be useless unless a new key could be created and securely transported to the Great Database. I thought that, in practice, would be unnecessarily complicated.

Also a fixed symmetric key could be compromised by the user himself, prior to selling the phone to some unsuspecting user. No more pin needed.

I think the public-private keypair suggestion fixes those issues.

The key splitting idea is a good one btw.

Comment Re:He basically said "give us a back door" (Score 1) 546

3) Seems far too complicated. How about shipping each phone with a unique back door public key. Every time the user changes the key, two copies are stored. The first encrypted using some derivative of the user's password, the second encrypted using the phone's unique backdoor public key.

When gubbermint wants access they get a subpoena and make manufacturer cough up the code.

In theory that's no less secure than we have it now - given that the manufacturer already holds a golden signing key for your phone.

Comment Windows built-in sockets library exposes OS... (Score 1) 97

Windows 10, Microsoft's new operating system, uses the Winsock Sockets library to automatically manage socket connections while navigating the web. This is what Java does with applets, and Flash with SWF files -- it unintentionally allows a hacker to append malicious code to data and trigger drive-by attacks, which exploit Winsock vulnerabilities to target Windows 10 users. All that an attacker needs to do is to find and create a database of Winsock vulnerabilities it could leverage to distribute his malware.

Comment Re:IP solution (Score 1) 172

Here's my ideal so-called Intellectual Property (IP) solution. All IP must be abolished immediately and rent seekers be damned.

I doubt my ideal solution will be implemented so I'd settle for copyright laws being scaled back massively. Mickey bloody Mouse is way past its copyright date. Collusion with lawmakers to extend it shows exactly why nobody trusts the establishment and why people like Trump will become the next president.

Comment Break down the problem (Score 2) 267

On face value...

It sounds like you're trying to achieve two separate goals here :

  1. 1. To limit time spent on websites that are potentially not work-related / time wasting / etc
  2. 2. To block websites that are potentially dangerous to your network (infected)

To implement the bosses suggestion you need a different system to handle each and a way to categorise the blocked sites - or a system that allows more fine grained control.

Stepping back a bit...

More importantly though, your boss should want to demonstrate that he trusts his employees to use their work time sensibly. By blocking websites for reasons other than network security and creating little bureaucratic procedures to unblock them you send a clear signal to the employee that they are not to be trusted with a basic resource like web browsing. Expect them to respond in kind.

Comment No Algorithm No Nothing (Score 1) 2

Am I missing something here or is this question utterly ridiculous. It says, here is my encrypted buffer encrypted with an unknown "algorithm" which, for all we know could be an XOR with a one time pad that only he has?

You want us to evaluate your algorithm then give us the damn algorithm!

Comment Re:medical services need a billing time limit (Score 2) 570

I have only questions :

Why do you Americans put up with this awful service? Why is it legal for medical providers to behave in this way? Who is looking after the interests of the consumer to ensure they are not ripped off? Who is regulating the market so that it remains healthy allowing proper price discovery instead of the outright fraudulent practices that you have described? What do you pay your taxes for?

This puts America in an entirely new light for me. I am genuinely disgusted.

Comment Open Wifi over Tor (Score 1) 184

How about open wifi over Tor - that would allow you to share but avoid problems associated with liability for actions done on your connection and an ISP would have a job proving you were sharing their network capacity too.

All you need is a router that supports multiple SSID's and segmentation of them, a couple of clever firewall rules and Tor's Transparent Proxy support.

Comment Re:MOD PARENT UP! (Score 3, Insightful) 123

Except often it goes like this:

NEWB: I have . How do I solve it?
List doesn't reply within 10 minutes.
NEWB: Look, I have to have this fixed by Monday. How do I solve it? If you don't solve it for me then I have to move to .
List doesn't reply within 10 minutes. NEWB gets angry
NEWB: Its such a simple issue. I can't belive nobody can solve it. (Oh the irony). Bump bump bump.

Don't expect support-contract-like behaviour from a list - remember they're volunteers, there's no "SLA" and they don't work for you.

Some simple steps for success: Make the effort to properly describe your problem and the steps you took to try and solve it. Make doubley sure you're posting to the correct list - many projects have development and user lists. And always be polite.

Slashdot Top Deals

Veni, Vidi, VISA: I came, I saw, I did a little shopping.