Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Microsoft Kills Off Its Trustworthy Computing Group

Mathinker Re:Good (98 comments)

I always thought that he should have made it a $5.38 wrench, instead...

3 days ago
top

Court Rules the "Google" Trademark Isn't Generic

Mathinker Re:If there was only one viable choice ... (159 comments)

> I switched away when they made the up and down arrow keys...

Didn't notice that yet. What's putting me on the verge of switching is Google's phasing out (or appearance thereof) of any kind of "hard" searching. Unfortunately, I haven't found any good alternatives with better "hard" search capability.

about a week ago
top

New Details About NSA's Exhaustive Search of Edward Snowden's Emails

Mathinker Re:issue | Snowden (200 comments)

"issue | Snowden" ? What does the "issue" command output to stdout, Polonium-210?

about a week ago
top

New Details About NSA's Exhaustive Search of Edward Snowden's Emails

Mathinker Re:Who fucking cares? (200 comments)

> Who fucking cares?

I agree with the title but for a totally different reason, namely, that no official connected with the NSA who would have reviewed any such "concerns", who has also commented about the affair (and there have been several, already), has said that they would have done anything whatsoever (possibly except, of course, something about that suspicious/PIA Snowden character).

about a week ago
top

New Details About NSA's Exhaustive Search of Edward Snowden's Emails

Mathinker Re:NSA scorecard on on truth? (200 comments)

Wow, the whole first comment thread and no pro-NSA anti-Snowden posters. What happened, did the NSA budget for Slashdot dry up? Or is this a sign that even the NSA has given up on Slashdot and has moved on to other alternatives?

about a week ago
top

Why Munich Will Stick With Linux

Mathinker Re:At home too (185 comments)

> and loaded Ubuntu on VirtualBox for my Linux stuff

"My Linux stuff"? If you were loading Linux as a native OS in the first place, what "other stuff" were you planning on doing with the laptop? Was the original plan to run Windows in a VM?

Ah, from other posts I guess you were planning on dual-booting... sorry, please ignore...

about two weeks ago
top

Why Munich Will Stick With Linux

Mathinker Re:At home too (185 comments)

> With the amount of troubleshooting and driver research I had to do I could have
> purchased 10 copies of Windows 7.

Or, simply, a computer with Linux already installed, from the various vendors who sell such devices...

It's a tribute to how far Linux has come that you originally thought you didn't have to do that. Or, possibly, it shows a considerable amount of personal hubris. Without knowing you personally, I can't really tell...

about two weeks ago
top

Why Munich Will Stick With Linux

Mathinker Re:At home too (185 comments)

Thank you for the anecdotal report. At least from your other comments I see that you're not like that poster years ago who kept on whining about Ubuntu not installing on a second internal hard drive and erasing his files (the details have, wonderfully, been erased from my mind).

It's a pity that there is no way to evaluate how significant your report is versus the question at hand. What percentage of experienced Windows users burn 20 hours trying to get Windows to work exactly the way they want (or work at all)? What percentage of Linux users? How dependent is this on the particular user (I know that I personally burn up lots of time being pedantic about any OS I use)?

> and loaded Ubuntu on VirtualBox for my Linux stuff

"My Linux stuff"? If you were loading Linux as a native OS in the first place, what "other stuff" were you planning on doing with the laptop? Was the original plan to run Windows in a VM?

about two weeks ago
top

Google To Build Quantum Information Processors

Mathinker High temp superconductivity (72 comments)

People have already forgotten that the high-temperature superconductors were discovered, not by the power industry, but by IBM.

about three weeks ago
top

Raspberry Pi Gets a Brand New Browser

Mathinker Lame name change (107 comments)

It's no longer called "Epiphany". In what seems like an epiphany, the GNOME developers decided that it's much, much, easier to search for help for a browser called "Web". Great idea, there, guys. Was this intentional, to prevent intelligible bug reports from less sophisticated users?

One wonders whether they actually "eat their own dog food", or if they do, if they understand that the average user of GNOME isn't a GNOME developer.

about three weeks ago
top

Raspberry Pi Gets a Brand New Browser

Mathinker Lame name change (107 comments)

It's no longer called "Epiphany". In what seems like an epiphany, the GNOME developers decided that it's much, much, easier to search for help for a browser called "Web". Great idea, there, guys. Was this intentional, to prevent intelligible bug reports from less sophisticated users?

One wonders whether they actually "eat their own dog food", or if they do, if they understand that the average user of GNOME isn't a GNOME developer.

about three weeks ago
top

XKCD Author's Unpublished Book Remains a Best-Seller For 5 Months

Mathinker Re:Munroe is a cunt (169 comments)

Might be good, certainly wasn't very funny... or does it need Javascript?

Anyway, 1336 was much funnier...

about three weeks ago
top

XKCD Author's Unpublished Book Remains a Best-Seller For 5 Months

Mathinker Re:Insert obligatory XKCD here (169 comments)

Didn't you forget some kind of reference to "my eyes"?

about three weeks ago
top

Munich Council Say Talk of LiMux Demise Is Greatly Exaggerated

Mathinker Re:Why wasn't it called Munix? (190 comments)

They would have been sued for infringement by the rightsholders to Asterix.

I kid you not... this is actually why we now have linux-laptops.net rather than the original mobilix.org (or mobilix.net, I don't remember anymore)...

about a month ago
top

German Intelligence Spying On Allies, Recorded Kerry, Clinton, and Kofi Annan

Mathinker Who is the real end-user here? (170 comments)

What with all kinds of inter-country intelligence sharing deals being reality, it could very well be that whatever information the Germans dug up was actually wanted by, for example, the NSA, but obviously couldn't be directly obtained by them legally.

about a month ago
top

London Police Placing Anti-Piracy Warning Ads On Illegal Sites

Mathinker Re:pre-crime (160 comments)

Did you just pirate yourself? How on-topic!

about 2 months ago
top

London Police Placing Anti-Piracy Warning Ads On Illegal Sites

Mathinker Re:Adblock Plus/FlashBlock (160 comments)

> Whether or not a physical object was stolen is useless in 2014.

Ah, so the first-sale doctrine applies to all those legal downloads I have? Terrific!

about 2 months ago
top

New Mayhem Malware Targets Linux and UNIX-Like Servers

Mathinker Re:Derp (168 comments)

We're getting spam here because someone, somehow, got our Active Directory mailing list out of Outlook Web Access. I know all of your admin accounts.

Well, well, sounds like both of us are in big trouble because of Microsoft, and not even because of the problem you originally complained about. :-)

Anyway, thanks for the interesting discussion. As someone whose job doesn't include having to worry about Microsoft's idiocies... I wish you the best of luck!

about 2 months ago
top

New Mayhem Malware Targets Linux and UNIX-Like Servers

Mathinker Re:Derp (168 comments)

The first part is that the network log-in source can be grouped as an infinite number of terminals--lots of connections--so a per-connection rate limit is useless; thus all network service log-in (caveat: Active Directory handles console log-ins... over network) must be grouped as one thing to be effective.

OK, I agree that your argument here is OK, if the 1-2 second delay is an artificial one generated by the OS (and the OS doesn't sufficiently limit the number of active connections). If the 1-2 second delay comes from actual computational overhead of the authentication process (e.g., PBKDF2), then your argument still fails.

I can lock you out of your server by constantly trying to log into your server, so you can't apply patches anymore. Then I hack it on Tuesday.

Well, if I understand correctly, the lock-out is on a per-account basis, so you'd have to know the usernames of all my admin accounts, so this seems to me to not be very likely to succeed if I have heard about the attack ahead of time (thanks to your post)...

about 2 months ago
top

New Mayhem Malware Targets Linux and UNIX-Like Servers

Mathinker Re:Derp (168 comments)

There's this link that references USB-HID specifically at 750 characters per second. I can't find other references to USB HID rates, and the HID protocol is semi-flexible (i.e. it's really fucking hard to implement NKRO on HID, since HID keyboard protocol specifies 6KRO in boot mode; but you're free to implement an alternate HID protocol once your keyboard's out of boot mode).

Thanks for the hint to look at the USB-HIB standard (1.1) in which even high-speed devices are limited to 64KB/s. That's interesting info. Does the USB hardware + operating system on most computers actually enforce that?

OTOH, comparing the "1-2 second turn-around" in your reply to the "750 characters per second" undercuts your original argument as a whole

1-2 second delay is an expected human-facing turn-around: this actually happens on most modern systems. I pointed it out and then theorized eliminating that rate limit entirely, instead relying on the limits of the HID keyboard protocol at 750 characters per second, which is the faster measurement and thus can be taken as a worst case.

You don't actually seem to be addressing my argument here, perhaps you misunderstood? It's clear to me what you did, my argument was that doing what you did made no sense given the "1-2 second delay" you state, and given that datum, your characterizing Windows as "retarded" for not distinguishing between 750 char/s and the much faster network, was illogical.

Your naivety about the average entropy in a typical 8 character password is striking.

We're talking about theoretical password complexity here, not dictionary attacks.

Yes, I am capable of reverse engineering your math. You err, though. "We're talking about..."? No, you're talking about...

I'm not quite getting this. You dismiss the possibility that weak passwords are used, so that hardware password attacks are dismissable, but at the same time address the problem that these same non-weak passwords aren't strong enough to withstand network password attacks without lock-outs? Yes, I suppose there is some real-life situations in which that's true, but why would you rag on Microsoft for trying (in what I agree is not a reasonable way) to cover other possible situations (and, given their user base, much more probable ones)?

about 2 months ago

Submissions

top

Intrusion at Fedora infrastructure, no damage done

Mathinker Mathinker writes  |  more than 3 years ago

Mathinker (909784) writes "From www.h-online.com :

The Fedora Project has confirmed that there was an intrusion into its infrastructure on the 22nd, but investigations have shown "no impact on product integrity".

The mailing list announcement (Coral Cache URL) makes one think it wasn't a very professional job, the first action which was taken by the intruder set off an email notification."
Link to Original Source

Journals

top

I am NOT anonymous

Mathinker Mathinker writes  |  more than 3 years ago

http://yro.slashdot.org/comments.pl?sid=2319574&cid=36745572

% echo -n "I am Mathinker, my salt is UAeqTvlu" | md5sum
efb98ed34ba58ecd29b07b1909d21da3 -

top

No, I'm not mathinker@twitter, either

Mathinker Mathinker writes  |  more than 5 years ago

I actually use the moniker "mathinker" in very few places.

top

2008: Linux privilege escalation bugs

Mathinker Mathinker writes  |  more than 5 years ago

Just want to store this research somewhere where I can link to it easily. (Original post).

If one analyzes the 10 Linux privilege escalation bugs reported for 2008 at Secunia one finds:

Of those, 5 were in proprietary software packages for Linux: Acrobat Reader, MaxDB, Avaya, SSH Tectia Client, and Red Hat Enterprise Linux. Not interesting for ordinary desktop users.

Of the other 5, 1 was in KDE, so that wouldn't affect 100% of Linux users, let's be generous (the most popular free distros use Gnome) and say that's 50% of users.

Of the other 4, 1 seems to work on general Linux systems (sys_remap_file_pages() bug).

Of the other 3, 1 requires the USBLCD driver to be used or only gives group privilege escalation, 1 requires Intel G33 series or newer chipset, and 1 requires that the kernel is running as VMI guest on a x86 system. How many boxes does that cover? Not many, except perhaps for the Intel chipsets --- let's say another 50% (because I have no idea what market share Intel has).

So that's something like 2, maybe 2.5 bugs in all of 2008. Is that "many"? Matter of opinion.

So, in summary, between 10% and 25% of the reported bugs were really mainstream.

top

Mathinker Mathinker writes  |  more than 8 years ago

Just in case you wondered.

I'm not studying to be a CFA either... nor am I mathinker@rareaviation.com

In fact, if a "mathinker" is trying to sell or buy from you, it's not me...

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>