×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Researchers Accidentally Discover How To Turn Off Skin Aging Gene

NotInHere Re:Skin deep, but that's where the money is ! (170 comments)

You can see on the example of Uber that taxi companies rather try to forbid the app than sell off their cars and develop and offer competing apps, or focus on rich people who don't want to travel with unprofessionals. But I admit, in this example you may be right, as you don't have to fear competition.

2 days ago
top

Researchers Accidentally Discover How To Turn Off Skin Aging Gene

NotInHere Re:I, for one (170 comments)

New?! They controlled us all the time. At least since our ancestors arrived at this planet.

2 days ago
top

Researchers Accidentally Discover How To Turn Off Skin Aging Gene

NotInHere Re:Skin deep, but that's where the money is ! (170 comments)

Billions of women (and men) around the world paying TRILLIONS for cosmetic product for what?

Skincare is the number one profit making venue for many cosmetic companies, big and small, all around the world

So, will the cosmetic companies let stupid progress destroy their revenue stream? Uh, I guess no. They will buy the researcher's startup for a shitload of money, and then suprise suprise it turns out the method wasn't so promising after all. And they will keep all patents on the technology so that nobody else can release a competing product.

2 days ago
top

Proposed Theme Park Would Put BBC Shows On Display

NotInHere Dont forget to handcuff people before they get in (78 comments)

they could steal stuff! better make rectal spyware control posts at the exit, so that nobody can smuggle something out.
Would be at least consistent with BBC's position towards EME. Not firefox should get the blame and the shitstorm.

5 days ago
top

Congress Passes Bill Allowing Warrantless Forfeiture of Private Communications

NotInHere Re:WTF is going on in USA (379 comments)

U+1F4A9

about a week ago
top

Bellard Creates New Image Format To Replace JPEG

NotInHere Re:237 kB decoder... (377 comments)

Don't forget that when the code gets transmitted, it can be compressed down to 71 kb.

about a week ago
top

BitTorrent Launches Project Maelstrom, the First Torrent-Based Browser

NotInHere Re:Private? (67 comments)

I guess very well. In fact, there is a project called peerCDN, which P2P based on WebRTC as a CDN. So Maelstrom can already be achieved by firefox and chrome.

about a week ago
top

Ubuntu Gets Container-Friendly "Snappy" Core

NotInHere Re:No init (149 comments)

You mean as something like this already has been suggested by lennart poettering? Yeah, there is something to it. Funnily the first dude answering the shuttleworth post was a systemD + btrfs fanboy...

But its good Ubuntu ppl removed this stupid btrfs requirement. I'm myself a fan of btrfs, but things should be exchangeable.

about two weeks ago
top

Ubuntu Gets Container-Friendly "Snappy" Core

NotInHere Re:This actually sounds pretty cool. (149 comments)

2 is one of my main concerns too. Let application developers develop their applications and library developers develop their libraries. Not every OSS application contributor wants to apply security updates in their free time.

about two weeks ago
top

Ask Slashdot: Convincing My Company To Stop Using Passwords?

NotInHere Re:U2F (247 comments)

And what is the U2F protected by? Nothing. Anybody who gets hold of the dongle can use it, at least getting into the system protected by a mobile app would require them to steal the device *AND* get the password. And not all phones are locked with a password. There are phones locked with biometrics, or patterns that couldn't quite be called a password.

All those mechanisms can also be implemented by the company as a first factor. Indeed, a system with dongle only is insecure, but security is increased when you have 2 factor.

TFS is about "passwordless authentication". When people are on the "no passwords" train they should consider that phones also have passwords. What they want to say is perhaps they want a master password. But thats something else.

On top of this, there is also the possibility of de-authorizing the device on the server-side with the 2FA provider.

You can do the same with a dongle, I've already pointed that out.

about two weeks ago
top

Ask Slashdot: Convincing My Company To Stop Using Passwords?

NotInHere Re:U2F (247 comments)

it still requires that the system be configured to let random keyboards/USB devices be plugged in.

I'm sure that when the need arises, some smart company will develop an USB adapter that only allows U2F devices to communicate with the host.

about two weeks ago
top

Ask Slashdot: Convincing My Company To Stop Using Passwords?

NotInHere Re:U2F (247 comments)

The smartphone can be lost/forgotten, but at least smartphones tend to be encrypted/locked with the option to remote-wipe. A U2F dongle that is lost would seem to offer no such protection.

What is a phone encrypted/locked with? A password. So thats a second factor. Whether you enter it at the companies computer or at the smartphone is no big difference. As a company, I wouldnt rely my security on unlock passwords. How often do you enter your unlock password when other people could, in theory, watch you? How can you as company ensure your employees do this never?

Same for remote-wipe. You set it up with a password. When your dongle (or phone) is lost you don't even need remote wipe, as you can simply call your employer and say it was lost (I admit if you use your dongle for more than just one party it can be a bit of work). With remote-wipe you can never be sure whether the attacker didn't crack the phone, and now just sent a fake "I'm wiped" message.

The apps for 2FA services tend to offer a rotating key, so it's not a fixed password that can be guessed.

With passwords I've meant what I've described in the upper paragraphs. Those rotating keys are yet another thing U2F is better at. Do you want to copy supid strings from your phone to your computer? Also, this kind of 2FA is dangerous, as its only time based and allows for MiTM attacks. U2F protects from those too by also authenticating the server.

about two weeks ago
top

Ask Slashdot: Convincing My Company To Stop Using Passwords?

NotInHere Re:U2F (247 comments)

The app also needs to be installed on a smartphone, which you can also lose/forget. If the app allows you to log in from arbitrary devices, its just passwords again.

about two weeks ago
top

Ask Slashdot: Convincing My Company To Stop Using Passwords?

NotInHere Re:U2F (247 comments)

Oh I've forgotten U2F's best point: its cheap.

about two weeks ago
top

Ask Slashdot: Convincing My Company To Stop Using Passwords?

NotInHere U2F (247 comments)

use u2f, its the best authentication token on the market. Either as second factor, or as lone factor. It doesn't enforce any lock-in at all, and its experience is just like keys: you have cheap tiny things you stick into holes (please spare me with any childish dick/buttplug/etc comparisons).

If they only need to survive online attacks, the 8 character limit is enough for Passwords. However you would need to add some meaningful brute-force and weak pw recognition.

about two weeks ago
top

Aliens Are Probably Everywhere, Just Not Anywhere Nearby

NotInHere Re:Birthday paradox? (334 comments)

The birthday paradox is more than that. It also includes that the probability that you are close to some other planet is far more smaller than the probability that there is some 2 close planets. So the ideas are related.

about two weeks ago
top

Aliens Are Probably Everywhere, Just Not Anywhere Nearby

NotInHere Birthday paradox? (334 comments)

So whats new?

about two weeks ago
top

Samsung's Open Source Group Is Growing, Hiring Developers

NotInHere Make drivers open (51 comments)

and make it possible to use your smartphones with OS'es other than yours. That should also include your stylus input, for which you are currently market leader. I'd have almost bought one of your devices, but when I found out CM doesn't support it because of driver problems I gave it back.

about two weeks ago

Submissions

top

Leaked documents show EU council presidency wants to impair net neutrality

NotInHere NotInHere writes  |  about a month ago

NotInHere (3654617) writes "The advocacy group "European Digital Rights" (EDRi) reports from leaked documents that the presidency of the council of the EU Italy plans to remove vital parts from the telecommunications package that introduced net neutrality. The changes include removing the definition of "net neutrality" and replacing it with a "reference to the objective of net neutrality", which EDRi critizises impair enforceability. Also the proposed changes would allow ISPs to "block, slow down, alter, degrade or discriminate" traffic in order to meet "obligations under a contract with an end-user to deliver a service requiring a specific level of quality to that end-user". EDRi writes that "[w]ith all of the talk of the need for a single digital market in Europe, we would have new barriers and new monopolies."

The council of the EU is one of its two legislative chambers. The EU parliament can now object or propose further changes to prevent the modified telecommunications package from passing. Currently, Italy is presidency of the council of the EU."
top

Hungary to introduce 62 cents/GB internet tax

NotInHere NotInHere writes  |  about 2 months ago

NotInHere (3654617) writes "In Hungary, the government of Victor Orban wants to impose world's first traffic-based tax of 150 HUF (0.62 USD) per gigabyte of internet traffic. According to economy minister Mihaly Varga, this has been neccessary to "plug holes in the 2015 budget", and to compensate for the people's move of communication habits from 2 cents per min taxed POTS to the untaxed internet. This tax has not just raised criticism by telecom providers, but also resulted in heavy revolts, even though the government later announced to cap the tax at 700 HUF for consumers and 5000 HUF for businesses, and let the telecom providers pay the remaining part."
top

Mozilla publishes Online news site "The Open Standard"

NotInHere NotInHere writes  |  about 2 months ago

NotInHere (3654617) writes "According to its Mozilla wiki page, the Open Standard will "explore the role of openness and transparency in all aspects of society". Since the writing of that wiki page, the article "Welcome to The Open Standard" has been published, so The Open Standard (how it got its name here) is officially launched. The article currently has rendering difficulties on my desktop, therefore I'll paste it here:

From its start, Mozilla has advocated for the open, transparent and collaborative systems at work in our daily lives. This is the next step in that mission.

Welcome to The Open Standard.

From the beginning, Mozilla has dedicated itself to advocating for an open Web in wholehearted belief that open systems create more opportunity for everyone.

From its advocacy work to web literacy programs, to the creation of the Firefox browser, Mozilla has exemplified the journalism adage, “show, don’t tell.” It’s in that tradition that we’re excited to bring you The Open Standard, an original news site dedicated to covering the ideas and opinions that support the open, transparent and collaborative systems at work in our daily lives.

We advocate that open systems create healthier communities and more successful societies overall. We will cover everything from open source to open government and the need for transparency; privacy and security, the “Internet of Things” vs. “pervasive computing”, to education and if it’s keeping up with the technological changes. The bottom line? Open is better.

This is just the beginning. Over the next few months, The Open Standard will open itself to collaboration with you, our readers; everything from contributing to the site, to drawing our attention to uncovered issues, to crowdsourcing the news.

We thank you for joining us and hope you will make us a regular part of your day.

Best,

Anthony Duignan-Cabrera
Editor in Chief
The Open Standard"
top

After Negative User Response, ChromeOS To Re-Introduce Support For Ext{2,3,4}

NotInHere NotInHere writes  |  about 2 months ago

NotInHere (3654617) writes "Only three days after the large public has known about ChromeOS to disable ext2fs support for external drives, and linux users voiced many protests on websites like reddit, slashdot, or the issue tracker, the ChromeOS team now plans to support it again. To quote Ben Goodger's comment:"

Thanks for all of your feedback on this bug. We’ve heard you loud and clear.

We plan to re-enable ext2/3/4 support in Files.app immediately. It will come back, just like it was before, and we’re working to get it into the next stable channel release.""
top

Firefox 33 gets Cisco's OpenH264

NotInHere NotInHere writes  |  about 5 months ago

NotInHere (3654617) writes "As promised, version 33 of the Firefox browser will fetch the OpenH264 module from Cisco, which enables Firefox to decode and encode H.264 video, for both the <video> tag and WebRTC, which has a codec war on this matter. The module won't be a traditional NPAPI plugin, but a so-called Gecko Media Plugin (GMP), Mozilla's answer to the disliked Pepper API. Firefox had no cross-platform support for H.264 before."
Link to Original Source
top

India forged Google SSL certificates

NotInHere NotInHere writes  |  about 5 months ago

NotInHere (3654617) writes "As Google writes on its Online Security Blog, the National Informatics Centre of India (NIC) used its intermediate CA certificate issued by Indian CCA, to issue several unauthorized certificates for Google domains, allowing to do Man in the middle attacks. Possible impact however is limited, as, according to Google, the root certificates for the CA were only installed on Windows, which Firefox doesn't use, and for the Chrom{e,ium} browser, the CA for important Google domains is pinned to the Google CA.
According to its website, the NIC CA has suspended certificate issuance, and according to Google, its root certificates were revoked by Indian CCA."
top

Are the hard-to-exploit bugs in LZO compression algorithm a hype?

NotInHere NotInHere writes  |  about 6 months ago

NotInHere (3654617) writes "In 1996, Markus F. X. J. Oberhumer wrote an implementation of the Lempel–Ziv compression, which is used in various places like the linux kernel, libav, openVPN, or the Curiosity rover. As security researchers have found out, the code contained integer overflow and buffer overrun vulnerabilities, in the part of the code that was responsible to process not compressed parts of the data. Those vulnerabilities are however very hard to exploit, and their scope is dependent on the actual implementation.
According to Oberhumer, the problem only affects 32 bit systems. "I personally do not know about any client program that actually is affected", Oberhumer sais, calling the news about the possible security issue a media hype."
top

Mozilla launches student coding program "Winter of Security"

NotInHere NotInHere writes  |  about 7 months ago

NotInHere (3654617) writes "Mozilla has introduced a new program, called MWoS or "Mozilla Winter of Security", to involve university students into security projects. The attending students will write code for a Mozilla security tool during (northern hemisphere) winter. Unlike GSoC, attending it involves no monetary payment, but the student's universities are expected to activlely cooperate and to give the students a credit for their work. From TFA:

MWoS is a win for all. Students get a chance to work on real-world security projects, under the guidance of an experienced security engineer. Professors get to implement cutting-edge security projects into their programs. Mozilla and the community get better security tools, which that we would not have the resources to build or improve ourselves."

Link to Original Source

Journals

NotInHere has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?