Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:The Saudi government is barbaric (Score 1) 197

You genuinely believe that donations to the Clinton Foundation is what keeps them in power and unpunished? rofl

Why would I believe something that you made up in your own head to fight as a strawman? Oh, I get it. Because you're hoping that by distracting with that juvenile rhetorical technique, that people will forget that the Clintons DO in fact rake in millions of dollars for their own family and cronies (only a sliver of their foundation's revenue goes to anything other than internal paychecks and perks/expenses) in exchange for providing political access to those who pile on the cash. Of course you know this, and are trying to wish it away. Especially the part where she was encouraging that while she was in office, giving lots of access to those who paid her husband. But do carry on, and pretend it didn't happen. Feel better now?

Comment Re:this is a cultural issue, not a technology issu (Score 1) 197

You're undoing your own argument. Culturally, nobody gives a damn if you dance at the Jefferson Memorial, though some people might give a damn if a bunch of people wasted time writing and fussing about legislation to change that law that nobody cares about. On your other topics, you've made your own counterpoint. Culturally, the west has moved very quickly on areas like gay marriage. In practical terms, it's a done deal. There will be lots of little rough edges to clean up for a few years yet. Meanwhile, the Wahabbists and their ilk in the Middle East are going full-throttle backwards into the medieval days they miss so badly.

Comment Re:SJW (Score 2, Interesting) 197

That's because the people who run around screaming about "social justice" do that primarily to distract from the fact that justice is the LAST thing they actually want. How about providing some examples of people who stamp their feet, shout down speakers at colleges, and otherwise rant away ... being actually constructive people interested in open conversation rather than repression of anyone deemed insufficiently onboard with their agenda? Some specific examples to counter the well-earned broad brush of derision would be helpful. But what are you going to trot out ... BLM? Occupy Everything? The Eat The Rich With Bernie Sanders movement? People who insist we switch all pronouns to "it?"

Comment Re:SJW (Score 1, Insightful) 197

Meanwhile on Slashdot the only people actually acting like SJWs are the people who use the term SJW...

No. Calling out liberal totalitarians is not the same as seeking to actually DO the things (like squelching speech through the power of government) that liberal totalitarians actually do. Though you are performing the approved-by-liberal-elites correct response to being called out - immediately lie about it in hopes that will deflect reality.

Comment Re:What did he do? (Score 2) 197

He financed their construction.

Well, that's not entirely clear. If the Saudis bought them, then the Saudis financed them. If the Saudis bought them for less than what they cost, then either the manufacturer(s) subsidized some of the cost, or the taxpayers did. Which brings us to the fact that such expenses come out of the discretionary budget, which means it's essentially paid for almost entirely by income taxes or by debt that will be serviced by income taxes ... and that means that only about half of the people in the country actually have a hand in financing such things because the other half pays no income taxes. And of the half that does pay them, of course a small portion of that group pays the majority of those taxes.

So, "we" is indeed not an obvious thing, here.

Comment Re:Not as big an issue as poor password POLICIES (Score 1) 189

So there exists a browser extension to implement what you desire, it is called HashPass.

However, if you use such a strategy, you *still* must have a password resilient to dictionary attacks. The attack scenario it provides *some* protection against is if you use a site that has poor security storage policies, without your knowledge (e.g. stored in clear text). The idea is that if such a crappy site gets compromised, it's view of plain text password is the end result of your client side salt, which now can be run against a dictionary attack. It basically is ensuring that *someone* is doing a secure hashing strategy that would reasonably protect a strong password in the manner the server side *should* be doing anyway.

If an otherwise secure site adds what you describe, it would do nothing to enhance security. If your password is *truly* strong and they employ proper salting and one way hash strategy (scrypt, PBKDF with adequate passes, what have you), then a leak of their password database is not actually that big a risk. If your password is weak, then the salting strategy client side doesn't add anything, as they could modify their brute force attack to do the client transform in a trivial fashion, and they can work their way back to the password you *really* use.

Comment Re:Not as big an issue as poor password POLICIES (Score 1) 189

Note I *think* he's saying that whatever string the client ultimately sends to the server should still be one-way crypted and salted in the usual way. Meaning a compromise of the database still has reasonable protection.

He wants something to automagically take his password and make it unique per site so he doesn't have to remember them all. Note that this is what things like the extension Hashpass do, generate a site specific password derived from your master password and transformed for the site.

Of course, all this said, the dictionary attack required involves just adding that transform, hence that strategy only helps if you are afraid the site has a plaintext password database or unsalted crypts, and your password would be secure against dictionary attacks offline. It makes zero sense as part of a websites arsenal against attacks.

Comment Re:Passwords shouldn't have to be good (Score 1) 189

crunch those against known rainbow tables

Note that this *also* would be a sign of an incompetent site. Password databases should be impervious to rainbow tables. Also, a GPU would not really be that useful for a rainbow table. A rainbow table is a precomputed table of hashes, meaning it's a straight lookup rather than actually having to perform the hash calculation. A competent site would have a sufficiently long random salt incorporated to render rainbow table impossible.

Of course, dictionary attacks against offline database are still a problem, and so it would be good if your password is not likely in the first 100 trillion or so guesses a system would make (which on a decently secured password database would buy you about a year of time against 8 full time GTX 1080s working on your password and your password alone).

Comment Why it's hard (Score 1) 189

passwords should contain uppercase and lowercase letters, numbers and symbols

No, far more effective would be minimum password (phrase) length. People thinking 8 characters are fine as long as it is leet-speak is a problem. The way most people use uppercase, numbers, and symbols make the dictionaries a little more tedious, but not *that* much more so.

Sure, the most secure approach is totally random, but if people insist on it being human friendly, number of characters is the key point to emphasize.

Comment Re:Looking for the exit (Score 2) 61

A Google login, whether you get it via gmail or "G Suite", ties into all of the Android apps and keeps search history and integrates it into other Google products, and runs synchronization of most app data so they can see a great deal of what you do on the phone. About the worst that you can do is turn on device management. It will take about two days to turn off and during that time it will do its very best to force your email users to put their devices under your control. After that you apparently even have control over booting of the device. It's enough to make me want to support another open phone. Mozilla just gave up the ghost on that.

Comment Re: It won't matter what Comey says (Score 1) 444

And what would replacing Lynch do? Nothing. The FBI didn't recommend charges.

Right, they didn't recommend charges because the entity that makes the decision about prosecuting wouldn't indict her. Not because they didn't gather ample evidence of her blatant mis-handling of classified material, destruction of records, and lying. The decision wasn't based on the evidence, it was based on whether or not Loretta Lynch would directly or through her underlings, pursue a prosecution. Obama signaled months ago, before the FBI had even been allowed to see much of the evidence, that there was no chance of an indictment on his watch.

But Comey said right to you that his decision about recommending an indictment was based on his assessment of the likelihood that the DoJ would actually prosecute her. It was a 100% political decision that came mere days after Clinton sent her husband to have a one-on-one private meeting with Lynch. Replacing Comey with someone else wouldn't have mattered, because the FBI director doesn't get to decide whether or not the idea of a prosecution will be preemptively shut down by the administration, which it was in this case.

Slashdot Top Deals

What sin has not been committed in the name of efficiency?

Working...