Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Smartphone Kill Switch, Consumer Boon Or Way For Government To Brick Your Phone?

jcochran I wonder ... (216 comments)

If bricking a phone would also result in any stored photographs going "bye bye".... I can think of quite a few police who would like that feature.

13 hours ago

Linux Kernel Git Repositories Add 2-Factor Authentication

jcochran Re:Malware (48 comments)

Agreed, the path that was taken for that attempt wouldn't have worked. However, if someone had been able to compromise the credentials that would authorize a check in to the main repository, it most definitely would have worked. Adding in two factor authentication just makes it that much harder.

2 days ago

Linux Kernel Git Repositories Add 2-Factor Authentication

jcochran Re:How does it work without a clock? (48 comments)

Well, you could have answered your own question by simply using google to look up Yubikey and reading a bit. But to give you a partial answer, the token generates an AES encrypted value and passes that value to the server for authentication. During authentication, the server decrypts the value. (the shared secret between the token and the server is the AES encryption key). The decrypted value includes a counter. And if the counter isn't greater than the previously used counter, the authentication attempt is invalid. So if you were to hit the button 100 times and record those codes, you could authenticate using any of those codes, but as soon as I hit the button and authenticated using the resulting code, all of the codes you recorded would become instantly invalid.

2 days ago

Linux Kernel Git Repositories Add 2-Factor Authentication

jcochran Re:Malware (48 comments)

Well, malware injection to the linux kernel isn't a mere possibility. The incident that happened back in late 2003 comes to mind.

2 days ago

Can Our Computers Continue To Get Smaller and More Powerful?

jcochran Re:Obvious (151 comments)

I believe that we can get things smaller. I'll agree that we're approaching the limits as regards what is basically a 2 dimensional layout that we're currently using for chips, but that leaves the 3rd dimension. Of course there is a lot of technical issues to overcome, but I believe that they will be overcome.

about a week ago

The FBI Is Infecting Tor Users With Malware With Drive-By Downloads

jcochran Looks like a fairly simple hack they did. (182 comments)

In a nutshell, they simply had any computer that contacted the web site send back the computer's real IP address and its MAC address. The actual security of the Tor wasn't affected. Just that compromising information was sent through the Tor network. Just as any other data would be sent through the Tor network.

Now I suspect the MAC address was sent so that they could identify the actual computer when they seized it via a warrant. That way the suspect couldn't claim that it wasn't their computer since the IP address was on the other side of a NAT and there were multiple computers using NAT. And the IP address was simply to make identifying the physical location easier.

Which raises an interesting question....
What if someone alters their MAC address and then enters the Tor network via a public wifi hotspot?
The connection is encrypted so the fact that the hotspot is publicly accessible shouldn't be a problem.
And when the computer is turned off, the MAC spoofing goes away so even if the computer is seized, they don't have a matching MAC address to prove it's the computer they hacked. And of course, since access was via an open hot spot, there's plenty of computers that could have been connected. Proving which one would be rather ... difficult ... without that MAC address.

about two weeks ago

Robotic Suit Gives Shipyard Workers Super Strength

jcochran Re:The grip (125 comments)

Look at the article. And examine the photo in the article closely.
The backpack portion of the exoskeleton has attachments. Including 2 "mini-cranes" going over the user's shoulder. And in the photo, those mini-cranes are linked via some rigging to the plate the worker is handling. So the majority of the weight of the object is handled by the exoskeleton while his hands are merely providing fine control.

about two weeks ago

seL4 Verified Microkernel Now Open Source

jcochran Re:Unfortunately? (82 comments)

So the ONLY statement anyone picking "GPLv2 only" is making, is that they don't want their code mixed with GPLv3 which honestly... is pretty silly.

If "GPLv2 only" is silly, then you might want to alert all the Linux kernel developers. After all, the code in the Linux kernel is GPLv2, not GPLv2+.....

about three weeks ago

Ask Slashdot: Open Hardware/Software-Based Security Token?

jcochran OPIE may be what you want. (113 comments)

It's not a two factor authentication, it's actually a means of generating one time passwords. In a nutshell, you can have a local device calculate the password based upon a challenge sent from the system you wish to log onto, or you can preprint a list of passwords that you can use to log onto the system.
See for a general description of the method. You ought to be able to find out more using that page as a starting point.

about three weeks ago

Social Security Administration Joins Other Agencies With $300M "IT Boondoggle"

jcochran Re:Missing Key Information (144 comments)

Oh good god...

I was a LM employee a few years back. Brought in on a project that was failing. And the main issue with the failure was their process.
For instance, LM was using Common Criteria and they were trying to get the system to EAL4. And frankly, getting there is quite doable. Unfortunately, management and the customers for the project didn't bother to actually understand anything about requirements.

For instance, in Common Criteria, your need to tailor the documents. An example would be this template being tailored to the system requirement:
FPT_FLS.1.1 The TSF shall preserve a secure state when the following types of
failures occur: [assignment: list of types of failures in the TSF].

The above template is obviously intended to be tailored to include a list of possible or predictable failures upon which the system will still remain secure. But this is how LM tailored that little beauty:
FPT_FLS.1.1 The TSF shall preserve a secure state upon a partial system failure.

Notice how the tailoring totally removed anything concrete about the requirement? What kind of partial failure? How do you test it? When is it violated? etc, etc, etc, ad nasium.

And that kind of bullshit "tailoring" was done EVERYWHERE. There would be multi-hour meetings just change, tailor, and interpret specifications tailored that way. And any suggestion by anyone working in the trenches stating that the requirements were badly done and needed to be redone properly in order to actually get a functional system was met by "We can't do that, it would be too costly."

If the above paradigm was used on the Social Security project, I can definitely see why progress has been snail slow and over budget. They're most likely still attempting to get their specifications correct.

about a month ago

Google Offers a Million Bucks For a Better Inverter

jcochran Re:110 or 240v (260 comments)

The 240V 60Hz is so that it can handle both North American and UK voltage levels. If you look at the technical specifications document, you'll see that there are 2 different grounding configurations that the contestants may specify. In both configurations the inverter output is fed into an isolation transformer. One specification has the input of the isolation transformer center tapped and grounded which makes the AC outputs from the inverter swing +/- 120V from ground like you would expect in the USA. The other configuration doesn't have a center tapped transformer, but one leg of the input is grounded making one of the AC outputs swing +/- 240 V in referenced to ground and the other output is tied to ground. I suspect the 60Hz specification is due to the way transformers work. A transformer designed to operate at 50Hz using minimal materials will operate fine at 60Hz. However a transformer designed to operate at 60Hz using minimal materials will saturate magnetically at 50Hz causing it to overheat and eventually fail.

about a month ago

Researchers Test Developer Biometrics To Predict Buggy Code

jcochran Re:uh huh (89 comments)

And you've still avoided naming any metrics....

Number of lines of code? As mentioned earlier, one can easily inflate LOC with trash.
Also how do you evaluate a programmer who actually reduces the lines of code in a program? By the LOC metric, said programmer is counter productive. Then again you get the beautiful quote by Ken Thompson... "One of my most productive days was throwing away 1000 lines of code."

Code quality? Once again, how do you judge it?

about a month ago

Researchers Test Developer Biometrics To Predict Buggy Code

jcochran Re:uh huh (89 comments)

And what stats do you apply to code development?
Because quite frankly, that is the gist of the problem.

about a month ago

Comcast Customer Service Rep Just Won't Take No For an Answer

jcochran Not 8 minutes (401 comments)

This same article was recently posted on Techdirt. The call wasn't 8 minutes. The RECORDING was 8 minutes. There was 10 minutes of call prior to the recording even starting.

about a month ago

Obama Administration Says the World's Servers Are Ours

jcochran Subpoena vs Warrent (749 comments)

The real issue at hand is the difference between a warrent and a subpoena.
The legal requirements to obtain a warrent are rather trivial and obtaining a warrent is rather easy. But a warrent doesn't extend past the boundaries on the United States. A subpoena on the other hand has far stricter oversight and requirements to obtain. But a subpoena requires the one served to provide the information requested regardless of where in the world that information resides.

What's happening is the government is attempting to get the best of both worlds. The trivial requirements of obtaining a warrent, combined with the expanse of a subpoena. And that frankly is wrong and needs to be stopped.

about a month ago

New Class of Stars Are Totally Metal, Says Astrophysicist

jcochran Using a different definition of "metal" (119 comments)

What astronomers mean for the word "metal" isn't what the rest of us mean.

As mentioned in the link to Metallicity, the all metal stars could be composed of carbon, nitrogen, oxygen, etc. Basically anything other than hydrogen and helium.

about a month and a half ago

NSA Considers Linux Journal Readers, Tor (And Linux?) Users "Extremists"

jcochran Give 'em something to worry about... (361 comments)

Just download tails yourself and start using it. Increase the amount of encrypted traffic that they don't know the contents of.

about a month and a half ago

Goldman Sachs Demands Google Unsend One of Its E-mails

jcochran Re:why? (346 comments)

Ah, but by definition, the email that the unmentioned user has is addressed to him or her. GS may have made a mistake in the address they sent it to, but it IS addressed to that user.

about a month and a half ago

New Chemical Process Could Make Ammonia a Practical Car Fuel

jcochran Re:Now I'm confused ... (380 comments)

Unfortunately, it needs to be anhydrous ammonia.
Looking at the paper, what they're doing is

1. Convert sodium amide into metallic sodium, hydrogen, and nitrogen.
2. Convert ammonia and metallic sodium into sodium amide and hydrogen.

They can easily balance those two reactions.
However, if there's any water in the system, there will be a 3rd reaction going on as well.
3. Convert water and metallic sodium into sodium hydroxide and hydrogen.
That 3rd reaction would effectively consume the sodium prevent it from making more sodium amide.

Given how nasty anhydrous ammonia is, I definitely know I wouldn't want to be anywhere near an accident involving it.

about 2 months ago


jcochran hasn't submitted any stories.


jcochran has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>