Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Ask Slashdot: What Smartwatch Apps Could You See Yourself Using?

boristdog Re:None, seriously, none. (471 comments)

My Nexus 5 doesn't have to be recharged every 12 hours as I've heard these "smart" watches do, so +1 for the Nexus 5.

about two weeks ago
top

Unpopular Programming Languages That Are Still Lucrative

boristdog Re:COBOL & Scala & HTML5 (385 comments)

Yep, I try to do a few basic programs in nearly every language I hear about, just to see what works well in which situation.

about two weeks ago
top

Unpopular Programming Languages That Are Still Lucrative

boristdog Re:Lucrative isn't all it's cracked up to be (385 comments)

Exactly.

I started writing a replacement for our company's 20+ year-old file-based data system 7 years ago. I didn't tell anyone about it until a few years later when I had a prototype ready and started producing better and faster reports for management than the old system. But they still wouldn't okay me to go ahead and start designing a full replacement for our old system. Then the old system coughed up some blood for a couple weeks and nearly caused us a to lose a couple million in sales.

After everyone stopped running aroud with their hair on fire they asked me what it would take to get my new system up and running as a replacement. I did it and now I am the one who controls all company data. At least a half-dozen people now work supporting the system and writing new code for it, but no one else has 7 years experience thinking about and designing this system, so a lot of the details escape them. HA! Try to get rid of me now.

Proactive programming will get you far.

about two weeks ago
top

NYPD Starts Body Camera Pilot Program

boristdog Re:$10,000 per camera (170 comments)

Let me know your results for toll road cameras. For...uh...science, yeah.

about two weeks ago
top

Drought Inspires a Boom In Pseudoscience, From Rain Machines To 'Water Witches'

boristdog Re:1st post (266 comments)

Yeah, I'm not a big believer in dowsing, but...I have seen it in action. In fact, back in 1993 I was shown how to do it by an old guy who was a friend of my grandfathers. And I did it. Of course, all I was able to do was find water pipes under people's yards, I don't know if it works any deeper. But dang I can find water pipes like a motherfucker now.

about three weeks ago
top

New Research Suggests Cancer May Be an Intrinsic Property of Cells

boristdog Re:So what they need, then... (185 comments)

Ah, knowledge can only be passed to YOUR children. The hell with other people's children, right?

about a month ago
top

Oracle Database Redaction Trivial To Bypass, Says David Litchfield

boristdog Re:Put in a separate table (62 comments)

No, the SSN is on the tax return or form, still highly insecure. The data associated with the SSN in the IRS DB is linked to the hashed SSN.
So unless someone actually has the tax form (trivial for a few forms, difficult for massive amounts of forms) they cannot associate you with your SSN or your tax data. A corrupt IRS employee (and there are many) can easily enter one SSN into their application and get all your tax & income data. But they can't download EVERYONE's data easily.

We're talking about remedies to large data breaches here, not single experiences. Yes, your data is at risk while your tax form is in the mail or in the hands of an IRS employee, but as soon as it goes into the DB the associative data should be hashed. You don't eliminate breaches this way, you make them easier to deal with.

about a month and a half ago
top

Oracle Database Redaction Trivial To Bypass, Says David Litchfield

boristdog Re:Put in a separate table (62 comments)

BUT you can change the salt, or the hashing algorithm, in case of a breach. You don't have to replace all the CCs, just send out a new salt to the machines. Now the data lost in the breach is useless.

about a month and a half ago
top

Oracle Database Redaction Trivial To Bypass, Says David Litchfield

boristdog Re:Put in a separate table (62 comments)

It's not foolproof, but it is easy to fix a breach. If your CC database gets hacked, you re-hash with a different salt and then send the new salt to the pre-processors, so the hash they send you is now completely different. That way you have effectively changed everyones CC # a lot quicker and easier than sending everyone a new card. If fact, regular re-hashing should be a standard in the CC industry. You keep the same card and card number but the number in the DB will change regularly.

I've actually used a system like this for processing financial data (not CC data) to keep the data associating account numbers with passwords as difficult as possible to breach. Both the account number and password are hashed. We would change the salts at the broker end every 3 to 5 weeks and keep a record of the past two salts in case some broker equipment didn't get the last update. So if our DB got hacked we didn't have to make everyone change their password or account number.

As far as I know they are still using that system.

about a month and a half ago
top

Oracle Database Redaction Trivial To Bypass, Says David Litchfield

boristdog Re:Put in a separate table (62 comments)

Surprisingly enough, I used to work at the IRS and still have many friends who do.

We could hash all SSN/EIN data at the IRS and just deal with hashes, but the entrenched management there still does everything the old way. Why can't the EDI transaction just hash the SSN and have the IRS compare the hashes at the IRS end? Because the highly political management is too stupid to understand this.

There are many reasons I have left cushy gov't jobs, the lack of technological understanding by the higher ups is just one of them. The Peter Principle is in full force if you work in government.

about a month and a half ago
top

Oracle Database Redaction Trivial To Bypass, Says David Litchfield

boristdog Re:Put in a separate table (62 comments)

Ideally, the payment processor is the only one who has the hash, the merchant passes the hash they made from customer data on to the processor.
The payment processor doesn't even need to have the CC#. They just need the hash.

about a month and a half ago
top

Oracle Database Redaction Trivial To Bypass, Says David Litchfield

boristdog Re:Put in a separate table (62 comments)

No, passwords, SSNs, PINs and Credit Card numbers should be hashed before inserting into any table. There is NO reason for anyone to save that data unhashed.

To compare data, just hash what the customer enters and compare the hashes. Why is this so hard for 99.9% of companies to understand?

about a month and a half ago
top

Fooling a Mercedes Into Autonomous Driving With a Soda Can

boristdog Re:Obvious (163 comments)

Unfortunately, lane keeping and distance keeping are skills that elude a lot of drivers.

about a month and a half ago
top

Quiet Cooling With a Copper Foam Heatsink

boristdog Brillo-iant! (171 comments)

And you can keep the pots and pans clean!

about 2 months ago
top

Netflix Reduces Physical-Disc Processing, Keeps Prices the Same

boristdog Re:Why do you want pieces of plastic (354 comments)

Yeah, screw all those farmers and ranchers and small town folks! They only provide all our food and stuff, why do they need movies?

News flash: Internet speeds more than a few miles from urban development usually suck donkey balls.

about 2 months ago
top

Wearable Robot Adds Two Fingers To Your Hand

boristdog The Gripping Hand? (77 comments)

I see that the kids at MIT have read their Niven.

about 2 months ago
top

ChickTech Brings Hundreds of Young Women To Open Source

boristdog Re:Name (158 comments)

I actually had a business called "rent a nerd" in the early 90's when I was in my mid 20's and in great shape. I got lots of repeat calls from lonely divorced women to fix very simple "problems" with their computers. e.g. Problem: "My screen is blank!" Solution: "Turn up the brightness knob" | Problem: "My software won't load!" Solution: "You have to run the install.exe program, not the readme.txt"

If I hadn't had a girlfriend and/or a conscience at the time I would have made even more money. I did get a lot of free sandwiches & beverages, and got to see a lot of low-neckline shirts.

about 2 months ago
top

'Hidden From Google' Remembers the Sites Google Is Forced To Forget

boristdog Re:Awesome! (163 comments)

Especially David St. Hubbins.

about 2 months ago

Submissions

boristdog hasn't submitted any stories.

Journals

boristdog has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>