Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



MD5crypt Password Scrambler Is No Longer Considered Safe

bugg Re:Unsalted hashes are worse. (212 comments)

Yes, but slowing down a brute force attacker by a factor of the cardinality of the set of unique salts will almost certainly be a huge win, especially if the salts chosen are long enough where salt-collisions are rare to nonexistent. 6.5 million accounts were compromised; requiring someone to have 6.5 million times as much compute resources to compromise all passwords is nothing to sneeze at.

Of course, salts don't help you in the case where a well determined attacker isn't after 6.5 million accounts but rather just one specific account, but that's not what they are intended to help with.

about 2 years ago

Apple Store Artist Raided By Secret Service

bugg Re:Proportionality (376 comments)

The secret service typically won't be involved unless there's $5,000 worth of damages; and to get to that figure they generally need someone complaining that the response to the exceeding of authorized damages was >= $5,000. I'd be surprised if the Apple store hadn't complained.

more than 2 years ago

Iowa Rejects Video Privacy Protection For Cows

bugg Re:Some american tell me (256 comments)

IANAL, but I believe your employer is obligated to provide you with a safe working environment, doubly so with regards to your membership in protected classes. If an employer permits a hostile working environment, especially one that unduly affects people who are members of protected classes (in this case, women) it is a form of illegal discrimination and you most certainly do have recourse.

You can't hire the KKK, let them turn your workplace into a de facto Klan meeting, and let them intimidate or harm new employees who happen to be non-white or non-protestant. The employer is responsible for that. If they weren't, the provisions against workplace discrimination in the CRA would be very hard to enforce, because this is precisely how it would be done (hell, this is roughly how it was done during many years of Jim Crow).

You have to realize that in the cases that prompted this legislation - Blackwater and other defense contractors - you have employers recruiting cowboy-mentality young men, arming them with weapons, and teaching them that might-makes-right and that not all people have rights that you are obligated to respect. They create an environment where human rights abuses are tolerated if not encouraged, and this extends all the way down to their own workers and sexual assault.

more than 2 years ago

When AIM Was Our Facebook

bugg Re:Strange (395 comments)

The internet wasn't being used by nearly as many people in the 1990s, especially the early to mid-90s, as it is today. It is hard to compare across decades without pausing to realize that. A lot of the differences have to do with the amount of business and commerce that happens on the internet, as well as the work done by AOL (and to a lesser extent massive ISPs like Earthlink) to market the internet for the masses.

Most of the people I knew on the internet used IRC, but that's clear selection bias: most of the people I knew who used the internet I knew via the internet, and met via IRC. Not everyone used it regularly, but in other communities (mailing lists, and the like) people generally knew what IRC was and how to connect to it. Lots of communities had and have IRC servers. Slashnet, anyone?

more than 2 years ago

Ask Slashdot: Best Way To Leave My Router Open?

bugg Re:DD-WRT + QoS (520 comments)

The trouble with relying on QoS is that this won't help a lot of users (particularly not-the-fastest DSL users) when someone, say, joins a torrent: the incoming requests will end up swamping the DSL modem's uplink. That is, the congestion is not between the client and the AP, it's between your next-hop and your modem. Your wireless AP's QoS controls are helpless to regulate this traffic. Slowing down the traffic between the AP and the client will maybe discourage your neighbor from attempting to use the line on the torrent, but it won't have a significant effect on decreasing the traffic to the DSL line, and if you start dropping more packets per QoS policy, it will just result in more retransmissions. This all gets a lot easier when everyone has significantly faster lines, but ultimately this is not a problem that current technology does a great job of solving. Specifically, this gets easier (but is still a far cry from solved) when the bandwidth of the wireless fabric is about the same as the bandwidth of the ISP uplink. It is also worth pointing out that even if your neighbors don't share your internet connection, if their wireless AP shares your channel they share your wireless bandwidth. But that is the wireless fabric bandwidth, which tends to be more abundant.

more than 2 years ago

Judge Allows Subpoenas For Internet Users

bugg Re:Eh? (338 comments)

Gold lost all intrinsic value when society gained the ability to metalwork with harder, more durable metals than gold. Why tie a currency to it?

more than 3 years ago

Measuring LAMP Competency?

bugg Re:Ignore the certificates (453 comments)

The variable could contain a newline and then set an arbitrary HTTP header (set-cookie, for instance) or it could redirect the user to anywhere on the internet, including reflexive XSS attacks on arbitrary sites, etc.

more than 3 years ago

Human Males Evolve At a Faster Pace Than Females

bugg Re:interesting factoid: (454 comments)

i'm saying wouldn't it be better to have your testicles inside your body and evolve sperm that develop at a higher temperature? its pretty ridiculous to have such an important organ dangling outside unprotected. i never understood why.

Here's a hint: we got to where we are via random mutation and natural selection, not design.

more than 4 years ago

"Loud Commercial" Legislation Proposed In US Congress

bugg Re:How about... (636 comments)

You're both wrong. There are two things that can kill: power, and frequency.

To get from being healthy and alive to cooked requires a change in energy as lots of chemical bonds need to be destroyed. This requires work to be done, and the rate at which work is done is power. This is the traditional killer in most electrocutions. I say it's the power and not the work that kills, because if the power is low enough, you can probably survive indefinitely. Power is current*voltage, and it's measured in watts. A static shock is easily 10kV - air doesn't breakdown and conduct until you've got 3 million volts/meter, so the 5mm static shock you might get when you rub your feet on the carpet is around 15kV. But you didn't move all that much charge with that action, so the current is necessarily very low, as is the power.

If you want to know how fast a microwave will cook a hotdog, a great place to start is the power rating (watts) of the microwave. If you want to know how fast an electric oven will get to temperature, the right place to start is the power rating (watts) of the microwave. You two are arguing over whether it's the 120V that kills the hotdog or the 10A that kills the hotdog, when it's very clearly the product (1020W) that does it. That's why the wattage of the microwave is a selling point.

Frequency: You actually don't need to cook someone to kill them, which means without that much work/power it's possible to kill someone. The trick is inducing cardiac arrest. The frequency turns out to be much more important than the total work done. Tasers don't do much work, for instance, but they have killed people. Someone with more of a background in the electrochemistry of the nervous system and the heart could probably chime in more on this.

more than 4 years ago

Ten Ways To Destroy a Hard Disk

bugg Leverage the spinning platters to your advantage (289 comments)

Everyone knows drives are most vulnerable when the heads are engaged, and the spinning platters should cause a single destructive action to potentially spread to the entire circumference. Why not do a write operation to the entire disk and hit it with a hammer during the write? Do that properly and the heads should go flying off in pieces into the platters, and the platters spinning with the loose head material should ensure nothing survives.

more than 3 years ago

How Can I Tell If My Computer Is Part of a Botnet?

bugg Re:Well the only fool proof way... (491 comments)

In practice, I'd run the sniffer on the machine if there was already one there. The absence of the sniffer revealing traffic does not mean there is no traffic, but if the sniffer shows traffic it's a safe bet it's real. Frankly I've yet to hear of any rootkits that would let the sniffer still work and not show the compromised traffic, I think it's more of an in-theory than in-practice. Because I mean, I suspect users who know how to operate sniffers are an edge case for botnet authors. If you've got the sniffer on the machine and can easily run it, why not? A fine alternative is setting up a span port (monitor port) on the switch. I work with managed switches all day, so I'm spoiled in this regard - I don't really think that's an option for the OP however, linksys switches tend to be pretty dumb.

more than 4 years ago

Dye Used In Blue M&Ms Can Lessen Spinal Injury

bugg Re:Sound Methods? (324 comments)

Or a freezer!

more than 4 years ago


bugg Re:It doesn't matter (359 comments)

One needn't compromise a router in order to gain access to it. They can be given access, after all.

There are thousands of network engineers and similar who work for ISPs, who routinely capture traffic as part of their jobs. It takes only one of them to disregard the rules/the law/their job and run a longer trace, or to run a trace to capture one specific thing and inadvertently capture passwords. Or worse yet, it takes only one of them to have their credentials or machines personally compromised.

It might be a bit farfetched, but once you start working in this business and you see how many engineers have pretty advanced credentials, you realize that any one of them could become a determined attacker and do quite a bit of damage -- or, a sufficiently determined attacker could get a job as a network engineer.

more than 4 years ago

Human Sperm Produced In the Laboratory

bugg Where's the story? (368 comments)

Where's the BBC story that's mentioned? I think the editors left a link out.

more than 4 years ago

Black Hat Presentation Highlights SSL Encryption Flaws

bugg Re:OK, so don't implement the security. (152 comments)

Perhaps what browsers should do is have a separate class of errors for whenever there's a password field in the form. Given how often people google, comment on blogs, or what-have-you, I'm not about to tolerate an additional click for every POST. But I will tolerate an additional click for every POST where one of the fields was a password.

more than 5 years ago

Firefox Faster In Wine Than Native

bugg Re:Really a surprise? (493 comments)

Library calls cause context switches?

I thought the whole deal with libraries is that they get mapped into the local process space. I certainly don't have a 'libc', 'gtk,' or 'libffmpeg' process running, yet I'm running processes that use that library. Where is the context switching to, exactly?

If you had meant system calls, I don't think there are many (any?) things that are implemented as system calls that could have been implemented as cheap library calls, in other OS, unless I'm missing something.

more than 5 years ago

Social Networking Spurs Activism Against Repression

bugg Re:That gets a lot done (303 comments)

<quote>If political activism is allowed in Egypt, it may unfortunately mean a conversion from a relatively secular government to an Islamic government which will be even less tolerant toward the Coptic Christian minority.</quote>

The same could have been said regarding Iraq under Saddam Hussein. Except Mubarak gets billions and Hussein got deposed and hung. What's the difference? The major ones I can think of involve Hussein wanting to default on Iraq's national debt and ideologically aligning himself against Israel.

Do you and others truly prefer secular tyrants to religious states that offer much more democracy and freedom of expression? I can understand siding with Mubarak and Hussein, or I can understand siding with the Brotherhood in Egypt and al-Sadr in Iraq, but if you side with one and not the other clearly there are significant motivating factors beyond this question of secular versus religious and democratic versus tyrannical rule.

more than 5 years ago

Presidential Inauguration Hardware and Other Challenges

bugg Re:Twitter is screwed. (176 comments)

There will probably be digital standard definition broadcasts as well. ATSC supports standard definition resolutions as well, which are especially useful for when a broadcaster multiplexes multiple streams into a single channel.

more than 5 years ago


bugg hasn't submitted any stories.


bugg has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account