Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Humble Bundle Launches Online Store For Games

datajack Re:Hasnt this been out for a long time? (93 comments)

A big differentiator for me is that GoG (as great as they are) do not, despite many requests, support Linux.

Humble Store gives a nice place to purchase Linux indie games without going through Steam.

about 10 months ago
top

German Court Finds Fantec Responsible For GPL Violation On Third-Party Code

datajack Re:Premptive STFU to GPL haters (228 comments)

I was going to say pretty much the same thing. I would imagine that Fantec are now looking to sue whoever supplied those components to them.

1 year,29 days
top

Twitter, Hotmail, LinkedIn, Yahoo Open To Hijacking

datajack Re:Session Fixation? I don't think so. (50 comments)

They aren't talking about any method of gaining access to the cookie, just demonstrating what you can do one you have, somehow, magically, gained the information. May as well demonstrate what you can do if the victim tells you their passwords.

about a year and a half ago
top

Twitter, Hotmail, LinkedIn, Yahoo Open To Hijacking

datajack Session Fixation? I don't think so. (50 comments)

I dodn't think my opinion of SC magazine could get any lower, then they publish this!

Despite what TFA says, this is not a session fixation vulnerability, this is simple session hijacking - with the willing cooperation of the 'victim'.

Session Fixation (for those who don't know the term) does not involve stealing the victim's session cookie at all. It is precisely the opposite :-
* The attacker connects to the service without authenticating but creating an application session.
* The attacker accesses the newly created session cookie and somehow (using whatever other vulns or methods available to them) manages to inject that into the victim's browser before they have logged into the target system.
* The victim accesses the target system. their browser supplies the injected session cookie to the server and it is accepted as an existing session.
* The victim logs in. If the target system is vulnerable to fixation, the victim has just authenticated the session that the attacker created.

The protection against this is for the server to destroy the currently active session and create a new one at the point of successful authentication.

Whilst there are mitigation techniques against session hijacking, they all have their own complications and problems and have varying degrees of effectiveness.
keeping the session id cookie a secret between the user and server is a fundamental part of web security and a failure at this level has not been demonstrated here.

about a year and a half ago
top

Ask Slashdot: IPTV Service In the UK?

datajack Re:MythTV (78 comments)

Freesat is a no-go for me - Dave is my comfort channel ;) Also TVs that do DVB-S are a lot less common & more expensive than those that just do DVB-T. TV Aerial plus Ethernet in every room I would ever need a TV seems the best option to me. As the price was almost negligible in comparison to all my other moving & renovation costs, it just wasn't worth doing myself.

BTW, even interior electrics need to be certified by a qualified electrician now. My list of electrical horrors (excluding the expected old/knackered fittings and consumer unit) included :-

* Electrical appliances hard-wired to the mains via the back of plug-sockets (replaced with proper switches).
* Wall plug-sockets wired to the lighting ring.
* Earthing problem on mains ring (requiring a perfectly good wooden floor to be ripped up)
* Broken mains ring (ended up having to drill out through the back of the house and back in elsewhere to avoid having to rip out half of the kitchen)
* Lighting ring switches wired incorrectly.

Please don't mention the plumbing.

about a year and a half ago
top

Ask Slashdot: IPTV Service In the UK?

datajack Re:MythTV (78 comments)

There's no f-ing way I'm getting on the roof!

Even if I did feel confident enough to go up on the roof without breaking my neck, I would have still got someone in to do it, and laziness does not come into the equation. I did not have the time to :-

* Research and source a decent antenna (for what should be a one-time job)
* Figure out the way to actually mount the thing securely (for what should be a one-time job)
* Learn how to align it and get the tools to do so (for what should be a one-time job)
* Do it all again when I realise I have fitted it wrong/got the wrong antenna/booster etc.

Earlier I had an electrician in to re-wire most of the house (good job as it turned out that much of the place was a death-trap) and I had him run data cables and TV coax to the attic for me as it clearly makes more sense to only rip chunks out of the wall the once (yes, I did the cable termination and panels myself), it sounds as though we have similar set-ups

If you consider that time and effort = money then it quite often it makes good economic sense to get a professional in to do the work. I can then use the time to do more productive work. A massive portion of the economy is based on this premise.

about a year and a half ago
top

Ask Slashdot: IPTV Service In the UK?

datajack Re:MythTV (78 comments)

Yeah, that's doable. The extra Myth layer will handle the tuning selction of input card and will function as a network based PVr to boot. It will support DVB-S and C too (though you'd be pretty much on your own in getting DVB-C to work in the UK as Virgin Media are basically the only provider here and they keep things locked up).

Freesat is a good choice, but doesn't have channel 'Dave' which is on Freeview.

about a year and a half ago
top

Ask Slashdot: IPTV Service In the UK?

datajack MythTV (78 comments)

You don't specify if your TV point is an aerial or a cable installation. If it's a cable, you will need to play by their rules for that point.

In most cases, getting an aerial fitted isn't that expensive. When I moved into my current house, I had the old one totally removed and replaced and got a nice signal booster and six way splitter all professionally supplied and fitted for less than £100.

If you'd be happy with the Freeview channels, plug your aerial into a box running MythTV and then use a WLAN to get TV wherever you want in the house.

I'm not sure about yuor other mentioned channels.

about a year and a half ago
top

IronKey Releases Windows 8 Certified Bootable Flash Drive

datajack Re:drawbacks for $129-$389? (66 comments)

It's an Ironkey. The encryption is in hardware. The quoted speed is with the encryption.

about a year and a half ago
top

UK Gov't Official Advises Using Fake Details On Social Networks

datajack Re:The real story... (175 comments)

I'm confused that a politician actual understood the issues before spouting off - isn't that illegal?

Very few sites get my real details, but he missed a few other important ones .. banks and insurance companies get correct personal details. I also find it useful to give shops and delivery companies get my address but nothing much else.

about 2 years ago
top

UK Government Owns 16.9 Million Unused IPv4 Addresses

datajack Re:Not publicly routed doesn't mean unused (399 comments)

Most / all of them. A network like the GSI is intended to link and provide services to a large number of separate and autonomous organisations, not all of whom are government organisations or had plans to join the network when their own internal networks were developed. Therefore the use of RFC1918 addresses is unsuitable.

The Wikipedia article talks of the GSI and I would assume that the AC above has a connection to the GCSX. Many other such national networks for varying different uses also exist. I believe that many of them are in the 51 block.

about 2 years ago
top

Ask Slashdot: Building a Personal FOSS Cloud?

datajack Re:Found it when googling for dropbox alternatives (189 comments)

That's on their site. The one where you download the software from. The point of his question was how to store data on your own site.

Download and install owncloud, and there's no sign of googleapis.

more than 2 years ago
top

The Netherlands Rejects ACTA, and Does One Better

datajack Re:if they ever get the change to do so (112 comments)

Gah! I didn't even notice the typo.

I think I'll take this as my cue to leave the keyboard as I clearly need more tea.

more than 2 years ago
top

The Netherlands Rejects ACTA, and Does One Better

datajack Re:if they ever get the change to do so (112 comments)

I think that the 'if they get a chance' condition was actually implying that ACTA may not get passed by the EU at all, therefore the Dutch won't get a chance to block something that isn't happening.

more than 2 years ago
top

Researchers Can Generate RSA SecurID Random Numbers Flawlessly

datajack Re:Not exactly... (98 comments)

The server cannot 'recover' the seed from the serial number.

When you buy hardware tokens, you are supplied with a copy of the seeds, associated with the token serial numbers, to import into the server. The SecurID scheme is time based. What is recovered through supplying the serial number and two token-codes (combined with the existing knowledge of the seed) is the current state of the token's internal clock.

The serial number printed on the back of the token is NOT the seed. It is not (to the best of my knowledge and trust in RSA) related to the seed in any way other than the mapping held in the database of the server.

This story is purely sensationalist. The SecurID algorithm has been known for a long time, that token codes can be generated when the seed is somehow compromised is a non-issue. That a software token seed can be recovered given full access to the host is also obvious to anyone reasonably aware of the realities of cryptography.

more than 2 years ago
top

Manchester's Self-Described 'Internet Troll' Jailed For Offensive Web Posts

datajack Re:So he was done on a technicality? (321 comments)

Instead they've had to resort to the telecoms act to catch him.

He was targeting and harassing people via a telecommunications system. Part of our telecommunications laws specifically deal with that situation.

I can't see how that is anywhere near being a technicality.

more than 3 years ago
top

Xbox Head Proclaims Blu-ray Dead

datajack Re:Have you tried HD downloads? (547 comments)

Yes, my comment was a little tongue in cheek but the fact remains that it's also far from the sharpness and detail that TV salesmen are using to sell HDTV.

more than 3 years ago
top

Xbox Head Proclaims Blu-ray Dead

datajack Passed by as a /High Definition/ format? (547 comments)

The point of HD is high quality, right?

So, in which fantasy land do these streamed or downloaded films match the 20-30Mb/s data rate of playing a film off Blu-Ray? Or have they managed to invent some magical new codec that's ~10x as efficient as what you find on disk without losing quality?

Enjoy downloading your high resolution but blocky and fuzzy mess. I'll stick to a high quality, sharp picture thanks.

more than 3 years ago
top

DRM-Free Games Site GOG.com Gone

datajack Re:GOG was great, but Steam is easier (326 comments)

Sure, one day in the hypothetical future Valve's servers could disappear, leaving you unable to play your games any more. This is no different from non-DRM-encumbered games you own on physical media, which could stop working at any time due to loss of or damage to the CDs.

Wrong. there is one big difference.
It['s a thing that is becoming more and more fashionable to ignore and pretend doesn't exist. It's called responsibility.

Looking after my copies of my games bought from GOG is my responsibility. I have all the tools at hand to protect against any loss of data. If one copy is lost or damaged, I have a backup copy (which I can then use to make another copy just in case I have another accident). If something happens to that data, it's my fault and my problem.

If Steam (or whatever other service) goes away or is taken away, it's someone else's fault but my problem.

more than 3 years ago
top

Ubisoft's Constant Net Connection DRM Confirmed

datajack Re:You kiddin, right? (631 comments)

The pirates will find a way around that. Either by patching out the code that continually checks for the servers or runs a dummy 'Ubisoft Server' on your local system - more likely some combination of both.

more than 4 years ago

Submissions

datajack hasn't submitted any stories.

Journals

datajack has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>