stevef - Slashdot User

Comment Re:Was going to say the same thing (Score 1) 101

by Brian Hatch on Wednesday May 29, 2024 @02:24AM (#64506993) Attached to: Instead of 'Auth,' We Should Say 'Permissions' and 'Login'

We already have a standard for shortening long names. Thus

* a13n replaces 'authorization', and
* a14n replaces 'authentication'.

both of these are 1 char shorter than authz / authn, so it should greatly simply things.

Are You Sure SHA-1+Salt Is Enough For Passwords? 409

Posted by CmdrTaco on Wednesday February 09, 2011 @09:47AM from the good-enough-for-govt-work dept.

Melchett writes "It's all too common that Web (and other) applications use MD5, SHA1, or SHA-256 to hash user passwords, and more enlightened developers even salt the password. And over the years I've seen heated discussions on just how salt values should be generated and on how long they should be. Unfortunately in most cases people overlook the fact that MD and SHA hash families are designed for computational speed, and the quality of your salt values doesn't really matter when an attacker has gained full control, as happened with rootkit.com. When an attacker has root access, they will get your passwords, salt, and the code that you use to verify the passwords."

Comment Push a button every 108 minutes (Score 5, Funny) 169

by stevef on Sunday September 24, 2006 @11:12PM (#16180613) Attached to: How Can I Build a Portable "Dead-Man's" Switch?

How about setting up a computer that requires you to punch in a code and hit the "execute" button. You could have it set on a timer... say 108 minutes.

Moving a Development Team from C++ to Java? 204

Posted by Cliff on Wednesday May 17, 2006 @09:55PM from the language-defection dept.

Nicros asks: "I work for a company that is working toward an FDA approved software development process. We have always used C++ in a Windows environment, and we have more than 6 years of code, applications and libraries developed. Because of our long and convoluted software development history, our existing architecture is difficult to manage for a group of our relatively small size (5 FTEs), and development times are rather slow. Our IT director has made the decision that, to speed up development times, we need to re-architect all of our existing code, from C++ to Java." What would be the best way to go about handling such a migration? In a general sense, how would you go about moving a development team from one language to another?

Comment The script in question... (Score 1) 99

by Brian Hatch on Thursday July 28, 2005 @11:18PM (#13192041) Attached to: Stealing the Network: How to Own an Identity

If you want to translate Dvorak to/from Qwerty, go snag this decrypt script I wrote a long time ago. It's NOT what was used for the chapter. (You'd know why if you read the chapter.)

The quick way to switch your actual keyboard is to use setxkbmap, or loadkeys, but if then you'd need to type in all the comments here to have them translate. This script would work as a filter, which is more convienient.

Also, if you want to switch back and forth, or are on an old system that doesn't have alternate keyboards available in X11, I use tod/toq, from the Tools section of Hacking Linux Exposed website.

If you're wondering why there aren't many posts by the other authors, that's because they're all in or recovering from Las Vegas....

Comment Open source LED controller (Score 1) 453

by micahjd on Tuesday March 18, 2003 @05:08AM (#5535271) Attached to: Building Your Own Glowing Cyber-Balls?

This is a little project I did, specifically for controlling a large number of LEDs for ambient information (CPU load, music visualization...). It connects to the serial port, and can control up to 72 LEDs with variable brightness.

I was planning on making kits for this available if there's interest, but that's on hold until I finish a new design (thousands of LEDs, true color, USB).

There is hardware info, source code, and photos at the project web page.

Journal Journal: Onsight Training. Yes, James Lee rocks.

Journal by Brian Hatch on Wednesday January 22, 2003 @09:17PM

Wow, that was cool to wake up this morning and read an askslashdot about good places to get training and see Onsight listed! I absolutely think James is the shit. He's the guy who bullied me into learning (and loving) perl. He tought one of my undergrad classes, way back when. He certainly deserves the kudos, but it's cool seeing anonymous strangers on slashdot agreeing.

Journal Journal: Update: EFF Contributions for Hacking Linux Exposed, 2nd Ed

Journal by Brian Hatch on Thursday January 09, 2003 @03:48PM

As you probably know, if you buy Hacking Linux Exposed, Open Source Web Development with LAMP, or Building Linux VPNs, or any other book by following Amazon or Barnes and Noble links from those pages, we donate any kickbacks to the Electronic Frontier Foundation.

Comment Re:Enterprise (Score 2) 386

by bero-rh on Thursday August 01, 2002 @10:36AM (#3991978) Attached to: Best TV Sci-Fi Costumes

Paramount dropped the Star Trek tag altogether, and it's simply called Enterprise.

Which is fun, because the German translation of the original Star Trek series was called "Enterprise".

I wonder how they'll react to this in the translation of the new Enterprise series.
I'd bet they'll put back the "Star Trek" tag.

Slashdot Top Deals