Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Linux RNG May Be Insecure After All

ctr2sprt Re:At what scope of time or size of output data? (240 comments)

The real security concern with VMs is duplication ... if you clone a bunch of VMs but they start with the same entropy pool, then generate an SSL cert after clone, the other SSL certs will be easily predicted.

Yeah, I encountered that the other day. Built a VM, took a snapshot, did some stuff, reverted, did the same stuff. I was testing a procedure doc I was writing. Part of the procedure was creating an SSL cert, and I got an identical one on both attempts. That seems a little fishy to me; I would expect the certs to be (by the standards of cryptography) very similar, not identical. With that said, I didn't actually generate the cert myself, I ran a script (which I didn't write) to do it. The script might be using the same random seed or something. Or it could be a characteristic of moznss.

Feeling good about your EC2 instances, eh?

No shit. It might be worthwhile to use your desktop or some other hardware you control to seed your VM's PRNG with higher-quality entropy. That way, you should at least be able to avoid collisions with other VMs on the same hardware.

about a year ago

Crowdsourced Finnish Copyright Initiative Meets Signature Requirement

ctr2sprt Re:U.S., cough, international pressure much? (166 comments)

That's a great idea, but the problem is that the cost of digital reproduction is near enough zero as makes no difference. If you publish an e-book, and I buy a copy for $5, why would anyone else buy a copy when they could get one for free from me? Some people would do it out of habit. Others would do it because they feel it's the honest thing to do. But most people would not. I've got to imagine that it would be really hard to make a living this way.

You'd probably have to switch to a Kickstarter-like model. The prospective author uploads a high-level summary of what he wants to write. People who want to read it donate a couple bucks. The author then writes something and releases it for free. This would probably work, at least in a sense, but it'd be hard to fund longer works this way. You'd get a lot of short stories, novellas, and serials. I've got nothing against those formats, but I do like to have some diversity.

Philosophically, we're both in total agreement. I really only have a problem with how it would work (or not) in practice. I think a more realistic solution would be to have copyright, just like we do now, but with a drastically reduced term. Like, one year by default, up to a maximum of five years if you apply for an extension each year. If you can't break even on your copyrighted work in less than five years, you're never going to. If people are willing to wait for your copyright to expire rather than buying now, your work isn't important enough to deserve protection.

about a year and a half ago

Sarah Thee Campagna Makes Robot Sculptures (Video)

ctr2sprt Re:Huh? Wuh? (33 comments)

Yeah, the summary reads like word salad. Hell, the woman's name reads like word salad.

about a year and a half ago

Snowden Is Lying, Say House Intelligence Committee Leaders

ctr2sprt Re:Define External (749 comments)

In this context, "internal" means "within the NSA," and "external" means "outside the NSA, but still within the federal government."

about a year and a half ago

Hospital Resorts To Cameras To Ensure Employees Wash Hands

ctr2sprt Re:30%? For ****'s sake! (273 comments)

When the hospital staph

Hilariously topical malapropism.

about a year and a half ago

Supreme Court Rules For Monsanto In Patent Case

ctr2sprt Re:This is disgusting!! (579 comments)

The herbicide in question -- Roundup, aka glyphosate -- kills plants that aren't genetically modified to be resistant to it. If you plant a bunch of non-GM corn and then spray the whole thing with Roundup, you will kill everything, including the corn. So yeah, I can't imagine any reason a farmer would be doing that either.

about a year and a half ago

Lawsuit Could Expose Whether Top VC Firms Are Actually Good Investments

ctr2sprt Re:Venture capitalist alchemists? (90 comments)

It is if you can sell the duck for enough money to buy 400 shells.

about 2 years ago

Xbox Originator: "Stupid, Stupid Xbox!!"

ctr2sprt Re:Daily Microsoft bitch-fest (245 comments)

seriously, the bootloader on modern hardware doesn't need all that bullshit.

Yes, it does need "all that bullshit." Booting from anything except an on-board hard disk controller on a PC BIOS is a hackjob. It's just an absolutely horrible clusterfuck. The fact that it ever works at all is a testament to the hard work put in over the past 20+ years by all the bootable expansion card makers.

I'm not trying to be a dick, but your comment really makes me think that you've never used anything except a desktop PC. In the server world, you always boot from an expansion card -- note that onboard NICs count as expansion cards in this context, because the BIOS can't boot from them directly; it has to pass control to the NIC's BIOS, which handles PXE -- at least once in the server's life to kickstart it. And there are a good number of situations where you never boot from a local hard disk. That's not just PXE. It also includes iSCSI and FC HBAs, ROMs or flash devices, RAID controllers, and probably a raft of things that I've simply never encountered.

I think that OpenBoot would've been a better choice than UEFI, personally. But I don't think any knowledgeable person can dispute the need for something better than the 1980s-era PC BIOS.

about 2 years ago

Valve Sued In Germany Over Game Ownership

ctr2sprt Re:Perfect Opportunity for Valve (384 comments)

Ultimately, I think the compromise that we will get is that you will be able to resell used games, and you, the distributor, and the publisher will all get a cut. It's unfair for the publisher to get anything -- it doesn't right now, with physical media-only resales -- but you know they will fight and fight to prevent resales at all. The only way they'll ever agree to it is if they get something in return. Unfair though it might be, I don't see any solution that doesn't result in them getting a piece of the action.

The great thing is that digitally-distributed games are fungible. There's no difference between my used copy and your used copy, or even between a used copy and a new one. This means that you can handle them exactly the same way we handle stocks, bonds, and commodities, all of which are fungible too. It makes pricing largely automatic. Pricing could actually be made completely automatic, although it would work better if you at least let sellers put in bids manually.

about 2 years ago

RIM's BB10 Campaign Requires Some Serious Work

ctr2sprt Re:They're taking the right approach (171 comments)

I'd love to see an email app that complies with IT demands for a PIN lock, encryption, and remote wipe capabilities without turning those features on for the entire phone. I don't want to enter a goddamn PIN code just so I can play Zookeeper Battle. I don't need to encrypt the pictures of my wife and kid I have on my phone. And I don't think IT really cares if my Plants vs. Zombies achievements get stolen by a hacker.

I mean, I still wouldn't buy a Blackberry device. But that strikes me as an actual business-related value-add they could offer. All the other stuff people are talking about here -- "connect to an Exchange server" and "view Excel spreadsheets" seem to be the most common -- can already be done by every other phone in existence. Those aren't awesome things your BB does. Those are basic, entry-level features that any modern smartphone must have.

about 2 years ago

Github Kills Search After Hundreds of Private Keys Exposed

ctr2sprt Re:Nothing has changed... (176 comments)

It's probably obvious and I'm just being stupid, but I can't think what you could possibly break by setting all perms to 777.

Anything with the sticky, setuid, or setgid bits set.

about 2 years ago

A Mythbuster's Biggest Tech Headaches (and Solutions)

ctr2sprt Re:Car locks (395 comments)

My car's approach is that pulling on the door handle twice from the inside will unlock (and open) the door. I wouldn't precisely call it intuitive, but it doesn't take long to figure out either. Actually, I think it is intuitive, it's just that people are so used to having to unlock the doors another way (push a button, flip a switch, pull a knob, whatever) that they don't expect it and therefore become confused.

BMW's rationale is that when you're in a panic situation -- on fire, sinking in a lake, etc. -- you're just going to pull on the handle until the door opens. It's a pretty decent idea. The problem, and it's a big one, is that it's probably electrical. So if the car loses power for some reason, you wouldn't be able to open the door. It could probably be done mechanically, though. For all I know it is.

more than 6 years ago


ctr2sprt hasn't submitted any stories.


ctr2sprt has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?