Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:"In the wild" - slight exaggeration (Score 1) 129

"not only weak, but broken" seems premature. The attack here involves manipulating two obtuse file formats to yield altered files with a shared hash, different to original unaltered hashes.

It took less than 3 years for MD5 to go from "first collisison" to "can fake certificate trust chains".

. But I am failing to see how this right now translates into a practical vector for the various places where I encounter SHA-1.

But don't forget that the open literature discovered an as-yet-unknown attack against MD5 in an internet worm, one almost certainly written by a government organisation. In other words, the state of the art may well be a couple of years ahead of what's public.

Comment Re:"In the wild" - slight exaggeration (Score 1) 129

"In the wild" is a bit panicky & excessive.

No, it's really not. This demonstrates that SHA-1 is not only weak, but broken. One golden rule about security is that it never improves over time. It means that collisions are now possible, and are within reach of moderate sized organisations. Google can clearly manage, governments certainly can and any criminal organisation with a large enough botnet can manage too. This isn't just finding random data either: it's a practical attack whereby two valid PDFs both hash to the same value.

The security will get worse over time, just like it did for MD-5. With MD-5 it took less than 3 years for someone to go from creating two valid documents with the same hash (poth PDF and PS support arbitrary data embedded for various purposes which makes them relatively easy targets) to a completely broken cryptographic certificate which broke the chain of trust entirely. Not only did it happen, but it took a scant 11 hours on a 30 node cluster, meaning practical, attacks were in range of a single, not well funded individual, only 3 years after the first collision was found. With SHA-0, it took about a year and a half to go from the first collision to fast collisions.

It's hard enough migrating things and old systems tend to hang around for years or even decades, so you should be planning your migration right now.

That is not to say that SHA-1 is unsuitable for content identification with non malicious inputs, it's fine for that, but so is MD-5.

Comment Re:No (Score 4, Informative) 117

TFA's author seems to think that just because big car companies have joined the race, they have already won.

You're assuming that Silicon Valley companies were the first into the self driving car world. They are the noisiest bunch, for sure, and like to lend weigh to the idea that they are the grand innovators in this area.

However, self-driving car research has been going on for *decades* in the computer vision and robotics worlds in academia, sometimes with sponsorship from car companies. I remeber going to vision conferences in the mid 2000s seeing talks about autonomous vehicles doing long drives on normal roads with automatic detection of road signs, obstacles etc etc.

The first DARPA grand challenge won was in 2005 (autonomous car navigating a dirt road course with vaious interesting obstacles), which was before any of the major silicon valley companies got involved. The first, second and third places all had vehicle companies as sponsors and collaborators.

Comment Re: Not a problem at all (Score 1) 941

Well, either you've just proven that you don't have a clue what feminism is about (hint: if you got your understanding of it from theredpill, then you're quite astonishingly far off the mark), a very odd breed of moral relativist, or you are a real grade A bigot.

In the first case, a visit to a dictionary will enlighten you. In the second case, while extreme moral relativitism is a logically coherent position from some starting points, it ultimately leads to no useful conclusions, so there's little to debate. In the third case, well, if you reply in the affirmative, I can set the idiot flag and not have to see as many of your posts.

Comment Re:"Police found Purinton 80 miles away at Applebe (Score 1) 941

This notion that guns have some kind of magic killing power that doesn't readily exist elsewhere is pure nonsense.

what.

The purpose of guns is to be more effective at killing things than not having guns. Your argument against that is literally arguing against the second amendment, not for. The second starts:

A well regulated Militia, being necessary to the security of a free State

so if guns are actually totally useless and no worse than pointy sticks, then that nullifies the first part of the second amendment, which means the conclusion is not implied by the conditions. Your amended second amendment would be:

Nothing special about guns, you can kill people lots of ways, so there's no point enshrining the right to bear arms in law

The bottom line is that if this guy REALLY

Yeah, but guns reduce it from REALLY wanting to kill people to a vague, passing notion of killing people. It lowers the barrier to entry a lot.

Guns are just one of a million ways to express violence.

Yes, one of the most effective ways which is WHY ownership is enshrined in law in the second amendment.

Comment Re:You don't own common sense (Score 1) 941

less gun homicides but increased fatal stabbings and beatings

The important thing then is what happens to the total homicide rate per capita.

Did you hear about how some Lord or Minister in Brittan had proposed banning large knifes because they were being used to kill people?

Yeah, politicians can propose whatever they like, and other politicians shoot it down. Someone proposed it and most people thought it was a terrible idea so it got nowhere. If you cherry-pick idiotic things politicians do (like legislating the value of pi as 3.2) then you can make any country look stupid. That doesn't mean much though, because politicians say stupid theings the world over.

Comment Re:You don't own common sense (Score 1) 941

The US isn't China or Europe or Australia or Britain. We have our own unique culture. It has pluses and minuses like any other distinct culture does.

Yep it does. The some of the plusses are green chile, driving 20,000 miles on the emergency spare and paper license plates (screw you other 49 states), and one big minuses is the rather large number of people getting killed by guns (from what I recall, the majority are accidents and suicide, but I may be mistaken).

It requires a certain perspective to understand and appreciate other cultures. Perhaps you may develop that perspective someday.

It also requires a certain perspective to see the bad things about your culture, which are hard to get from the inside. Either way though lots of people getting killed is pretty much not a good thing.

Comment Re:"Police found Purinton 80 miles away at Applebe (Score 2, Insightful) 941

Getting drunk and doing stupid things is not racist,

No, but getting drunk and shooting a brown person while yelling "get out of my country" is racist, drunk or not. Being drunk doesn't make it magically not racist, much like punching someone while drunk droesn't magically become "not assault" just because you're drunk.

Comment Re:Don't show this to the Linus/Linux Kernel Group (Score 1) 54

Whatever works! :)

It works sufficiently for Linux, but the fact it works at all does not imply that something else couldn't work better. Several high profile kernel devs have left due to the flood of shite. Matthew Garrett is one and he was responsible for a huge amonut of the power saving code which makes Linux actually acceptable on laptops.

Comment Re:a Code of Conduct is a weapon (Score 2) 54

I don't understand why a programming language, as a recent example, requires a Code of Conduct.

A programming language doesn't: such a thing is nonsensical because a language is inanimate and has no agency. The people in the community who contribute, however, do. If you can't see why people need a code of conduct then I can only ask: have you ever met people?

If you want your official forums to be civil, than enforce civility.

Using your personal, unwritten code of civility, I assume, even though it differs from mine?

Comment Re:Never EVER us the USPS (Score 2) 143

They still have the government employee mentality of not giving a shit

Yeah because random employees in large corporations give so many shits about you personally. They really don't, you know, I mean really not at all.

When conducting business, one of these two carriers is always the way to go because they deliver consistently and on time.

aaaahahahaha.

The USPS was a great idea 240 years ago and they served their purpose for a long time, but it is high time that we fully privatize them and let them go bankrupt if they can't perform a competent service.

As a private company, they'd likely do considerably better since they wouldn't have to obey inane regulations from politicians who are intent on hamstringing it as much as they can by law to "prove" that the government can't do a good job.

Make no mistake, the USPS is phenomenally efficient and moves astonishingly vast quantities of mail for a really, really low cost.

Comment Re:Cool? (Score 1) 123

It's funny you say that. The first time I had to make a similar list, I asked the European leftist* commenter what made US Democrats not leftist, and his response was related to owning property, and not just "a home".

Well, you can base your definitions of words based on what a single, random internet poster said if you like. However, when you're misunderstood and misunderstand people, the fault will lie entirely with you.

No, I am responding in accordance with several conversations I have had on this very website, asking the difference between the "European left" and the "US left". :shrug:

Go look at some actual European leftists, e.g. Jeremy Corbyn in the UK. He's a right old raving red, but has not come out against private ownership of stuff in general. Or if you prefer something a bit more continental, look up Hamon of the French Socialist Party: he's running a presidential campaign so there is TONS of information about him and what he wants right now.

Comment Re:Cool? (Score 1) 123

The only two areas that the Democrats are not on the "European left" is that they believe in private ownership of property,

Like I said, if you're going to knowingly use your own private definitions of things then you are *intentionally* going to be misunderstood. The "european left" believes in the private ownership of property.

You are confusing "left wing" with "communist". Again.

Slashdot Top Deals

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (9) Dammit, little-endian systems *are* more consistent!

Working...