Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - Google releases open source file sharing project 'Upspin' on GitHub (betanews.com)

BrianFagioli writes: Today, Google unveils yet another way to share files. Called "Upspin," the open source project aims to make sharing easier for home users. With that said, the project does not seem particularly easy to set up or maintain. For example, it uses Unix-like directories and email addresses for permissions. While it may make sense to Google engineers, I am dubious that it will ever be widely used.

"Upspin looks a bit like a global file system, but its real contribution is a set of interfaces, protocols, and components from which an information management system can be built, with properties such as security and access control suited to a modern, networked world. Upspin is not an 'app' or a web service, but rather a suite of software components, intended to run in the network and on devices connected to it, that together provide a secure, modern information storage and sharing network," says Google.

Submission + - Microsoft: no plans to patch known bugs before March (itwire.com)

troublemaker_23 writes: Microsoft says it will not issue any patches for known bugs before its March updates. There are two known remotely exploitable bugs — Google issued details of a bug in the Windows graphic device interface library that can be exploited both locally and remotely to read the contents of a user's memory. Plus a zero-day exploit, one that implements a SMB3 server and affects clients connecting to it was disclosed earlier in February. Microsoft put off its February updates for unknown reasons.

Comment Re:Oh please (Score 4, Interesting) 140

Any language where the default equality comparison operator is *true* given two string-type variables with values "0E54321" and "0E12345" is not a cryptographically secure language. In fact there is a nonzero chance of the default equality operator returning true between two different MD5 or SHA256 hashes if they happen to fall into a hexadecimal form that is all digits except for one E or F.

Technically, that (in itself) doesn't necessarily mean that the built-in cryptography nor the language itself are inherently insecure. In theory, that is, provided you understand the language and use it correctly.

And that's the problem. Because in practice, PHP's design philosophy of trying to be clever- often too clever by half- when it comes to comparisons, equality, automatic coercion, data types, etc. etc. too often gives unpredictable and unexpected results from people who weren't aware of that behaviour.

You absolutely do *not* want any risk of this happening when you're designing a system that has to be secure. You want boringly explicit and utterly predictable data and type handling.

My prediction is that far, *far* more security holes will be down to bugs caused by unforeseen subtle aspects- i.e. pitfalls- of PHP's type handling and equality behaviour (etc.) in the apps using it rather than bugs in the cryptographic module itself.

PHP being a language more favoured by inexperienced users, this is likely to be made far worse. Expect lots of newbies with misplaced confidence designing what they think are "secure" apps that are in fact full of holes- either because they've misused or misunderstood the cryptographic module, or because they've overlooked some basic aspect of computer security elsewhere (e.g. failure to parse input securely) that makes the use of cryptography irrelevant.

And those are the sorts of mistakes newbies would make when using any language- with PHP's language design issues on top of that, it has the potential to be far worse.

So, yeah. I trust that the module will be secure. The main problems- I guarantee- will be caused by caused by overlooked (or not known about) aspects of PHP's too-clever-by-half data handling (in client apps using it) leading to exploitable holes, and by the fact that too many of PHP's newbie-skewing userbase will overconfidently assume it makes their apps foolproof while using it incorrectly and ignoring security holes elsewhere that make it redundant.

Submission + - Congressional IT Staffers Took $100K from Iraqi Politician

RoccamOccam writes: Three brothers, working as IT staffers for several Democrat congressional representatives took $100,000 from an Iraqi politician while they had administrator-level access to the House of Representatives’ computer network, according to this report based on court documents.

The trio worked for dozens of representatives, including members of the intelligence, foreign affairs and homeland security committees. Those positions likely gave them access to congressional emails and other sensitive documents.

Comment Re:What's wrong with this people? (Score 1) 876

i.e. a massive hypocrite.

Yes, every Christian and every conservative is a hypocrite. It's impossible to live up to our own rules, that's why we're always trying and failing. You are not a hypocrite, however, because you'd have to have standards in order to violate standards. A pig who thinks rolling in shit is just swell is hardly hypocritical when rolling around in shit, is he?

I actually know the bible reasonably well, well enough to know that your allegedly religiously derived rules are nothing of the sort. No, instead you have a bunch of extra-biblical philosophy and selectively cherry pick bits of the bible to support it all the while ignoring the bits of the bible that don't support it and in fact say the opposite.

Yeah, you have it backwards. Catholicism is a philosophy. The Bible is a liturgical tool we compiled to help with our teachings some 400 years after Christ, but it is not the religion itself. This is why protestants are so fucked up. Physics books are written by physicists who understand physics. You then have people who read the physics book and think memorizing it means you understand physics. Wrong. You just know how to recite a book, but not what it means.

Apart from a desire for oppression and a return to glory days of the 1950s where everyone except people like you were repressed, you mean.

Well here we 60-odd years later and everybody's still pretty damn oppressed aren't they? Blacks are burning down the cities, 25% of the women are getting raped on campuses or whatever (which are not exactly bastions of right-wing trad Catholic indoctrination are they?). Seems to me whatever the progressive social movement was trying to do failed miserably. Keep digging that hole though. I'm sure it'll all work out any time now.

Comment Re:This has to be a 4chan joke... (Score 1) 876

I didn't say I think it's okay, I said the girls think it's okay.* We know this because the determining factor in whether a guy is "creepy" or "hot" when coming on to a girl is not the manner of the approach but the attractiveness/social status of the man.

Fat nerd: "Oh hello m'lady, I would very much like to buy you dinner and get to know you better, if that would be all right with you." Polite! Nice! Creepy. Reported to HR.

6'2" Tom Brady looking motherfucker with money and a nice car: "I'm gonna buy you some furniture and then fuck your brains out on it." Bizarre! Awful! Hot. Gets laid. "Teehee he's so aggressive I just love it!"

Now morally I don't agree with any of this casual sex hook-up crap and I think it's ruining civilization turning the women into trash objects and the men into either vapid playboys or bitter loners and now 70% of men 20-35 are unmarried. Kind of disastrous for the next generation. But this is how women behave. It's called "hypergamy." Eggs are expensive, sperm is cheap, don't waste expensive eggs on low-quality sperm.

When I was younger I was selectively famous in a niche artistic circle. People knew who I was. I'd go to a convention and girls way out of my league would want to climb me like a tree. Just because I had a little bit more social status. Go back home and go to a club where I was just another guy and not a second look. That's just how humans are wired. This is why 80% of the women on Tinder are only fucking 20% of the guys.

* I went and read your article and it says basically the same thing I did: whether something is creepy or hot is determined by the boundary set by the woman. However women set very different boundaries for rich hot guys than for fat nerds. The moral of the story is "don't be a fat nerd."

Comment Re:Hmm (Score 1) 375

I'd be enormously surprised if Chinese businessmen working in manufacturing industries dependent upon American and European clients aren't interested in news relating to how easy it'll be to export to the US and to European nations in the near future. I would, absolutely, expect them to show more interest than they've done in the past given the ramifications for Trump, who appears to oppose the degree of international trade we have, and Brexit, which will change the relationship of nations and thus have massive ramifications for trade.

Just because the "average" Chinese person doesn't care, doesn't mean that a significant minority will suddenly have a lot more interest in US and European events than they did previously. With China being a fairly populous country, you'd expect that to amount to a lot of new readers.

Comment Re:This has to be a 4chan joke... (Score 1) 876

And this makes it OK to harass and coerce women into sex... how?

I never said it was okay. My point was that he was so pathetic his girlfriend was out banging other guys, and then so hard-up he thinks it's a good idea to go begging subordinates to do his girlfriend's job. I'm just laughing at the entire situation.

Comment Re:What's wrong with this people? (Score 1) 876

That's a good point. I am not doing anything in the bedroom that will get our city firebombed, so you can rest assured.

Then again I recall Jerry Falwell saying that Hurricane Katrina was God's justice on New Orleans for the gays. But since the flooding mostly skipped the gay district, it seems to have been God's justice on the gay-adjacent. I guess we need more data points to figure out who exactly God is hating these days.

Slashdot Top Deals

UNIX is hot. It's more than hot. It's steaming. It's quicksilver lightning with a laserbeam kicker. -- Michael Jay Tucker

Working...