Slashdot Mirror


User: mysidia

mysidia's activity in the archive.

Stories
0
Comments
13,354
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,354

  1. Re:swerves? on Gov App Detects Potholes As Your Drive Over Them · · Score: 4, Funny

    Yes... this is probably really about detecting people texting while driving.

    If you have the app on your phone, and you pick your phone up while moving to start typing your text message, the phone will detect you have lifted it while driving; and immediately use satellite/GPS to determine your position, transmit the alert to the local authorities together with your phone's front-facing camera output.

    As police are homing in on your position, the facial recognition software will match your face and alert them to the make and model of your car, and they'll bust the driver for texting

  2. Re:My toaster doesn't provide IPv6 either on Cisco Linksys Routers Still Don't Support IPv6 · · Score: 1

    when is the toaster manufacturer going to send me a free upgrade?

    When you desolder the IPv4-only board you installed on your toaster, send it back, and ask them to upgrade it to the IPv6-only version for you. (Shipping and labor not included)

  3. Re:Comeon guys on Cisco Linksys Routers Still Don't Support IPv6 · · Score: 1

    Go easy on them, Cisco is such a small company and really there was no way they could have seen this coming./em>

    It's not Cisco's fault... they inherited the problem from Linksys.

    Now, if they had taken perfectly good IPv6 supporting Linksys models and re-released them as Cisco models with IPv6 support stripped out/disabled/locked requiring an extra paid license key, we'd have a story.

  4. Re:Who cares? on Cisco Linksys Routers Still Don't Support IPv6 · · Score: 4, Insightful

    When did people develop this sense of entitlement that every little cheap-ass consumer product they buy ought to be future-proof?

    We're not talking future-proof here. IPv6 is here, now, and yesterday.

    Usually consumers have a reasonable expectation their product be present-proof. If it claims to be a router, it should meet current versions of the internet standards, in regards to node requirements for routers.

  5. Re:Why would they? on Cisco Linksys Routers Still Don't Support IPv6 · · Score: 1

    What motivation would Cisco possibly have for providing firmware updates to old, cheap routers?

    So that bugs in new firmware versions cause old cheap routers to become less reliable and start running out of memory and crashing due to memleaks; assuring that they will be replaced with new [less cheap] routers.

  6. Re:I don't think they care. on Cisco Linksys Routers Still Don't Support IPv6 · · Score: 1

    It has been reaching users for many many years in the terms of ISP documentation requirements. This is why residential customers get a single IP address if their lucky.

    Uh.. residential customers got a single IP address for the past 10 years, when exhaustion was but a dream.

    Back in dialup days, there wasn't enough bandwidth and home networking was unheard of anyways, they only needed one IP.

    The practice carried forward into the broadband era... some broadband ISPs will allow multiple IPv4 IPs if you pay extra for each additional dynamic IP however.

    "More IP addresses" was seen as a market segmentation thing, an opportunity to charge users more $$$.

    It remains to be seen whether broadband users will even get a /64 in the IPv6 internet, let alone a /48 that IETF recommends.

  7. Re:I don't think they care. on Cisco Linksys Routers Still Don't Support IPv6 · · Score: 1

    More money doing it that way, why would the corp's do it before it's needed when it can induce another hardware upgrade cycle at higher profit margins?

    Either a 'hardware upgrade cycle' or a mass exodus to a vendor with mature IPv6 support.

  8. Re:Making False Assumptions on Are You Sure SHA-1+Salt Is Enough For Passwords? · · Score: 1

    On a technical note you assume that whoever coded the implementation of AES did not chose to make it so that it only decrypts a ciphertext with a valid password and otherwise returns "fail".

    No. That is not a necessary assumption. It is fine to decrypt a ciphertext with a key based on an invalid password; however, the HASH of the result will not equal the hash of the ciphertext decrypted using the legitimate password.

    Specifically: SHA256( AES_DECRYPT ( AES_ENCRYPT( SALT using key generated from PASSWORD ) ) ) using INVALID PASSWORD will not equal SHA256( SALT)

    It is not necessary for AES to "fail to decrypt" anything. The assumption is that the same ciphertext will decrypt to something different when the key used to attempt to decrypt it is different.

    This assumption is strongly tied to the assumption that "the only way to decrypt the ciphertext is to use the right key". If you could manipulate an incorrect key to decrypt the message, that would mean you have broken the cipher.

  9. Re:They don't necessarily get the salt on Are You Sure SHA-1+Salt Is Enough For Passwords? · · Score: 1

    I don't need the salt value, what I care about is the password, and the scheme does not add entropy to the password.

    No scheme can add entropy to a password: that is actually an impossible feat, aside from multiple user passwords, or multi-factor auth, where one factor's authenticator is encrypted using another of the user's factors or passwords. The purpose of salting is to prevent pre-optimization of a brute force attempt, to ensure each password has to be individually cracked, rather than 'looked up' in a table of common password hashes.

    Any additional encryption is merely to keep a representation of the password away from attackers. And yes, this does increase work for attackers.

    Especially if you don't stop there..........

    Key MKey_secret = master RSA secret key not stored on server, provided by admin at authentication program startup
    Salt S1 = generate_random_bits()
    Salt S2 = generate_random_bits()
    T = ENCRYPT_RSA(< HASH( ENCRYPT ( salt S1 with password K) ), ENCRYPT( salt S2 with salt S1 ), HASH( salt S2) > with MKey_public)
    A = HASH ( DECRYPT( T[2] with DECRYPT ( DECRYPT_RSA( T[1] using M) with K ) ) )
    Authenticate: Does A equal T[3] ?

  10. Re:They don't necessarily get the salt on Are You Sure SHA-1+Salt Is Enough For Passwords? · · Score: 1

    Sorry... I mean: server stores a vector T, after generating a 256-bit salt from a high-entropy source:

    T = < ENCRYPT ( salt with password K), HASH( salt S) >

    To authenticate, user submits K. Server computes

    A = HASH ( DECRYPT ( T[1] with K ) )

    If A = T[2], then we have successful authentication.

  11. Re:They don't necessarily get the salt on Are You Sure SHA-1+Salt Is Enough For Passwords? · · Score: 1

    The whole point of salt is to mitigate a dictionary attack.

    No.... the point of a salt is to prevent optimization of dictionary attacks by using rainbow tables, or making an efficient database of pre-computed common passwords (for example). Common uses of salts do not prevent dictionary attacks, they make them take longer and require more computational power.

    With your approach it would only take one dictionary attack to obtain the salt, and then another one (using the obtained salt) to obtain the password. Thus, you have merely doubled the amount of computation required to obtain the password.

    Um... I don't know what computational world you live in where requiring TWO dictionary attacks is merely doubling the effort required.

    In regards to, dictionary attacking the SHA256( AES_ENCRYPT( SALT using PASSWORD ) )

    It's really only one dictionary attack anyways....
    SHA256( AES_ENCRYPT( SALT using password guess ) ) eq Password Hash

    Once the right password guess is made, the salt is known to the attacker.

  12. They don't necessarily get the salt on Are You Sure SHA-1+Salt Is Enough For Passwords? · · Score: 2, Insightful

    When an attacker has root access, they will get your passwords, salt, and the code that you use to verify the passwords."

    Not if you encrypt the salt using the password.

    Password Hash = SHA256( AES_ENCRYPT( SALT using PASSWORD ) )
    Salt Hash = SHA256( SALT )

    Authentication: user enters password
    Does SHA256 ( AES_DECRYPT ( Password Hash using PASSWORD ) ) equal Salt Hash ?
    Yes: Password Entered Correctly
    No: Access Denied

  13. Re:No safe harbor here. on MPAA Sues Hotfile for 'Staggering' Copyright Infringement · · Score: 1

    If you are aiding the infringer in any way - or rewarding him for posting infringing content - you are dead. If you penalize the legitimate content provider you are dead.

    They aren't rewarding people for posting infringing content, they have a machine that automatically rewards people who post popular content.

    If you know you are hosting infringing content and do nothing about it you are dead.

    Not necessarily true... Google is probably knows there are certain to be some infringing videos on Youtube somewhere, and yet, they are still alive and well. Even if some of them get high ratings/more views, resulting in higher indexing position or having a side-effect of more advertising $$.

  14. Re:Why? on US Seeks Veto Powers Over New TLDs · · Score: 1

    Why do we need more TLDs? .museum, .name, .aero, .biz, etc. already seemed like they were pushing it.

    Because ICANN is governed by a board controlled by the big domain registrars and big corporations. AtLarge was a farce, and the DNS community's one board member was ditched. So really, only the registrars, TLD operators themselves have representation in deciding what will happen. The only input the community has is a "comments forum" that the ICANN board has demonstrated they ignore whenever they want to, or they ignore whenever the opinion the vast majority of the community has conflicts with their sponsoring organizations' business interests.

    Guess what big domain registrars and TLD registrar-operators want? More domains to sell.

  15. Re:Worldwide death toll on Oxford University Tests Universal Flu Vaccine · · Score: 1

    Here in Finland many children have got narcolepsy (for life!) as a "side effect" from the H1N1 vaccine.

    Children in Finland may have been diagnosed with narcolepsy.

    But I call bullshit on your claim this is a "side effect" from H1N1 vaccine. There is no evidence to suggest H1N1 vaccine can cause narcolepsy.

  16. Re:The FDA will never approve it on Oxford University Tests Universal Flu Vaccine · · Score: 1

    ...because it will shut down the Big Pharma Yearly Flu Jab Money Train.

    Actually... that may contribute to the reason the FDA will probably make the vaccine mandatory.

    Adding Flu to the list of diseases humans no longer need to worry about could be quite significant.

  17. Re:Fair Enough on Last.FM To Require Subscription For Mobiles and Home Devices · · Score: 1

    Great point, for you and the one other guy that bought a zune. To this day I still have not seen one in real life.

    To this day, I have not seen a Slashdot user in real life. I suppose that must mean there are only one or two out there.

  18. Re:From TFA: on FCC Moves To Convert Phone Fund To Broadband Fund · · Score: 1

    [Checks Slashdot name] . . . Oh, wait, maybe it is a good idea to subsidize folks who live on ranches in the boonies.

    *Fwap*

    You insensitive clod. I'm a nerd who lives out in the boonies 40 miles from the nearest major city, and i'm sick of having low speed net connections. I want city dwellers to pay an extra $40 month so it will be possible for me to have FTTH, dammit.

    The only thing that's messed up is the USF is tagged onto the phone bill. They should tag charges on to the health insurance, electricity charges, and social security taxes as well, so more people pay. Not everyone in the city gets a phone line, or internet service, believe it or not. But due to the new health care law, everyone has to buy health insurance, and an additional surcharge there could effectively fund broadband for everyone.

    Oh yeah, and it's not a ranch. It's heavily forested though, and the geography does not lend itself well to wireless.

    I'm happy to hear about city folks paying a little extra, so I can have some network connectivity. Otherwise... cities suck, because they cause broadband providers to serve city dwellers and ignore everyone else because it's selling overpriced services to city dwellers is a high profit market.

  19. Re:Fair Enough on Last.FM To Require Subscription For Mobiles and Home Devices · · Score: 1

    Content costs money. They've been providing it for free for a long time, and will continue to provide it for free in many cases. Asking a small fee to support their efforts hardly seem unreasonable.

    OK... fine then... as long as there is no advertising, a small fee is quite reasonable.

  20. Re:identity's? on Anonymous Isn't Anonymous Anymore · · Score: 1

    Don't you mean apostrophe's? ;-)

    No no no... Apostrophes'

  21. Re:My brain ... on Research Finds That Electric Fields Help Neurons Fire · · Score: 1

    ... is interconnected with UTP. No crosstalk problems.

    Yes, but there is still the problem of compromising emissions, and NSA agents secretly attaching electromagnetic bugs to your scalp while you're asleep, in order to monitor what you are thinking.

  22. Re:It sounds like on Research Finds That Electric Fields Help Neurons Fire · · Score: 1

    ...In fact, that is kind of the "magic" of AI. It is an alien intelligence--at least to our way of thinking. So this discovery may be a major hurdle for those attempting to simulate or emulate a human brain, but the ever-progressing field of Artificial Intelligence cares little for such things.

    Actually... I was thinking this discovery might be a major benefit for those attempting to interact with the human brain by using technology.

    If the brain uses electromagnetic fields for communication, or is able to integrate detection of electromagnetic fields into brain circuits, then perhaps it becomes possible to interact with and introspect the human brain in more ways by measuring electromagnetic fields that penetrate from inside the brain to outside the skull and vice-versa.

    This could accelerate cyberization and direct interaction between the human brain and computer-augmenting devices latched onto the skull without piercing the skin or being permanent implants.

  23. Re:"Everybody wins" mentality on Sputnik Moment Or No, Science Fairs Are Lagging · · Score: 1

    Some of the projects are absolute CRAP for the age level... thrown together overnight... judges should be able to say "Your project is CRAP... prepare for a job at Burger King"

    No, they should not; that is non-neutral. They are judges. Their job is to make value judgements about the projects based on the criteria of the contest, not to slam/insult participants. Value judgements: OK. Insults: No.

    They should be able to say: "The presentation is horrible. Your abstract is full of spelling errors and incomprehensible sentence fragments. The choice of colors for your posterboard clash, and the pink letters on red background are almost impossible to read. A caveman could have scribbled better diagrams. Your line graphs have a crooked axis. Your Conclusion doesn't address your question or the status of your Problem or Hypothesis in any way. Your experiment lacks a control, you do not have multiple samples per group, your experiment doesn't directly address the Problem, and my god.... did you say for the last test group in your experiment you were asking people to smell test the mixture of XXXX and YYYYY (insert noxious possibly poisonous/explosive substance)? "

    In short "Better pack up and try to do better next time."

  24. Re:The Ethicist is (mostly) right on Is Setting Up an Offshore IT Help Desk Ethical? · · Score: 1

    then setting up an offshore operation that provides for similar or superior standard of living to the same or greater amount of workers cannot be said to be unethical

    Companies that provide outsourcing services profit, because their costs of performing the work are lower than the costs of hiring the employees.

    Companies that provide offshore (overseas) outsourcing profit, because their costs of performing the work are lower than the costs of hiring a domestic outsourcing firm.

    The reason that costs are lower for the offshore outsourcing firm, is that they pay their employees lower wages, they pay fewer taxes, and the governments impose fewer requirements on them, in regards to workers' rights, Unions, protections for workers' safety, liability for worker safety issues, environmental regulations, insurance, and lower costs of educating workers.

    In other words.... there are more factors to be considered, then merely the "standard of living" of workers paid by the offshore outsourcing firm(s)

    Including things like workers' patriotic duties to their own country, to freedom, respect for human dignity, respect for the environment.

    Of course offshoring can be considered unethical.

  25. Re:Cool idea on Hotmail Launches Accounts You Can Throw Away · · Score: 1

    Good luck getting hold of someone at Microsoft who cares (their xbox side of things refuses +).

    So they accept hotmail generated addresses but refuse other providers' + e-mail addresses?

    Sounds like an anti-competitive practice... perhaps the FTC would get involved.

    I don't trust the spammers at M$ with my real e-mail address anyways. I use spamgourmet.com to generate throwaway e-mail addresses, which have a benefit of automatic expiration.