Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Apple's Spotty Record of Giving Back To the Tech Industry

philip.paradis Re:Free as in fuck you! (266 comments)

Nothing in the GPL prevents you from charging money for GPL licensed software. You appear to be confused on this point. Based on a large sample set of previous discussions on the effects and merits of various licensing schemes, I suspect you are also confused on the definition of the word "freedom." In case you're not confused, but offering a goalpost moving teaser into a discussion on the latter point, I'll preemptively note that neither you nor Stallman get to redefine words to fit any particular ideology. I choose to license most of my software under derivatives of BSD style and Artistic licenses, and I do so for what I believe are good reasons. While I absolutely encourage you to engage in persuasive public discourse on the merits of your favorite licensing schemes, I also absolutely insist on honesty while doing so.

5 days ago

Ask Slashdot: Are You Apocalypse-Useful?

philip.paradis Re:Medical doctor (731 comments)

Dating is easier when you have resources, such as ample food, that are in demand. However, you may not want to be so quick to disregard the primitive bow and arrow factor, as such projectile weapons are also capable of dispatching you when used by competing males. Arrows readily traverse pits.

about a week ago

Not Just Apple: GnuTLS Bug Means Security Flaw For Major Linux Distros

philip.paradis Re:Linux is not an Operating System (144 comments)

GnuPG implements RFC4880. See also the OpenPGP alliance. GnuTLS implements SSL, TLS and DTLS. See also OpenSSL and PolarSSL.

Your userland software may or may not link against GnuTLS. It's probably more likely to link against OpenSSL.

It's important to understand the mechanisms involved with software that provides facilities for securing information both locally and in transit to others. It's nearly as important to do a bit of research on said mechanisms before engaging in discussions on them.

about two weeks ago

Ask Slashdot: User-Friendly Firewall For a Brand-New Linux User?

philip.paradis Re:Why? Is it really necessary? (187 comments)

When was the last time you were party to a serious information security audit? I get the feeling you don't protect data of substantial value for a living.

In any event, this only protects against internal incompetence rather than external malice, so is not a necessary part of running a secure system.

You forgot to mention internal malice.

about two weeks ago

Ask Slashdot: User-Friendly Firewall For a Brand-New Linux User?

philip.paradis Re:No more iptables (187 comments)

As I mentioned in a previous /. story regarding nftables, iptables isn't "going away." You neglected to mention that nftables provides backward compatibility with iptables, while allowing significant new functionality. A huge amount of infrastructure utilizes iptables rules, and nftables isn't intended to break that.

There is no confusion of tons of admins here.

about two weeks ago

Security Evaluation of the Tesla Model S

philip.paradis Re: Here it comes... (93 comments)

and is not required at all for a computer

You must have missed my earlier reply. As the GGP comment contained the excerpt "like your computer", I'm still eagerly awaiting a citation regarding a computer which contains no plastic components, presumably one available for purchase under the implicit assumption that you are in possession of such a machine. I'm looking forward to the opportunity to purchase this wonderful device for my own use, so please don't keep me waiting too long.

about two weeks ago

Security Evaluation of the Tesla Model S

philip.paradis Re: Here it comes... (93 comments)

Please cite a source for any laptop which does not contain plastic.

about three weeks ago

Security Evaluation of the Tesla Model S

philip.paradis Re: Here it comes... (93 comments)

I believe the GP was referring to the plastic portions of laptops, which are largely synthesized from oil and natural gas, not silicon.

about three weeks ago

Crows Complete Basic Aesop's Fable Task

philip.paradis Re: Let them be. (87 comments)

You must have missed the bit about "Three fowl plays and you're bunted out!"

That's a reference to the "three strikes and you're disconnected/banned at the ISP level" legislation that has popped up in various locales, lobbied for by the media industry folks. As far as I can tell, the source of your whooshing was a joke in a joke, and I must say I found it pretty amusing.

about three weeks ago

Java 8 Officially Released

philip.paradis Re:Does it make Minecraft run faster? (302 comments)

Quoting the grandparent:

The one thing they need to do is make Java run multi-threaded ... Oracle should not ignore it's Minecraft userbase.

Three things seem plain. First, the poster appears to believe that applications may be rendered multithreaded by mere virtue of the programming language they are written in, without special consideration; in other words, an application that would otherwise be singlethreaded may be made instantly multithreaded without special work. Second, the poster did not know Java has threads. Third, the poster believes Oracle cares about Minecraft. All of these things appear to reflect an uninformed poster.

about 1 month ago

Snowden Says No One Listened To 10 Attempts To Raise Concerns At NSA

philip.paradis Re:But, but... (273 comments)

That whooshing sound is your cue that you're too stupid to vote.

about a month ago

Google Funds San Francisco Bus Rides For Poor

philip.paradis Re:I don't get it. (362 comments)

To be fair, the odds are good that he would feel threatened for long.

about a month and a half ago

New Russian Fighter Not Up To Western Standards

philip.paradis Re:So a good match... (354 comments)

I read "defect" as "defecate" at first, and was solemnly nodding my head in agreement, as that would be difficult to cover up.

about 3 months ago

200 Dolphins Await Slaughter In Japan's Taiji Cove

philip.paradis Re:That doesn't seem right. (628 comments)

From Wikipedia: "The killer whale (Orcinus orca), also referred to as the orca whale or orca, and less commonly as the blackfish, is a toothed whale belonging to the oceanic dolphin family."

You should probably go back to whatever MMORPG you're playing now.

about 3 months ago

Linus Torvalds: Any CLA Is Fundamentally Broken

philip.paradis Re:Spell it out the first time (279 comments)

Just what are you trying to imply here, something or other about programmers, sheep, and conjugal concerns? You've got a sick mind my friend, just plain sick.

about 3 months ago

Why We Think There's a Multiverse, Not Just Our Universe

philip.paradis Re:You can name something University and ... (458 comments)

Better terminology for this theory would be "islands of causality". But scientists tend to be shit at naming things so instead they will overload a sadly overused term instead.

While it would certainly be a better technical description, many people might have difficulty understanding the expression "islands of causality." The term "universe" is more widely understood by the general populace, and hence the expression "multiple universes," or "multiverse" if you will, may be more easily understood by a broader audience.

about 3 months ago



Multiple Rackspace Security Vulnerabilities Discovered

philip.paradis philip.paradis writes  |  about 2 years ago

philip.paradis writes "According to materials published today, several Rackspace cloud security vulnerabilities have been discovered. Problems with a Rackspace-supplied agent running on cloud servers have been documented, along with a much more severe issue with the method Rackspace has used to generate default root passwords for cloud servers. In short, root password hashes were generated using a legacy hashing function (resulting in cryptographically weaker hashes to start with) and used the system hostname as the first portion of the password.

Thus, cloud servers deployed in this manner would only consider the first eight characters of the root password significant, potentially allowing an attacker with simple knowledge of this weakness and the system's hostname to remotely log in via SSH as root. As hostnames are easily determined by a number of means, the potential for damage is significant. Additionally, evidences exists that Rackspace is storing customer root passwords internally in a recoverable format.

These issues were reported to the company, as described in the previously published Rackspace cloud security pre-advisory. To date, Rackspace has apparently mitigated some of the issues for newly deployed instances, but serious questions remain regarding the integrity of servers in the wild which were deployed using the flawed methods. As the company is a large hosting provider with well known IP space, and the time at which these problems were first manifested is unknown, the number of vulnerable servers could be significant."


philip.paradis has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account