Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

lhunath Open Governance (580 comments)

The same argument can be applied to government. Just because all laws are visible to the public doesn't mean we don't ever put and keep bad laws in effect. The solution to bad laws is not hiding them, it's more publicity. Similarly, more review on each commit would help the OpenSSL project.

3 days ago

Turkish Finance Minister Defends Twitter Ban

lhunath Re:Deja Vu (Again) (94 comments)

It is also wholly within Turkey's right to put out arrest for Dick Costolo (Twitter's CEO) and demand his extradition to be tried under Turkish law on what Twitter has done for Turkish residents.

about a month ago

First Automatic Identification of Flying Insects Allows Hi-Tech Bug Zapping

lhunath Re:Sexist Pig! (99 comments)

Only female mosquitos suck blood. Therefore, only the females are a health threat to humans.

about 1 month ago

Ask Slashdot: How Do You Manage Your Passwords?

lhunath Re:SuperGenPass (445 comments)

The idea is great, the implementation horrible.

Master Password is an implementation of the same idea which takes care of all the flaws.

In my opinion, what you need from a password manager is:

  - The output passwords need to be strong against attacks and the solution needs to be strong against attacks.
  - You need to be able to trust the algorithm and the implementation that implements it, and any involved parties.
  - Being safe from loss is just as important. If you can get locked out of everything the day your apartment catches fire, it sucks.
  - It needs to be sufficiently easy to use so that I won't get lazy and skip it.

Doing 10 MD5's (SuperGenPass) offers NO strength against attacks on the solution at all. In fact, if I want all your passwords, all I need to do is make a website, get you to sign up with me, and brute-force your master password from the site password you gave me. A day's work, at most.

Master Password implements several techniques to solve all of the above security problems: http://masterpasswordapp.com/s...

about a month and a half ago

The iOS 7 Jailbreak Fiasco

lhunath Re:Confusing summary (210 comments)

Evasi0n7 is the name of the method used to apply a tethered jailbreak to the phone. The 7 is for iOS 7. The jailbreak is what disables the security features that lock people out of their own device.

TaiG is the name of a "store" the distributes Chinese applications, similar to Cydia, the store that is currently considered to be the "default" for distributing applications on jailbroken devices. Aside from using Cydia or TaiG, you can also put apps on the device manually or use other stores / distributions.

The deal with TaiG was not a result of any stealing. Evasi0n (the team that made the Evasi0n7 method) had been approached by TaiG with an offer of bundling their store instead of Cydia (which doesn't have a lot of Chinese content) for Chinese users only. Terms of the deal included that TaiG would not be allowed to distribute any "pirated" applications. Evasi0n's rational was that without TaiG on the device, most Chinese users would proceed to install an app store that did provide "pirated" apps and this way they would be condoning a "non-pirating" app store to the huge Chinese jailbreak audience. In exchange for bundling TaiG and therefore giving TaiG a huge userbase in China, Evasi0n was offered a lump of money.

Unfortunately, it turns out after the fact that some pirated apps were spotted on TaiG. Evasi0n reported these to TaiG ASAP and they were removed. You can imagine the trolling that ensued especially from competing jailbreak teams.

Other teams working on a jailbreak method in parallel to Evasi0n were also given this offer from TaiG. In fact, another team was getting a jailbreak release ready with a similar, stolen or different method, I don't know, but since they were getting close to a release, Evasi0n decided to fast-track their working method and release a jailbreak early. The up-side of an early release was that they'd get TaiG's money and they'd get the credit for the jailbreak. The down-side is that the huge volume of apps written for jailbroken devices hadn't been tested and fixed to work on iOS 7 yet, including "Cydia". iOS compatibility is even more crucial for jailbroken apps than for standard iOS apps since they often use undocumented API which is obviously very volatile across iOS versions.

As a result of Evasi0n's early release, a bunch of people jailbroke their device only to find that almost all of the apps written for jailbroken devices that they were installing crashed or cashed their phones to break - since, as I said, they weren't updated for iOS 7.

TL;DR - Evasi0n worked really hard to find a method for jailbreaking, figured they deserved some money for their effort, figured in the mean time they'd condone a safe store to the Chinese, saw their chance at success slip away as other teams were gearing up to steal the glory and released before the developer community was ready, causing breakage and mayhem, never mind the trolling about the sudden appearance of a Chinese app store instead of Cydia.

For Evasi0n's side of the story, read http://evasi0n.com/l.html

about 4 months ago

RSA Flatly Denies That It Weakened Crypto For NSA Money

lhunath Re:It's a very sad day (291 comments)

What specifically about the United States of America did you expect to be different? In the end, we're all people and we're all just as corruptible. Only transparency and risk of exposure can make us behave. Which is why secrecy is always counter to democracy.

about 4 months ago

Evad3rs Announce iOS 7 Jailbreak For Latest Apple Devices

lhunath Re:iOS 7.1 (110 comments)

It's really not so much about "all the cool stuff Cydia offers".

It's all about freedom and control. A non-broken device is effectively a leased piece of hardware where the owner tells you what you can and cannot do with it. It's like renting your house rather than owning it. Sure, it's nice that maintenance is taken care of for you; but most of us actually prefer to know that the thing we live in/with is controlled by us, not somebody with a different agenda whose interest in your happiness and satisfaction is nothing more than a side-effect of their interest in profit.

It's about wanting to do something with this computer in your pocket that's more powerful than a mainframe when I was a kid, and not having to wonder whether Apple's sandbox will agree to it. It's about wanting to run a daemon on start-up and being able to. It's about wanting to ssh into your phone when you left it at home and get the thing off of it that you need. It's about it locking up and you being able to see why. It's about breaking the display but still being able to put VNC on it and use it like the powerful computer that you payed for minus the display. It's about POSSIBILITY and FREEDOM to do as you please with the thing you payed 750$ for.

about 4 months ago

Storing Your Encrypted Passwords Offline On a Dedicated Device

lhunath Re:Good idea (107 comments)


When all your online access depends on it, you can't have enough redundancy.

Security isn't just about secrecy. It's also about being safe from loss.

Which is exactly why I created Master Password (algorithm/app): The theory is that all your passwords should be stateless, not rely on any form of storage at all, be long to be secure against brute-force attacks, be irreversible, and even if you lose everything you own tomorrow, be recreatable purely from your own knowledge.

about 4 months ago

Why People Are So Bad At Picking Passwords

lhunath Re:because (299 comments)

It is my opinion that you cannot trust a human to make a good password.

You also cannot trust anything, a hard-disk, a notebook, a company(!) to store your passwords.

Which is why I use http://masterpasswordapp.com/ and I unlock it with a passphrase. The key elements here being: stateless, no storage, strong passwords.

about 5 months ago

Microsoft Warns Customers Away From RC4 and SHA-1

lhunath Re:What about Git? (92 comments)

There's a difference between using SHA1 for verifying integrity and using SHA1 for cryptographic purposes.

I don't think it's GIT's intent to cryptographically prove that nobody has injected a modified commit in your history while going through extreme effort to mask that single-commit modification.

about 5 months ago

Netflix Ditches Silverlight With HTML5 Support In IE11

lhunath Re:Still need to install something (337 comments)

What exactly is your point? Because most of the users are apathetic to DRM, it needs to stay?

If you can sufficiently obfuscate a jail around your life such that you don't notice it in your daily doings, it belongs there? Of course not.

DRM solves no problems, but it CREATES a LOT of them. Here's something that solves problems: Get rid of it.

about 10 months ago

Google Aims To Cull Child Porn By Algorithm, Not Human Review

lhunath Re:What is the point of this? (306 comments)

You are walking a dangerous road, friend.

Before you talk, you should think about all the angles. Think about what it means to flag someone as suspicious, think about how easy it is to make someone look suspicious, think about how easy it would be for someone who doesn't like YOU to make YOU look suspicious, and think about how easy it would be to sabotage anything on the internet when all it takes to "temporarily" censor something is a child-porn flag.

Before you think I'm conflating things, before you start spouting a reply, please step away from the keyboard, take ten minutes, and consider the fact that the world isn't black-and-white. Issues aren't all trivial, and in almost all of the cases, it's better to let the criminals go if it means you won't risk the innocent be jailed or permanently marked by association.

Hatred and short-sightedness are very dangerous. Only your rational thinking can curb that. Please be smarter.

about 10 months ago

SOPA Creator Now In Charge of NSF Grants

lhunath Re:ah the anti-NSF crowd again (307 comments)

Gather a fair distribution of your country's residents into a room and ask them to stand on the left if they believe the 1B$ should go to researching alternative energy and on the right if it should go to preventing terrorism.

There is an inherent flaw in democracy that you cannot ignore; the majority vote will most commonly be undereducated. That's only normal and not because your population is stupid, they're just not experts in what they're voting for.

Similarly, I won't expect promising results from having random people on the street prioritize my iteration planning.

When you're desperately holding onto democracy in the conviction that it will lead you to an ideal society, you're either blinding yourself from this truth or you have a very limited opinion on what is ideal. Unfortunately, though, I suspect Churchill was on to something here, "It has been said that democracy is the worst form of government except all the others that have been tried.". Perhaps we should be researching forms of government instead.

about a year ago

SOPA Creator Now In Charge of NSF Grants

lhunath Re:ah the anti-NSF crowd again (307 comments)

Be careful in your defence of democracy: You may well find the sensible interests are the minority.

about a year ago

Richard Stallman: 'Apple Has Tightest Digital Handcuffs In History'

lhunath Re:Car (515 comments)

No, you would use software such as the following instead:

Not only is this hurting unfortunate customers, it's also hurting hardware vendors or products that didn't get the Apple blessing. Anyway, getting into semantics about the printer example is pointless. The greater issue here is that any kind of issue at all requires an Apple-certified solution in this scenario. And such is rarely in the best interest of all customers.

If things are not locked down, customers can choose for an Apple certified solution that comes with Apple support and blessing. Or they can opt for going to the local tech guy who isn't necessarily less able than the staff at the Apple store; and often to the contrary.

about a year ago

Richard Stallman: 'Apple Has Tightest Digital Handcuffs In History'

lhunath Re:Car (515 comments)

When your mother buys a printer and AirPrint happens to not work with it, she might ask you or anyone tech-knowledgable to make it work for her.

Since the iPhone has locked you out of doing anything that isn't Apple-certified, your only reply to her will be, buy a new printer. This time, make sure it has AirPrint support on the label.

If the iPhone hadn't been locked down (eg. it's jailbroken), you could easily install additional printer drivers or support.

Yes, buying an iPhone is giving up the freedom to make your new computer do things that you need it to do but aren't certified by the vendor. And yes, consumers do suffer from that. Stop blinding yourself to that. The iPhone would work no different for your mom if there had been a way for techy people to become root. The only difference is, now any techy person can help her. Not just the Apple-certified ones, and not just with Apple-certified solutions.

That is what software freedom is eventually about. It matters to tech people just as much as it does to non-tech people, because it enables them to go to tech people for help. Stallman's formulated four freedoms are simply the rules he figures will guarantee a consumer's freedom to control their own devices, or get help with them from a knowledgable person.

Similarly, in your car analogy, it would be nice if vendors released sufficient documentation publicly so that the car repair person next door who happens to be a really awesome mechanic can help me with my car's issues. Instead, I'm forced to suffer the pain of finding a vendor-certified dealership. That pain is not for the better of me, kindly stop lying to me.

about a year ago

Richard Stallman: 'Apple Has Tightest Digital Handcuffs In History'

lhunath Re:Fuck him. (515 comments)

There is nothing but hate in your post. You might as well be talking to a wall.

If you could substantiate some of that with something of value, we might be able to learn from whatever wisdom drew you to that conclusion.

about a year ago

Man Arrested At Oakland Airport For Ornate Watch

lhunath Re:Take that! (519 comments)

He didn't have a watch in his thick boots. He had a watch. And thick boots.

man was arrested at Oakland International Airport after security officers found him wearing an unusual watch

about a year and a half ago

David Cameron 'Orders New Curbs On Internet Porn'

lhunath Re:Rude. (345 comments)

My comment is not rude, it is factual and constructive. For all you know, Max is a perfectly reasonable person who's interested in learning where he makes mistakes in his usage of English so that the next time he'll say it right. Not everybody takes criticism as an insult, and the world would be a much happier place if we could all be like them.

about a year and a half ago

David Cameron 'Orders New Curbs On Internet Porn'

lhunath Re:As a father (345 comments)

Grammar is important. "Don't just confuse it" means something rather different from "Just don't confuse it".

about a year and a half ago


lhunath hasn't submitted any stories.


lhunath has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account