Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Honeywords — Honeypot Passwords

JonySuede Re:This... is a very good idea. (110 comments)

Sorry I do enterprise identity management for a living, I might have over-though in the context of a random webapp and skip some random words here and there as I write here with a beer or a scotch after work....
In an enterprise setting you usually have to have reversibility, to synchronized systems, as not everything is sso enabled or ldap friendly, complexity in that setting is unavoidable.
The weird part about daily salt was put into that system by decree by our clueless management that has paid a consultant (read snake-oil dealer) to review and "improved" our security. And agree with you, that part only increase complexity, not security.

about a year ago
top

Ask Slashdot: Becoming a Programmer At 40?

JonySuede Re:That's sorta up to you; (314 comments)

it's impossible to create your own concurrent access primitives . At best you can invent a new concept, like Dijkstra did with the semaphore. As I don't recall reading a completeness proof of the set of known concurrent access primitives you might have a chance.

You probably meant implement an existing one, like the Semaphore in java before the JSR-166 RI.

about a year ago
top

Honeywords — Honeypot Passwords

JonySuede Re:This... is a very good idea. (110 comments)

It's a mall part of defense in depth, any sensitives information that is not atomic should be stocked separated. Every speed bump you put into an attacker road is an opportunity for detection, a point for auditing.

It's only going to get faster generating those rainbow table, see the post on gpu somewhere lower...
The true solution is proper keys derivation and management using a dedicated security equipment, ex.: a java card with a keypad to enter the master key. Re-keying capability is a most and a currently safe algorithm like AES-256 in CBC with PKCS7 padding, have someone random from the company enter a new key each year and now your approaching password storage security. From there calculate MD5/SH1/RC4... using a daily one time use salt to populate your identity database across your systems that refuse to be federated.
The keys in the java card are quite safe, those cards are not like the plugin...

about a year ago
top

Honeywords — Honeypot Passwords

JonySuede Re:This... is a very good idea. (110 comments)

things is most salted password tables I saw in open-sources products (no reason to believe that proprietary is different) looked likes this :
TABLE PASSWORD

INTEGER user_id,
CHAR VARYING salt,
CHARACTER VARYING hash,
CHARACTER VARYING algorithm

If the attacker get your database, your still screwed.

about a year ago
top

Tesla's Elon Musk Talks With Google About Self-Driving Cars

JonySuede Re:Who wants a driverless tesla roadster? (199 comments)

It was a joke on driving high mostly derived from my own past experience as a stonner, sorry if I offended you.

about a year ago
top

450 Million Lines of Code Can't Be Wrong: How Open Source Stacks Up

JonySuede Re:it contradicts the definition (209 comments)

But that snippets does warrant a comment that include a tag to disable the warning. This is what I like the most about static analysis; worst case: it forces my developers to comment the hairy pieces of code, typical case: they residing to avoid the need to comment and we have a more maintainable code base. To the same goal, I also use the static analyzer to limit cyclomatic complexity the ennemy #2 of maintenance. #1 being useless shorthanded naming convention or lack of.

about a year ago
top

Tesla's Elon Musk Talks With Google About Self-Driving Cars

JonySuede Re:Who wants a driverless tesla roadster? (199 comments)

Yeah the danger with pot smoker, err, Ganjadude on the road is that take make every stops, follow the speed limit or drive under it and use the flasher on the car at the right time....

about a year ago
top

Portal Now Available On Linux

JonySuede Re:Finally... (115 comments)

linux is not POSIX certified, the nt POSIX subsystem was at some point

about a year ago
top

AI System Invents New Card Games (For Humans)

JonySuede Re:Good luck with that (112 comments)

the magmatic rocks sure can!

about a year ago
top

AI System Invents New Card Games (For Humans)

JonySuede Re:Good luck with that (112 comments)

meant breath first, breadth second and depth as needed ;)

about a year ago
top

AI System Invents New Card Games (For Humans)

JonySuede Re:Good luck with that (112 comments)

yeah breath first, depth as needed. I generally prefer to be a generalist.

about a year ago
top

AI System Invents New Card Games (For Humans)

JonySuede Re:Good luck with that (112 comments)

thing about articles is that they are static and only present one point of view at a particular point in time, in that case the one of John R. Searle in 1980. A reputable academic encyclopedia, like Standford Plato's, present a multitude of views and stays current.

about a year ago
top

AI System Invents New Card Games (For Humans)

JonySuede Re:Good luck with that (112 comments)

a lot of what is considered AI by the people that do AI has nothing to with intelligence.

No it has to do with automating reasoning. Intelligence is so vaguely defined that two people could have an opposite opinion on the importance of rational tough in the definition of intelligence and they would both be right be right depending on which school of thoughts you belong. I suggest you read a little bit in the following encyclopedia : starting at that page

about a year ago
top

Samsung Won't Release Windows RT Tablet In US

JonySuede Re:Poor naming (176 comments)

I bought it for my laptop, my father bought it for his htpc and my brother-in law bought it for his laptop. At 39 it was money well spent for a measurable speedup.
However, none of us will buy it for our desktop. I like windows 7 on my desktop and my father love is mint/debian/ubuntu frankendistro workstation. Just because some disagree with you it do not mean they are astroturfers.

about a year and a half ago
top

Apple and Mozilla Block Vulnerable Java Plug-ins

JonySuede Re:and to unblock? (88 comments)

You must have drunken mokey as coder, our internal swing application are tested to work on any java version from 1.6 to 1.8, no glitch even on 1.8 early access. They also work on ibm version but the l&f is crap. Our external swing app however, mostly the one from oracle, break for no apparent reason other than to charge for maintenance contract.

about a year and a half ago
top

EFnet Paralyzed By Vulnerability

JonySuede Re:Stop writing things in C/C++ (156 comments)

only if you use it ,pretty much like a null ceack or a try catch;

about a year and a half ago
top

China's Controversial Brain Surgery To Cure Drug Addiction

JonySuede Re:The deeper questions are: (385 comments)

Are the pleasures a drug-affected brain feels to be equated with other forms of pleasure?

Sorry about your lost, you mention his mother was addicted at his birth so he certainly had extremely poor capacity for intrinsic pleasure and probably happiness, seek relief in the fact that it is better to be dead than to be constantly suffering.
However you asked a question so let me answer it with my experience. Yes they can be equated (neurotransmitters are neurotransmitters ) and they can also be mixed with other pleasure, example: to me nothing from running 10 miles to skydiving can equate the pleasure I felt when fucking a girl I loved while on 2C-B, MDMA and cocaine; it surpass any pleasure, any rush I had experience otherwise. The thing is I did not to make an habit of it (or anything else that release great quantity of dopamine for that matter) else everything would have lost it's fun.
Now if you are talking about happiness: stability, power over your environment, and emotional fulfillment are a much better sources than what is produced artificially by SSRIs and "shopping therapy" and cie...

about a year and a half ago
top

China's Controversial Brain Surgery To Cure Drug Addiction

JonySuede Re:Lost a Friend Yesterday (385 comments)

Ice (4-Methylaminorex) was not present for really long on the black market as it tended to kills users quite quickly, you must me talking about meth or mdpv but even those do not make peoples go berserk unless they stay up for more than a week.

about a year and a half ago

Submissions

JonySuede hasn't submitted any stories.

Journals

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>