Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Tweeter To Be Prosecuted, Twitter Now Censoring?

gnieboer Re:its Ryan Giggs. (195 comments)

Yep, that's slashdot...
We take an article about sports celebrities and legal issues surrounding rights of privacy and ... manage to make a linux joke. A funny one too. Gotta love it :)

more than 3 years ago
top

Are You Sure SHA-1+Salt Is Enough For Passwords?

gnieboer Re:Who cares what method? (409 comments)

I oversimplified my description. You'd need to do a challenge-response system so that the server sends a random hash, it's hashed with the password on the client, which is returned, hashed with the salt value, and compared with the stored value in the database hashed with the random value

Stored value = Pass Hash + Salt Hash
Client value sent = Pass Hash + Random Hash
Compared values = Pass Hash + Random Hash + Salt Hash.

In addition, even if you didn't do it this way and just hashed the password (which I agree isn't as good as the above), then you still can't just send values from the DB because remember that the DB's values are salted, so are != the pass hash alone.

But if the box is rooted, again, even this approach won't save you because as was mentioned, the box can send malicious web code to the client to execute which will send the plaintext password to wherever the hacker wants it.

more than 3 years ago
top

JAXA To Use Fishing Nets To Scoop Up Space Junk

gnieboer Re:Wha? (210 comments)

Yep, especially #2. Orbital dynamics means your not going just sweep stuff up in the same orbit you are in.

A fun way to see this all demonstrated is a little iPhone game called "Osmos", you're a mote have to go along and try to absorb smaller motes. Many of the scenarios involve a "sun" that everything is orbiting around. It quickly forced me to remember my school day courses on orbital dynamics and how to do a Hohmann transfer, etc. It's decent entertainment (and no I'm not the developer)

But as you'd see in the game, you need to be in a more eccentric orbit and sweep through other orbits if you want to pick other stuff up. And the delta V's involve lead direct to the parent's points #3 and #5... they will go right through the net.

more than 3 years ago
top

Are You Sure SHA-1+Salt Is Enough For Passwords?

gnieboer Who cares what method? (409 comments)

The box is rooted, nothing you do matters. Just change the code...

CHANGE:
string pass = request("userspass")
if UNBREAKABLYGOODHASH(pass, salthash) = RetrieveSaltedDBpasshash(username) {
            UserAuthenticated
}

TO:

string pass = request("userspass")
SendTheHackerThePassword(pass)
if UNBREAKABLYGOODHASH(pass, salthash) = RetrieveSaltedDBpasshash(username) {
            UserAuthenticated
}

And you're done... Just wait for the passwords to come rolling in.

Any rooted machine that handles the user's actual password can be coerced into giving it up. So limit what machines see that password. Have your web client hash the password before if goes to the host (even when it's a secure connection). That would help, though the client machines should be easiest to hack, but at least it takes longer to get the right password.

more than 3 years ago
top

US Has Secret Tools To Force Internet On Dictatorships

gnieboer Re:We assume that... (282 comments)

Why not seed blogs, twitter and facebook...

Because by Executive Order (http://www.fas.org/irp/doddir/army/fm3-05-30.pdf, page 19), "U.S. PSYOP forces will not target U.S. citizens at any time, in any location globally, or under any circumstances"

The internet causes a problem in this regard, as obviously it's designed so that all of it accessible from everyplace else (generally speaking). So while it's possible to put a server someplace that is firewalled to only send/relay info from a range of IP addresses, the military can't do that with Twitter; if they started putting PSYOPS on Twitter, it'd be accessible to US citizens, would could then be considered 'targeted'.

Of course, these restrictions are by executive order, not US law, and they apply to the US Military only.

Side note: on the next page, it spells out copyright issues as an area of concern... don't want to get sued by the MPAA in the middle of WW III because you broadcast a video of Mickey Mouse without permission...

more than 3 years ago
top

Sony Wants To Put Your Game Saves In the Cloud

gnieboer Re:Riiight...this is going to really work...not... (224 comments)

1- 1,000 people in country "X" are upset at the government, and stage protests
2- Government in country "X" decided to cut the internet off to prevent coordination of bigger protests
3- 100,000 console gamers in country "X" can no longer play their saved games, consoles become useless
4- 100,000 console gamers get very mad and very bored
5- Suddenly 101,000 people are protesting for a change in government.

The Cloud... a tool for democracy...

more than 3 years ago
top

Google Releases Software To Iran

gnieboer Re:so naive (286 comments)

But how embarrassing is it to how to leave the secure nuclear targeting center facility with cool security, fancy badges, and lots of plasma screen TV's, and have to leave to go to some random coffee stop to get imagery of Tel Aviv...

more than 3 years ago
top

Google Releases Software To Iran

gnieboer citizens can use but the gov't can't... (286 comments)

Let's make a huge assumptions that this IP restriction actually works...

What must it be like to download and use a piece of software that you can use but your own government isn't allowed to use? Takes a way some of the perception of the gov'ts power I'd imagine. A bit emasculating even. Which of course might be the reason the USG is allowing this to proceed. A sanction that is truly against the government, not the people.

Sadly, I don't think a software release will result in a democratic Iran. But it would be nice.

more than 3 years ago
top

Goldman Sachs Says No Facebook Shares For US Investors

gnieboer Re:A Way To Get Around Regulations (529 comments)

Actually, believe it or not, the SEC is the good guys here...
The SEC thinks that companies that you can buy shares in should be honest about their financial situation.
So they've made it mandatory to disclose said financial stuff.
And they put in a caveat for little business with under 500 investors so the paperwork doesn't drive them out of business.

So Goldman Sachs, whose pure motivation was, and still is, to make money off the deal, and undoubtedly knows the actual financials behind FB, tried to figure out a way to sell to US investors without having to disclose said financial stuff, which would probably cause them to lose $$$.
But in the end, they figured that this time, trying to get around the SEC's rules wasn't worth the risk, so they are bypassing US completely. I'm guessing there have been some serious behind-closed-doors between with the SEC, and I'm guessing some serious threats were made.

So if my assumptions about motivation are corrent, it's the SEC that's basically putting up a shield to prevent US investors from buying a $50B load of twat. The rest of the world may not be so lucky. I certainly won't touch it (if I had enough $$$ to play)

Of course, after Facebook shares have quadrupled in price in the next 5 years, I'll always have a record of this post on the internet I can look back on and cry...

more than 3 years ago
top

Launch Command Preserved In Power Failure, But Nuclear Designs Still Risky

gnieboer Re:reassured???? (167 comments)

Their safeguards were never down. -A- safeguard was down. HUGE difference.

more than 3 years ago
top

Most Americans Support an Internet Kill Switch

gnieboer Re:Probably too obvious of a solution... (398 comments)

It can route around 'damage' as long as an undamaged route exists.

If you control -all- the border routers, then you can easily isolate yourself from all or a portion of the internet. Of course you have to be able to be completely able to stand alone (DNS servers, etc) to make that work, and have all your critical capabilities inside your 'border'.

Probably in many businesses, productivity would increase in the event of a cyber attack...

more than 3 years ago
top

Feds Discover 1,000 More Government Data Centers

gnieboer Re:Silly President, streamlining's for wings (246 comments)

1A- How much was left?? TONS of stuff. Same thing in Desert Storm. And that was -with- a plan. Imagine if the military just was told to leave one day?

2A- No issue with states doing it vs federal, but don't see any inherent reason that 50 state governments doing the same thing would be inherently better than a single federal one. The transition is the problem. You can't just stop giving out SSN's without drastic impact, and to give the states a chance to figure it out will take time, and then there's that painful inertia thing again.

3A- I think the line-item veto is the way to go, especially in the current fiscal state we're in. Then the rest is easy and doesn't require the pain and willpower we described.

Don't get me wrong, I agree with the theory of what you are proposing; peace, less waste, balanced budget. I was just trying to show why it's harder than it looks to actually get done.

more than 3 years ago
top

Feds Discover 1,000 More Government Data Centers

gnieboer Re:Big company (246 comments)

In the "BIG" company, the problem is your definition of "my network". Just who exactly ones the ENTIRE network? The CIO? Sure. So the CIO personally approves each server and VLAN connection? Not likely.

In the government, it's not one network, it's hundreds of networks. Even within the same department, AD Domains don't trust each other, so there is no 'owner'.

So let's say your network is set up according your described rules. That's fine, no rogue servers on your network. Great work. Let's say you've got 1 big-ass data center, and 2 satellite sites. Big bosses come down and want to do an audit. Their criteria means you list the big-ass center. Great. 2 years later they do another audit. Now the criteria has changed. OK, now you list all 3 three.

Slashdot goes nuts because they think you are an incompetent admin who didn't have a clue about the "rogue servers" on your network that weren't reported last time.

more than 3 years ago
top

Feds Discover 1,000 More Government Data Centers

gnieboer Re:Silly President, streamlining's for wings (246 comments)

OK, I'll give you some straight answers as to why that's not going to happen, even if you were president tomorrow:

1- End the Wars. Actually, the wars are ending. But let's say tomorrow is your first day in office. Your order is "Redeploy all the units". The CJCS says "Yes, sir". First they need some time to come up with a plan on how to do what you want. So MINIMUM 60 days. Ever tried to get a family of five in the car for a 5-day road trip?? How many hours did that take? OK, now multiply that by 50,000. Moving a force the size of what we have is not a small feat when it's in a land-locked country halfway around the world and we can't just drive down to the coast and hop on a boat. So to make sure it's done right and we don't give $20B worth of stuff to the Taliban when we leave, a plan is a good thing.
So then they come back with the plan, and say it will be 18 months. You lose your mind and say you want it done NOW (you are the President after all!). The CJCS brings in his Intel guys, who give you an hour long brief on the complexities and fragilities of the Afghan society, and how just leaving out of the blue will destroy all the progress made thus far, result in thousands of Afghan deaths due to the resulting civil war, create a resurgence of the Taliban, etc.. Most presidents at this point realize that these are ACTUAL lives that hang on their personal decision (think the picture of Kennedy in the Oval Office during the Cuban Missile Crisis). No longer an armchair exercise, they realize that there has to be a logical framework for the withdrawal. But like Iraq, it happens, because you are the boss. Just on a timeline tempered with reality and experience. Common Sense Ending...

But for arguments sake, let's say you are fanatical about this (you are the President after all!). You give direct that every available mode of logistics will be used immediately to remove US troops from Afghanistan. OK fine they say, and leave. The CJCS hands in his resignation, as his advice is no longer useful to you. Political mayhem ensues, stuff gets leaked to Congress/the Press, and you spend so much of your time dealing with that you can't keep track of the withdrawal.
You threaten to fire all not obeying your orders, those below you come with briefings showing how they are making progress as best they can, you don't have a clue how logistics works, so you don't know if they are lying or not. So you fire a couple just for good measure... briefings get more and more 'controlled'. Troops end up taking about 24 months to withdraw because of all the mess you made.
So let's say you veto the spending bill. Great idea! Resources are what drives DC. So now there is no funding for the war effort. Pentagon comes to a grinding halt. Problem is that there are still troops in the field (remember land-locked Afghanistan?), who are now dying because of lack of ammunition that you refused to buy them. Pictures of dead GI's come back home. Oh wait, now suddenly your veto gets overridden by Congress.
But you aren't done yet, you use yet more executive power to stop spending any DoD funds. More GI's die. Congress has now had enough, so has the American people, and you are the first to be Impeached/Convicted. And the Brits aren't fond of you either (remember it's a Coalition over there)

(The next 2 are easier)

2- End of Department "X". Which one? Defense? Education? State? Health and Human Services? Yep, you can slay an entire department as President. Problem is that in most areas of government, there is SOME good being done. So it's pretty unlikely you can just kill the whole thing without crippling a vital service people need. OK, no problem... we'll just carve out the fat, right? Trouble is that it's very hard to estimate how many people any department really needs if you aren't in that department (just how many people does it take to keep track of Social Security Numbers, I don't have a clue) And almost no one is coming to come brief you that they need fewer people (and they would benefit how??). So in frustration, you decide to issue a 10% funding cut across the board. So those few naive departments (headed by people like you, no offense) that decided to right-size their manning to exactly what they needed and are proud of how lean they are get swacked another 10% and now are all working 12 hour days with no extra pay. Naive people learn the bureacratic way. (See, they didn't start off that way, they are often made they why by their leadership)
The biggest 'slash' I've seen recently is DefSec Gates recently killed "JFCOM" with is a whole command in the military. Couple thousand people I think? Honestly, that was impressive.

3- Eliminate the Deficit: OK, first off, there is no such thing as a line-item veto. Why? Because Congress won't pass it. So your only tool as President is to veto the entire budget. That's it. Let's say that's exactly what you do. So now the government continues to run on a "Continuing Resolution Authority" (which basically says spend like it was last year's budget) until one gets passed. Congress goes back, and argues for a while, but because everyone has their pet projects and need to get re-elected, they make some cuts, but in your opinion, not enough and not in the right places. Again, veto is your only option. And each veto will cost 30-60 days until you see another budget come up. And in the end, whose fault will it be that the budget isn't signed in the public's eye?? Yours. So you'll lose, because Congress won't be motivated to do what you want. They'll just pass budgets until your approval ratings get so low they can impeach you.

So those are real answers why it's not that simple. The President is the most powerful person in the world, but steering the Titanic takes cunning/skill, not just brute force.

more than 3 years ago
top

Feds Discover 1,000 More Government Data Centers

gnieboer Re:Silly President, streamlining's for wings (246 comments)

Technically the term "order" would only apply to the military branches of the DoD, which are enforceable by military law.

For everyone else, his "orders" are just the same as the direction any CEO gives. Can't send you to jail for not complying, can fire you, but only after all the other executive branch guidance (HR Policy) is followed, to include union agreements as applicable.

Now if Congress gives direction, the Executive Branch agrees, and the Judicial Branch doesn't strike it down, then you can go to jail for not complying, but again, that's no different than any US citizen.

more than 3 years ago
top

Libya Takes Hard Line On Link Shortening Domains

gnieboer Re:The Picture in Question (354 comments)

Mod parent up! Not sure who thinks the above is a troll, but this is a clear point to discuss.

The Libyan authorities appear to be making a stand that this website, which as it is registered as a ".ly" website, is clearly within their scope to control (both from a technical and common sense perspective), violates the legal and ethical guidelines which their country is guided by.

While Sharia Law may be based on Islamic beliefs, the Libyan government is not run by clerics. The term people should be looking for is "separation of church and state", not "remove religion from government". There are two separate things.

So should we remove laws against murder in the West because "thou shall not kill" is based in a Judeo-Christian religion (gasp).

Most ethical frameworks around the world have their foundations in a set of religious beliefs. Some would argue that religions are created because of a need for an ethic framework. And any community, to be effective, needs to agree on an ethical framework to be effective.

Also note that the Libyan authorities are not on a typical true "nut-job" rant of attempting to impose -their- beliefs on the rest of the world. They are controlling only what is theirs to control. Now if they hosted a root nameserver and poisoned it to send the rest of the world's "unapproved by Libya" links to a black hole, that'd be a different thing.

more than 3 years ago
top

Army DNS ROOT Server Down For 18+ Hours

gnieboer Re:Not the biggest problem out there.,,, (154 comments)

Agreed.

From the offending server's website: "BRL volunteered to host one of the original root servers ... to provide a root server for the MILNET in the event that MILNET had to be disconnected from the Internet."

The purpose of the G/H servers is not to support the greater good (that's a side benefit), but to ensure that the MILNET can function if the DoD cuts itself off from the rest of the internet.

And besides, If my math is correct, there are a total of 205 redundant root sites (http://www.root-servers.org/), so imagine going up asking for funding...
[IT Guy] "General, we need money to add another redundant root server site, if all the sites go down the internet collapses!"
[General] "That sounds bad! How many redundant sites are there now?"
[IT Guy] "Only 205"
[General]

more than 3 years ago
top

Amid Controversy, EA Pulls Taliban From Medal of Honor Multiplayer

gnieboer Re:Well that's stupid. (495 comments)

> AAEFS is a an agency of the DoD and thus is an agent of the government

So by your logic the government is interfering with the government?

They've banned themselves from selling it, not anyone else. They also (like Walmart) choose not to sell porn in -their- stores. People are still free to own, obtain, etc both porn and Medal of Honor.

more than 3 years ago
top

GameStop Pulls Medal of Honor From Military Bases

gnieboer Re:Censorship? (362 comments)

And further, the GameStops on US military bases will have a contractual vendor relationship with AAFES, so I would not be surprising if the pressure/demand came from AAFES themselves.

And I believe NEX/MCX are also now under the AAFES umbrella overall, but maintain an independent brand identity, so I think the demand would encompass all bases.

Though I think this change probably means an increase in sales to military because of the controversy.

more than 3 years ago

Submissions

gnieboer hasn't submitted any stories.

Journals

gnieboer has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>