Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Google Releases Android Studio 1.0, the First Stable Version of Its IDE

lhunath Re:My experiences of Android Studio (115 comments)

Note: AS highlights errors just fine, you don't need to build to get told your method params are wrong. Its code inspection is generally much smarter than Eclipse's and you can go in and turn things on/off. More inspection = more CPU while you type stuff. Also, if you're working on non-Android components simultaneously as you suggest, try IntelliJ IDEA (Community Edition) instead, it's exactly the same IDE, same support for Android stuff, plus everything else Java. Also see the plugin browser in the settings for specialized support for certain frameworks.

about a month and a half ago

Passwords: Too Much and Not Enough

lhunath Passwords should not be handled by people. (223 comments)

We have hundreds of accounts scattered across the net, and each's security relies on a secret that is supposed to be unguessable and shared only between you and that site. Such is the primary assumption of passwords, and yet such a system can never work for people.

The only solution is to stop using passwords as passwords and instead consider them as "symmetric keys". Master Password is a password generator that takes the name of your site and generates a unique key for you and it which you use as the password for the site. The awesome thing is that it's a generated key and thus doesn't rely on any form of storage, be it cloud or require backups and sync, nor can it ever be lost. It uses the scrypt KDF to protect itself against off-line reversal attacks.

about 3 months ago

Critical Vulnerabilities In Web-Based Password Managers Found

lhunath Re: KeePass? (114 comments)

That is very dangerous: when the master password is trivial to reverse from the site password, an attacker could easily set up a hoax site, get your site password and reverse your master key. Master Password above uses a hmac-sha-256 of a 64 byte master key which is something you can't just reverse. It also uses an expensive scrypt based salted key derivation to get that key from your master password, which is also something you can't reverse.

about 6 months ago

Critical Vulnerabilities In Web-Based Password Managers Found

lhunath Re:KeePass? (114 comments)

How about no keyfile at all? Keeping backups of a keyfile in secure locations, syncing a keyfile between multiple devices and handhelds securely and without conflict, etc all needlessly complicate password management and eventually affect overall security. Also, if an authority obtains your keyfile through any form of search, they are legally within their right to force you to provide the key to unlock it. Not so if there is no encrypted vault.

about 6 months ago

EU's Top Court May Define Obesity As a Disability

lhunath Re:Thyroid problem (625 comments)

Aggression is a wholly ineffective behavioural change effector. You are just being a short-sighted ass, and the fact that your simplistic opinion is shared by most of the citizenry is most likely the largest cause of obesity.

You won't understand why until you consider that the biggest cause of obesity is psychological.

Many people have a hard time understanding what psychological issues are and how real they manifest themselves. It's not unlike the middle ages where ignorant healers would bleed you to try and get rid of the sickness. These are opinions based on whatever common sense they had at the time combined with a general ignorance. These people were not dumb, they were just uninformed. Now you straighten yourself out.

People get fat because their psychological state drives them to consume things that produce dopamine (the hormone that makes you happy). Probably because they either don't have enough of it (they're sad) or because they've grown addicted to it (nearly everything you buy nowadays will make you addicted to dopamine). To solve the "getting fat" problem, people need to stay away from unhealthy things that produce dopamine (sadly, these are also the "easy" things), and start finding the healthy things that produce dopamine (going out with friends, learning, experiencing new things). Sadly, this becomes harder and harder as your weight increases.

But that's not all. Once you're heavy, solving the "getting fat" problem not only gets tougher, it also won't actually make you skinny. Even if you stop eating anything unhealthy, you will not lose weight. You could eat half the calories a healthy skinny person eats and not lose weight. That's because your body is designed to not go down in weight. You can do crazy things to go down temporarily, but your body will be fighting you all the way and as soon as it gets the chance it will reset your weight back to what it was. This is why nearly every dieter regains their weight. To lose weight permanently, you need to either fight your body's set-point permanently or undergo a certain type of surgery, such as a gastroscopic bypass or duodenal switch.

As for why your attitude is what causes obesity: simplification of the issue, making it taboo and agressively pushing skinnyness are all factors which cause both the psychological environment where a person will start to obsess over the importance of their weight, as well as the bad sources of dopamine and the physical situation of people starving themselves for no good reason which will have the result of your body going into panic mode, shut down its metabolism and build stores of fat for anything it can possibly get its hands on.

The best way to make your population fat is to tell them being fat is horrible, all your own fault and eating food is bad for you. For the love of all that is good, DO NOT TELL ANY CHILD TO NOT GET FAT. Just teach them to live happy and healthy. Being happy means you need no bad sources of dopamine.

about 7 months ago

GnuTLS Flaw Leaves Many Linux Users Open To Attacks

lhunath Re:Security by Obscurity only... apk (127 comments)

First of all, none of this has anything to do with "Linux". These are all user-land libraries and tools you're referring to. They are all available for Linux, BSD and Windows alike; including OpenSSL and GnuTLS.

Secondly, "top dog" has nothing to do with any of this either. Software such as OpenSSL and GnuTLS needs to be secure. That means that there should be no exploits. The amount of people "attacking" it is irrelevant given those constraints. Whether 1 researcher is looking for bugs or 10.000 criminals are trying to exploit it is irrelevant. None of them should be able to find anything useful.

Lastly, Windows as much as any other proprietary solution is completely irrelevant to this discussion to anyone with a sensible opinion on the topic. That's not because proprietary software is worse than free software, it's because proprietary software can never offer the kinds of security guarantees that free software can by mere virtue of their insistence on secrecy. What that means is, even if there is a proprietary replacement of OpenSSL for which no exploit is published in 10 years, you could never trust that the NSA, the Russians, the Chinese or the Iranians don't have a way in. You can't even trust that they haven't forced the company to add in back-doors and keep them secret. Essentially, proprietary software loses by default and free software is the only useful thing we have left, even if it sometimes fails at keeping its promises.

about 8 months ago

Apple Announces New Programming Language Called Swift

lhunath Re:Bjarne Stroustrup (636 comments)

If the world ever advanced when it came face-to-face with a problem it could not solve with current models we wouldn't have reached much of anything.

Obviously the "it doesn't solve any problems" statement is utterly false. It solves all the same problems Objective-C solved.

So why a new programming language? First of all, new programming languages allow you to express the abstract concepts you're trying to convey in a more optimal fashion. Each time we improve a programming language, we have an opportunity to further close the hole of cognitive dissonance between what we want to do and how we describe that intent to a computer. We have an opportunity to remove whole classes of bugs that were possible in the previous generation languages. We have the opportunity to learn from what we don't like about our current situation and make it more comfortable for ourselves.

The less we need to worry about how to do the things, the more we can focus on what things we could do.

Don't be so conservative.

about 8 months ago

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

lhunath Open Governance (582 comments)

The same argument can be applied to government. Just because all laws are visible to the public doesn't mean we don't ever put and keep bad laws in effect. The solution to bad laws is not hiding them, it's more publicity. Similarly, more review on each commit would help the OpenSSL project.

about 9 months ago

Turkish Finance Minister Defends Twitter Ban

lhunath Re:Deja Vu (Again) (94 comments)

It is also wholly within Turkey's right to put out arrest for Dick Costolo (Twitter's CEO) and demand his extradition to be tried under Turkish law on what Twitter has done for Turkish residents.

about 10 months ago

First Automatic Identification of Flying Insects Allows Hi-Tech Bug Zapping

lhunath Re:Sexist Pig! (99 comments)

Only female mosquitos suck blood. Therefore, only the females are a health threat to humans.

about 10 months ago

Ask Slashdot: How Do You Manage Your Passwords?

lhunath Re:SuperGenPass (445 comments)

The idea is great, the implementation horrible.

Master Password is an implementation of the same idea which takes care of all the flaws.

In my opinion, what you need from a password manager is:

  - The output passwords need to be strong against attacks and the solution needs to be strong against attacks.
  - You need to be able to trust the algorithm and the implementation that implements it, and any involved parties.
  - Being safe from loss is just as important. If you can get locked out of everything the day your apartment catches fire, it sucks.
  - It needs to be sufficiently easy to use so that I won't get lazy and skip it.

Doing 10 MD5's (SuperGenPass) offers NO strength against attacks on the solution at all. In fact, if I want all your passwords, all I need to do is make a website, get you to sign up with me, and brute-force your master password from the site password you gave me. A day's work, at most.

Master Password implements several techniques to solve all of the above security problems: http://masterpasswordapp.com/s...

about a year ago

The iOS 7 Jailbreak Fiasco

lhunath Re:Confusing summary (210 comments)

Evasi0n7 is the name of the method used to apply a tethered jailbreak to the phone. The 7 is for iOS 7. The jailbreak is what disables the security features that lock people out of their own device.

TaiG is the name of a "store" the distributes Chinese applications, similar to Cydia, the store that is currently considered to be the "default" for distributing applications on jailbroken devices. Aside from using Cydia or TaiG, you can also put apps on the device manually or use other stores / distributions.

The deal with TaiG was not a result of any stealing. Evasi0n (the team that made the Evasi0n7 method) had been approached by TaiG with an offer of bundling their store instead of Cydia (which doesn't have a lot of Chinese content) for Chinese users only. Terms of the deal included that TaiG would not be allowed to distribute any "pirated" applications. Evasi0n's rational was that without TaiG on the device, most Chinese users would proceed to install an app store that did provide "pirated" apps and this way they would be condoning a "non-pirating" app store to the huge Chinese jailbreak audience. In exchange for bundling TaiG and therefore giving TaiG a huge userbase in China, Evasi0n was offered a lump of money.

Unfortunately, it turns out after the fact that some pirated apps were spotted on TaiG. Evasi0n reported these to TaiG ASAP and they were removed. You can imagine the trolling that ensued especially from competing jailbreak teams.

Other teams working on a jailbreak method in parallel to Evasi0n were also given this offer from TaiG. In fact, another team was getting a jailbreak release ready with a similar, stolen or different method, I don't know, but since they were getting close to a release, Evasi0n decided to fast-track their working method and release a jailbreak early. The up-side of an early release was that they'd get TaiG's money and they'd get the credit for the jailbreak. The down-side is that the huge volume of apps written for jailbroken devices hadn't been tested and fixed to work on iOS 7 yet, including "Cydia". iOS compatibility is even more crucial for jailbroken apps than for standard iOS apps since they often use undocumented API which is obviously very volatile across iOS versions.

As a result of Evasi0n's early release, a bunch of people jailbroke their device only to find that almost all of the apps written for jailbroken devices that they were installing crashed or cashed their phones to break - since, as I said, they weren't updated for iOS 7.

TL;DR - Evasi0n worked really hard to find a method for jailbreaking, figured they deserved some money for their effort, figured in the mean time they'd condone a safe store to the Chinese, saw their chance at success slip away as other teams were gearing up to steal the glory and released before the developer community was ready, causing breakage and mayhem, never mind the trolling about the sudden appearance of a Chinese app store instead of Cydia.

For Evasi0n's side of the story, read http://evasi0n.com/l.html

about a year ago

RSA Flatly Denies That It Weakened Crypto For NSA Money

lhunath Re:It's a very sad day (291 comments)

What specifically about the United States of America did you expect to be different? In the end, we're all people and we're all just as corruptible. Only transparency and risk of exposure can make us behave. Which is why secrecy is always counter to democracy.

about a year ago

Evad3rs Announce iOS 7 Jailbreak For Latest Apple Devices

lhunath Re:iOS 7.1 (110 comments)

It's really not so much about "all the cool stuff Cydia offers".

It's all about freedom and control. A non-broken device is effectively a leased piece of hardware where the owner tells you what you can and cannot do with it. It's like renting your house rather than owning it. Sure, it's nice that maintenance is taken care of for you; but most of us actually prefer to know that the thing we live in/with is controlled by us, not somebody with a different agenda whose interest in your happiness and satisfaction is nothing more than a side-effect of their interest in profit.

It's about wanting to do something with this computer in your pocket that's more powerful than a mainframe when I was a kid, and not having to wonder whether Apple's sandbox will agree to it. It's about wanting to run a daemon on start-up and being able to. It's about wanting to ssh into your phone when you left it at home and get the thing off of it that you need. It's about it locking up and you being able to see why. It's about breaking the display but still being able to put VNC on it and use it like the powerful computer that you payed for minus the display. It's about POSSIBILITY and FREEDOM to do as you please with the thing you payed 750$ for.

about a year ago

Storing Your Encrypted Passwords Offline On a Dedicated Device

lhunath Re:Good idea (107 comments)


When all your online access depends on it, you can't have enough redundancy.

Security isn't just about secrecy. It's also about being safe from loss.

Which is exactly why I created Master Password (algorithm/app): The theory is that all your passwords should be stateless, not rely on any form of storage at all, be long to be secure against brute-force attacks, be irreversible, and even if you lose everything you own tomorrow, be recreatable purely from your own knowledge.

about a year ago

Why People Are So Bad At Picking Passwords

lhunath Re:because (299 comments)

It is my opinion that you cannot trust a human to make a good password.

You also cannot trust anything, a hard-disk, a notebook, a company(!) to store your passwords.

Which is why I use http://masterpasswordapp.com/ and I unlock it with a passphrase. The key elements here being: stateless, no storage, strong passwords.

about a year ago

Microsoft Warns Customers Away From RC4 and SHA-1

lhunath Re:What about Git? (92 comments)

There's a difference between using SHA1 for verifying integrity and using SHA1 for cryptographic purposes.

I don't think it's GIT's intent to cryptographically prove that nobody has injected a modified commit in your history while going through extreme effort to mask that single-commit modification.

about a year ago

Netflix Ditches Silverlight With HTML5 Support In IE11

lhunath Re:Still need to install something (337 comments)

What exactly is your point? Because most of the users are apathetic to DRM, it needs to stay?

If you can sufficiently obfuscate a jail around your life such that you don't notice it in your daily doings, it belongs there? Of course not.

DRM solves no problems, but it CREATES a LOT of them. Here's something that solves problems: Get rid of it.

about a year and a half ago

Google Aims To Cull Child Porn By Algorithm, Not Human Review

lhunath Re:What is the point of this? (306 comments)

You are walking a dangerous road, friend.

Before you talk, you should think about all the angles. Think about what it means to flag someone as suspicious, think about how easy it is to make someone look suspicious, think about how easy it would be for someone who doesn't like YOU to make YOU look suspicious, and think about how easy it would be to sabotage anything on the internet when all it takes to "temporarily" censor something is a child-porn flag.

Before you think I'm conflating things, before you start spouting a reply, please step away from the keyboard, take ten minutes, and consider the fact that the world isn't black-and-white. Issues aren't all trivial, and in almost all of the cases, it's better to let the criminals go if it means you won't risk the innocent be jailed or permanently marked by association.

Hatred and short-sightedness are very dangerous. Only your rational thinking can curb that. Please be smarter.

about a year and a half ago


lhunath hasn't submitted any stories.


lhunath has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?