Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:Turn it off (Score 1) 223

I have no idea how a Windows guy would have solved that.

You can make a Windows live CD (called Windows PE). It's rarely necessary though.

It sounds like the version of Windows you were trying to install was not officially supported by your hardware.

I was installing a purchased copy of Win7 on a machine that came with Win10, because the tools I needed to use (for which I purchased the machine) only run on Win7. Of course, the vendor of said tools didn't bother to document that anywhere.

For your scenario. downloading the drivers onto a USB flash drive is usually the simplest option. In a pinch you can download on your phone and simply connect a USB cable to the computer, or the flash drive to the phone.

As I said in my post above, Windows didn't have drivers for the USB controller. USB was not available.

Comment Re:People without a clue commenting on crypto (Score 1) 193

> If an attacker gets the hash, he can almost certainly recover the password.

How, other than brute force?

Why do you exclude brute force? Brute forcing typical user passwords given a cryptographic hash of them, even salted, and regardless of the hash function used, is very easy. Brute force is exactly the attack I was talking about.

It's best to assume that possession of a hash of a low-entropy secret is equivalent to possession of the low-entropy secret itself.

Comment Re:Why (Score 1) 1081

Wanting to eject Muslims from the US is a political aim

Bullshit. As of now I've yet to see any policy about ejecting muslims from the US.

I was making the point that one need not seek policy in order to be working towards a political goal... and you respond that you don't see anyone seeking policy, apparently completely missing the point.

Comment Re:"In the wild" - slight exaggeration (Score 2) 157

Umm, that is an uncited claim in the summary. Nothing of the sort is stated in any of the links. The summary links to a paper that provides more details of the attack. Very heavy and technical though a few inital takeaways from it is that implementations only take a few days to run on gear they have so does seem safe to assume that SHA-1 collisions are pretty much pwned.

The Python script in question doesn't find new SHA-1 collisions. It takes two input PDFs and produces two output PDFs that hash to the same value. It uses some quirks of how PDFs work, plus that original SHAttered collision generated by the Google researchers. Finding another collision is a lot of work. Using a known collision to generate PDFs with the same hash value is not.

https://github.com/nneonneo/sha1collider

Comment Re:Turn it off (Score 3, Insightful) 223

I've spent this weekend trying to repurpose an old laptop as a media/streaming machine, and decided to go Linux rather than Windows. It most certainly has not been easier. Maybe if you've worked with the system for years and know the ins-and-outs it is second nature, but Linux has caused all sorts of issues I wouldn't have had on Windows.

If you've worked with Windows for years and know the ins-and-outs of that system, it's a lot easier to set Windows up than something else. Personally, when I have to set up a Windows system, I have a lot of issues I wouldn't have on Linux.

I know because I had to install a Windows system for the first time in about a decade a few months ago. It took me all day and lots of hair-pulling to figure out how to find and install all of the drivers needed to make the thing run. At the end I was still left with a few devices showing errors in the device manager, which I was simply unable to get working. It worked enough, so I gave up on the rest. The worst part of the process was that right after installation Windows had no functioning drivers, for ethernet, Wifi or USB, which made it really hard to get drivers onto the box. I solved this by booting a Linux LiveCD (which worked out of the box), creating a small FAT32 partition, downloading the ridiculously bloated 250MB (WTF?!?) ethernet driver onto it, then booting Windows again and installing from the FAT32 partition. I have no idea how a Windows guy would have solved that.

Comment Re:Too good to be true. (Score 1) 197

The effect depends on the fact that outer space doesn't radiate much at those frequencies.

Under clouds there is more of a thermal equilibrium. So there will be about as much IR energy in that band being emitted from clouds and entering the building as leaving it. It's the same reason that cloudy nights usually stay warmer than clear nights.

Comment Re:What's wrong with public domain code? (Score 1) 45

Stallman may argue that you need to make sure the code is free in the future, but I'd settle for the code being free now.

I don't see any reason they shouldn't do both. They should release it under a good copyleft license, but note on their repository that all source code from the DoD is in the public domain. Those who wish to take the federal code and carefully verify that no non-federal contributions have been added (or who are willing to strip out all of the non-federal code) can use it in whatever way they like, since it's in the public domain. Contributions by others, however, will by default be owned by the contributor but licensed under the copyleft license. In the event someone uses their code in a way that violates the license, they'll have standing to sue for infringement, though the DoD will not.

Comment Re:People without a clue commenting on crypto (Score 1) 193

There's nothing wrong with that use of SHA1, but I can't think of a threat model in which it actually accomplishes anything useful, not because SHA1 is defective, but because passwords are. If an attacker gets the hash, he can almost certainly recover the password. Further, your implied threat model seems to assume that an attacker may be inside the system (which is a good assumption), where he can grab the in-flight hashes. But if that's the case, what prevents the attacker from replaying the hashes? At that point in the system, the hashes are the passwords, they unlock access. So the attacker doesn't even need the user's password.

Also, have you benchmarked SHA256? On modern hardware it's generally cheaper than SHA1. Assuming there actually is a good reason for hashing, you may be able to quiet the complainers and improve performance with one change.

Comment Re:Why (Score 4, Insightful) 1081

Did this man claim to be a member of some political group?

He clearly considers himself to be part of the American political group that hates/fears Islam. (Also part of the group who confuses all brown people with Middle Easterners, too, but that's not a political group.)

Was there any implication that this kind of violence would be repeated unless some public policy changed?

You don't have to be seeking a policy change to be seeking a political aim. Wanting to eject Muslims from the US is a political aim, and doing it by making them afraid they'll be shot is just as good as governmental action.

Slashdot Top Deals

The trouble with money is it costs too much!

Working...