Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Student Records Kids Who Bully Him, Then Gets Threatened With Wiretapping Charge

shellster_dude Re:Rewarding the bullies... (788 comments)

Why schools? Because no one can shoot back. There are giant signs advertising that no one is armed.

2 days ago

Intuit, Maker of Turbotax, Lobbies Against Simplified Tax Filings

shellster_dude Lobbying aside (415 comments)

On the one hand, filing Return-free filing would be a nice option...on the other, I like that people have to take the time to notice how much money Uncle Sam is taking.

3 days ago

Double Take: Condoleezza Rice As Dropbox's Newest Board Member

shellster_dude Re:Low even for Slashdot (313 comments)

I see so you want the policy to be in place so that you can be outraged that it happened instead of preventing it from happening.

Nice slippery slope fallacy. You're 0 for 2. Care to try again?

about a week ago

Double Take: Condoleezza Rice As Dropbox's Newest Board Member

shellster_dude Re:Low even for Slashdot (313 comments)

Nice try,

Facebook changing THEIR privacy policy directly affects users. The outcry is justified and has nothing to do with the politics of their CEO or board. This issue is entirely different. People are calling for boycotts and pressure because a perfectly capable board member used to work for the Bush administration which started a wiretapping program. It has NOTHING to do with what she personally has done nor what she has done as a board member of the Dropbox company.

Thanks for playing, next time try using your head...

about a week ago

Double Take: Condoleezza Rice As Dropbox's Newest Board Member

shellster_dude Low even for Slashdot (313 comments)

Let's quit pretending this is anything but an attempt to force her out because she is/was a Republican.

If she were a Democrat, the article would talk about the racist/sexist Republicans that were trying to force her out.

The Democrats have only enhanced the spying and wiretapping, but you don't get outcry's about the likes of Facebook the Zuckerberg's of the world who are huge Democrat donors.

I love to see that "tolerance" the left is famous for.

about a week ago

Ask Slashdot: How To Start With Linux In the Workplace?

shellster_dude First, XFCE (451 comments)

First, I'd recommend going with XFCE for your desktop. It's simple, looks kinda like windows and doesn't change looks constantly with each release.

If you are going to be managing these things, you might want to go with some sort of thinclient architecture with a beefy server, serving the old ex-XP boxes. This will reduce the configuration hassle long term, and make those crappy XP boxes seem pretty snappy. The downside, and it can be a doozy, if the server goes down or the networking is lousy, no one will be able to work.

about a week ago

Dyn.com Ends Free Dynamic DNS

shellster_dude changeip.com (240 comments)

I use changeip.com. They provide great, free service, and I don't have to constantly "renew" the service.

about two weeks ago

MIT Researchers Create Platform To Build Secure Web Apps That Never Leak Data

shellster_dude Seriously? RTFM (90 comments)

Am I the only one who read the read the article?

The Mylar system supports searching of the encrypted data and encryption with multiple, separate keys allowing multiple users to have access to specific records without requiring any key sharing.

The server can operate in a completely compromised fashion (in theory), as the data is all encrypted on the client side, before it goes to the server, and the server will never have the plaintext or the key to decrypt the ciphertext.

They seems to be operating under the assumption that it is much harder to compromise all the clients than a single server...unfortunately I don't think that claim holds up as there is nothing to prevent compromise of the clients if the server is compromised, via simple XSS-like attacks, which will be trivial since it will be same-origin.

IMHO, the only way to make something like this really work, would be hardened browser clients, with special encryption APIs which cannot be directly accessed by code that the server can inject (NOT JavaScript).

about three weeks ago

Time Dilation Drug Could Let Heinous Criminals Serve 1,000 Year Sentences

shellster_dude Not useful (914 comments)

The foremost point of prison is to keep bad individuals where they can't harm the general populace, and to punish them for their actions, with the hope that they will correct their behavior.

Using a time dilation drug does in lieu of actual time served does nothing to help keep them off the street.
Using a time dilation drug as well as a normal sentence amounts to psychological torture or near torture, and won't help with any corrective process which might have prevented repeat offense.

Bottom line: drugs like this have no place in or penal system, regardless of the ethical ramifications of using them on prisoners.

about a month ago

Weak Apple PRNG Threatens iOS Exploit Mitigations

shellster_dude Understanding PRNG (143 comments)

When cryptographers say that a PRNG is deterministic (in a bad sense), they usually mean it violates one of the following rules (or similar):

1) It should be realistically impossible for an outsider to determine or guess all the values that constitute a seed.
2) No matter how much of the "random stream" an attacker has seen, they should not be able to realistically determine the next value in the stream (without all the sources of entropy throughout the process).
3) Given the initial seed, an attacker should not be able to determine the random value at a point in the future because that value should constantly be affected by both new "entropy" inputs including the number of times, size, and amount of random data previously requested.

about a month ago

Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

shellster_dude Cyber Security Analyst here... (572 comments)

My company does it, and it isn't for malicious reasons of spying on their users. It is done so that IDS and IPS can actually detect malware downloads and C2 communication over SSL. I suspect that's the primary reason most other companies do it as well. If they don't the company can't adequately detect or remediation most modern malware.

Detection of exploit kits via HTTP monitoring is one of our primary indicators of compromise, so this information is vital.

about a month and a half ago

Why Your Phone Gets OTA Updates But Your Car Doesn't

shellster_dude A hybrid approach (305 comments)

A lot of people don't trust their car manufacturer to be in charge of firmware pushes. That makes perfect sense. Maybe the best approach, would be utilizing special software on existing smartphone platforms. This solves many issues at once. Car owners don't have to worry about their car "phoning home" or the dealer pushing "fixes" without their knowledge, while simultaneously giving the car owner, and the dealer the advantages of a remote software update. If you want it, you can install the dealer's smart app, and hook your phone up to your car for an update.

There are, of course, new issues. You need to properly sign and validate your updates, to make sure they are delivered to the cars uncorrupted, in the correct format, and that no one else can use the functionality to hack the car.

about 2 months ago

Routers Pose Biggest Security Threat To Home Networks

shellster_dude Re:Custom Router (264 comments)

Yes...just like when your router goes down, you loose internet...

about 2 months ago

Routers Pose Biggest Security Threat To Home Networks

shellster_dude Custom Router (264 comments)

After I found that my ASUS RT-15U was running telnet with a default password, open to the world which I couldn't kill or change the password on, I swore of embedded device routers.

I have replaced it with a small Debian box with dual NICS, and bought a 24port switch from TPLINK. It was the best decision I have ever made. Perfect reliability, complete control, via IPTABLES. I've got auto blocking of malicious ips trying to hit my ssh or port scanning me via DenyHosts and PSAD.

A couple other custom scripts and DNSMASQ, dhclient, snort, and python, and I have all the other services and features I want, and ONLY the services and features I want.

about a month ago

Ask Slashdot: Are Linux Desktop Users More Pragmatic Now Or Is It Inertia?

shellster_dude The Pragmatic vs Tweaking war rages on (503 comments)

I always end up going back to a customized XFCE, but about every 6 months, I decide to try something else, and usually end up wiping my system and reinstalling before I'm done.

My wife has a mildly customized XFCE setup, and she loves it. It almost never gets changed or tweaked.

about 3 months ago

Hard Drive Reliability Study Flawed?

shellster_dude My Seagate Experience (237 comments)

Out of the four harddrive failures I have had in the last ten years (I often replace smaller drives with bigger ones before they fail), 3 of them were Seagate drives and one was a hitachi. I will never by Seagate again. Meanwhile my other Hitachi drives and Western Digital drives still spin on.

about 3 months ago

ShapeShifter: Beatable, But We'll Hear More About It

shellster_dude Perhaps the easiest way to defeat such a system: (102 comments)

Though this tool might prevent DOM traversal and node name referencing, it most certainly will strive to keep the website layout the same, from the user's point of view. Therefore, a simple bypass is to look for inputs via relative page positioning. That should completely bypass the anti-bot automation functionality. This type of check would be easiest to perform at a lower-level, but it certainly can be done via bot injected Javascript.

about 3 months ago

Satanists Propose Monument At Oklahoma State Capitol Next To Ten Commandments

shellster_dude Er... (1251 comments)

Communities make laws that represent the majority in their community. They also commonly erect statues that represent something about their community. We don't throw out laws when one person's views are represented. How is it that a conservative community can't display a symbol with historical significance which represents the majority view? It isn't being "forced" on anyone (unlike a law). If you don't like the statue, don't look at it. There might be a case if tax payer dollars were used, but they weren't. If at some point the majority in the community no longer feels represented by the statue, then they can elect council members who will tear it down.

about 4 months ago



Dealing with spambots by way of sandbox

shellster_dude shellster_dude writes  |  about a year and a half ago

shellster_dude (1261444) writes "Slashdot is certainly no stranger to the problem of spam bots. While blocking a spam bot may seem like the best solution, it is likely that the spammer will simply re-register with a different name. While trying to solve this dilemma on my own forums, I had an epiphany. What if, instead of blocking a spam bot, I could mark a spammer, and then hide all their comments from everyone else? The spammer could continue to go their marry way, spamming to their heart's content. When they visit the forum, they see their spam comments correctly placed in the threads, but their comments would only be visible to them. Thus, an effective sandbox which would prevent them from registering a new user once they had been "blocked".

Are any other slashdotters familiar with this technique? Does any software currently use this technique?"


shellster_dude has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account