Slashdot Mirror

← Back to Domains

Domain: nist.gov

Stories and comments across the archive that link to nist.gov.

Comments · 1,805

  1. Re:Equifax ran Linux by Anonymous Coward · · Score: -1 · on Microsoft Responded Quietly After Detecting Secret Database Hack in 2013 (reuters.com)

    ah, but the linux developers are not to be deterred. they continue to introduce security vulnerabilities as quickly as they can. oh look one popped up just yesterday

    https://nvd.nist.gov/vuln/deta...

    and a few days back

    https://nvd.nist.gov/vuln/deta...

    and yet again

    https://nvd.nist.gov/vuln/deta...

    and yet again

    https://nvd.nist.gov/vuln/deta...

    and yet again

    https://nvd.nist.gov/vuln/deta...

    lols..

  2. Re:Equifax ran Linux by Anonymous Coward · · Score: -1 · on Microsoft Responded Quietly After Detecting Secret Database Hack in 2013 (reuters.com)

    ah, but the linux developers are not to be deterred. they continue to introduce security vulnerabilities as quickly as they can. oh look one popped up just yesterday

    https://nvd.nist.gov/vuln/deta...

    and a few days back

    https://nvd.nist.gov/vuln/deta...

    and yet again

    https://nvd.nist.gov/vuln/deta...

    and yet again

    https://nvd.nist.gov/vuln/deta...

    and yet again

    https://nvd.nist.gov/vuln/deta...

    lols..

  3. Re:Equifax ran Linux by Anonymous Coward · · Score: -1 · on Microsoft Responded Quietly After Detecting Secret Database Hack in 2013 (reuters.com)

    ah, but the linux developers are not to be deterred. they continue to introduce security vulnerabilities as quickly as they can. oh look one popped up just yesterday

    https://nvd.nist.gov/vuln/deta...

    and a few days back

    https://nvd.nist.gov/vuln/deta...

    and yet again

    https://nvd.nist.gov/vuln/deta...

    and yet again

    https://nvd.nist.gov/vuln/deta...

    and yet again

    https://nvd.nist.gov/vuln/deta...

    lols..

  4. Re:Equifax ran Linux by Anonymous Coward · · Score: -1 · on Microsoft Responded Quietly After Detecting Secret Database Hack in 2013 (reuters.com)

    ah, but the linux developers are not to be deterred. they continue to introduce security vulnerabilities as quickly as they can. oh look one popped up just yesterday

    https://nvd.nist.gov/vuln/deta...

    and a few days back

    https://nvd.nist.gov/vuln/deta...

    and yet again

    https://nvd.nist.gov/vuln/deta...

    and yet again

    https://nvd.nist.gov/vuln/deta...

    and yet again

    https://nvd.nist.gov/vuln/deta...

    lols..

  5. Re:Equifax ran Linux by Anonymous Coward · · Score: -1 · on Microsoft Responded Quietly After Detecting Secret Database Hack in 2013 (reuters.com)

    ah, but the linux developers are not to be deterred. they continue to introduce security vulnerabilities as quickly as they can. oh look one popped up just yesterday

    https://nvd.nist.gov/vuln/deta...

    and a few days back

    https://nvd.nist.gov/vuln/deta...

    and yet again

    https://nvd.nist.gov/vuln/deta...

    and yet again

    https://nvd.nist.gov/vuln/deta...

    and yet again

    https://nvd.nist.gov/vuln/deta...

    lols..

  6. Brought to you by Obama's NSA by Anonymous Coward · · Score: 1, Interesting · on Millions of High-Security Crypto Keys Crippled by Newly Discovered Flaw (arstechnica.com)

    What makes you think that any of these vulnerabilities weren't (1) already known by the various government spy associations, or (2) intentionally introduced to weaken encryption to support the endless "War on Terror"?

    "The flaw resides in the Infineon-developed RSA Library version v1.02.013, specifically within an algorithm it implements for RSA primes generation." Oh, you mean this Infineon that was working to produce libraries for the "NSA's Cryptographic Interoperability Strategy (CIS)" back in 2013?

  7. courage by slew · · Score: 3, Funny · on Turning Off Wi-Fi and Bluetooth in iOS 11's Control Center Doesn't Actually Turn Off Wi-Fi or Bluetooth (vice.com)

    Courage in the wake of wifi stack vunerabilities.

    Courage that they won't have a bluetooth stack vulnerability like android.

    Courage is what it takes, courage...

  8. courage by slew · · Score: 3, Funny · on Turning Off Wi-Fi and Bluetooth in iOS 11's Control Center Doesn't Actually Turn Off Wi-Fi or Bluetooth (vice.com)

    Courage in the wake of wifi stack vunerabilities.

    Courage that they won't have a bluetooth stack vulnerability like android.

    Courage is what it takes, courage...

  9. Re: Watch out Mandiant by Bob+the+Super+Hamste · · Score: 1 · on Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed (bloomberg.com)

    Depends on what procedures they adopted. If it was something like the PCI standard they likely could have followed everything, well except the part about not retaining sensitive information, and still gotten hacked. The PCI standard is the bare minimum that should be followed but is something written for MBA types so it has checkboxes that give you a warm fuzzy feeling. It does offer some protection but there are better standards but these are harder and require actual thought. Also if they were reasonably intelligent they would have implemented some well known system benchmarks but those can be inconvenient for people who want the keys to the kingdom. Given what has happened I would guess they implemented the parts of PCI that didn't deal with personal information and called it a day.

    Personally, even if they were using PCI, I would love to see them get browbeat because there are better standards, such as the US government's NIST Special Publication 800 and/or 1800 series, the NERC CIP standard, the Cybersecurity Procurement Language for Energy Delivery Systems document. If those weren't enough there are other well respected ones out there as well to choose from. If a business, especially a large one, isn't required to be covered by one I would suggest looking at all of them and make rational choices out of each of them. If a business is required to follow one fully implement that but then still pull from the others to go beyond and then get regulators to scrutinize competitors who are lacking.

  10. Re:I'll take 10 million by Bob+the+Super+Hamste · · Score: 3, Informative · on Department of Energy Invests $50 Million To Improve Critical Energy Infrastructure Security (helpnetsecurity.com)

    I see someone has no idea of what they are talking about in this regard. Here is the current standard that grid operators have to comply with. Also here is what is currently being asked of suppliers by the grid operators when getting a new system. Add in that the systems be benchmarked against these or these is also becoming written into the contracts now. I would assume that operators in the oil and gas industry either have similar things or are at least smart enough to re-purpose the above as the effort to do so would be minimal. A lot of the security efforts for securing the grid are not to protect it from the general internet, they are already separated and if not the company fucked up really bad and if NERC finds out the company will be paying some huge fines so let NERC know. Instead the security is to protect the control system from stupid users who find a USB rubber ducky in the parking lot, connects their corporate laptop to the control network, someone doing malicious things out at some remote substation that then gets into the main control system, or malicious insider. The people going after the grid are professionals and more often than not state actors not little Timmy from down the street who just found out about Low Orbit Ion Cannon or Armitage.

  11. Re:Do they meet PCI compliance? by Bob+the+Super+Hamste · · Score: 1 · on Credit Reporting Firm Equifax Announces 'Cybersecurity Incident Impacting Approximately 143 Million US Consumers' (cnbc.com)

    Probably except for the part about not storing personal information but then they aren't card processors. The PCI standard while it is a standard is really the bare minimum that companies should be held to for them to not be found guilty of criminally negligence for breaches. The actual standard is here and having had to deal MBAs asking about our compliance makes it seems like it is something written for the MBA types to check off a bunch of stuff. There are much better standards and if you aren't an MBA you can figure out how to make them applicable to your business. Personally I like the NERC CIP standard with liberal utilization of the CIS benchmarks as a good starting point for securing a system. If you want others there is always the US government's set of security benchmarks, the DoE document Cybersecurity Procurement Language for Energy Delivery Systems, or a bunch of stuff at the SANS site that you could use as a guide.

  12. Redefinition by g01d4 · · Score: 1 · on Device That Revolutionized Timekeeping Receives an IEEE Milestone (ieee.org)

    Not just accuracy but redefinition. Originally the second was based on astronomical measurements which would vary. With this redefinition it's also easier for scientists to create their own accurate clock. The kilogram is still waiting for its redefinition.

  13. Re: Not a bug by DamnOregonian · · Score: 1 · on DNS Lib Underscore Bug Bites Everyone's Favorite Init Tool, Blanks Netflix (theregister.co.uk)
    https://nvd.nist.gov/vuln/deta...
    https://www.androidcentral.com...
    http://www.howardforums.com/sh...

    Ever written software to live-patch a kernel? Written kernel modules with intelligence allowing them to be inserted into kernels you don't have the source or ABI for? Ever gotten a CVE for a vulnerability you discovered in an operating system used by millions of people?
    Did you break what was probably one of the first cellular phone bootloader RSA signature protection schemes?

    No, ZK. You have done nothing. You're a shill for pet ideas. You run around commenting about shit you know nothing about, adding zero value to anything.
    You talk shit to your betters with zero understanding of how fucking irrelevant you are. There's a reason you're commonly moderated a troll. The only thing broken here is your capacity for critical thinking.

    You think a lower uid gives you some kind of cred?
    6502? Is that supposed to impress me? I had to write an emulator for the 6502 in school.
    I had written my own DNS server before you had ever had a +5 moderated comment on Slashdot.
    I was busy making my mark on the world instead of lurking on Slashdot. You're a fucking troll dude. Get a clue. Seek help. Try contributing to the world instead of arguing about shit you have no real understanding of.

    Netflix is the server; The client (s) are the web browsers requesting domain name resolution.

    You couldn't be more correct- and since the client (web browser/netflix) did actually make the request to the glibc nss mechanism, the glibc nss mechanism also allowed it, and forwarded it off to the systemd-resolve daemon, who also allowed it, tossed it through its punycode IDNA library, and then forwarded it to its system-configured resolver, everyone in that chain agreed it was perfectly valid. libidn2 simply had a bug where it removed the underscore. This bug is acknowledged.
    You've defeated your own fucking argument so many times everyone here has lost count. You are not a very literate person. I suspect that could be corrected with a little effort on your part.

  14. Re: Misleading title by Anonymous Coward · · Score: 0 · on Systemd Named 'Lamest Vendor' At Pwnie Security Awards (theregister.co.uk)

    Except that the severity of the bug is NOT minimal whereas the github issue is labelled as "not a bug".

  15. Re:Too Burdensome? by TechyImmigrant · · Score: 1 · on FCC Refuses To Release Text of More Than 40,000 Net Neutrality Complaints (arstechnica.com)

    To run a script that only pulls the comment on a data set and then zip it?

    The FCC is saying that they would have to go through and have staff members redact all personally identifiable information in the comments.

    https://transition.fcc.gov/Dai...

    Which is of course bullshit. I've made public comment to government agencies and it is exactly that - public. Those comments and identifying information including names and emails are right there posted on a government web site for all to see. For example : http://csrc.nist.gov/publicati...

  16. Re: You all presumably know why. by chihowa · · Score: 2 · on In Which Linus Torvalds Makes An 'Init' Joke (lkml.org)

    The issue (which has a CVE with a critical score) was closed as "not a bug".

    Think about that for a little while before responding again that it was "fixed".

  17. Re: You all presumably know why. by Anonymous Coward · · Score: 5, Informative · on In Which Linus Torvalds Makes An 'Init' Joke (lkml.org)

    Don't forget the recent severity 9.8 CVE regarding invalid username handling that Poettering closed as NOTABUG. It's a trainwreck of bad design driven by an egotistic idiot.

  18. Re:I am sceptical by Anonymous Coward · · Score: 0 · on EU Prepares 'Right To Repair' Legislation To Fight Short Product Lifespans (bleepingcomputer.com)

    Her subscription has no Internet. She uses it as a phone. It will cause no problems.

    Better hope she doesn't receive any messages or phone calls on it, then. In case you've forgotten there have been multiple iOS vulnerabilities over the years due to stupid things like basic Unicode handling in text messages, e.g.: https://nvd.nist.gov/vuln/deta...

  19. Re:MS Office? by Anonymous Coward · · Score: 0 · on Windows 10 Will Soon Protect Files and Folders From Ransomware (theverge.com)

    Its much less than that, actually. Still worrisome..

    https://nvd.nist.gov/vuln/sear...

  20. Re:MS Office? by Anonymous Coward · · Score: 0 · on Windows 10 Will Soon Protect Files and Folders From Ransomware (theverge.com)

    macOS seems to be doing pretty good in the security department, and it is a UNIX.

    Maybe inside your head. In the real world, it continues to be riddled with security holes that Apple marketing pretends don't exist. Go lookup some vulnerability stats.
    The good guys at Apple engineering keep you on that security update treadmill though. iOS isn't exempt either, every single damn release contains a rootable exploit.

    Heck the national vulnerability records state that it has 49,000 vulnerabilities. 5 of which were found just today. But other than that, yeah, its super secure.. lol

    https://nvd.nist.gov/vuln/sear...

  21. This affects Linux Kernels 4.11.5 and Later by kjhambrick · · Score: 1 · on 'Stack Clash' Linux Flaw Enables Root Access. Patch Now (threatpost.com)

    this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).

    https://nvd.nist.gov/vuln/detail/CVE-2017-1000364/

    -- kjh

  22. Re:Lawyer is a sleaze bag. by Frosty+Piss · · Score: 5, Informative · on Home Improvement Chains Accused of False Advertising Over Lumber Dimensions (consumerist.com)

    In fact, here's some linkies:

    From the NIST (PDF)
    American Softwood Lumbar Standards - Voluntary Product Standard DOC PS 20â"99

    More from the NIST (HTML)
    Title: Making Sure that Lumber Measures Up

    I don't really think one needs to go much farther...

  23. Re:Lawyer is a sleaze bag. by Frosty+Piss · · Score: 5, Informative · on Home Improvement Chains Accused of False Advertising Over Lumber Dimensions (consumerist.com)

    In fact, here's some linkies:

    From the NIST (PDF)
    American Softwood Lumbar Standards - Voluntary Product Standard DOC PS 20â"99

    More from the NIST (HTML)
    Title: Making Sure that Lumber Measures Up

    I don't really think one needs to go much farther...

  24. Re:120 whatchyamacallit by NicknameUnavailable · · Score: -1 · on It's Too Hot For Some Planes To Fly In Phoenix (npr.org)

    The freezing/boiling point of water is 100% arbitrary, as is the definition of the meter, which is arbitrary in both defining the meter to the distance traveled by light in a vacuum (which is also defined arbitrarily, given what we know about relativity and space/time distortions and the fact we don't even know if light can travel in a perfect vacuum, which is further arbitrarily accounted for AND tautological by stating it only counts for lengths of a meter where we don't currently have the equipment to measure relativistic effects over said distance.) The size of a degree (F, C, K) is also arbitrary, as is the kg (1L of water, again with the water, at the point it has the greatest density,) the second ("The second is the duration of 9,192,631,770 periods of the radiation corresponding to the transition between the two hyperfine levels of the ground state of the caesium 133 atom." - which is made even worse than being purely tautological by measuring it within a system itself influenced by relativistic effects by declaring it to be at 0K, a temperature which as far as science currently tells us, is unreachable and thereby pure inference,) the ampre (another such arbitrary quantity and an inference,) kelvin (defined by arbitrary quantities of water having specific isotopes of constituent elements,) mole (so clearly arbitrary it hurts to have to say it's arbitrary,) and candela (arbitrary frequency, spatial distribution, polarization and intensity.)

    To suggest any measurement system isn't arbitrary is absolutely absurd because we only measure things relative to other things, meaning we have to pick some thing from which to measure. The self-referencing definitions specific to base units just complicates the issue even further (to say nothing of the fact we didn't pick the same arbitrary multi-isotope compound of specific percentages to base the whole group on.)

    Base 10 is, once again, arbitrary. Base 12, 32, 60, 360, etc are just as good depending on what base units you're accustomed to. I assure you, even though I prefer the metric system, imperial is just as simple to convert things in when you grow up with it. One other note: it's multiplication you should be using to compare socket sizes, since you logically cannot reduce some fractions down for comparison. If that multiplication isn't as quick to perform in your head as comparing metric sizes with a straight less than or equal to mental assessment then you're probably missing some registers in your brain, that's not a failing of the imperial system.

    All this said, I prefer metric, but we're on the American internet, not the filthy British (or insert other second-class country) internet, so learn the language or piss off.

  25. Re:120 whatchyamacallit by NicknameUnavailable · · Score: -1 · on It's Too Hot For Some Planes To Fly In Phoenix (npr.org)

    The freezing/boiling point of water is 100% arbitrary, as is the definition of the meter, which is arbitrary in both defining the meter to the distance traveled by light in a vacuum (which is also defined arbitrarily, given what we know about relativity and space/time distortions and the fact we don't even know if light can travel in a perfect vacuum, which is further arbitrarily accounted for AND tautological by stating it only counts for lengths of a meter where we don't currently have the equipment to measure relativistic effects over said distance.) The size of a degree (F, C, K) is also arbitrary, as is the kg (1L of water, again with the water, at the point it has the greatest density,) the second ("The second is the duration of 9,192,631,770 periods of the radiation corresponding to the transition between the two hyperfine levels of the ground state of the caesium 133 atom." - which is made even worse than being purely tautological by measuring it within a system itself influenced by relativistic effects by declaring it to be at 0K, a temperature which as far as science currently tells us, is unreachable and thereby pure inference,) the ampre (another such arbitrary quantity and an inference,) kelvin (defined by arbitrary quantities of water having specific isotopes of constituent elements,) mole (so clearly arbitrary it hurts to have to say it's arbitrary,) and candela (arbitrary frequency, spatial distribution, polarization and intensity.)

    To suggest any measurement system isn't arbitrary is absolutely absurd because we only measure things relative to other things, meaning we have to pick some thing from which to measure. The self-referencing definitions specific to base units just complicates the issue even further (to say nothing of the fact we didn't pick the same arbitrary multi-isotope compound of specific percentages to base the whole group on.)

    Base 10 is, once again, arbitrary. Base 12, 32, 60, 360, etc are just as good depending on what base units you're accustomed to. I assure you, even though I prefer the metric system, imperial is just as simple to convert things in when you grow up with it. One other note: it's multiplication you should be using to compare socket sizes, since you logically cannot reduce some fractions down for comparison. If that multiplication isn't as quick to perform in your head as comparing metric sizes with a straight less than or equal to mental assessment then you're probably missing some registers in your brain, that's not a failing of the imperial system.

    All this said, I prefer metric, but we're on the American internet, not the filthy British (or insert other second-class country) internet, so learn the language or piss off.

  26. Re:NIST 800-63-3B changed that by Anonymous Coward · · Score: 0 · on Ask Slashdot: What Are Some 'Best Practices' IT Should Avoid At All Costs? (cio.com)

    As of NIST 800-63-3 forced password changes based solely on time interval is no longer a 'Best Practice'. Now the Best Practice is to expire passwords only when there is suspicion of account or system compromise.

    Sadly it will take some time before the many organizations who copied the old best practice into their own documentation can step up to current best practice.

    As other posters already pointed out, the section in an earlier draft of NIST 800-63-3 that you seem to be referring to :

    "Verifiers SHOULD NOT impose other composition rules (e.g., mixtures of different character types) on memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically) and SHOULD only require a change if the subscriber requests a change or there is evidence of compromise of the authenticator."

    does no longer seem to exist in the latest draft: https://pages.nist.gov/800-63-3/sp800-63-3.html

  27. Re:NIST 800-63-3B changed that by Anonymous Coward · · Score: 0 · on Ask Slashdot: What Are Some 'Best Practices' IT Should Avoid At All Costs? (cio.com)

    Let's hope this stupidity doesn't make it into the final draft, only to conflict with many other accepted standards in use and enforced today.

    It appears the section you're referring to does indeed no longer exist in the latest draft: https://pages.nist.gov/800-63-3/sp800-63-3.html

  28. Re:C and C++ aren't going away by angel'o'sphere · · Score: 1 · on The Working Dead: Which IT Jobs Are Bound For Extinction? (infoworld.com)

    Well,
    a good starting site is this: http://math.nist.gov/javanumer...
    And interesting papers are e.g. this two: https://engineering.purdue.edu... and an older one that is more focusing on the problems of Javas Array implementations: https://www.cs.cmu.edu/~artiga...

  29. Known issue by fulldecent · · Score: 4, Informative · on Known Flaws in Mobile Data Backbone Allow Hackers To Trick 2FA (vice.com)

    This is already known, see DRAFT NIST Special Publication 800-63B Digital Identity Guidelines

    https://pages.nist.gov/800-63-...

    > Note: Out-of-band authentication using the PSTN (SMS or voice) is discouraged and is being considered for removal in future editions of this guideline.

  30. Re:Great... by viperidaenz · · Score: 1 · on Intel Patches Remote Execution Hole That's Been Hidden In Its Chips Since 2008 (theregister.co.uk)

    Except this article is about https://nvd.nist.gov/vuln/deta... which is a local unprivileged user gaining access to AMT via LMS

    Turning off LMS mitigates this vulnerability.

    The source you quote also says this:

    How certain are you about any of this?
    Not hugely

  31. Re:Okay, but... by starless · · Score: 1 · on In Preparation For Model 3, Tesla Plans To Double the Size of Its Supercharger Network This Year (fortune.com)

    100Kw

    A fairly small thing, but please can not use "kW" but use the correct "kW".

    Unit symbols are written in lower case letters except for liter and those units derived from the name of a person (m for meter, but W for watt, Pa for pascal, etc.).

    https://www.nist.gov/pml/weigh...

    Metric prefixes for 1000 and below are lower case.
    https://en.wikipedia.org/wiki/...

    Thanks!

  32. Re:bias? by Plumpaquatsch · · Score: 1 · on US Dismantles Forensic Science Commission (washingtonpost.com)

    Ok. Clearly you need more evidence, so why don't you look at the webcast of their meeting.

    Fast-forward to 47:22, and see the lady asking the crowd to pick which cards should be turned over, and then she gets annoyed because nobody gives a shit about her triangles.

    https://www.nist.gov/topics/fo...

    Tell me how that helps improving forensics science. This is merely a bunch of people having their 10 minutes of babbling on the record with zero value for the taxpayers.

    Somehow I suspect that if that commission had been created by Republicans you'd be the first to denounce it.

    You haven't seen the wankery that was the Gorsuch confirmation hearings, have you. And just for the record: she's trying to teach the scientific method to morons like you. Thanks for proving how much you hate science.

  33. Re:bias? by lucm · · Score: 3, Interesting · on US Dismantles Forensic Science Commission (washingtonpost.com)

    Ok. Clearly you need more evidence, so why don't you look at the webcast of their meeting.

    Fast-forward to 47:22, and see the lady asking the crowd to pick which cards should be turned over, and then she gets annoyed because nobody gives a shit about her triangles.

    https://www.nist.gov/topics/fo...

    Tell me how that helps improving forensics science. This is merely a bunch of people having their 10 minutes of babbling on the record with zero value for the taxpayers.

    Somehow I suspect that if that commission had been created by Republicans you'd be the first to denounce it.

  34. bias? by lucm · · Score: 5, Informative · on US Dismantles Forensic Science Commission (washingtonpost.com)

    From the article:
    The commission jointly led by Justice and the Commerce Department's National Institute of Standards and Technology (NIST) has prompted several changes.

    You:
    mostly idle

    Your bias is showing.

    Those 30 people have made a total of 20 recommendations since 2013. Here's the latest one:

    The Attorney General should direct the Bureau of Justice Statistics to create a proposal for the development of a nationally representative survey to determine forensic capabilities for those who write reports and offer testimony within federal, state and local law-enforcement agencies and for medical examiner and coroner offices. The survey instrument should be developed in collaboration with the relevant stakeholders organizations by the next commission meeting.

    1/2 page.

    You want more? Here's the 2nd latest recommendation, made ONE YEAR before.

    Proficiency testing is required of all accredited FSSPs. As a recognized quality control tool, it is the view of the Commission that proficiency testing should also be implemented by nonaccredited FSSPs in disciplines where proficiency tests are available from external organizations.

    That's it. The entire corpus of that immensely valuable recommendation spans 7 pages; of those 7 pages, 4 are an appendix describing terms like "Accreditation".

    That commission is a big joke. See, there's a webcast of their meetings.

    https://www.nist.gov/topics/fo...

    Huge waste of time.

  35. Re:Nonsense by TechyImmigrant · · Score: 1 · on Google Hangouts' New Features Make Work Meetings Slightly Less Annoying (cnet.com)

    Allow me to correct myself:

    "Just about any other product is less annoying than Google Hangouts."

    Except maybe the NIST CSRC Statistical Test Suite: http://csrc.nist.gov/groups/ST...
    I think that is the most annoying software.

  36. Re:git was written when SHA-1 attacks were publish by Anonymous Coward · · Score: 0 · on Linus Torvalds On Git's Use Of SHA-1: 'The Sky Isn't Falling' (zdnet.com)

    It looks like the first NIST-validated SHA-256 open source implementations didn't start appearing until 2005, so using SHA-1 makes some sense.

    http://csrc.nist.gov/groups/ST...

  37. Re:Why not move to SHA-3, if we're moving anyway? by F.Ultra · · Score: 1 · on The SHA-1 End Times Have Arrived (threatpost.com)

    While SHA-3 might be faster than SHA-2, something that is imho unknown, it was not one of the criteria when the competition for SHA-3 began. http://csrc.nist.gov/groups/ST...

  38. Re:It's even easier than that by onyxruby · · Score: 1 · on Crooks Need Just Six Seconds To Guess A Credit Card Number (independent.co.uk)

    Credit card numbers that long aren't necessary. Changing how they are constructed is. Logically speaking the problem can be fixed (hashing etc.) The problem is that the infrastructure that supports it would also have to be changed and that would be a monumental undertaking. Which is why they are trying to avoid it at all costs. You also have the issue that the typical consumer is not going to tolerate an even longer number than they already have.

    The unique credit card number solution has been offered by some banks already (e.g. Amex). Many payment terminals are configured to use DUKPT which creates a unique key per transaction (this is enough to take a cash register out of scope for PCI if properly configured).

    You may find this interesting:
    http://www.maravis.com/derived...

    Even 2FA is broken if it is done via SMS
    https://pages.nist.gov/800-63-...

  39. Re: Perhaps by stephows · · Score: 1 · on Slashdot Asks: Is It Time To Dump Time Zones In Favor of Coordinated Universal Time? (nytimes.com)

    How about 1/5th of a mile?
    Or 1/20th of a mile?
    Not so easy.

    Easier to think in lots of 100m if you're just giving rough measurements such as driving instructions or lots of 50m for walking instructions.
    Eg, go 300m past the post office and turn left.
    Eg, the pub (bar) is 50m after the post office.

    My tool box has 2 sets of sockets for parts from the civilised world and parts from the US.
    The metric sockets go up in terms of 1mm each (eg 8mm, 9mm, 10mm, 11mm, etc) - easy.
    The imperial sockets go up in inch sizes (1/2, 9/16, 5/8, 11/16, 3/4, etc) - weird and hard to calculate while I'm concentrating on the job at hand.

    For the record, I grew up in Australia while we were converting from imperial to metric.
    The "pain" wasn't that great and the new method (metric) is so much easier.
    Any of us from schoolchild to pensioner can convert millimetres to metres to kilometres and vice-versa just by shifting the decimal point.
    Converting between inches, feet, yards and miles involves oddball conversion factors (12, 3*12, 1760*3*12) that generally don't come easy to most people.

    By the way, the official definition of the US inch is exactly 25.4mm.
    Yep, US inches have been defined by the metric system since 1959.
    http://www.ngs.noaa.gov/PUBS_L... (page 2)
    https://www.nist.gov/sites/def...
    ASA (American Standards Association) adopted this even earlier in 1933 and NACA (National Advisory Committee for Aeronautics, precursor to NASA) adopted it in 1952.

  40. Cloud Definition by Onthax · · Score: 2 · on Meet VoCore2 Lite, a $4 Coin-Sized, Open Source Linux Computer (zdnet.com)

    Cloud is a fairly well defined term that doesn't relate to any of the above. NIST Definition is pretty good definition of it. Source: http://nvlpubs.nist.gov/nistpu... Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.

  41. Re:My state/county can barely afford asphalt by rtb61 · · Score: 1 · on Tesla's Sales Increase - But Next Will We Need Smart Roads? (backchannel.com)

    Adoption of the metric system seems to be a classic example of the lack of the American public's ability to intellectually adapt, yet, https://www.nist.gov/pml/weigh.... Of course Americans refuse to admit the problem was caused by lead poisoning, fuel, water pipes and firearms, as a result, simply to dumb to adapt and perversely enough taking pride in that ignorance. https://www.youtube.com/watch?..., oh my, the ignorance on public display and accepted and cheered on.

  42. Re: Easy Maintenance by poofmeisterp · · Score: 1 · on China's Atomic Clock in Space Will Stay Accurate For a Billion Years (rt.com)

    They should have sent up one of these babies (JILA Strontium Atomic Clock Sets New Records https://www.nist.gov/news-even...). No maintenance required :)

    Huh? But that's old news. China's is cooler and better and will last longer. And it comes from CHINA where all of the bestest electronics are Wonka-style constructed!!!1

    Wait, I sound like an idiot news reader. /humor

  43. Re: Easy Maintenance by ememisya · · Score: 1 · on China's Atomic Clock in Space Will Stay Accurate For a Billion Years (rt.com)

    They should have sent up one of these babies (JILA Strontium Atomic Clock Sets New Records https://www.nist.gov/news-even...). No maintenance required :)

  44. Re:Just a simple question about this... by cold+fjord · · Score: 0 · on Facebook Features 9/11 Conspiracy Theory as 'Trending' (slashdot.org)

    You seem to be going in a lot of wrong directions. Maybe this will help:

    World Trade Center controlled demolition conspiracy theories

    In the PBS documentary America Rebuilds, which aired in September 2002, Larry Silverstein, the owner of 7 WTC and leaseholder and insurance policy holder for the remainder of the WTC complex, recalled a discussion with the fire department in which doubts about containing the fires were expressed. Silverstein recalled saying, "We've had such terrible loss of life, maybe the smartest thing to do is pull it". "They made that decision to pull", he recalled, "and we watched the building collapse." Silverstein issued a statement that it was the firefighting team, not the building, that was to be pulled.[72][78][79]

    And this:

    NIST Releases Final WTC 7 Investigation Report

    The extensive three-year scientific and technical building and fire safety investigation found that the fires on multiple floors in WTC 7, which were uncontrolled but otherwise similar to fires experienced in other tall buildings, caused an extraordinary event. Heating of floor beams and girders caused a critical support column to fail, initiating a fire-induced progressive collapse that brought the building down.

    In response to comments from the building community, NIST conducted an additional computer analysis. The goal was to see if the loss of WTC 7's Column 79—the structural component identified as the one whose failure on 9/11 started the progressive collapse—would still have led to a complete loss of the building if fire or damage from the falling debris of the nearby WTC 1 tower were not factors. The investigation team concluded that the column's failure under any circumstance would have initiated the destructive sequence of events.

    You might want to look into these resources:

    Debunking 9/11 Myths: Introduction to PM Expanded Investigation

    The Looming Tower: Al-Qaeda and the Road to 9/11

  45. Re:Building 7 by cold+fjord · · Score: 0 · on Facebook Features 9/11 Conspiracy Theory as 'Trending' (slashdot.org)

    NIST Releases Final WTC 7 Investigation Report

    You might want to look into these too:

    Debunking 9/11 Myths: Introduction to PM Expanded Investigation

    The Looming Tower: Al-Qaeda and the Road to 9/11

  46. Re:"Conspiracy theory" by cold+fjord · · Score: 1 · on Facebook Features 9/11 Conspiracy Theory as 'Trending' (slashdot.org)

    You're neglecting the facts.

    NIST Releases Final WTC 7 Investigation Report

  47. Re: doesn't say true stories by cold+fjord · · Score: 2, Informative · on Facebook Features 9/11 Conspiracy Theory as 'Trending' (slashdot.org)

    That is misinformation.

    NIST Releases Final WTC 7 Investigation Report

    The extensive three-year scientific and technical building and fire safety investigation found that the fires on multiple floors in WTC 7, which were uncontrolled but otherwise similar to fires experienced in other tall buildings, caused an extraordinary event. Heating of floor beams and girders caused a critical support column to fail, initiating a fire-induced progressive collapse that brought the building down.

    In response to comments from the building community, NIST conducted an additional computer analysis. The goal was to see if the loss of WTC 7's Column 79—the structural component identified as the one whose failure on 9/11 started the progressive collapse—would still have led to a complete loss of the building if fire or damage from the falling debris of the nearby WTC 1 tower were not factors. The investigation team concluded that the column's failure under any circumstance would have initiated the destructive sequence of events.

    You misunderstand the quote:

    World Trade Center controlled demolition conspiracy theories

    In the PBS documentary America Rebuilds, which aired in September 2002, Larry Silverstein, the owner of 7 WTC and leaseholder and insurance policy holder for the remainder of the WTC complex, recalled a discussion with the fire department in which doubts about containing the fires were expressed. Silverstein recalled saying, "We've had such terrible loss of life, maybe the smartest thing to do is pull it". "They made that decision to pull", he recalled, "and we watched the building collapse." Silverstein issued a statement that it was the firefighting team, not the building, that was to be pulled.[72][78][79]

    You might want to look into this:

    Debunking 9/11 Myths: Introduction to PM Expanded Investigation

    And maybe: The Looming Tower: Al-Qaeda and the Road to 9/11

  48. Re:Analysis of the videos by cold+fjord · · Score: 0 · on Facebook Features 9/11 Conspiracy Theory as 'Trending' (slashdot.org)

    Building 7's collapse defies physics outside demolitions being placed inside.

    That is false.

    NIST Releases Final WTC 7 Investigation Report

    The extensive three-year scientific and technical building and fire safety investigation found that the fires on multiple floors in WTC 7, which were uncontrolled but otherwise similar to fires experienced in other tall buildings, caused an extraordinary event. Heating of floor beams and girders caused a critical support column to fail, initiating a fire-induced progressive collapse that brought the building down.

    In response to comments from the building community, NIST conducted an additional computer analysis. The goal was to see if the loss of WTC 7's Column 79—the structural component identified as the one whose failure on 9/11 started the progressive collapse—would still have led to a complete loss of the building if fire or damage from the falling debris of the nearby WTC 1 tower were not factors. The investigation team concluded that the column's failure under any circumstance would have initiated the destructive sequence of events.

  49. Please, not the old crank driven conspiracy theory by cold+fjord · · Score: 0 · on Facebook Features 9/11 Conspiracy Theory as 'Trending' (slashdot.org)

    After watching the collapse of Building 7 I have my doubts: https://youtu.be/Mamvq7LWqRU

    Nope. You need to look at this:

    NIST Releases Final WTC 7 Investigation Report

  50. Re: Not verifiably false. by cold+fjord · · Score: 0 · on Facebook Features 9/11 Conspiracy Theory as 'Trending' (slashdot.org)

    You don't seem to have understood the report. The report says the reverse of what you claim.

    NIST Releases Final WTC 7 Investigation Report

    The extensive three-year scientific and technical building and fire safety investigation found that the fires on multiple floors in WTC 7, which were uncontrolled but otherwise similar to fires experienced in other tall buildings, caused an extraordinary event. Heating of floor beams and girders caused a critical support column to fail, initiating a fire-induced progressive collapse that brought the building down.

    In response to comments from the building community, NIST conducted an additional computer analysis. The goal was to see if the loss of WTC 7's Column 79—the structural component identified as the one whose failure on 9/11 started the progressive collapse—would still have led to a complete loss of the building if fire or damage from the falling debris of the nearby WTC 1 tower were not factors. The investigation team concluded that the column's failure under any circumstance would have initiated the destructive sequence of events.