Slashdot Mirror


User: Junta

Junta's activity in the archive.

Stories
0
Comments
6,549
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,549

  1. Might not be bad... on 77 Million Accounts Stolen From Playstation Network · · Score: 4, Interesting

    There are two schools of thought here...

    If the passsword is stored as a hash on the server, then it is more resistant to attacks against the storage of the server. However, this does require the password be transmitted over the wire in one way or another on every connection. A man-in-the-middle attack with ip spoofing or dns cache poisioning has a non-trivial shot at compromising the password.

    If the password is stored 'in the clear' on the server side and treat the password as a shared secret, then *if* you design the authentication right, you render man in the middle infeasible with the tradeoff of storage attack being a large exposure. A common scheme is to have client have a packet, concatenate with the password, calculate hash, then strip password before transmit. Server then repeats calculation and only accepts payload if secret matches. Usually, server responses are protected the same way, meaning only the server you *meant* to talk to can meaningfully respond because it needs your password to calculate correct hash responses.

    All that said, it's also entirely likely that Sony has crypted hash passwords, but it's safer to say 'your password is compromised', because of how many users have passwords like 'yourmom65' rendering the hashing pointless.

  2. Re:Proper Linux Support? on ARM VP To Keynote AMD Developer Conference · · Score: 1

    I use AMD catylist with xbmc. I have the va-api implementation and it works all right.

  3. Re:Which is easier to believe? on Bizarre Porn Raid Underscores Wi-Fi Privacy Risks · · Score: 2

    Wonder what would have happened if he kept financial records or embarassing, but legal porn in a truecrypt/ecryptfs/etc volume. What if he had a work computer that had full disk encryption because his company said so. Or what if he installed with encrypted everything because the check mark was there.

    Would they have presumed the kiddy porn was the place they couldn't read?

  4. Not a 'scam' on Why People Should Stop Being Duped By the 3D Scam · · Score: 3, Insightful

    The effects are self-evident, there isn't some unfulfilled promise of what it is or some sort of placebo effect making people think things look different, it just is different. It's a feature that one can evaluate and decide for themselves what they think. I personally am waiting because I recognize the flaws in the current system and will see if they get better.

    Now he does hit upon some points of interest:
    -Adding 3D after the fact. For rendered movies, it's not too hard to do right (add 'camera' with offset, re-render), but live-action stuff is indeed awkward and I hear the biggest source of complaints about headaches.
    -Less defined picture. With polarized lenses, this is true. You are effectively halving the resolution of the screen. On the other hand, shutter glasses will preserve the resolution at the expense of refresh rate, but that's compensated by 240 Hz displays. However I do find shutter glasses a tad awkward with the battery and cost. Instead of 1920x1080 displays with 240 Hz and shutter glasses, I'd prefer 1920x2160 with 120 Hz and polarized lenses (or double the column count).

    However, his gripe about TVs supporting 3D is off the mark. A TV isn't magically 3D only if it has the *capability* of doing 3D. You can still do it fine and sometimes the requirements for 3D drive enhancements that up the quality standard for 2D viewing. An exception to this could be auto-stereoscopic displays, which would cause me concern depending on how much resolution they provide.

  5. Also appears to contain typical RIM.. on RIM BlackBerry PlayBook: Unfinished, Unusable · · Score: 2, Interesting

    I admit I haven't tracked Blackberry much, but I remember many of us at worked had smartphones that implemented general standards (e.g. becoming a usb mass storage for getting files on and off via usb cable). Meanwhile, the blackberry users were still forced to use weird, proprietary programs to get at the device because RIM wouldn't implement standards. Once upon a time, this was typical, just like Palm's Hotsync, but those days should be long behind us except that RIM props it up.

    Then I read in a review that the playbook does the same BS, requiring proprietary, RIM-only software that only works with Windows and OSX. Most of the world has this figured out, don't see why RIM is still going this route.

    Then I see they decided to tie email/calendaring etc to a blackberry handset with *no* option to do it without it. Further complicating things, it looks like AT&T forbade it on their stuff.

    Even with new shiny UI elements, they are in many ways stuck in their annoying ways. Of course, it's probably no coincidence they are annoying as hell *and* are so popular in the 'enterprise' space.

  6. Re:Is there a story here? on Leaked Activision Memos Compare CoD, Guitar Hero · · Score: 1

    I would dare say a good rule of thumb is if you have a special large or complex controller that needs time to be dragged out or otherwise constantly impose on your living space, it's doomed to be a fad at best. Rock Band/Guitar Hero/Dance Dance Revolution/PowerPad/PowerGlove/Activator.... all of these either enjoyed a limited life or failed on the launchpad because they are just a big hassle to use even when they work exactly as promised. I would say *this* is the main risk factor, not the 'limited' gameplay. Truth be told, any game series can feel repetitive and like there is no where to go. It's just that the threshold for getting bored with something is considerably lower when you have to dig out crap every time you play or have to kick it out of the way for the next special thing.

  7. Re:Kill it with fire (but keep the base PSP going) on Sony Reportedly Ends PSP Go Production · · Score: 1

    IIRC, games would render at a certain resolution within a very large black border, using such a small part of the screen that none of the scaling modes in my TV could make a dent in the border that much. I think I read they treated UMD movies differently, but never had the slightest interest in those.

  8. Re:Kill it with fire (but keep the base PSP going) on Sony Reportedly Ends PSP Go Production · · Score: 1

    TV out was crap though (unless they changed it for PSPGo), as it would not fill either dimension of the screen, had a thick black border all around.

    Having to choose between the baked in flash (which can be mitigated with memory sticks)+Bluetooth (If they had made the TV output actually good, the Sixxasxis could have been cool, but otherwise) and being able to play the large volume of UMD only games... Yeah I'd take the latter.

  9. Re:Them new DE's, man on 5 Out of 11 Crashed Unity In Canonical's Study · · Score: 1

    I don't see WinXP/2k as fundamentally more or less reliable compared to Linux. In Vista/7 land, I'll grant their graphics driver model affords better automagic recovery from a video driver crash.

    Usability wise, I suspect either the bitching and moaning is not reflective of everyone, or Gnome2 will continue and displace Gnome3. KDE3 also has an ongoing port, but ultimately KDE4 has grown into a mostly viable desktop (though it irks me in various ways by default). In Windows land, for a user like me, there is *no* innate capability that matches window title search. That quickly became my must-have feature when I got it. I also like being able to move/resize windows from anywhere inside using a modifier-click.

  10. Re:Do Mobiles really need IPv4? on Asia Runs Out of IPv4 Addresses · · Score: 1

    the likelihood of connecting, directly, with anything on IPv4 that does not support IPv6 is drastically lowered

    I presume you mean that *provided* that the carrier does NAT64+DNS64 a mobile phone will be ok, not that a phone never needs to talk an IPv4 only server. With that clarification in place, I'd concur.

  11. Re:Why? on Windows 8 Early Build Hints At Apple, WebOS Competitor - EWeek · · Score: 1

    I knew of core, and it doesn't count as decoupled IMO, but instead GUI with one terminal, but the EMS console is indeed a true serial console. You can still start notepad in a core edition. If the core edition did not have a GUI, it couldn't do some third-party software, which really is the heart of Microsoft's hold on the market.

  12. Re:Why? on Windows 8 Early Build Hints At Apple, WebOS Competitor - EWeek · · Score: 1

    The SAM database does indeed store poorly salted hashes. If you need to do NTLMv1 and v2, you need two hashes (if the server had access to the cleartext, it wouldn't need both hashes to do the two). All that said, NTLM is just a horrible horrible protocol that should have been retired approximately 5 seconds after the release of Win2k, when they finally caught up to the *nix world in capability.

  13. Re:Why? on Windows 8 Early Build Hints At Apple, WebOS Competitor - EWeek · · Score: 4, Insightful

    Stability

    I can't honestly complain any more. They have even go so far as a video driver crash being less fatal for them than Linux. Linux may be able to survive a video driver crash, but anything on the UI dies, and that's not the case for MS. They have made a lot of improvements here.

    Security

    They have managed to make most people stop running as administrator, with a 'sudo-like' implementation. Now I've heard mumblings about that being trivial to bypass (though I haven't seen it), which would be a critical flaw. They don't open a lot of services by default anymore. Largely any insecure behavior is non-default and the fault of users (either enabling features or misusing them). Their NTLM hashes they store on disk are pitifully weak, which could be improved, but only relevant if that is attacked. NTLM was/is a horribly insecure network authentication, but AD is a valid Kerberos approach and NTLM *shouldn't* be used if MS is used as intended. Overall, their security isn't bad.

    command shell

    I will say PowerShell is an improvement. I do think it borders on counterproductive pride as to why they don't have anything quite as simple as plain-ol-bash. Also, why they don't implement SSH for a nice common protocol instead of their WMI crap for remote command execution.

  14. Re:Why? on Windows 8 Early Build Hints At Apple, WebOS Competitor - EWeek · · Score: 3, Insightful

    So I'm a linux person through and through, but it's about the flexibility the platform offers, and I no longer feel justified in criticizing MS over the 'basics' with their improvements.

    scalability

    If you refer to the OS running on enough cores, I haven't heard of a technical limitation. I think they do have various arbitrary limits on their licensing, but the software developers have done the required work. Maybe someone can point out scheduling deficiencies or poor placement decisions in a NUMA architecture, but I've not heard that. Keep in mind this discussion is on the desktop, which probably will be non-numa and no more than 6 or 8 cores.

    Modularity

    They used to be more modular in their install, but the sad reality is 99% of people couldn't be arsed to think about it, so the default experience is less customizable. Even linux installers have trended toward skipping package selection. Other than that guess, it would need some specifics to understand exactly what you want.

    Platform support

    If you mean supporting other architectures (e.g. ARM), that was precisely one goal they already announced. I personally think this is a pointless endeavor for them unless they give some magical ability to run x86 binaries everywhere without horrible performance degredation. MS has tried repeatedly to support other architectures, but the reality is x86 is where the applications are and MS doesn't have a particularly special offering that people intrinsically want if not for the x86 applications.

    Window management features

    Ok, I'll give you that one of the big reasons I stay away from Windows is the relatively incapable window management stuff, but at the same time, I have to presume they think the features 'we' would want would confuse their main target market.

    Speed

    In my experience, I haven't seen anything particularly slow about Windows. This is probably one area I've never been able to complain except for disk IO due to Vista defaults that got toned down.

    Decoupling of the GUI from the os

    The only thing they would gain here is the ability to run an systems without any video chip, which they have no hope in hell of winning. If you refer to the ability to manage them via serial console *in addition* to video, they do have serial console support to do some basic things including starting CMD/PowerShell. Sure, we love our VTs on occasion, but a very small minority of people use them except when they *have* to. Perhaps inherent capability to ssh in and get cmd/powershell would be nice, but getting rid of the GUI on VGA console won't really win them anything in the market.

  15. Re:skeptical ... on New Gasoline Engine Prototype Claims 3X Current Engine Efficiency · · Score: 1

    I agree that slow spin-up/spin-down seems unlikely, just pointing out a CVT can't fully correct for that. I'd say it's the low power output that's the 'hybrid-only' speak, but I also agree that techs that *claim* this sort of stuff are a dime a dozen and I too will believe it when I see it.

  16. Re:skeptical ... on New Gasoline Engine Prototype Claims 3X Current Engine Efficiency · · Score: 3, Interesting

    The only concrete spec I could find that could be tied to this was the 25 kw (33 hp) power max. That might be enough to have somewhat more-than-required power at unambitious cruising speeds, but would absolutely not be able to deliver sufficient acceleration and therefore need to save up excess capacity (when available) in a battery and delivered via an electric motor.

    Also, hypothetically, if the spin-up time was ludicrously slow, a CV would not help a car go from a stopped position up to highway speed.

  17. Re:Netflix Sucks Because The Content Owners Suck on All Star Trek TV Coming To Netflix · · Score: 1

    Considering this is about Netflix *streaming* which doesn't currently act like that, a rant on the state of DVDs (rented or not, they do the same crap if your dvd player actually honors the 'no skip' requests in the media, which some don't) is a bit off topic.

  18. Re:In related news... on All Star Trek TV Coming To Netflix · · Score: 2

    I have a Linux HTPC because it was the easiest to get to work with what I wanted *and* I didn't see a compelling reason to pay Microsoft a license fee when my primary use is *easier* in linux. I could buy more devices, but you know, I like my home theater to be straightforward and the more devices I am forced to buy the more that goal diminishes. I have one HDMI port, that has my HTPC connected. If I wanted another HDMI device, I'd have to upgrade my TV, stereo, or buy an HDMI switcher. Depending on what happens, I may need more button presses on more remotes to change between what I'm doing.

    This isn't particularly being anti-Microsoft, it's being for a straightforward experience that doesn't require a box for every little thing I want to do.

  19. Re:In related news... on All Star Trek TV Coming To Netflix · · Score: 1

    You presume it's not legal content on his NAS.

    Given the context of the thread starting off with Pirate Bay already had it, I think it's a reasonable assumption.

    Wouldn't seeder/leecher / download statistics also correlate to the level of interest people have in Star Trek?

    Now figure out how to buy lunch based on those download statistics. I do wonder though how netflix pays for streaming rights and by extension how closely studio revenue maps to viewer interest.

    Except that anybody who's been reading about Star Trek is more likely to get the idea that people loathe Star Trek.

    Well, I think both you and the parent post are off the mark. Actors by and large will be available for whatever the studios pay to do. I don't think actors will be specifically financially drawn to Star Trek knowing it's on netflix with dreams of dollarsigns yet I think they will be dissuaded by various mumblings either.

    That $8. You're right, that's not a hardship. It's also not exactly a cash cow - and a good chunk of it is going to Netflix, not to the people "who produce our entertainment".

    This is probably the most counter-productive sort of thinking that content producers can have when dealing with an essentially unlimited 'supply'. You focus on one individuals contribution as if paying so little makes them unworthy of enjoying the content. Economics is not about such a petty concern. You want to maximize total profit. We are talking about a market with trivial per-unit cost resulting in effectively unlimited supply allowing the provider to price solely based on demand. So you have a $250 way of getting your content and let's say 100 people think it's worth paying that in a certain population, you got $25,000 out of that population. Now let's say you allow the same experience for $8. Now you get 10,000 people out of the same population willing to go in and you've just made $80,000, aver three times as much. The economic choice is clear, $8 is the winner in this hypothetical, but many content producers will allow pride to overrule good judgement and feel insulted that people who could only be arsed to spend 8 bucks 'get' to enjoy their stuff..

  20. Re:Go /. spin machine, go! on Facebook Opens Their Data Center Infrastructure · · Score: 1

    I would have expected more in-depth techinical stuff (e.g. the expensive part of designing a system that facebook certainly outsourced) if it were a 'legitimate' open hardware project.

    They may genuinely think they did something fancy though, I admit. Many customers don't go this in-depth on their requirements or mechanical designs, but they barely scratch the surface of the complexity of actually building any of the components. Of course, that's the case of most 'open hardware' involving complex things, you still are buying the stuff from a board vendor who has the physical capability of making the boards. The rest of the exercise is a dressed up homebrew capability of x86 systems from the inception of the PC before the word 'open' was cool.

  21. Re:Finally, no video system on a server on Facebook Opens Their Data Center Infrastructure · · Score: 1

    But if you want your server vendor to be replaceable, suddenly you have another system where the port you need is now ttyS1 when you had been using ttyS0. Or the BMC can only do 57600 wheras you have been doing 115200.

    In short, yes there are several firmwares than all this can work. It would be a *lot* better if the board designers had a way of automatically describing the serial console capabilities to the kernel so that serial console would work after the kernel tears down frimware handling of IO.

  22. Re:POE LED lighting on Facebook Opens Their Data Center Infrastructure · · Score: 1

    I don't see how POE is inherently 'efficient' *if* it's a power-only connection. I can see it as convenience if you have gobs of ethernet ports and you don't want to run cable, but otherwise I'd think a more simplistic circuit would do the job as good or better.

  23. Re:Finally, no video system on a server on Facebook Opens Their Data Center Infrastructure · · Score: 0

    They all take hardware design seriously, but if they put out a system without some sort of video, sadly, 98% of their customers won't buy it because they aren't confident in it.

    MS users rarely ever know MS can be managed via serial and even those that do know there is a high chance some third-party software won't be manageable. Employers certainly know random tech off the street will need video on MS to get by.

    Even amongst Linux users who likely would be using nothing more than a text interface, there are serious issues. For one, Linux implements *no* method for the system firmware to describe serial output. So you can't put in arbitrary linux boot media without first tweaking the kernel command line. There exists a specification for firmware to communicate this data, but it's considered IP of Microsoft and forbidden to Linux. One could argue for a sophisticated environment making their own boot infrastructure with standards baked in this wouldn't be much of an issue, but many places aren't that sophisticated and even those that are face different servers with different preferred ttyS and baudrates. If Linux implemented some sort of communication path and had some big hitters make it a requirement or if MS came out and said 'any OS is entitled to parse the serial settings', that could change things.

    Finnaly, for some people, serial just has some unavoidable limitations. I agree that serial is the best and a good infrastructure will maintain a long running record of serial output that is far superior than crash cart use, but in the more lazy 'crash cart' scenario, video is better because the framebuffer can show the error or panic output that induced you to connect the crash cart whereas in serial, once the output is done it is gone forever if noone was paying attention.

  24. Re:Go /. spin machine, go! on Facebook Opens Their Data Center Infrastructure · · Score: 1

    Easy, it reads less like a prescriptive howto and more of a blend between fluff about being green for the public and a requirements document for Tyan, SuperMicro, Asus, and any other board vendor that they might not have thought to explicitly include in their procurement process before. There isn't particularly much that is immediately actionable for datacenter builders.

  25. Mostly meanignless.... on Facebook Opens Their Data Center Infrastructure · · Score: 2, Insightful

    Looking over the site, it's mostly warm fuzzies (look how green we are) and obvious (the system board specs are mostly bog standard reference designs). The chassis aren't particularly dense or make efficient use of the airflow, and no system vendor can ship implementations of this without running afoul of FCC regulations. There seems to be a lot of thought centered around a tech doing in-depth failure analysis of a failed board in person when even base boards come with IPMI implementations that allow all that to be done remotely. ROL is frankly a horribly dumb idea when you have IPMI capability in nearly every server board with acknowldgement and security. I know I'll get hit with people saying that IPMI costs extra, but the essentially free variants are sufficient to remove the RS232 connector and compete with 'ROL'. The free variants also tend to be flaky and sometimes need static arp tables, but so does WOL (in effect).