Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Network Hijacker Steals $83,000 In Bitcoin

grnbrg Re:How did people not notice this early? (101 comments)

I got hit April 25th with this. I noticed within an hour, and it took me about an hour to determine that my connection to the pool had been spoofed, and my miners redirected to the attackers pool. I had no idea at the time *how* it was done.

My mining software was a couple of months old at the time, and the latest version would ignore such redirect requests. I updated and continued on, having lost maybe 2 hours of mining.

The redirect comes from that fact that the "Stratum" protocol used by many minors to request work from the pools was originally designed as a wallet to blockchain server protocol. Under that use case, it makes sense that the server might suggest to a (wallet) client that they use another server.

about three weeks ago
top

Mass. Supreme Court Says Defendant Can Be Compelled To Decrypt Data

grnbrg Re:Except, of course, they have to prove you can (560 comments)

There is a hierarchy of trustworthiness with the judge at the top, and the dirty criminal at the bottom. Anything the police say will be believed over what you (the dirty criminal, otherwise why would you be arrested) say. Lawyers are above the police in that hierarchy.

about 2 months ago
top

Ask Slashdot: How To Bequeath Sensitive Information?

grnbrg Shamir's Secret Sharing and Encryption. (208 comments)

Pick a nice, long, secure passphrase. Use it to secure a GPG keypair. Back up this keypair in multiple locations, and with multiple people who know "This is the key that encrypts all of my digital stuff. My family will need it when I die.".

Use that keypair to encrypt all of your important passwords and data. Back up the encrypted files in multiple locations. Make sure your family knows where these locations are, and why thy and the files they contain are important.

Download a copy of http://passguardian.com/ . Load the saved copy (preferably in an offline PC) in a browser, and use it to convert your passphrase into several N of M parts. ie: Create 10 parts, and require at least 6 to reconstruct the passphrase.

Use something like http://goqr.me/ (or any other generator) to create QR codes for the 10 secret shares. Laser print the text share, QR code and some instructions onto a business card sized piece of paper, and have them laminated.

You now have 10 waterproof, hard to damage cards, any 6 of which will unlock your digital data. Distribute them to trusted parties and locations with instructions to use the shares once they hear and confirm your death. These parties don't have to be literate enough to merge and decrypt the data themselves, they just need to know that it is possible with their share. On your death, they will arrange to bring the shares and data together, and even if they have to hire a nerd to help them, they will unlock what they need.

about 2 months ago
top

Theater Chain Bans Google Glass

grnbrg Re:Ban them everywhere! (376 comments)

Alamo Drafthouse is banning them, and I doubt they care at all about the piracy thing - they ban talking and any sort of device use or distracting behavior flat out. People go there to watch the movie, if you want to play with your electronics instead, there are plenty of other places to go.

And from what I've read, if they catch you using your electronics, they'll help you get started finding those other places by escorting you to the parking lot. :)

about 3 months ago
top

Japanese and Swiss Watchmakers Scoff At Smartwatches

grnbrg Re:Maybe they should ask corded phone manufacturer (399 comments)

Corded phones didn't cost $350 - $500 either.

$350-$500 puts you into the range of cheap trash and knock-off timepieces. Try adding a zero. Or two.

I'm a geek, and I've got a Pebble that I wear fairly regularly. But the watch I wear when I want to dress up a bit (or when I get tired of the cheesy plastic smart watch) is a Tag Heurer with an automatic movement. The Pebble is neat, and has IMHO the right balance of features and price. But it has no soul.

about 4 months ago
top

Bitcoin Inventor Satoshi Nakamoto Outed By Newsweek

grnbrg Re:"It's been turned over to other people" ? (390 comments)

It's not encoding anything. Miners are basically doing sha256( sha256( block header info + random number )) until the result has (currently) about 15 leading zeros.

There is no room in the protocol to do anything else, or solve some sort of background problem.

about 6 months ago
top

Yep, People Are Still Using '123456' and 'Password' As Passwords In 2014

grnbrg Re:"it's a shock" (276 comments)

This.

I've probably contributed a "Mr. Test Testuser, 123 Main St, Somewhere, CA, 90210" password 1234 once or twice a year for the last decade....

about 7 months ago
top

23-Year-Old X11 Server Security Vulnerability Discovered

grnbrg Re:The usual clueless submission... (213 comments)

When was the last time you installed a "specially crafted" bdf font from anywhere?

You don't have to. Anyone with a writeable ${HOME}/.fonts can.

This could be really big.

about 8 months ago
top

Ask Slashdot: How To Protect Your Passwords From Amnesia?

grnbrg PassGuardian, with N of M secret reconstruction. (381 comments)

http://passguardian.com/

This uses Shamir's Secret Sharing algorithm to take your password, and split it into a configurable number of pieces, and requires a subset of those shares to reconstruct the original. Take your master password, split it into 10 shares, and require 5 shares to reconstruct. Then distribute the 10 shares to secure locations and trusted people.

Example:

Password: 12345
Share 1: 801650d0edcbd0c3c949f
Share 2: 802c91a40a532182e3570
Share 3: 803ad177a79bc1420a1de

Any 2 shares can reconstruct the password.

And the site runs entirely in Javascript. You can save it to a USB stick and run it from an offline PC, so you don't have to worry about your password being stolen.

about 8 months ago
top

Bitcoin Tops $1,000 For the First Time

grnbrg Re:Reminds me of other inflated markets (371 comments)

Who needs luck?

Over the last couple of years, I've put a two to three thousand dollars into Bitcoin... I've made some bad decisions, and currently have "only" 20 BTC or so.

If the whole thing implodes, and those coins become worthless... I've had a hell of a ride, and think the couple of grand was well spent for the entertainment. On the other hand, if it takes off and Bitcoin turns out to be the next big thing like Ebay or Facebook, I can retire early.

about 9 months ago
top

Cyprus University Accepts Bitcoin For Tuition Fee Payments

grnbrg Re:Good Luck (157 comments)

There are no regulated exchanges yet, and the unregulated ones occasionally disappear with all the money.

Sounds like PayPal. :)

about 9 months ago
top

Cyprus University Accepts Bitcoin For Tuition Fee Payments

grnbrg Re:When will people accept it's not a real currenc (157 comments)

Please can we see an end to the "it's not a real currency" posts. It's money and you can buy stuff with it. The end.

Heh. You waited too long for the punchline... Just about everyone started foaming before they got to the end.

Not everyone missed the bus, though. :golf clap:

about 9 months ago
top

Cyprus University Accepts Bitcoin For Tuition Fee Payments

grnbrg Re:Good Luck (157 comments)

What amazes me is that even after the recent stolen Bitcoin news, the prices have actually gone up. I'm still predicting that there will be a really major theft or attack against Bitcoin that will absolutely devastate it.

To date, there have been no successful attacks against the underlying Bitcoin protocol. There have been one or two serious client issues -- for example there was an incident a year ago where the latest version of the Bitcoin network software started creating blocks that older versions rejected. It was fixed in time, but if it hadn't there wouldn't have been hugely serious effects. All the miners would have been forced to upgrade. There was also an issue due to a buggy crypto implementation on Android that made some Bitcoin wallets vulnerable to theft.

It will be something stupid involving trust where nobody thought that another party would do something, but they will do it, and it will be devastating. Then everybody will cry and moan saying "Why didn't we protect against that?". Of course, I could be wrong, but I have no skin in this game so either way I'm not losing or gaining whether I'm right or wrong.

Again, there have been many problems with exchanges, service providers and outright fraud that have been related to Bitcoin, but these have all been problems with entities having poor security, and not being careful with how they integrate Bitcoin with their systems, not problems with Bitcoin itself. Those events would not have changed at all, if you had replaced Bitcoin with fiat in their operations.

If Bitcoin fails, it will be because it is regulated out of existence (which will be hard -- it is more likely to just be driven underground) or because it is deliberately attacked by a player with huge amounts of money to do so. Such an attack would likely be a government or group of "big money" interests willing to spend hundreds of millions of dollars in hardware to attack the block chain through mining.

about 9 months ago
top

Bypassing US GPS Limits For Active Guided Rockets

grnbrg Re:Nevermind (126 comments)

That's what she said. :)

about a year ago
top

Google To Buy Waze For $1.3 Billion

grnbrg Re: Thunderbird encryption (153 comments)

I am amused at the amount of "HUR HUR, I USE SSL/TLS TO GET MY MAIL!!" posts. Very good. When you connect to your ISP or mail provider, it's quite possible (but far from guaranteed) that the NSA can't intercept the encrypted content. But how did that mail get to the mail server? (Or, if your sending, from your mail server to the recipients' mail server?)

It was almost certainly relayed via vanilla SMTP. Unencrypted. Via whatever network hops are needed, and probably through a couple of listening posts.

grnbrg

about a year ago
top

World's First Bitcoin ATM

grnbrg Re:Ironic (437 comments)

And really, bitcoin is Skype - for money...

One of the more interesting quotes I've seen recently is:

Bitcoin isn't a currency. It's a Money Over Internet Protocol.

Which is about right.

grnbrg.

about a year and a half ago
top

Driver Trapped In Speeding Car At 125 Mph

grnbrg Re:It's called the key (1176 comments)

Not the case. I've got one of the fancy new keyless ignition vehicles, and I've tested this.

With the engine running, and with forward motion, three (maybe four) presses in quick succession or pressing and holding the the ignition switch for 2-3 seconds will kill the engine. You need to shift into park and press the brake to start again.

I thought it was interesting that there were two paths that would do this, both of which are a reasonably likely response in a panic situation -- tap the button a zillion times, or try to mash it into the engine compartment.

2009 Nissan Cube, if you care. Or if you don't.

grnbrg.

about a year and a half ago
top

Steam Hit By 'No Connection' Error Worldwide

grnbrg Re:"Ominous"? (126 comments)

What exactly is ominous about a "no connection" error?

A communications disruption can mean only one thing -- invasion!

--
grnbrg

about a year and a half ago
top

Ask Slashdot: Current State of Linux Email Clients?

grnbrg Re:Exchange access would be nice (464 comments)

... and I *am* one of the system admins at my organization (a university), and I am part of the transition team from sendmail to Exchange, so I know the Exchange admins really well. That is the response that has been mandated that we give to people asking for IMAP access.

One of the few acceptable business cases so far has been a department that had several functional accounts that would be polled by fetchmail scripts that would read a message from the Inbox, detach the attachments, do some processing on them, and then leave them in a (unix) directory to be verified and acted on by a person. Rebuilding this process to use Exchange directly was deemed infeasible. :) They had IMAP turned on for two or three accounts.

grnbrg.

about a year and a half ago

Submissions

grnbrg hasn't submitted any stories.

Journals

grnbrg has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>