Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Cluelessly Bad Analysis (Score 2) 153

A competently operated website will store hashes of the passwords instead of the passwords themselves.
If the hashes get leaked then typically two thirds of the passwords will be revealed in the first few minutes of cracking because people mostly use weak passwords, sites use hashing algorithms that arn't slow enough and GPU's can try billions of passwords per second for common algorithms.

However a good password, such as 14+ random letters and numbers or 5+ random words that don't appear together anywhere in published literature, still won't be revealed from the hash, so it is lower risk to reuse across sites, not zero risk because it could be captured when you log in to a hacked site and due to site storing plaintext passwords.

Comment running strings on bad file also unsafe (Score 2) 58

Slightly related;
Lcamtuf writes that that running strings over a maliciously crafted file can probably result in code execution on your system.


The big picture is nothing new, when you use software, particularly software which is written in C/C++, to process data from untrustworth sources there is a reasonable chance of hard to spot security vulnerabilities.

Comment frequencies used by existing equipment (Score 5, Informative) 94

For a few more months in the UK analog TV will use 470-862MHz
The last few analog transmitters will soon be switched off,
the replacement digital transmitters will just use 470-790MHZ.

806-854MHz was auctioned off in 2009. 790-806MHz may be used for other tings in areas where it is not used for digital TV.

The worst case scenario for TV interference is roughly this.

Someone's house is on the edge of the coverage area of a digital TV transmitter which is on the highest multiplex frequency. They are 35miles from the transmitter and have a big TV antenna on a twenty foot pole on the chimney with a wideband preamp on the pole.
The TV signal is just barely strong enough to give a picture and only freeze occasionally when a pigeon flies in front of the antenna.

The TV signal is 8MHz wide ending at 790MHz.
A mobile internet base station push out 100 watts is installed 100 meters away from the house using frequencies starting just 16MHz higher at 806MHz.

In terms of power the mobile internet signal might be 70dB stronger, that's ten million times the received power.

The base station signal is strong enough that it overloads the masthead preamp. It dosn't even matter if the TV decoder can handle a massive signal close to a very weak signal, (and it probably can't) because the preamp is clipping and the weak TV signal is lost before it even gets to the TV.

In theory with good planning will mitigate this considerably.

In practise vast amounts of existing TV equipment is specifically designed to receive and amplify the frequencies that have been sold oof for other uses.
Mobile applications need lots of base stations close to the users.
Inevitably lots of people will have a base station on a tall building that they can see out of the window in an area where the TV transmitter is twenty miles away.

Comment Re:Not popular, not currency (Score 0) 247

Bitcoin is not in trouble.

Some idiot speculators lost their money. Some people who were stupid enough to trust online wallet services lost their money. Some people who got their windows machines infected lost money. A few idiots who didn't keep backups lost their money. The people who are holding BTC are likely to find it looses value for years but it was their choice to get into it in the first place.

The system still works fine. You can still transfer bitcoins from one user to another across the internet with a few clicks. If you keep your private keys safe nobody can steal your coins.

Bitcoin will be in trouble if a significant attack on the cryptography is found.
Bitcoin will be in really big trouble if someone finds a remotely exploitable hole in the client software.

So far, it is not in trouble.
It can drop in value to 1 US cent per BTC and still not be in trouble.

Comment Re:New Trojan produces Quantitative Easing (Score 2) 247

Anyone can mine bitcoins, you don't have to be a politically connected bankster to participate.

The creation of new BTC is predictable and publicly documented.
Participation is voluntary. Anyone can read about how it works, see that the the amount of BTC in circulation is going to more than double in the next five years, see that the level of commerce with BTC is low and decide if they want to hold any. (Personally I think holding BTC is a bad idea and will be for a years unless commerce increases considerably.)

Having your fiat currency devalued to cover the deficit spending of long retired spendthrift politicans is not voluntary.

Comment Re:Follow the Trail (Score 2) 247

Applying more computer power to bitcoin mining won't devalue bitcoin any more than it will anyway. The software adjusts the difficulty of generating blocks so that it generates approximately 7200 BTC every day for the next year, fewer after that. More computing power applies to mining just means that individual people mining get a smaller share of the coins being generated.

Comment Re:Editors, non-snarky question: usability testing (Score 1) 238

I just wish I could find the setting to show the site as it was six or seven years ago. Bandwidth is cheap and my browser can cope with large pages, I don't want to see or click a "get more comments" button ever. I just want it to show every comment at my chosen score threshold by default.

Comment making clients fo msot of the work of encrypting (Score 1) 90

From the report

TcpCrypt was motivated by the observation that server computing power is the performance bottleneck. To make ubiquitous encryption possible, highly asymmetric public key operations are arranged so that the expensive work is performed by the client which does not need to handle high connection setup rates. This is in contrast to SSL/TLS where the server does more work.

I think thats a really insightful observation. I'd really like a new version of the HTTPS that takes away the most common objection to using it by making the client do most of the work. Most computers being used for web browsing have processor time to spare, not sure about smartphones though.

Comment ClamAV engine poor at general malwre detection (Score 4, Informative) 127

The clamAV engine is designed for scanning incoming email. These days any sensibly configured email system deletes all email with any forum of executable attachment before it gets anywhere near the end users so email scanning is a bit of a niche market.

The ClamAV engine may be good at email scanning but that does not mean it is good for general malware scanning. Clamwin, which uses the clamAV engine in a general windows malware/virus scanner has very poor detection compared to the top few antivirus packages (Eset Nod32, AVG, kaspersky, avira paid version, panda).

Malware delivered via the web is the main source of the epidemic of crap on the windows platform these days. In geek circles I feel like a suspected plague carrier because I carry a windows laptop instead of running ubuntu or carrying an apple.

I do nearly all my browsing in windows virtual machines. The basic firefox only VM is little trouble. A vm with flash player, Sun java, acrobat reader, dotnet addon etc results in the "whats all this network traffic, shit the VM is sending spam" or "popups WTF?" every few months, followed by going back to a known good copy of the VM and redownloading lots of updates.

Over that last year I'v uploaded a couple of dozen malware .exe's from the web to virustotal, (mostly attempts to exploit user ignorance that didn't getting running on my machine eg desirable-file.pdf.exe). I keep the exe's and check how long it takes for AV companies to add detection. Kaspersky and AVG usually add detections within 36 hours, avira is usually "next day" provided next day is monday-friday.
Half the time Clamwin does not detect the malware and typically takes a couple of weeks to start detecting my sample if they get it at all.
I have little confidence in another package using the clamAV engine doing any better.

Also the ony real cleanup response for malware arriving by email is 'delete', removing malware that has installed itself into windows takes much more work. A of people rely on antivirus software to clean up messy infections instead of being organised enough to have current backups and known-good images of every machine.

Comment Re:O-scope experiences. (Score 1) 337

I recommend NOT buying a Hantek USB oscilloscope.

I got a DSO-2250 which sounded good for the money. I would have spent more time reading reviews, this review sums it up.

The software for windows is buggy and limited. They seem to have largely rewritten the software between version 6 and version 7 but have just replaced old bugs with different bugs.
The most frustrating bug is that it gets stuck and stops triggering until you close and reopen the software. It's really annoying to have your hands full poking the probes into some equipment and not knowing if you have missed the packet of data you are trying to catch because it wasn't sent or because the scope software didn't work.

The manufacturer claims 8bit sampling and 250 megasamples/second.
Sadly the hardware is noisy and the lowest two bits randomly change. The software has a smoothing option to hide the noise but then you don't get anything like the time resolution you paid for.
If the software was better I could live with that as I mostly look at digital signals.

I still personally favour a PC oscilloscope since I haul a laptop around and might as well make use of it's high resolution screen.
For digital work a 'scope that can capture a one time event to look at at your leisure is far better than an analog scope that needs a repetitive signal to keep refreshing the CRT.

Slashdot Top Deals

Stinginess with privileges is kindness in disguise. -- Guide to VAX/VMS Security, Sep. 1984