Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Japan's Shinkansen Bullet Trains Celebrate 50th Anniversary

mean pun Re:And still nothing in the US (106 comments)

The Japanese solution is to have your luggage shipped door to door by a freight company. A very good idea, but I must assume that Japanese freight companies ask a far more decent price for this service than in the rest of the world.

yesterday
top

Apple Fixes Shellshock In OS X

mean pun Re:Mac's don't get viruses. . . (165 comments)

I'm sorry, but I can't get exited about two days to fix one vulnerability (Major Linux distributions) versus five days to fix most, if not all known vulnerabilities (Apple). The fix is there, and I'm glad they took the time to do some additional testing, especially because bash on Mac OS X is something that a large majority of users will not even run, and those that do will mostly only use it for their command line handling. Remote exploitation is just not possible with the default settings, so I don't care that Apple is a little slower.

Similarly, I am glad that there was a quick fix for my Debian box, because there the vulnerability was critical, and I have seen in the log files that people were trying to exploit it.

This neatly demonstrates that the statistics you mention are meaningless. The tradeoff between quick and solid is always there, and it is likely that Microsoft more often had to deal with bugs that required urgent fixes; they still have a lot of legacy to deal with.

In general, I don't see any signs that Apple is lax about security. They may be a little slow, but usually the fix is worth the wait, and they're also pretty good at avoiding problems in the first place.

2 days ago
top

First Shellshock Botnet Attacking Akamai, US DoD Networks

mean pun Re:Question about how this works (236 comments)

I disagree that using shell CGI scripts should be considered security hole any more than using CGI scripts written in any other language (snip)

Shells are notoriously difficult to use securely. So much so that for example suid is often not honoured on shell scripts. And that's because of the documented behaviour of the shells. The newly discovered bug in the Bourne shell makes it particularly easy to write an exploit, but even based on just the documented behaviour you're either a fool or a genius if you think you can write secure shell scripts.

It may be true that it is perfectly safe to cross the Niagara over a steel cable if you're trained well enough, but normal people are nevertheless advised to just use the bridge.

5 days ago
top

Where Whistleblowers End Up Working

mean pun Obama declared a war on whistleblowers? (224 comments)

"Obama and his attorney general, Eric Holder, declared a war on whistleblowers virtually as soon as they assumed office," says Kiriakou.

Obama is certainly not any better than his predecessors, but I have to wonder if he is any worse. Valery Plame was on G. W. Bush's watch, for example.

about a week ago
top

Study Links Pacific Coastal Warming To Changing Winds

mean pun Re:The simple fact that we can't talk about this.. (207 comments)

have a good career as a climate scientist.

But one has to be ordained as a climate scientist first. Not many of their seminaries are going to graduate non-believers.

If you have complaints about the way climate science is evaluated, you will have to be more specific than this. Abstract references to religious institutions are insufficiently clear to discuss and address such complaints.

about a week ago
top

Study Links Pacific Coastal Warming To Changing Winds

mean pun Re:The simple fact that we can't talk about this.. (207 comments)

The catch 22 is in order to be a climate scientest you have to basically sign on to beleiving in AGW, so it is a bit like saying 97% of Catholic preists believe in god.

There are plenty of people and institutes that are willing to fund research to disprove AGW, so someone with a sufficiently convincing theory could easily have a good career as a climate scientist. So what's the catch 22?

about a week ago
top

Science Has a Sexual Assault Problem

mean pun Re:Is there a single field that doesn't? (460 comments)

Unfortunately, some people have gotten it into their heads that they have a right to not feel awkard, and that feeling awkward makes them "violated". A clear abuse of the word, if I've ever seen any.

If a woman ask men kindly not to do some kinds of things because it makes her feel awkward (and it should be obvious even without asking), and if a man then does it anyway, the word `violated' seems pretty accurate to me. He's not interested in her comfort, he's just interested in is own jollies.

about two weeks ago
top

Science Has a Sexual Assault Problem

mean pun Re:Is there a single field that doesn't? (460 comments)

Hint, pressing your body up against an unwilling partner is unwanted sexual contact.

Greeting someone with a hug is not sexual contact, unwanted or otherwise.

No, and women will not interpret it as such, even if you misread a situation and give a hug when it was not expected. There is a big difference between a friendly hug and something sexually suggestive. Duration, for a start.

How the fuck is someone meant to know when you do and don't hug anyway.

It may be a social faux-pas, but trust me, it's equally fucking awkward when you have Aspergers and people actually expect a hug.

Yes, understanding when and when not to hug can be problematic if you don't always read the social signs properly. Similar with social kissing. I think most people have had awkward moments like this. There are huge differences between social groups anyway, so misreading the signs is not such a big deal, as long as you keep it friendly. And you can always err on the safe side.

Or are you telling me that all those women I know are actually making sexual overtures when they expect me to hug them?

No, of course not. What point are you trying to make?

So sorry but I give no fucking credibility to a study that treats greeting hugs as 'sexual assault'.

Is there any evidence that they do?

about two weeks ago
top

Science Has a Sexual Assault Problem

mean pun Re:Is there a single field that doesn't? (460 comments)

It looks to me like mod prime is gently giving some friendly advice. Pretty damn obvious advice that should not be necessary, but friendly advice.

Is it really so hard to see that s/he has a point?

about two weeks ago
top

Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked

mean pun Re:Is this technically impossible - no. (191 comments)

Let's put it more simply. Aside from the one time pad, there is no publicly available encryption the NSA can't crack.

Although that might be the safest assumption to make, it is not at all clear that that is true. The standard algorithms and key sizes that are currently considered safe are certainly far too strong for brute-force attacks, even using massive and dedicated hardware, and they will remain so in the foreseeable future. It is always possible that there is a weakness in an algorithm, but there are no indications that there are, despite a lot of public scrutiny.

More directly: Edward Snowdon says that he trusts these algorithms.

about two weeks ago
top

Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked

mean pun Re:Not Hacked? (191 comments)

Right, it's not iCloud that was hacked, it was individual user accounts. It's the distinction between "the rotary club has been murdered" and "the members of the rotary club have been murdered".

No, some members of the rotary club have been murdered. (And also some members of the local droid knitting club.)

There is no indication that every iCloud account was hacked, or even that a disproportional number of iCloud accounts were hacked.

about two weeks ago
top

Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked

mean pun Re:Is this technically impossible - no. (191 comments)

For these people, with their resources, your "encryption", unless it's a one time pad, is no better than ROT13.

From the Snowdon leaks it looks like even the NSA cannot crack properly used strong encryption. That's why they try to harvest or weaken keys, try to get in before or after encryption, or use traffic (metadata) analysis.

about two weeks ago
top

The Future According To Stanislaw Lem

mean pun Re:Horse Shit (196 comments)

Don't forget all the military SF for the ammosexuals out there.

about three weeks ago
top

Cuba Calculates Cost of 54yr US Embargo At $1.1 Trillion

mean pun Re:Free Alan Gross (540 comments)

I'm sure the United States would be more willing to consider ending the embargo if Alan Gross was freed from prison.

`more willing' in this case would mean saying 'No, no, no way' to ending the embargo, rather than 'No, no, no, no way'.

In other words, it is the political reality in the US that makes this impossible, not the imprisonment of a single guy.

about three weeks ago
top

Responding to Celeb Photo Leaks, Reddit Scotches "Fappening" Subreddit

mean pun Re:please (307 comments)

True, but as I said I was generous in my assumptions anyway. In reality the alphabet is larger, Apple must have a minimum password length of at least 8, and I really doubt that you can do 100 tries per second. I therefore am very sceptical that even with a dictionary attack you can get very far, at least not without choosing a specific dictionary for your victim. And if you do that it is no longer a brute-force attack.

As I wrote in an earlier discussion, I know very few websites that impose a limit on the number of login attempts, so it is not reasonable to suddenly declare this an epic fail of Apple. It is good they plugged the hole (although they could just block you for an hour after three failed login attempts), but guessable passwords must have contributed to this.

Oh, and does /. impose such a limit?

about three weeks ago
top

Responding to Celeb Photo Leaks, Reddit Scotches "Fappening" Subreddit

mean pun Re:please (307 comments)

Yes, it was a brute force attack. Apples now trying to cover it up by claiming "If only you had a better password." Which may be true, if their passwords had been 50 characters long it would have taken the brute force attack a lot long to complete. But the fact of the matter is, Apple forgot to put in an X number of wrong attempts = account locked, procedure in... or it wasn't working properly and people exploited it.

In cryptography, a brute-force attack means that you don't know anything about the password, but just try all the billions of possibilities. Assuming that a password character can only be a-z, A-Z, 0-9, and 10 other characters, and assuming that a password has exactly 6 characters, you would have to try on average (72^6)/2=69657034752 passwords. Assuming you can do 100 tries per second, that would still take more than 8062 days, or more than 22 years on average. Note that I'm being very generous in my assumptions here.

In other words, unless there was another weakness, a brute-force attack was impractical, even without any limit on the number of attempts.

What probably happened was that the passwords were indeed weak. If you know your victim has a dog called 'fido', you can try if she used that name in her password, and in my example you only have to guess two more characters. That only takes seconds or minutes. The attackers may call this brute force, but that's misleading.

about three weeks ago
top

Music Training's Cognitive Benefits Could Help "At-Risk" Students

mean pun Re:STEM =! Convergent Thinking (58 comments)

Nobody forces you to listen to only the most recent one-hit wonders. There is now more than 50 years of good-quality recordings of popular music to choose from, and then there are the vast worlds of latin-american music, world music, and classical music. And with services like Spotify they are more accessible than ever.

I admit that seeing good visual art in person is a bit more difficult, especially in some cultural wastelands, but things are no worse than in earlier decades, and there are more good reproductions available online than ever before. Just one good example: https://www.rijksmuseum.nl/en/....

Art has always been like that: 90% of the output is garbage, 9% is pretty good, and perhaps 1% is beyond that. Don't obsess about that 99%, in a few years it will be forgotten. Enjoy the 1%.

about a month ago
top

Music Training's Cognitive Benefits Could Help "At-Risk" Students

mean pun Re:Arts in Education (58 comments)

Your sweeping evaluation of the entire field of social sciences is of course not at all subjective, so you can back this up with rigorous peer-reviewed research. Citations please?

about a month ago

Submissions

mean pun hasn't submitted any stories.

Journals

mean pun has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?