Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



OpenSSL Bug Allows Attackers To Read Memory In 64k Chunks

maswan Re:We're all fucked (303 comments)

Any data? From a vulnerability that can read up to 64k in the process that does the TLS heartbeat? Not even with a choosable offset.

about 4 months ago

Fake PGP Keys For Crypto Developers Found

maswan Re: x.509 WTF? (110 comments)

Of course attacking SSL on the protocol level is by far more useful, since you can just silently sit there and eat all the "secret" data, instead of having to actively MITM particular connections.

But do you really think there is a single US CA out there that would say no to a national security letter requiring them to issue a certificate if they actually needed it? Especially given how Joseph Nacchio was treated for resisting voluntary assistance to the NSA? Or that the Chinese ones wouldn't issue whatever was asked if the Ministry of Public Security turned up and wanted some certificates?

Stuxnet actually proves another part of why the CA system is utterly broken. Because they just had to break in *somewhere* in order to get a key signed by *any* CA in order to sign their stuff. To impersonate Tor developers, they'd have to steal the Tor developers keys, or make up new ones that looks plausable enough. Unlike the X.509 CA system where any attacker might just as well steal the keys of any random project and they'd be just as acceptable since they are signed by a CA.

But you're right, that it isn't a CA-level compromise, unlike DigiNotar who shows that particular line of attack. And were only found out by widespread intercerption of Iranian connections to Gmail.

about 5 months ago

Fake PGP Keys For Crypto Developers Found

maswan x.509 WTF? (110 comments)

The CA model for X.509 certificates has been shown to be utterly broken for protection against intellengence agencies, they clearly have both access to some of the private keys of "trusted" CAs as well as the leverage to have "trusted" CAs issue arbitrary certificates in their home jurisdiction. There is no way in which this would get better by switching to X.509 compared to PGP.

We have already have plenty of malware with valid signatures backed by trusted CAs using stolen keys etc, check stuxnet/duqu for instance.

Now, I know it can be hard to bootstrap a PGP web of trust, and there is certainly plenty of work to be done there to make it easier and user friendlier. But chucking out the one piece of actually working low-level technology for real security in favour of one that is utterly broken, and has been shown to be broken for years, is just plain stupid.

about 5 months ago

Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

maswan Re:Why is this legal? (572 comments)

DNSSEC. And hoping for client verification at some point in the unknown future. Good luck!

about 5 months ago

EU Copyright Reform: Your Input Is Needed!

maswan Re:Suggestion: the EU should harmonize copyright t (154 comments)

Maybe. On the other hand, 10 year terms means no movie company ever has to pay the author of a book for making the movie out of a book, or adher to the authors wishes. Just wait the years out.

about 7 months ago

Linux x32 ABI Not Catching Wind

maswan Re:Nice concept (262 comments)

The main benefit is that it runs faster. 64-bit pointers take up twice the space in caches, and especially L1 cache is very space-limited. Loading and storing them also takes twice the bandwidth to main memory.

So for code with lots of complex data types (as opposed to big arrays of floating point data), that still has to run fast, it makes sense. I imagine the Linux kernel developers No1 benchmark of compiling the kernel would run noticably faster with gcc in x32.

The downside is that you need a proper fully functional multi-arch system like is slowly getting adopted by Debian in order to handle multiple ABIs. And then you get into iffy things on if you want the faster /usr/bin/perl or one that can handle 6-gig lists efficiently...

about 8 months ago

MIT Study: Only 3.1% of USA Used Electronics "e-Waste" Were Exported

maswan Re:Whoever extracts elements first wins. (58 comments)

Gernalized way? Not likely. But in this particular setting (electronic scrap), there is plenty of activity. I know these because they make the local news: - but there are several competitors to them too. Lots of copper and gold and other metals in electronics that is commercially recyclable given that someone sorts it out and throws the electronics in containers with just electronics.

about 8 months ago

GIMP, Citing Ad Policies, Moves to FTP Rather Than SourceForge Downloads

maswan Re:FTP? (336 comments)

We do, and we much prefer HTTP over FTP since we do clever caching and redirects for HTTP. See:

We are talking to the GIMP folks to readjust their links.

about 9 months ago

The Steady Decline of Unix

maswan Re:A distinction without a difference (570 comments)

And *nix in the form of, say, Oracle Solaris or IBM AIX is more restrictive than the GPL. Linux is just one branch of the unix family.

1 year,11 hours

The Twighlight of Small In-House Data Centers

maswan Re:Correction... (180 comments)

They start to care when their data 'goes away' for 3 days.

But that's very unlikely to happen in the next quarter. Probably not even for the next 3-5 years, by which time they'll be somewhere else and not give a shit.

about a year ago

U.S. ISBN Monopoly Denies Threat From Digital Self-Publishing

maswan Re:GUID? (127 comments)

So are ISBNs, in many parts of the world. I guess the US has left it to the free market to decide how much the should cost.

about a year and a half ago

XBian's Koenkk Replies To the XBian/RaspBMC Flap

maswan Re:Complication of making a distribution (63 comments)

The turbo mode stuff together with the kernel and firmware all come from the same repository. Raspbian is really the Debian:y environment around this.

If you want to run Debian, you can do that too (at a performance penalty since you need to use the soft float version, armhf is targeted for a newer version of ARM than is in the Raspberry Pis). You still need the same non-free blobs to do anything graphical etc though.

about 2 years ago

XBian's Koenkk Replies To the XBian/RaspBMC Flap

maswan Re:Complication of making a distribution (63 comments)

Yes, it is called Raspbian, which is Debian with a recompile for the target and some installer tweaks and hooks for pulling in the necessary non-free stuff from which comes from the pi being a closed platform.

Xbian, RaspBMC, etc take Raspbian and then make a custom install based on a package presets and some scripts for automagic setup for those that think Debian is "too complicated". And apparently lots of drama.

about 2 years ago

Ig Nobels Feature Exploding Colonoscopies, Left Leaning Views of Eiffel Tower

maswan Re:The double laureate (91 comments)

You mean 2010? That's when Andre Geim got the Nobel prize in physics (for graphene), having previously gotten the Ig Nobel for levitating frogs.

about 2 years ago

Black Mesa Released

maswan Re:Is this the real one? (130 comments)

It's what is in the official torrent. My torrent client says 3146.1 MB.

about 2 years ago

Texas Scientists Regret Loss of Higgs Boson Quest

maswan Re:Have they actually found it? (652 comments)

China's HEP institutes also are in both Atlas and CMS. These are global collaborations and anyone with a significant research interest would likely have joined one or the other by now.

more than 2 years ago

Paypal Forces E-Book Publisher To Censor Erotic Content

maswan Re:People still use PayPal? (301 comments)

Yup, I happily fork my CC number over to anything that reasonably legit. Of course, my bank is nice enough to create a unique CC number with a charge limit on my request, so there's only so much they can steal.

more than 2 years ago

Linux Foundation, Sites Down To Fix Security Breach

maswan Re:SSH keys? (101 comments)

Well, you'd still need keys on your laptop to get to the server. So now you have two places where your keys can be stolen and used to login everywhere you trust your keys.

For the case where you actually do need direct communication between two servers you probably want to do agent forwarding instead of having more keys in your authorized_keys. Remember that every single entry there is a point of failure, and any one of them getting compromised means that your account is likely to get owned.

Now there are special cases where having more keys is useful, but most of the time they just open up more vectors for someone to steal them and break into other computers.

Of course, even then, they are better than passwords, at least if they have proper passphrases. Not too uncommon to see lots of passphrase-less keys in home directories on multi-user servers though.

more than 2 years ago

Linux Foundation, Sites Down To Fix Security Breach

maswan Re:SSH keys? (101 comments)

It is an unfortunately common case that people copy/create private ssh keys on servers to login (or scp) from those to another remote host. These keys are of course compromised.

more than 2 years ago


maswan hasn't submitted any stories.


maswan has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>