Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Untrusted certs (Score 1) 67

I'm not sure he is talking about what I think he is talking about with untrusted certs. Self signed certs are MORE secure as long as the party at both ends understands the process. You simply cannot have a true secret when there is a 3rd party. Certificate authorities are only there to make the process acceptably easy for those who don't know what is going on.

You don't give your certificate to a third party by getting a signed certificate. You generate a signing request, which contains a check sum of your certificate and the details of the certificate. Then your upstream CA signs this signing request.

The private part of the certificate never leaves your computer. Clearly you do not have the faintest idea how the SSL protocol works

Comment Re: Not sure I understand this. (Score 1) 435

You are not understanding the issue.

The key is protected by a code, that is 4-5 digits long. After ten tries, the iPhone destroys the key or enables a timer, meaning you have to wait before next try. What FBI is asking is that Apple make a custom iOS that does not ask you to wait, or destroy the key. And inputting all combinations of four digit codes is doable. If you use five seconds per code, plus a second for checking, that's 60000 seconds for all codes - or 30000 seconds for half (which, on average, will do the trick). That's a bit over 8 hours for half, or 17 hours for all. It's not gonna be a fun job, but it is totally doable. As long as they have a custom iOS that doesn't ask them to wait for an hour after multiple failed attempts, or simply destroys the key.

Comment Re:Hardware Locking (Score 4, Informative) 111

We're upset because you're peddling snakeoil. Here is an excercept generating the hardware ID:
If Dir("gethwi.bat") "" Then Kill "gethwi.bat"
Open "gethwi.bat" For Append As #1
Print #1, "w32tm /stripchart /computer:us.pool.ntp.org /dataonly /samples:5 >gtime.dat"
Print #1, "systeminfo >gsys.dat"
Print #1, "getmac >gmac.dat"
Print #1, "exit"
Close #1
Shell "gethwi.bat", vbHide

You use this information to generate an ID. But you don't even hash it with a one way hash, which means it's possible to forge a reply to give an desired result. A good one way hash would at least make that impossible. It is also not scaling very well - you will need a lot of support for pissed customers who changed parts of their computer or changed timezone.

Furthermore, you do no authentication of the answer from the server. Anyone can send the response, and be accepted. You do not have any security. It would be trivial either remove your DRM by jumping over it, or supplying the very wrong values. A race condition would also work - overwriting the gsys.dat, gtime.dat, gmac.dat before your program reads it. Or simply replacing the code snippet above with a batch file which state echo "Desired values..." > gsys.dat.

So take an evening, think about how you can bypass your system. Try my suggestions. Fire up an debugger, and have a look at the software.

Comment Re:Hardware Locking (Score 1) 111

Yeah, nearly. I didn't say it was FULLY crackproof, but you have to know what you're doing in order to bypass it. Which is why server authentication is BUILT IN. So, unless you've got a direct proof-of-concept exploit, such as faking burned in MAC address codes, along with simple bios info (which amazingly, can be brought up via windows commandline), I would make the educated guess that you're upset in regards to me further maintaining already solid code which someone else can build on.

Or what happends if the software is modified, with a neat little jump instruction where it wants to run the verification? Or what if you just write an API wrapper that gives the desired input?

Submission + - SourceForge assumes ownership of GIMP For Win, wraps installer in adware (arstechnica.com)

An anonymous reader writes: It appears that SourceForge is assuming control of all projects that appear "abandoned." In a blog update on their site, they responded saying in part "There has recently been some report that the GIMP-Win project on SourceForge has been hijacked; this project was actually abandoned over 18 months ago, and SourceForge has stepped-in to keep this project current. "

SourceForge is now offering "to establish a program to enable users and developers to help us remove misleading and confusing ads."

Comment You buy eyeballs and loyalty. (Score 5, Insightful) 58

NSA is buying security holes to use against us. This is part of what Snowden revealed with the leaks.

Offering a bounty, even though it is not as much as the security problem could fetch on the grey market, creates a certain loyalty towards the vendor, and makes it easier to go to them, and ensure the hole gets patched. It also attracts more eyeballs to your software, as finding a problem means money. Google has gone even further - by offering grants for research into specific products, where you get money for checking security of the software, not just finding security prolems.

So I believe it is a good thing; it probably means more holes will be reported directly to the vendor, and not sold for exploit. It probably attracts eyeballs as well...

Submission + - Printrbot Simple 3D Printer Review (3dcreatorlab.com)

Errold Glasro writes: The future is now and is the best time to buy a 3D Printer. Never before has 3D printers been more affordable than they are now. Make sure to read this in depth review of the Printrbot Simple 3d printer before you buy it!

Submission + - man arrested for refusing to stop filming police (cnet.com)

the simurgh writes: A man who claims to be an independent journalist films has been arrested by New Jersey police officers for his refusal to give in to their demands for his video camera. In most cases such as this, the authorities immediately jump to defend the outrageous behavior of the officer. In this case, however, it is different. the citizen and his camera were released. Moreover, Ocean County prosecutor told the local NBC affiliate: "It would be my opinion that we'll probably be dismissing the charge."

Comment Re:America, land of the free... (Score 1) 720

It's because the working class organizations (consumer organisations, trade unions) are so strong in most parts of the EU and especially Norway, they have gained a lot of rights and limitations to the powers of capital.

Indeed. We have fought for our rights, and we've won them over time. And we've made a soceity where fear is not a driving power.

Just looking at things like the recent uprise in USA about police shootings is shocking in most of Europe. Here, police does normally not shoot people. In Norway, it's literaly years between when the police shoots and kills someone. In most of Europe it's major news when it happens. In a country like Germany, with 80 million people, it happens 3-4 times a year.

I would claim that Europe is freer than America. Granted, we can't carry guns where we want, but the risk of crime is lower, and the living standard is on average higher.

Comment Re:America, land of the free... (Score 1) 720

I agree with the concepts your are talking about, but I cannot imagine an IT shop failing to check the background of a system administrator who will be working with banking systems, for example. Think about the fallout if Deutsche Bank hired a database administrator with prior convictions for banking fraud, only to see that employee steal 100 million from the bank.

Of course it's checked for some positions, and finance is one of those. But in general, it's not legal to ask about it. If you apply as a programmer the employer can generally not even ask.

I'm going to bet that criminal convictions are pretty important in the relevant areas, even in Europe. They probably do a better job of discriminating which information is relevant and which positions are sensitive.

In general no. For the jobs I've applied to (electrical engineering for some pretty big companies) it's not been asked about. They have no right to ask, and no right to know. On defence projects the individuals participating has had background checks by the intelligence service, but failing that would not mean losing job - only not being allowed to work on defense projects.

In Europe they might not have to ask before running a criminal background check. And lying on the application might not make a difference when it comes time to terminate an employee.

In most European countries the employee have to sign and/or submit the application for a background check. The result will be sent straight to the employer, but the application has to be filed by the employee.

In Norway, I can not even get a written copy of my record unless I provide a valid reason. I can get it read out to me, but not in writing. That is to stop companies from asking without reason. The reason is printed on the record, and misuse is illegal. So if I get one for a visa application, and my employer uses that for anything but visa application, they look at civil liability for the information misuse, and criminal liability for the failure of threating information in the proper way.

Comment Re:America, land of the free... (Score 5, Informative) 720

Now, while this sucks for the felon trying to land a job, it also sucks for the company, and lets face it, the recidivism rate among past felons is generally pretty high. Why should a company want to risk it's own livelihood or existence just to give you a second chance?

I think there's a circular logic somewhere there. If you don't have a job, I guess you have a lower threshold for crime. If you have a job, and everything to loose, I guess crime is not so tepmting.

In most of Europe, criminal convictions is simply irrelevant to jobs. Some jobs require your record, but mostly not the full - only a limited record. For instance, if you work with kids, you need a record clean of child abuse and sexual assaults. But for a general job in IT? Noone would even ask about your record. I have not been asked ever - except for a visa application to the USA.

I believe the European system is better at integrating convicts back into soceity, stopping them from committing more crime.

Comment Re:You need more nuclear and less renewables (Score 1) 516

A smart grid will help. If you're able to serve up 20-30 percent of the supply from batteries (EV's can be batteries in a SG system too), you can reduce the grid. They can also serve as UPS systems, effectively smoothing out dips as switchgear changes layout of the grid.

So yes, smart grid with energy storage can help by averaging load over time. For an EV you can configure it to be fully charged at 4, when you leave work, and let it feed the grid in the meantime. You can supplement this with stationary batteries. As EV's become more common, used batteries from EV's which are unsuitable for the size constraints of the EVs can be repurposed to fixed location storage, where size is not as big concern.

Comment Re:You need more nuclear and less renewables (Score 1) 516

When peak power is occuring is less interesting. The interesting thing is that using a conventional grid it happens - time waries.

Power grids does not need to be dimensioned for peak power - provided you have local energy storage. 1MWh of Lithium batteries will weigh in at approx. 10T, and will fit in a small garage, and will be able to supply a peak power of 2MW for half an hour. During periods of lower use, they can be recharged - bringing the peak load on the grid down. They can also assist in smoothing power production. Have an excess gigawatt? Put it into your batteries around the neighbourhood.

The project is definitively not backyard. I cannot tell details, but it is supplying a power in the megawatt range twice an hour, and then recharging using the power grid - enabling huge peak loads that the local grid cannot support. It is a project you've read about in Wired...

If you google smart grid you'll see that it's a big thing. Siemens, ABB, Schneider Electric and many other big companies are working on it. So your comment smells of trolling with no real insight in the field.

Comment Re:You need more nuclear and less renewables (Score 2) 516

It's true that renewable power levels like wind-power rise and fall, but once you look at a larger area then it pretty much evens out.

But dimensioning the grid for average power draw is cheaper than dimensioning the grid for peak power. During the night, power consumption is low, and batteries can be recharged. When everyone wakes up, and makes coffee peak power occurs. With local storage the consumption can always be kept at the average level.

This also means that when there's good wind, you can save the energy for consumption later, without transporting it. Yes, batteries have a 5% energy loss, but so do long haul transmission. And long haul transmission technologies like HVDC costs a lot of money when you get into high effect converters.

I'm currently involved in a project where the conclusion was that a local battery storage was cheaper than renewing the power grid for peak load. The point where it's cheaper to install a Smart Grid Solution instead of bigger grid is only gonna move in favour of smart grid the next few years...

Slashdot Top Deals

When Dexter's on the Internet, can Hell be far behind?"