Follow Slashdot stories on Twitter


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Researchers Discover a Cheap Method of Breaking Bitcoin Wallet Passwords ( 96

An anonymous reader writes: Three researchers have published a paper that details a new method of cracking Bitcoin "brain wallet passwords," which is 2.5 times speedier than previous techniques and incredibly cheap to perform. The researcher revealed that by using a run-of-the-mill Amazon EC2 account, an attacker would be able to check over 500,000 Bitcoin passwords per second. For each US dollar spent on renting the EC2 server, an attacker would be able to check 17.9 billion password strings. To check a trillion passwords, it would cost the attacker only $55.86 (€49.63). In the end, they managed to crack around 18,000 passwords used for real accounts.

How the Car Industry Has Hidden Its Software Behind the DMCA 126

Lucas123 writes: The DCMA has allowed carmakers to keep third parties from looking at the code in their electronic control modules. The effect has been that independent researchers are wary of probing vehicle code, which may have lead companies like Volkswagen to get away with cheating emissions tests far longer than necessary. In a July letter to the U.S. Copyright Office, the Environmental Protection Agency expressed its own concern of the protection provided by the DMCA to carmakers, saying it's "difficult for anyone other than the vehicle manufacturer to obtain access to the software." Kit Walsh, an attorney with the Electronic Frontier Foundation, said the legal uncertainly created by the DMCA "makes it easier for manufacturers to conceal intentional wrongdoing. The EFF has petitioned the U.S. Copyright Office for an exemption to the DMCA for embedded vehicle code so that independent research can be performed on electronic control modules (ECMs), which run a myriad of systems, including emissions. Eben Moglen was right.

Comment What are your budget and reliability requirements? (Score 2) 219

If you have a small budget and moderate reliability requirements, I'd suggest looking into building a couple Backblaze-style storage pods for block store (5x 180TB storage systems, apx $9000 each), each exporting 145TB RAID5 volumes via iSCSI to a pair of front-end NAS boxes. NAS boxes could be FreeBSD or Solaris systems offering ZFS filestores (putting multiples of 5 volumes, one from each blockstore, together in RAIDZ sets), which then export these volumes via CIFS or NFS to the clients. Total cost for storage, front-ends, 10GbE NICs and a pair of 10GbE switches: $60K, plus a few weeks to build, provision, and test.

If you have a bigger budget, switch to FibreChannel SANs. I'd suggest a couple HP StorServ 7450s, connected via 8 or 16Gb FC across two fabrics, to your front ends, which aggregate the block storage into ZFS-based NAS systems as above, implementing raidz for redundancy. This would limit storage volumes to 16TB each, but if they're all exposed to the front ends as a giant pool of volumes, then ZFS can centrally manage how they're used. A 7450 filled with 96 4TB drives will provide 260TB of usable volume space (thin or thick provisioned), and cost around $200K-$250K each. Going this route would cost $500-$550K (SANs, plus 8 or 16Gb FC switches, plus fibre interconnects, plus HBAs) but give you extremely reliable and fast block storage.

A couple advantages of using ZFS for the file storage is its ability to migrate data between backing stores when maintenance on underlying storage is required, and its ability to compress its data. For mostly-textual datasets, you can see a 2x to 3x space reduction, with slight cost in speed, depending on your front-ends' CPUs and memory speed. ZFS is also relatively easy to manage on the commandline by someone with intermediate knowledge of SAN/NAS storage management.

Whatever you decide to use for block storage, you're going to want to ensure the front-end filers (managing filestores and exporting as network shares) are set up in an identical active/standby pair. There's lots of free software on linux and freebsd that accomplish this. These front-ends would otherwise be your single-point-of-failure, and can render your data completely unusable and possibly permanently lost if you don't have redundancy in this department.


Police Use DNA To Generate a Suspect's Face 100

An anonymous reader writes: The NY Times has a pair of articles about a technology now being used in police investigations: computer generation of a suspect's face from only their DNA. Law enforcement in South Carolina had no pictures or descriptions of a man who murdered a mother and her daughter, but they had some of his DNA. From this, a company named Parabon NanoLabs used a technique called DNA phenotyping to create a rough portrait of the suspect's facial features, which the police then shared with the public.

The accuracy of these portraits is still an area of hot debate — most of them look rather generic. The NY Times staff tested it with a couple of their employees, circulating the DNA-inspired portraits and seeing if people could guess who it was supposed to be. None of the ~50 employees were able to identify reporter John Markoff, and only about 10 were able to identify video journalist Catherine Spangler. But even though the accuracy for a person's entire face is low, techniques for specific attributes, like eye color, have improved greatly. Of course, the whole situation raises a slew of civil liberties questions: "What traits are off limits? Should the authorities be able to test whether a suspect has a medical condition or is prone to violence should such testing be possible?"

Over 9,000 PCs In Australia Infected By TorrentLocker Ransomware 83

First time accepted submitter River Tam writes Cybercriminals behind the TorrenLocker malware may have earned as much as $585,000 over several months from 39,000 PC infections worldwide, of which over 9,000 were from Australia. If you're a Windows user in Australia who's had their files encrypted by hackers after visiting a bogus Australia Post website, chances are you were infected by TorrentLocker and may have contributed to the tens of thousands of dollars likely to have come from Australia due to this digital shakedown racket.

Comment Because money and the inherent problems with AC. (Score 2) 516

It costs money to upgrade and stabilize the power grid. It costs money to stay ahead of the failure curve.

The current infrastructure sucks mainly because it's unpredictable and takes too much effort to synchronize disconnected sections of the grid before connecting them. You can't just "route around" a dead transmission line if there are generator stations active on both sides of the break. You must wait for the two sides to synchronize in phase before connecting them, which can take several seconds to a minute. If you don't, you'll cause even more breakers to trip.

None of this would matter if we switched distribution to HVDC. We have the technology, but again, the cost to convert everything to employ DC-DC switching converters is prohibitive. The biggest upside to switching everything to DC (all the way to the end-user) is that you could add standby capacity by simply connecting batteries to your mains circuit between the main breaker and load panel. The more people in a neighborhood using batteries to buffer their power source, more aggregate protection the neighborhood has against blackouts.


Qualcomm Takes Down 100+ GitHub Repositories With DMCA Notice 349

An anonymous reader writes Qualcomm has forced GitHub to remove over 100 repositories due to "unauthorized publication, disclosure, and copying of highly sensitive, confidential, trade secret, and copyright-protected documents." Among the repositories taken down were for CyanogenMod and Sony Xperia. The issue though is that these "highly sensitive" and "confidential" files are Linux kernel code and reference/sample code files that can be easily found elsewhere, including the Android kernel, but GitHub has complied with Qualcomm's DMCA request.

The Next Keurig Will Make Your Coffee With a Dash of "DRM" 769

FuzzNugget writes "Apparently seeking to lock competitors out of the burgeoning single-serve coffee market, Green Mountain Coffee Roasters, maker of the popular Keurig coffee machines, will make their new machines work with licensed pods only. GMCR's CEO confirmed this in a statement: 'The much-anticipated ‘Keurig 2.0’ single-cup brewing system with ‘interactive readability’ (that doesn’t work with unlicensed/copycat pods) will offer such “game-changing functionality” that consumers - and unlicensed players - will want to switch.'"

Adobe's New Ebook DRM Will Leave Existing Users Out In the Cold Come July 304

Nate the greatest writes "Whether it's EA and SimCity, the Sony rootkit scandal, or Ubisoft, we've all read numerous stories about companies using DRM in stupid ways that harm their customers, and now we can add Adobe to the list. Adobe has just announced a new timeline for adoption of their recently launched 'hardened' DRM, and it's going to take your breath away. In a video posted to Youtube, Adobe reps have stated that Adobe expects all of their ebook partners to start adopting the new DRM in March. This is the same DRM that was launched only a few weeks ago and is already causing problems, but that hasn't stopped Adobe. They also expect all the stores that use Adobe's DRM to sell ebooks (as well as the ebook app and ebook reader developers) to have fully adopted the new ebook DRM by July 2014. That's when Adobe plans to end support for the old DRM (which everyone is using now). Given the dozens and dozens of different ebook readers released over the past few years, including models from companies that have gone under, this is going to present a significant problem for a lot of readers. Few, if any, will be updated in time to meet Adobe's deadline, and that's going to leave many readers unable to buy DRMed ebooks."

Comment All of these concerns would be moot with DC. (Score 1) 579

(Note, this is more of a stream of consciousness than an actual comment, so I apologize in advance if this sounds ADD-ish)

Get rid of the bulky, loud transformers and phase shifting coils and cap banks. Run -12KVDC to -20KVDC over the residential feeder lines down to neighborhood-located equipment with switchmode buck converters to give -240VDC and -120VDC to homes via their usual 3 mains wires, and a fourth wire for homes who wish to feed power back into the local grid via switchmode boost converters. The power transformer boxes on the corner of every block will contain high-frequency switching equipment and a few batteries (for keeping the block lit during upstream switching events and outages) instead of 2000-pounds of copper and laminated steel. The neighborhood substations will have their giant transformers and oil-filled breakers and phase compensating equipment replaced with IGBT-based switch stacks and intelligent converters that quickly compensate for changing load and back-feed conditions completely silently. Managing connections between substations and the high voltage grid will be an order of magnitude simpler and safer when all you have to worry about is matching the voltages within a few percent and measuring static currents after connections are made, rather than comparing frequency, phase angles, and power factors. With today's "modern" AC grids, you're liable to blow fuses/breakers/transformers if you connect two independently-fed parts of the grid together without first matching phases and frequency.

I know it's just too late for the change from AC to DC in the home to be practical. The biggest, most power-hungry devices just don't have an "upgrade path" to DC: Air conditioning and refrigeration compressors, fan/blower motors, fluorescent lights would all need complete replacement with DC-compatible equivalents. It would have been better if appliance manufacturers had designed their devices to be run off either types of mains from the start... Large, high-torque brushless DC motors are quite cheap now, and switchmode power supplies are now smaller and cheaper than 60HZ AC power transformers, and many of them will actually work equally well being fed by 120-240VDC.

Comment Transfer switches, batteries, and inverters, oh my (Score 1) 579

Automatic transfer switches eliminate any danger of locally generated power being fed back into the grid if there's any sort of danger in connecting the two. The electric company would only have to tell home owners to employ transfer switches in order to stay connected to the grid (with the only side effect being that they can't contribute excess power back to the grid)

My local utility company actually employs smart meters that can monitor both grid-side and home-side circuits for dangerous conditions in cases where there's a grid-tie inverter in the home. The smart meter instantly disconnects the home from the grid if there's an excessive surge in current being fed back into the grid (by analyzing the voltages, transfer current, and phase angles of both sides). The same meters also communicate with the utility company over a combination RF and powerline-based data transmissions, eliminating the need for guys to be dispatched monthly to read everyones meters.

In other news, you can buy a good charge controller, a 50KWh bank of deep-cycle batteries, a 2KW inverter for lights and outlets, and a 12-KW inverter for air conditioning, all for about $12K. This setup can run A/C for 5 hours a day and your only reliance on the grid would be to top-off the batteries on dark days.

If you have the means to get off the grid, by all means, you should, because most electric companies don't care about anything but profits.

Comment Does DJB insist that the library ... (Score 3, Insightful) 140

Does DJB insist that his crypto library gets installed under /var/lib? He's always insisted that his qmail binaries get installed under /var/qmail, and had everyone I know in the unix admin/engineering field shaking their heads, knowing that having executables and libraries on the /var filesystem is retarded and dangerous.


Artificial Blood Made In Romania 232

First time accepted submitter calinduca writes "Artificial blood that could one day be used in humans without side effects has been created by scientists in Romania. The blood contains water and salts along with a protein known as hemerythrin which is extracted from sea worms. Researchers from Babe-Bolyai University in Cluj-Napoca, Romania, hope it could help end blood supply shortages and prevent infections through donations." Wikipedia's entry on hemerythrin explains its unusual oxygen binding mechanism.

Slashdot Top Deals

When the bosses talk about improving productivity, they are never talking about themselves.