×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Mt. Gox Gone? Apparent Theft Shakes Bitcoin World

slackergod Re:Vive le Galt! (695 comments)

BitcoinAverage is probably the best place for "the" price of bitcoin. It mains a weighted average of all the exchanges, based on volume. They also document which exchanges have been excluded from their list, and why. In the case of Mt Gox, it hasn't been included in the weighted average for a while, as withdrawals have been dead / dying for a very long time.

about 9 months ago
top

Emacs Needs To Move To GitHub, Says ESR

slackergod Re:Can't we settle this like geeks? (252 comments)

Mercurial is actually making some strides in that direction... the hg-git mercurial plugin lets you push/pull from git repositories, and it transparently integrates itself into the mercurial command line, not as a separate tool.

about a year ago
top

Why Don't Open Source Databases Use GPUs?

slackergod Postgres (241 comments)

Looks like exactly what PostgreSQL's PGStrom project is trying to acheive.

about a year ago
top

Oracle Attacks Open Source; Says Community-Developed Code Is Inferior

slackergod Re:Wouldn't Java be a counterexample? (394 comments)

If it was good enough that the market was choosing it as an alternative to Oracle (to the tune of $1billion), I think that's pretty good proof of quality right there (at least as far as the end users' TCO was concerned).

about a year ago
top

Oracle Attacks Open Source; Says Community-Developed Code Is Inferior

slackergod Re:Wouldn't Java be a counterexample? (394 comments)

Don't forget the open-source MySQL, which was of such good quality Oracle purchased it for a HUGE amount of money, despite already having a database product (as their primary product no less!).

about a year ago
top

Slashdot Asks: How Does the US Gov't Budget Crunch Affect You?

slackergod Re:Liberal strategy (1144 comments)

Yeah, "votes of no confidence" and various fail-safe dissolution rules are two things which I really feel the US government would benefit from. It'd a great way to hold their feet to the fire. That and some other voting system like Instant Runoff. It's weird, because the US Constitution has got pretty much everything else and the kitchen sink thrown in there.

about a year ago
top

DOJ Hasn't Actually Found Silk Road Founder's Bitcoin Yet

slackergod Re:Money for his defense (294 comments)

Bitcoin is a rather complex protocol (which I'm not 100% on), so the following is a bit of simplification...

Bitcoin operates as a gigantic transaction ledger (maintained by majority concensus), which tracks the movement of bitcoins between arbitrary psuedonoymous "addresses". To create an address, you generate a ECDSA public/private key pair. The public key is the address, anyone can transfer bitcoins to it. The private key is the control, only someone who has that can move money *out* of that address. The wallet file is essentially just a list of those pairs. If you started using a backup wallet file, you'd have control over all the addresses it has private keys for. If you've emptied any of the them since that backup was made, you'll still have control over the address, there just won't be any money there :)

There's a second (wonderfully useful) wrinkle, though. Due to the nature of ECDSA, you can derive additional public/private pairs from the initial pair, in a deterministic fashion. This allows you to have one master "seed" (e.g. a nice long passphrase) which can be used to generate unlimited public/private keys, without it being obvious that they are even connected to each other. And all you need to take control of any of them is the initial seed value. This means many bitcoin "wallets" are in fact just the seed passphrase... so if you keep it in your head and nowhere else, you have complete control over an unlimited number of addresses, without having to make *any* backups.

about a year ago
top

Most Projects On GitHub Aren't Open Source Licensed

slackergod False Dichotomy (630 comments)

I'm sorry, but the entire premise that there is one "best" open source license is completely wrong. Where did this obsession arise to see one license crowned victor over all others, in all situations?

BSD (and MIT and variants) -- I've found they work best for providing backend and reference libraries, which by their nature are trying to provide a standard implementation of something, or at least a standard API. Open and closed sourced projects alike can use and modify it to suit their needs. This means such a library gets the widest adoption over the alternatives (all other factors being equal). This is especially great for server-side programs which want to promote multiple third-party clients - just release a BSD reference client.

LGPL -- A step down, for when you want the adoption level of a BSD license, but your project is complex and high maintenance enough that it needs to keep all the developers focused on a single api and codebase in order to thrive. Graphics libraries like GTK, audio processing libraries like LAME, are a great example of this.

GPL -- Finally, for the same reasons as LGPL, your want everyone contributing back to a single codebase, whether it's because you don't want to give the codebase away to closed source products that then profit from it, prevent brand confusion, or just maximize developer contributions. Mind you, closed source projects *will* choose an LGPL/BSD alternative over this or closed source, so it doesn't make much sense for libraries, etc. Primarily, this is useful for applications, which are vying for user (not developer) eyeballs.

So given they all have different uses that fit better for different project types and target markets, who in their right minds thinks only one of these licenses is correct?

about a year and a half ago
top

Tesla Motors Battles the New York Times

slackergod Need a serial hybrid, not parallel (700 comments)

What they need to start doing is sell electric cars with a small, removable, high-efficiency, gas turbine generator for charging.

Build an easy-attach mounting point inside the trunk, with hooks for intake, exhaust, and connection to the battery.

You could leave the thing sitting in your garage 3/4 of the year... and plop in it there when you need to go on a trip. Then you've got the best of both worlds (outside of losing some trunk space).

I suspect (IANA engineer) that you'd have a bunch of weight savings from an engine dedicated to charging the car rather than having the power to push the car directly. Also, the engine could be optimized to always run at it's most efficient RPM, rather than going all over the place during stop-n-go traffic.

about 2 years ago
top

John the Ripper Cracks Slow Hashes On GPU

slackergod PBKDF2 (61 comments)

I find it kind of odd that all of the analyses linked to in this article go on about SHA512-Crypt, BCrypt, SCrypt, etc, and the slideshow even talks about "Key Derivation Functions"... yet there doesn't seem to be any mention or comparision of PBKDF2-HMAC-SHA512 as a valid password-hashing key derivation function, despite it's widespread use, and that it's one of the core architectural components used in the design of SCrypt.

more than 2 years ago
top

Yahoo's Project To Disrupt Mobile Publishing

slackergod Re:ALREADY DONE (120 comments)

A developer enters a market and wonders aloud "There are 12 conflict libraries, which one should I target?"

His friend replies: "You know, we should write a single library to abstract away all those differences, so everyone can just target 1 library!"

"That's a great idea!" the developer exclaims.

Now there are 13 conflicting libraries.

more than 2 years ago
top

HP Officially Out of TouchPads

slackergod Re:Price Point (127 comments)

it's kinda funny, but webOS comes/came pretty close to what you're describing. Root was accessible by enabling "dev" mode through a special but officially documented code (the konami code for some versions), no cracking needed; the underlying linux os had a number of gnu tools already, and you can use the ipkg framework to install more; then there's Preware, a still thriving open source community / app catalog tool full of free unsigned apps and OS patches which palm and hp both officially sanctioned. The main limitation was that some of the hardware wasn't that well documented.

sigh. My only hope now is that android one day becomes as easy to mod, so getting python and an ssh/http server on my next phone is just as simple.

more than 2 years ago
top

Amazon In Talks With HP To Buy Palm

slackergod Re:Not Amazon! (72 comments)

Relating to webOS phones... I regularly have 8+ browser pages open on my Palm Pre, and I can switch between them quickly with barely a glance and a couple of idly placed swipes with my thumb. I can't think of another ui that would make that work... even on a tablet, the "tabbed browser" interface is clunky. If they'd make a version of Android with 1) that interface, 2) webos's lack of jailbreaking, 3) something akin to Preware and it's offerings... I'd be a lot happier about switching to an Android phone when my Pre breaks.

more than 3 years ago
top

Aussie Researcher Cracks OS X Lion Passwords

slackergod Re:Not really cracking the passwords. (165 comments)

Actually, the fact that OSX uses SHA512 makes it easy to crack the password (compared to the alternatives).

OSX uses SHA512(salt+password) to generate it's hashes. SHA2 was specifically designed to be highly parallelizable and fast on modern processors, which means brute force attacks are going to proceed very quickly. And as time goes on, and average processor speed increases, that amount of time per cpu (and per $) keeps dropping.

There are four modern password hashing schemes worthy of note: SHA512-Crypt (this is NOT simply SHA512), BCrypt, PBKDF2, and SCrypt.
All of these schemes use a variable number of rounds of their underlying cryptographic operation. This allows the algorithm to stay the same, but the cpu-cost to be increased per hash as computers get faster, or if a user is particularly paranoid and wants to make it take longer to crack.

Many of them (such as PBKDF2) even have properties that make them resistant to preimage attacks on the underlying hash function.

Finally, SCrypt has the unique property of being "memory hard"... it's rounds don't just require a certain amount of time, but a certain amount of memory*time. This makes parallelizing the attack much more costly, as each CPU has to get it's own dedicated amount of memory for the attack.

All of the above are so much tougher to brute force, that the cost of OSX's hash scheme is barely worth notice by comparison. I'm not sure why OSX is using what it is... Linux uses SHA512-Crypt, BSD uses BCrypt, WPA2 and many other things use PBKDF2... all would have been better choices.

more than 3 years ago
top

Are Some CAs Too Big To Fail?

slackergod Notary Servers (163 comments)

Just to provide some links to the "alternative approach" mentioned in the summary:

* The Perspectives Project spearheaded the concept of independant notary servers instead of a chain-of-trust.

* Convergence is another spin on the same concept, by Moxie Marlinspike in fact. (Not sure if it's compatible w/ Perspectives, but I think it is)

more than 3 years ago
top

Is the Quick Death of Failed Tech Products a Good Thing?

slackergod Re:touchpad firesale hopefully good for webos (181 comments)

I think SCHeckler's point was that $150 - $200 was the right price to sell it at, given what the TouchPad provided. The fact that it cost HP $318 to make something which only had $200 of value to the customer... just shows why selling it at an even higher cost wasn't going to fix anything. They chose the other obvious option, and stopped selling it.

I'd agree that lack of apps was a problem, but only at the $500 price point. Look at how crazily it sold at $99 (and still successfully reselling on ebay for $200)... all of that is happening with the near *promise* of no new apps, and the vaguest homebrew mutterings of "I wonder if we can port Android". I'd argue the lack of apps becomes an increasing concern only when the price starts making the customer think "what else am I getting, besides a ereader / browser?". Which seems to happen around $300.

Not that it's impossible to move tablets without a major app ecosystem. HP had two other choices besides give up: make a cheaper tablet (as you pointed out, that probably wouldn't have worked); or follow the XBox strategy: sell drastically under cost to flood the market, then ramp up the price on the next gen TouchPad2. The gamble is that the initial glut would grow the marketplace to the point that people looking to pay $500 decide the TouchPad2 has enough apps to make it worth it.

For some reason, they tried to start *out* at that point, selling the premium, without any carrot to pull people in. They should have worked their way up to it; but seemed too risk averse to invest the money needed to carve out the mindshare. Not that there's anything wrong with being risk averse, but why did they even try the half-assed way, when the figures should have blatantly showed it was an all or nothing situation?

more than 3 years ago
top

Six Python Web Frameworks Compared

slackergod SQLAlchemy (111 comments)

While I'd like to it not be the case, I'd have to agree with you about the general not-quite-there-yet state of dynamic frameworks. That said, Django's custom ORM leaves much to be desired. Next time you decide to give a python framework a try, pick one which uses SQLAlchemy as it's ORM layer. You'll find it to be a much more sophisticated library (similar to Java's Hibernate). In particular, it has all the features you just mentioned. Not integrating SQLAlchemy is one of the main things that keeps me from using Django... any other ORM layer in Python seems doomed to play catch-up.

more than 3 years ago
top

NASA Funded Commercial Space Projects Heating Up

slackergod Re:NASA you are officailly bush league (48 comments)

Actually, I'd be relatively ok with us fighting in space, if it meant we were trying to get into space to begin with.
Consider a hypothetical moon colony -

  • * War requires developing countermeasures for missles and kinetic weapons - these are already needed to protect the colony from asteroids.
  • * War requires radiation-hardening the colony against EM weapons - this is already needed to protect against solar flares and the like.
  • * War requires developing more agile, efficient drives in order to out-maneuver the enemy? This just helps us colonize further.

Much as a I'd like space to be nice and peaceful, that doesn't seem to be in our natures right now - and just shifting the theater of conflict to space would put the well-funded military R&D pipelines on track to developing numerous technologies that we were going to need anyways - but they'd do it faster than if the goal was peaceful colonization, since it's now a matter of "national pride".

more than 2 years ago
top

How Citigroup Hackers Easily Gained Access

slackergod Re:car analogy (371 comments)

Even better, valet parking - Valet gives you a ticket, and you discover it's possible to pencil in another number, and get a different car. Then you discover they let you make 20,000 photocopies, and present 20,000 different tickets, and valet *never gets suspicious*.

more than 3 years ago
top

Mediacom Using DPI To Hijack Searches, 404 Errors

slackergod Re:Get another ISP! (379 comments)

Regarding Google - actually, yes, there is implied consent. robots.txt and nofollow links can easily be added to any website, to tell Googlebot and others to go away. And they will - or then they probably would be wandering into (c) infringing - or at least some form of illegal use of resources (for trawling the site).

more than 3 years ago

Submissions

slackergod hasn't submitted any stories.

Journals

top

slackergod slackergod writes  |  more than 10 years ago Well now... Assurance Technologies,
the computer security company I write software for,
has finally gotten around to having a web presence.
I say 'bully', and 'go them' and 'go us',
and all manner of other such pleasantries.

-peace out, y'all-

Slashdot Login

Need an Account?

Forgot your password?