Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Passwords: Too Much and Not Enough

craighansen Re:Make the salts non-trivial (199 comments)

Perhaps you are unaware that a typical salt has historically been much smaller than a password. UNIX systems had a 12-bit salt, BSDi extended to 24 bits and earlier Linux systems had a salt of 48 bits. Only fairly recently has a salt of 128 bits come into use. Salts that were considered adequate in the past, should now be considered trivial.

The point of having a deep-deep-dark-secret password would be to permit the existing infrastructure of textual salted password files, but to augment that with an additional "salt" - thus making validation depend on two factors - the password file as before and second factor of the DDDS password. We've seen many releases of password files, as they seem to be widely distributed from systems that have been broken into. Keeping a second factor elsewhere would complicate the use of purloined password files.

12 hours ago
top

Passwords: Too Much and Not Enough

craighansen Make the salts non-trivial (199 comments)

Encrypting the password with a small salt is enough to slow down simple password guessing with rainbow tables. If you make the salt non-trivial, such as encrypting with a 64-bit additional site password, tables wouldn't work. Of course, the same password could have been used to encrypt the entire password file in the first place, but this technique allows the password to be stored in the usual way. You have to keep that additional site password a deep-deep-deep-dark-secret, even more secure than you thought you were keeping your password file. It can't just be included in the source file - or appended to the end of the password file - best if the password verifier reads it from a separate secure location. In that way, 2-factor encoding works for the password data itself.

yesterday
top

The Future of Stamps

craighansen Re:I have a better idea (131 comments)

Good thing no-one could hack or clone your toll transponder or clipper card, right?

http://www.technologyreview.co...

http://www.sfweekly.com/2012-0...
http://www.akit.org/2012/02/ha...

For your proposal, how to do prevent someone from photocopying the "something on a letter or package which identifies me"? For my counterproposal, I suggested (above) that you scribble something unique and take a picture of it (uploading the picture using your account credentials as identification of the package), producing a one-time code that isn't allowed to be reused.

2 days ago
top

The Future of Stamps

craighansen 99 44/100% fantasy (131 comments)

This is pure advertising for the design house. The concept is fanciful and relies on the wacky conceit that we all have packages sitting around the house that we'd like to mark with a personal identifier logo and send without even knowing where it's going to be sent, how much it'll cost to send it, when it'll get there. The design centers on this wooden laser device that is 0.000001% of the system, and I'll bet the vast majority of the work went into making the touchy-feely acoustic guitar paying videos that hype the concept, designed to emulate the advertising of some fruity computer company.

The use case shown in the video, a gift, completely ignores the fact that in order to acquire a gift, I'd have to buy it first, so wouldn't I just have the store send it to my friend? Shouldn't this in be a box that'll handle the rigors of shipment without being damaged, or is it just fine to leave a gift box that any shmoe on the street can open and paw through before my friend opens the now-empty gift box?

Pffffft. Isn't this already built into my phone? Why can't I just scribble something - anything onto a box, take a picture of it with my phone, and have the same effect without the stupid wooden laser thingy that I have to keep charged just in case I have the whim to send a gift to a friend? The answer is that this is a design firm that wants to design stupid little wooden laser thingies and is trying to sell you their services.

3 days ago
top

Samsung Acknowledges and Fixes Bug On 840 EVO SSDs

craighansen Re:Can that run on Linux under Wine? (101 comments)

Would not recommend running under Wine. Pull the drive to a Windows box, backup to other media, upgrade firmware and reimage or wait for the Linux/DOS version.

3 days ago
top

Samsung Acknowledges and Fixes Bug On 840 EVO SSDs

craighansen Re:Windows only; NTFS only (101 comments)

Am I totally screwed?

Yes, unless you can wait 'tii the end of October for the LInux version (which may be a DOS executable). Alternatively, presumably the firmware upgrade can be done by moving the drive to a Windows box without doing the "Performance Restoration".

3 days ago
top

Brain Patterns Give Clues To Why Some People Just Keep Gambling

craighansen Re:Or gamblers are masochists. (59 comments)

That's close. Specifically, I recall another study that really gave me an 'aha' reaction: using PET scanning, scientists found that the response that problem gamblers had to a "Near Win" was virtually identical to their response to a "Win." The upshot is that problem gamblers react to the near wins as if they were a win - they end up thinking they're on a winning streak even when they're losing.

5 days ago
top

HBO To Offer Online Streaming Without TV Subscription

craighansen Bad news for ESPN (139 comments)

This is bad news for ESPN, that gets several dollars out of every cable subscriber now.

about two weeks ago
top

Password Security: Why the Horse Battery Staple Is Not Correct

craighansen Re:10k most common passwords (549 comments)

You buried the lede. That site states that 91% of passwords are in that list (or the 10000 most commonly used passwords). That's shockingly high (but not entirely unexpected). As a consequence of implementing your suggestion, 9/10 chosen passwords would be rejected!

about two weeks ago
top

Password Security: Why the Horse Battery Staple Is Not Correct

craighansen Re:What? (549 comments)

open a dictionary, choose the 5th word in the middle column to have more than 6 letters.

Solved it for you man. Wosh, that was hard...

OK, so you're going to carry around a nice heavy dictionary, and once someone sees you open it to generate a password and drag your finger down the middle column, they're going to have a field day with your bank account.

about two weeks ago
top

BitHammer, the BitTorrent Banhammer

craighansen Re:The arms race continues (429 comments)

A tight/tight situation? That's when Tuco Salamanca has a taste of your meth.

about two weeks ago
top

Ubisoft Claims CPU Specs a Limiting Factor In Assassin's Creed Unity On Consoles

craighansen Re:Where is this interview itself? (338 comments)

What makes you certain that the AI code can't be vectorized across the GPU cores, for example, one core per NPC? Yes, we understand that CUDA/GPU's don't run vanilla C code.

about two weeks ago
top

Ubisoft Claims CPU Specs a Limiting Factor In Assassin's Creed Unity On Consoles

craighansen Re:Editors? (338 comments)

Yes, I read the summary, I was simply supplying a correction. I'm not an editor, so I can't fix TFS directly.

about two weeks ago
top

Ubisoft Claims CPU Specs a Limiting Factor In Assassin's Creed Unity On Consoles

craighansen Re:Cell (338 comments)

You haven't heard anything about Transmeta in years because they ceased operating in 2009. The patent portfolio went to Intellectual Ventures, LLC, and licensed in whole or part to Intel, Nvidia, Sony, Fujitsu, and NEC.

about two weeks ago
top

Ubisoft Claims CPU Specs a Limiting Factor In Assassin's Creed Unity On Consoles

craighansen Re:Editors? (338 comments)

900p is the resolution, 30fps is the frame rate for that resolution.

about two weeks ago
top

Ubisoft Claims CPU Specs a Limiting Factor In Assassin's Creed Unity On Consoles

craighansen Where is this interview itself? (338 comments)

TFA just mentions the interview without a clear reference to it. Looking for it I found two other articles that suggest that the 900p resolution and 30fps targets came from other factors. http://www.gamespot.com/articl... says that 30fps is "more cinematic" and 60fps "looked really wierd." http://www.gamespot.com/articl... suggests that some non-graphic computation is going on the GPU, but also has a quote that mentions "technically CPU bound."

What we don't know from these articles is why some or more of the AI computation can't be done in the GPU.

about two weeks ago
top

Why Do Contextual Ads Fail?

craighansen Re:Hardly surprising (249 comments)

...which is why review sites get free samples and detailed marketing material sent to them. The review sites are using that to make advertising that doesn't look like conventional ads. Of course, they also run banner advertising on the sites - and who do you think wants to buy advertising on those review sites? Why do you think people make a good living running product review websites?

about two weeks ago
top

Why Do Contextual Ads Fail?

craighansen Re:Hardly surprising (249 comments)

Truthfully, the actual purpose of the advertising for cars involves makin recent purchasers feel good about their recent purchase. Purchasers who feel good about their recent purchase are more likely to talk their friends and acquaintances about their car and have a greater influence on them than the direct advertising can do. Listen to someone talk about their newly purchased car and you can hear the tag lines of the advertising coming out of their mouths - people use the advertising to focus their own conversations - whether its the rally tires, or MacPherson strut suspension, lock-up transmission, or a zillion other features that most people even know what they really are. These person's status upgrade depends on their being able to make the case to their friends that they made a good purchase, and didn't buy the kind of cars that social losers buy.

Toyota had a huge problem marketing to young first-time car buyers - they kept coming out with low-cost cars that they'd like to market to that group, but found that older buyers were buying them, and when young people saw old people driving the same car, their interest in them plummeted. They were more successful marketing the Scion than previous attempts because they went out of their way to make the car unattractive to older people, as well as other initiatives, including opening up the specifications early to third-party customizers, to encourage buyers to make the cars even funkier.

about two weeks ago

Submissions

top

SEC alleges Bitcoin Savings & Trust is a ponzi scheme

craighansen craighansen writes  |  about a year ago

craighansen (744648) writes "According to the complaint http://www.sec.gov/litigation/complaints/2013/comp-pr2013-132.pdf During 2011-2012, Trendon Shavers, operating under the user-name pirateat40, collected investments of over 700,000 Bitcoin from at least 66 "investors" with a valuation of $4.5M with the promise of at much as 7% weekly returns. These "investors" received about 500,000 Bitcoins in returns, so on average, they're probably much better-off than investors in Madoff's scheme.

Nevertheless, with the rising value of Bitcoins, the $4.5M investments would be worth $65M at recent pricing if they had actually been left in Bitcoins, which approximates the 1% per day returns that the scheme promised."

Link to Original Source
top

ATM-enabled 'gone in 60 seconds' casino heist

craighansen craighansen writes  |  about 2 years ago

craighansen (744648) writes "ATM machines specifically marketed for providing casino spending money in 60 seconds were the key to an million-dollar gone-in-60-seconds bank fraud. According to the FBI press release, defendant Ara Keshishyan and 13 co-conspirators opened accounts at Citibank with small initial deposits, and multiple withdrawals were made nearly simultaneously at ATM machines in several casinos in California and Nevada. They allegedly used much of the proceeds to gamble and enjoy casino "comps." According to another article, Citibank found the breach, closed the loophole, and notified law enforcement authorities. Because the were transactions below $10,000, in addition to the bank fraud and conspiracy charges, they got charged with "conspiracy to illegally structure financial transactions to avoid reporting requirements, which is punishable by up to five years in prison, and a $250,000 fine." A previous on-line journal named this caper Ocean's 14, even though Danny Ocean isn't among the list of defendants."

Journals

craighansen has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?