Slashdot Mirror
Target's Data Breach Started With an HVAC Account
Jim Hall writes "Security blogger Krebs reports that Target's data breach started with a stolen HVAC account. Last week, Target said the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Sources now claim that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers. Attackers stole network credentials from Fazio Mechanical Services, then used that to gain access to Target's network. It's not immediately clear why Target would have given an HVAC company external network access, or why that access would not be cordoned off from Target's payment system network."
If Beta was hot grits, then Natalie Portman would be driving Beowulf cluster of HUGOs!
why Target would have given an HVAC company external network access, or why that access would not be cordoned off from Target's payment system network
Because they have just one big unified network for everything. That probably saves them money, unless something really bad were to happen...
Better known as 318230.
Please post this to new articles if it hasn't been posted yet. On February 5, 2014, Slashdot announced through a javascript popup that they are starting to "move in to" the new Slashdot Beta design. Slashdot Beta is a trend-following attempt to give Slashdot a fresh look, an approach that has led to less space for text and an abandonment of the traditional Slashdot look. Much worse than that, Slashdot Beta fundamentally breaks the classic Slashdot discussion and moderation system. If you haven't seen Slashdot Beta already, open this [slashdot.org] in a new tab. After seeing that, click here [slashdot.org] to return to classic Slashdot. We should boycott stories and only discuss the abomination that is Slashdot Beta until Dice abandons the project. We should boycott slashdot entirely during the week of Feb 10 to Feb 17 as part of the wider slashcott [slashdot.org] Moderators - only spend mod points on comments that discuss Beta Commentors - only discuss the Beta - Vote up the Fuck Beta stories Keep this up for a few days and we may finally get the PHBs attention. Discussion of Beta [slashdot.org] Discussion of where to go if Beta goes live [slashdot.org] Alternative Slashdot [altslashdot.org]
Maybe this is why we have the slashdot beta issue, something came in with the HVAC account at dice. It sucks enough that the HVAC system might be to blame.
Time to offend someone
Please post this to new articles if it hasn't been posted yet.
On February 5, 2014, Slashdot announced through a javascript popup that they are starting to "move in to" the new Slashdot Beta design.
Slashdot Beta is a trend-following attempt to give Slashdot a fresh look, an approach that has led to less space for text and an abandonment of the traditional Slashdot look. Much worse than that, Slashdot Beta fundamentally breaks the classic Slashdot discussion and moderation system.
If you haven't seen Slashdot Beta already, open this in a new tab. After seeing that, click here to return to classic Slashdot.
We should boycott stories and only discuss the abomination that is Slashdot Beta until Dice abandons the project.
We should boycott slashdot entirely during the week of Feb 10 to Feb 17 as part of the wider slashcott
Moderators - only spend mod points on comments that discuss Beta
Commentors - only discuss Beta http://slashdot.org/recent [slashdot.org] - Vote up the Fuck Beta stories
Keep this up for a few days and we may finally get the PHBs attention.
Discussion of Beta: http://slashdot.org/firehose.pl?op=view&id=56395415
Discussion of where to go if Beta goes live: http://slashdot.org/firehose.pl?op=view&type=submission&id=3321441
Alternative Slashdot: altslashdot.org
http://slashdot.org/?nobeta=1
Use it while you can, because they say they're gonna take it away soon.
The design of their security. They should redesign it by committe. Here are some suggestions for your Target Security Beta:
* More whitespace. Credit card thieves hate whitespace.
* Big goofy graphic before they can steal your credit card info
* Force a lot of scrolling, this will definitely send attackers away
* Make the store look like Buzzfeed. This will send them screaming.
Under [pure] Bitcoin, only the owner of money can initiate a transaction.
Might as well give HVAC vendors access to the slashdot beta servers so they can destroy it as well.
The weakest link won't be the shiny titanium front door.
I swear to God...I swear to God! That is NOT how you treat your human!
Please post this to new articles if it hasn't been posted yet.
On February 5, 2014, Slashdot announced through a javascript popup that they are starting to "move in to" the new Slashdot Beta design.
Slashdot Beta is a trend-following attempt to give Slashdot a fresh look, an approach that has led to less space for text and an abandonment of the traditional Slashdot look. Much worse than that, Slashdot Beta fundamentally breaks the classic Slashdot discussion and moderation system. If you haven't seen Slashdot Beta already, open this in a new tab. After seeing that, click here to return to classic Slashdot.
We should boycott stories and only discuss the abomination that is Slashdot Beta until Dice abandons the project.
We should boycott slashdot entirely during the week of Feb 10 to Feb 17 as part of the wider slashcott
Moderators - only spend mod points on comments that discuss Beta
Commentors - only discuss Beta
http://slashdot.org/recent [slashdot.org] - Vote up the Fuck Beta stories
Keep this up for a few days and we may finally get the PHBs attention. Links of note:
Discussion of Beta: http://slashdot.org/firehose.pl?op=view&id=56395415
Discussion of where to go if Beta goes live: http://slashdot.org/firehose.pl?op=view&type=submission&id=3321441
Alternative Slashdot: altslashdot.org
IRC Discussion: freenode #slashdot-refugees
The marked-up text of this comment can be found at http://pastebin.com/UdLBWbs6
BETA must have started with an HVAC account as well; that's why it sucks so badly.
Do you actually pay to use slashdot or are you complaining about a service you use freely that is no longer up to your high standards?
**NOW WITH LINE BREAKS**
Please post this to new articles if it hasn't been posted yet.
On February 5, 2014, Slashdot announced through a javascript popup that they are starting to "move in to" the new Slashdot Beta design.
Slashdot Beta is a trend-following attempt to give Slashdot a fresh look, an approach that has led to less space for text and an abandonment of the traditional Slashdot look. Much worse than that, Slashdot Beta fundamentally breaks the classic Slashdot discussion and moderation system.
If you haven't seen Slashdot Beta already, open this [slashdot.org] in a new tab. After seeing that, click here [slashdot.org] to return to classic Slashdot.
We should boycott stories and only discuss the abomination that is Slashdot Beta until Dice abandons the project.
We should boycott slashdot entirely during the week of Feb 10 to Feb 17 as part of the wider slashcott [slashdot.org]
Moderators - only spend mod points on comments that discuss Beta
Commentors - only discuss the Beta - Vote up the Fuck Beta stories
Keep this up for a few days and we may finally get the PHBs attention.
In case Slasdot forks...I suggest if someone wants to register with user name that exists on slashdot, ask him to post a slashdot comment containing a particular key, and then give that comments's link. This way, we will know that Anne_Nonymous is Anne_Nonymous etc.
With the beta you can only see 3 or 4 whiny replies per page on a big screen.
No way I'm scrolling through thousands of them.
I don't think I could be arsed to read through many good ones either.
Buh Bye
P.S. It automatically ate my line breaks. Funny it wants to save space by removing actual message formatting.
It might be "easier" to run a unified network but that doesn't explain why they ignored PCI laws.
It's good thing to remember as they take you (the target CTO) off to prison.
After my nap I had a fantastic idea. If I copy classic Slashdot web page and post to beta, maybe, maybe beta change to classic. I hope I fix beta and everyone will be happy again Slashdot Log out oRCAD Monkey Submit Newsletter Jobs Channels SlashTV rss stories submissions popular blog ask slashdot book reviews games idle yro cloud hardware linux management mobile science security storage Slashdot journal entries can be automatically submitted as stories Newer Older Target's Data Breach Started With an HVAC Account Posted by samzenpus on Thursday February 06, 2014 @04:05PM from the sneaking-in dept. Jim Hall writes "Security blogger Krebs reports that Target's data breach started with a stolen HVAC account. Last week, Target said the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Sources now claim that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers. Attackers stole network credentials from Fazio Mechanical Services, then used that to gain access to Target's network. It's not immediately clear why Target would have given an HVAC company external network access, or why that access would not be cordoned off from Target's payment system network." Read the 20 comments xsecurity story Military Electronics That Shatter Into Dust On Command Posted by samzenpus on Thursday February 06, 2014 @03:22PM from the poof-it's-gone dept. First time accepted submitter MAE Keller writes "Two U.S. companies are joining a military research program to develop sensitive electronic components able to self-destruct on command to keep them out of the hands of potential adversaries who would attempt to counterfeit them for their own use. From the article: 'Last Friday DARPA awarded a $2.1 million contract to PARC, and a $3.5 million contract to IBM for the VAPR program, which seeks to develop transient electronics that can physically disappear in a controlled, triggerable manner.'" Read the 129 comments xbetatest xmilitary xtechnology xditchbeta xvaprware story The Standards Wars and the Sausage Factory Posted by timothy on Thursday February 06, 2014 @02:40PM from the these-things-take-time dept. Esther Schindler writes "We all know how important tech standards are. But the making of them is sometimes a particularly ugly process. Years, millions of dollars, and endless arguments are spent arguing about standards. The reason for our fights aren't any different from those that drove Edison and Westinghouse: It's all about who benefits – and profits – from a standard. As just one example, Steven Vaughan-Nichols details the steps it took to approve a networking standard that everyone, everyone knew was needed: 'Take, for example, the long hard road for the now-universal IEEE 802.11n Wi-Fi standard. There was nothing new about the multiple-in, multiple-out (MIMO) and channel-bonding techniques when companies start moving from 802.11g to 802.11n in 2003. Yet it wasn't until 2009 that the standard became official.'" Read the 136 comments xit xwireless xnetworking xbureaucracy xorganization story New Type of Star Can Emerge From Inside Black Holes, Say Cosmologists Posted by Soulskill on Thursday February 06, 2014 @02:00PM from the cross-black-holes-off-your-list-of-good-hiding-places dept. KentuckyFC writes "Black holes form when a large star runs out of fuel and collapses under its own weight. Since there is no known force that can stop this collapse, astrophysicists have always assumed that it forms a singularity, a region of space that is infinitely dense. Now cosmologists think quantum gravity might prevent this complete collapse after all. They say that the same force that stops an electron spiraling into a nucleus might also cause the collapsing star to 'bounce' at scales of around 10^-14cm. They're calling this new state a 'Planck star' and say its lifetime would match that of the black hole itself as it evaporates. That raises the possibility t
There are readers and contributors. Slashdot acknowledges some people as meaningful contributors by allowing them to disable ads. So, yes. We contributors ARE paying to use the site by offering our content. We're not giving the content for free, we get compensated in the form of a site that lives up to our high standards. So, when the compensation fails to be adequate, we must be vocal. We understand that we can stop using the "free" site at any time. We become vocal in hopes it doesn't have to come to that.
Not as good as the one about self-destructing chips, still pretty good
Rename the beta site and call it "DiceNews for Dicks". Then load it up with stories about the Deport Justin Beiber Movement http://www.google.com/url?sa=t... and news for Kardashian stories https://www.google.com/search?...
Leave Slashdot alone!
Watch 'Community' on NBC. You'll see that the HVAC people are the hidden power in our civilization. Be very afraid.
turn of javascript for slashdot.org, fsdn.com, googleadservices.com and truste.com.
problem solved.
It will soon change to: "as our audience migrates". Keep up the discussion outside of their moderation power over on reddit: http://www.reddit.com/r/social...
They probably have it all on one network so they can easily correlate the data. HVAC settings will influence purchases and a smart store is dynamically setting temperature to maximize sales volume, although within certain constraints.
This "protest" is generating quite a few page views.
just say'in.
Do you actually pay to use slashdot or are you complaining about a service you use freely that is no longer up to your high standards?
We pay in two ways. Well, three, if you include those that pay directly. But otherwise, we pay by contributing, and we pay by watching ads.
After seeing what the new beta site looks like, in the future "being slashdot'd" will mean being destroyed by someone who does not understand what they are destroying.
That will soon change to "as our audience migrates away". This needs more attention outside of the moderators' control. Continue over at reddit: http://www.reddit.com/r/social...
Beta sucks
FUCK BETA
Where do people get this strange notion that the hosters of free services should never receive negative feedback?
They provide the service for free because they want people to use it (usually for ad revenue, though there are other motivations). If people don't like it, they won't use it. Providing negative feedback informs the providers that something is driving users away, which suggests changes that could increase usage, which is ultimately what the provider wants.
Receiving something for free does not negate one's right to complain about it.
Did the software have fixed passwords / users?
Some software needs an fixed login to work.
Uh well, yeah he's paying for it so I would say he is...
Central Ohio Home Theater Installation - The Theater People
Target fucked somewhere between 40 million and 110 million people. DICE is now trying to fuck something south of half a million people.
Cut this shit out. Revert. Take the DICE Marketing department out for a nice big lunch, drinks and all. Then send them home for the weekend. Then undo the damage they've done.
I'm sadly sure that this is an intentional ploy to drive away long-time users ("geeks" and "nerds") who have contributed so much that, like me, they're eligible to disable advertising. What they don't understand is that even if my karma was shit (we don't get numbers anymore, I guess mine would be 50++++++), I'd still be using Ghostery and AdBlock to block the ads without Slashdot's generous option.
Wake up, guys. This is a tech site. The comments make the site. The users make the site. We aren't going to sit around and watch it go to shit. You will have nothing, ZERO left if the beta interface goes into production, except for a few new users who came over from MSNBC.
Writing, wall, see it, hope you have negotiated a nice severance package.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
I have gone through this exact same "logic" at places where I've worked. It's impossible to explain to some people that ... while the person putting in X may be completely honest you are depending upon that person to have as good security practices as you have.
Except that that person does not have any idea of what network security is. Or computer security.
But it will make it easier if vendors X, Y and Z have remote access to their systems which are on the production network.
It will be more difficult if we have to pay an ISP for the cheapest line they have and colour-code it and label it and super-glue it so that they have access but it does not touch the production network. At least not without someone coming in and physically re-wiring it.
Yes, that is right, the Beta UI of Slashdot is the best invention ever. I am sure that the HVAC system could also benefit from it. Who wouldn't want a system that looks like 'any other site', feels un-nerd-like and is guaranteed to drive away advanced users ! In the end, the system is sure to draw the attention of only those people that want to spend time spamming and trolling. I think it is a great idea for that purpose...
That, and Beta sucks.
Visit the Wiki at http://altslashdot.org/
Come on IRC channel #slashdot at irc.slashnet.org. Or use the web client: http://www.slashnet.org/webclient
We can rebuild this site anew!
Dear Dice:
I am the audience. I read more than I contribute. I've been coming here a long time and have learned a great deal, even to the point I can once in a blue moon contribute. I've even clicked a couple ads. If the contributors leave so will I, I'll follow. Spot on, this is just a chalkboard. Sites come and go. It's a pity to see Slashdot devolve, but it happens. On the bright side Dice, you'll still have your chalkboard and chalk.
Here is Dice's "Contact Us" page. [diceholdingsinc.com] Everybody be sure to call them tomorrow using whatever numbers from that page you can get to ring. Tell every darn receptionist in every darn one of Dice's holdings, along with anyone you can get them to connect you to, that the Slashdot beta is terrible and you won't shut up until it goes away. Fax them a well-illustrated complaint or two or three. Send them a choice letter via snail mail, along with whatever memorabilia you wish.
They keep soliciting our feedback, they can get our feedback, right where it counts.
Spread the word by mentioning this in every article's comments.
The most obvious contact points are:
Dice Holdings Inc.
1040 Avenue of the Americas, 8th Floor
New York, NY 10018
T: 212-725-6550
F: 212-725-6559
Slashdot
594 Howard St Suite 300
San Francisco, CA 94105
Tel: +1-877-433-5638
www.slashdot.com
capcha = wretch !!
I cannot comment on this story because I can only display 2 comments at a time on the screen - despite there being loads of unused real estate down either side of the page. I'll spend the rest of the evening srolling down to see if I can work out who is saying what....
Just called the owner of Slashdot on 212-725-6550, even his secretary knows already the subject in advance.
The redesign of Slashdot, I think they got the message, but maybe you have to make sure...
Because good security, like anything else worth buying, costs $$$. So it looks like a loss on the books. Remember, "the books" don't show the loss Target's taking in lost trade until the trade is lost by incidents like this. And even then, I'll be they don't do very much other than put some cosmetics on their system.
For the same $tupid reason: "The $tockholder$ won't like it."
Do you actually pay to use slashdot or are you complaining about a service you use freely that is no longer up to your high standards?
You do realize that even subscribers to Slashdot are getting the shaft here too? Some people actually are paying for Slashdot, so shut the F*** up about this kind of reasoning and learn a bit about what people are complaining about.
Either A) some IM, email, or trouble ticket system, or B) remote setting of network enabled thermostats and diagnostics of HVAC units remotely. And the submitter can't think of that? Then why post it. And why not segregate the payment system? Uh, cause that costs money to do, and PCIDSS is a fucking stupid thing 99% of the time. It is only used to blame retailers instead of making the Vendors and Card companies design and ensure airtight security, as it should be. Does make one wonder why any retailer POS system should travel on the Intertubes and networkable systems, though, instead of fixed landline. (Yeah, unrealistic, but if the credit card industry won't man up and take responsibility then maybe that's what they should be relegated to.)
I honestly don't understand what the fuss is about.
Your links are broken; see html source in my pastebin...
Please post this to new articles if it hasn't been posted yet. (Copy-paste the html from here so links don't get mangled!)
On February 5, 2014, Slashdot announced through a javascript popup that they are starting to "move in to" the new Slashdot Beta design. Slashdot Beta is a trend-following attempt to give Slashdot a fresh look, an approach that has led to less space for text and an abandonment of the traditional Slashdot look. Much worse than that, Slashdot Beta fundamentally breaks the classic Slashdot discussion and moderation system.
If you haven't seen Slashdot Beta already, open this in a new tab. After seeing that, click here to return to classic Slashdot.
We should boycott stories and only discuss the abomination that is Slashdot Beta until Dice abandons the project.
We should boycott slashdot entirely during the week of Feb 10 to Feb 17 as part of the wider slashcott
Moderators - only spend mod points on comments that discuss Beta
Commentors - only discuss Beta
http://slashdot.org/recent - Vote up the Fuck Beta stories
Keep this up for a few days and we may finally get the PHBs attention.
-----=====##### LINKS #####=====-----
Discussion of Beta: http://slashdot.org/firehose.pl?op=view&id=56395415
Discussion of where to go if Beta goes live: http://slashdot.org/firehose.pl?op=view&type=submission&id=3321441
Alternative Slashdot: http://altslashdot.org (thanks Okian Warrior (537106))
Because the /. beta can't even properly suck on my nuts :(
Chances are, you're behind a firewall or proxy, or clicked the Back button to accidentally reuse a form. Please try again. If the problem persists, and all other options have been tried, contact the site administrator.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
This is very true. Please keep the feedback coming. The more constructive, the better.
Dice can't see it, since they are new here (he he)...
The most loyal long time most avid readers of Slashdot, are not trolling the site, in protest of the failed beta. Never thought I would see the day ...
Where is GNAA, Natalie Portman grits, and frist prost when you need them!
Let me explain ...
I have been a regular visitor to Slashdot for around 15 years. For that, I get the checkbox to disable ads, though I browse with Javascript disabled so my browser does not slow down.
I come here for the discussions, and often read comments at +5, changing that only if I find a discussion interesting and warrants reading at a lower level.
The new beta uses JQuery for the comment threshold selector, and changes that on the fly. This means all the comments are loaded, but not visible, and processing any page with considerable number of comments will slow down MY computer! If I have a few tabs open to read later, my computer will be unusable.
What is worse it that they require you to click on the slider on every article to change the threshold! This is just insane!
If they insist that I enable Javascript to browse the site at the threshold I want, then they will lose me as a long time. I imagine that others long timers will hate the site too.
Dice have to remember that this site has two unmatched features, interlocked: a moderation system that is good at cutting down the trolling, spamming, and noise, and a comment section that is frequented by many people who are passionate about technology and other nerdy stuff.
If they wanted to intentionally ruin the site and drive people away, they would not have done any worse than what they are doing now.
If they manage to aggravate a lot of their users, the comment section will no longer be attractive to the audience. Perhaps we should revive kuro5hin?
I wrote the above in a feedback form that I filled a while ago, and I am emailing this comment to their feedback@slashdot.org. Please send them feedback too.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
Believe me, there's no confusion about the immensity of the community's contribution to the site.
There's a lot of hate from Anonymous Coward for critics of beta.
I hope this isn't Dice astroturfing their own site.
There are 1.1... kinds of people.
Depending on your point of view, two things that suck, or blow...
It's not immediately clear why Target would have given an HVAC company external network access, or why that access would not be cordoned off from Target's payment system network.
Not clear if these conglomerate retailers are part of the bankster push for international electronic monetary data systems: ie, the microchip implants are coming.
I've woken up hung-over and found women in my bed that looked better than BETA. I've never regretted fucking them as much as I'd regret FUCKing BETA!
I pretty much left slashdot once, when Dice took over, because the quality of the content went downhill... now the quality of the site has gone downhill too. So long slashdot. BTW, for those who remember CmdrTaco, he's working on a pretty interesting new project called Trove - check it out!
I have been lurking around here pretty much since Slashdot's inception. I finally felt the need to make an account today to let it be known that I will be joining the Slashdot boycott on February 10-17th. I (and apparently everyone else) made their feedback for the beta when it was introduced. They decided to not listen. This site is truly something special, its community and insightful discussions are completely unmatched. We can't let them ruin it. Join the boycott, a severe drop in traffic should get their attention because apparently our protest is falling upon deaf ears.
NO BETA - Save our community. Boycott Slashdot Feb. 10-17th
Freely? We do get marketed to. See the ads scattered all over /.
putting the 'B' in LGBTQ+
common user / pass are easier to work with and manage when you are dealing with contracts / subs even more so in an area like hvac where the workers are not IT people and you have field work that can get subbed out to local firms now giving each tech there own login can be hard to keep track of and you have to deal with lock outs do to expiring passwords as they may need to use them day to day.
I 'pay' by being fed ads.
The Beta is harder to read and harder to comment on.
There is too much whitespace, and not enough text.
Has anyone seen even one single thing you could count as an improvement?
Let's assume the Slashcott really takes off. Will that be enough for your corporate overlords to abandon this ill-conceived project?
This is very true. Please keep the feedback coming. The more constructive, the better.
Kill Slashdot Beta and start from scratch.
That is a constructive suggestion, and absolutely doable.
Is there an obligatory XKCD to explain how badly Beta sucks???
Well, aren't you just an entitled little shit.
Do you not understand his argument, or are you really just an asshole? The value of Slashdot that keeps old-timers coming back, and brings new people in, is the content... and virtually all of that content is created and moderated by the users. Yes, the site itself is valuable as well, but only because it enables a certain style of discussion and fosters a particular kind of community, all built around that user content.
When the site no longer enables the discussion and fosters the community that is Slashdot, it ceases having any value. People will leave. The quantity, quality, and very nature of the content will change... and as that continues, more people will leave. Now you're into a potentially unstoppable death spiral, and whatever remains will be just a pale image of the greatness that once existed.
Do you expect us to keep our mouths shut? We don't want to see Slashdot die! Even if an alternative pops up somewhere, it won't have all the history that this site has. Losing all of that will be tragic.
Getting tired of Slashdot... moving to Usenet comp.misc for a while.
Than why are you pulling a microsoft and ignoring your community? Your community /is/ your product. Like microsoft forcing metro with Windows 8 the beta site isnt functional and you insist on ignoring the very hands that feed you. Without your community slashdot is just another has been website.
PCI is a compliance issue, not law. The payment card industry will just make you pay more for your credit card transactions if you're not compliant.
PCI also widely open to interpretation so it isn't exactly a standard. I worked for a company that implemented PCI on it's own product. We always had PCI "auditors" or "experts" who claimed we were not compliant. Once we made them read the document, they shut up. Who knows who Target hired for PCI compliance? You can have unencrypted credit card go over https and that's compliant. You can have it behind a firewall and that's, you guessed it, compliant.
The real problem is that PCI puts the onus on retailer to make cards safe when it's up to the payment card industry to make their cards and transactions more secure. It's a B.S. standard that only places a band-aid on the real problem.
The thing that is most frustrating to me is that is seems that many of the complaints brought up when the Beta first went public persist. Looking back at the feedback in that comment section, there are a lot of specific criticisms of the site. It wasn't general complaining, but pointing out stuff that should be fixed. Lots of that went ignored.
I wrote an email back in October with some feedback, and I wrote another today. The company has had five months to fix some pretty basic things and listen to feedback. It didn't.
It might be time to move on.
Since Slashdot without comments is more or less pointless, we actually are paying, it just isn't with money.
If a website is a commodity, then our user generated content and comments are likewise a commodity. On some sites this contribution is pretty marginal, but on Slashdot it's the basis of the entire business model.
Since Slashdot profits from the userbase contributions, that means those contributions have a value.
So yes, I pay, though the contributions are probably not worth a lot ;)
Post this on every story that pops up, even if it's already been posted. IRC for slashdot refugees. http://webchat.freenode.net/?c...
The whole point of the beta is to get feedback from the community. If we were ignoring you, we would have just flipped the switch and not looked back.
I can't promise we'll implement every suggestion (indeed, many are contradictory), but we absolutely consider them.
Do you actually pay to use slashdot or are you complaining about a service you use freely that is no longer up to your high standards?
Well, I provide content by commenting, and I improve the quality of content by moderating. For nothing. Without people like me doing that, Slashdot ceases to exist.
This is very true. Please keep the feedback coming. The more constructive, the better.
I admire you actually coming out and posting, but I'd point out that there has been a plethora of constructive, detailed feedback on the beta already, seemingly to no avail.
But since you asked, I'd recommend:
Keep the Classic Slashdot.
It's not immediately clear why Target would have given an HVAC company external network access,..
They probably have access to the network because the heating and AC for the stores is centrally controlled, like it is at Walmart, for instance. That's not a suprise. ... or why that access would not be cordoned off from Target's payment system network."
This is definitely the bigger question. PCI is pretty clear about this. My next question is, how did they pass the audit?
Proverbs 21:19
I've emailed them... they ignore... the more they ignore the quicker their downfall.
Ignore your userbase, and you shall have none. If I am ignored much longer, I will leave. Just like I left mashable after their AOL'ed it.
PS. I've been a slashdotter for 7+ years.
No trees were killed in the making of this post; however, many trillions of electrons were horribly inconvenienced.
Believe me, there's no confusion about the immensity of the community's contribution to the site.
Join us! Give yourself to the Dark Side. It is the only way you can save your friends. Yes, your thoughts betray you. Your feelings for them are strong. And we have cooler spaceships and better dialogue.
Believe me, there's no confusion about the immensity of the community's contribution to the site.
That's a bit of an understatement. Without the community, there is no Slashdot. So why do you think the community exists in the first place?...
Beta hinders that style of conversation. Yes, the chaos does create a lot of noise, but some of that "noise" is valuable. Some of the best posts I've ever seen on Slashdot ... whether funny, insightful, interesting, informative, touching, inspirational, or just plain nuts ... were actually completely off-topic. Beta makes it much more difficult for the chaotic mish-mash to occur, grow, and be distilled.
Getting tired of Slashdot... moving to Usenet comp.misc for a while.
I can't promise we'll implement every suggestion (indeed, many are contradictory), but we absolutely consider them.
You only need to implement ONE suggestion and everyone will be happy. Let people continue to use Classic interface if they choose. That's all you need to do.
Oh, I don't know, probably the people complaining about the people complaining about beta are Dice Employees. Wouldn't suprise me.
Well.. maybe. Or Maybe not. But Definitely not sort of.
Unicode support please :)
The Beta leaves much to be desired and seems like it is change for the sake of change.
Quit trying to be what other sites are being and stay true /.'s roots.
Keep the Classic Slashdot.
But then Beta was switched on and I quickly turned away. :(
I know as the middleman, you're not really in the best situation to answer, but where *is* the confusion? We've had a laundry list of requested improvements to slashcode for years, and instead of seeing them get fixed (with some notable exceptions), we get a superficial GUI replacement that makes the most common actions more difficult, and ignores the idiosyncrasies of its specific target audience and instead moves over to a more "standardized" stack that in the past drove many people to abandon other discussion sites for slashdot in the first place.
I tried telling you once already that there is no longer any way to see replies to your posts, making discussion impossible and the comment section unusable.
But if you're using beta, I guess you wouldn't know, because you never saw that you got a reply.
Excellent comment. OTOH, my cynical side is suspicious of how tone-deaf the site owners seem to be. It makes me wonder if the following item was on an NSA todo list somewhere:
Destroy Slashdot. After those damned Snowden leaks the Slashdot community seems to be united against us. As long as they were divided and bickering, they were not a threat.
We don't see the world as it is, we see it as we are.
-- Anais Nin
I was thinking something similar, but it was more like being destroyed by the very community that you were trying to court... out of an unwillingness to heed the warnings from that same community.
Getting tired of Slashdot... moving to Usenet comp.misc for a while.
Then why minimize (literally) the community's contribution? This box I'm typing in is given less than 1/4 of the page width here. The rest of that space is off-center column lines and unused space. Everyone's comment below mine will get even less space. If you value discussion and "contribution," then allow that content to shine and give it the visual weight it deserves. Also: Where are my line breaks? This is Usability 101 stuff here, guys...
The day that Slashdot Beta becomes the default Slashdot is the day I stop coming to Slashdot.
If you want news from today, you have to come back tomorrow.
One of my accounts has remote web accessible thermostats and the site share's a single public static IP, but my intranet is split between 3 different lan segments with the POS segment isolated. Looks like it might be NSA preferred level of effective security configuration...
seriously - wtf. I was getting annoyed by all the anti beta protestors - until I was forced to view beta. fuck beta, I come here to read threads of collapsed discussion not this 5000 pages of bullshit.
Okay,
Please make a discussion system like D1 available, even if it has to be limited to some table that won't flow the page to accomodate the rest of the new page layout.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
I get that Target might've forced their IT department to take the cheap way out and forgo a nice, isolated building management system. That's out of their control.
But how could they not notice the spike in network traffic as data was being sent to the hackers?
They should know how much bandwidth their terminals are chewing up on average, how many transactions are occurring, approximately how much data should be crossing the network per transaction and have an eye out for a sudden burst of outgoing data heading to one IP address.
Is there something I'm missing here?
I don't envy your position; nobody likes being a spokesman in front of an angry mob. Thank you for keeping things calm.
Here's the situation: you've got an old codebase which you'd like to get rid of, and an old userbase which you'd like to keep. Unfortunately they're part and parcel, and it's sounding like divorcing the two isn't much of an option. The question thus comes down to which is more important.
If I may ask: has anyone in the userbase specifically requested that classic view support be dropped?
I'm not talking about those who have asked for updates and added functionality, or the corporate personnel who are driven toward new shininess for some reason. Their suggestions and desires ought to be considered! But enhancements don't need to come at the expense of existing systems.
Now we're not idiots here; we recognize that keeping classic mode may very well require a few small modifications in order to maintain compatibility with this new revision. But these would be a drop in the bucket compared to the amount of effort expended so far, and should be well worth it to maintain a satisfied and contributing user base.
What are your thoughts? Have any contradicting user suggestions been made? Has a cost analysis been done? Or is it simply a few people with power in a closed room saying, "Let's make a change to get with The Future!(c)" Without evidence to the contrary, it feels like the latter, which makes everyone all the more butt-hurt.
What more can we say than we like the current system better? The Beta fails in many ways - hiding post times, hiding UID, making it hard to navigate "up", and so on.
Why fix what isn't broken? I still browse with the original no-JavaScript layout, just a page of comments and no "live" controls. It's great; it's just the way I like it. I like "reply to this" as a plain old link that I can middle-click on to compose a reply in a new tab. I like the fact that the entire comment tree is pre-expanded and I don't need anything but "Page down" to read.
Want to make me happy? Fix the bug where in this mode most of a page will have the same comments repeated from the previous page. Everything else is great, thanks.
Socialism: a lie told by totalitarians and believed by fools.
I'm on Beta now, and while it's too much into "white space" and definitely far less practical, I don't see why all current discussions have to be spammed with complaints. At present I don't want to read /. in any form.
Keep this up for a few days and we may finally get the PHBs attention.
Uh, the whole reason Beta is terrible in the first place is that the PHBs DON'T read Slashdot. Other readers/commenters will notice, but "corporate" won't.
No need to start from scratch. Just keep classic as default and beta as an option. This gives slashdot infinite time to actually make beta good. The whole "click for more" thing in the comments should only appear when you are hundreds of comments deep, and clicking it should load hundreds more if not the rest of the comments.
No, of course not. And make no mistake, we'd love to leave the classic site around in perpetuity for those who prefer it.
But it does take engineering resources to maintain. Maybe not a lot, but not a trivial amount either. There are a number of concerns here; eventually, something about the old site will break, and we'll have to dedicate engineering time to fixing it. Whenever we roll out a new features on the new version, we'll have to think (read:test) to make sure it doesn't screw anything up on the old site.
Our engineering team is small. We're going to leave the classic site up for some period of time, but it's a non-zero drain on limited resources. And as time goes by, that drain only gets bigger, as the codebases diverge.
Regardless, I'll bring it up again with the engineering team and see if we can at least extend classic site some more.
But that's essentially what you're doing - the switch may be flipping in slow motion, but it's flipping none the less. All the pious corporatespeak to the contrary doesn't change that one bit. You claim to regard the community, while completely *disregarding* them.
<-- It only takes one, and the rest will follow -->
Do you think you're talking to children here? What you say of the old code is equally true of the new code.
We appreciate the communication, but we only only appreciate communication. If all you're going to do is sling bullshit, go home. We're not illiterates and we know marketdroid bull a mile away.
Dice: Frankly, many of us want a new design, Classic is broken in so many ways. But beta is terrible, and this is what is wrong:
* The value that Slashdot brings to its users is not in its articles. Frankly, the articles are terrible. The value that Slashdot provides is a discussion forum for self-selected nerds.
* As such, it is vital that you remember that the community is not just an audience, it is also your primary content creator.
* Your new redesign does not allow the community to create (or even consume) content because:
- It makes it impossible to follow discussions in the comments sections. This is largely because of the max-width on window and the fact that of the space left over is taken up by a useless sidebar. The vertical spacing is also overdone.
- Slashdot has a fragile but effective moderation system. Your changes make it impossible for readers to leverage that system to read a high quality discussion and ignore the trolls.
- It disregards conventions of the community. UIDs matter. We’re nerds. We understand that you need to attract a younger audience, but for a lot of us (including the younguns) it is thrilling to see a post from somebody who has been there from the beginning.
* In the last 24 hours Soulskill has bitterly commented that the community has been involved since October and that they also get emails supporting the new design; only the comments are an echo chamber. This comment demonstrates a deep incompetence in your development team. Soulskill should have been citing A-B testing numbers. A-B testing is cheap, easy and effective but instead you are taking stabs in the dark.
* Your ability to attain user acceptance is dismal. A number of years ago, when Taco needed to modernize the site, he solicited the community for designs, and awarded the best designer and used that design. That is how you leverage a community and gain their acceptance: incorporate them in the design process. As a bonus, you won’t have utterly useless redesigns that will either ruin your website or have to be scrapped.
And This Too Shall Pass
The real problem being the fact the US still moronicly uses MagStripe/Pin for payment cards instead of a Chip/Pin system.
The Amarri pray for god, the Caldari pray for profit. the Gallente pray for peace, but the Minmatar pray their ships hol
I disagree. The beta site needs to go. If it becomes the default it will just drive people who can't be bothered to switch every time or who are new and don't know you can switch. It's that bad, that broken.
Soulskill, what is actually wrong with the classic layout that needs such a radical change to fix? Why can't you implement improvements on that platform?
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Time for a firefox extension "classic slashdot?"
And I would happily purchase a lifetime subscription to keep commenting on Classic.
I love the green lines.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
There is always the approach of calling Dice Holdings. Their telephone number is 212-725-6550.
The only thing the admins or Dice can do to get some respect back and apologise to the contributors is to admit that the beta site was a mistake. It's hard to write off all that work, but sometimes it's the best thing.
After the mobile site fiasco no-one has any confidence in the developers any more. When the mobile site launched you couldn't even scroll the screen without accidentally clicking something, and even now I always just use the classic desktop site. On the other hand some guy hacked up a far better mobile app in a few weeks (PlusFive, free on the Android Play store). Sorry, but your guys just suck, the project has failed and worst of all there was nothing wrong with the classic site in the first place.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Believe me, there's no confusion about the immensity of the community's contribution to the site.
The community's contribution *is* the site. Who would need a blog with ten articles per day and no discussion?
Unfortunately, lack of confusion does not mean "correct understanding of the lay of the land." The business development people may be totally wrong and at the same time not confused about what they perceive as truth. Is the Pope confused about his religion?
If the classic "just the bytes, ma'am" mode disappears, contributors who care about such things will instantly migrate elsewhere. Hell, 90% of people around here can whip up a new Slashdot-like discussion board out of existing bits and pieces in under 24 hours. What would be the value of the JS monstrocity that the new owners of /. are trying to foist upon the very educated clientele? I have JS disabled, and I have no interest to browse /. in any other mode. I reviewed the Beta in Chrome, with JS, and found it useless and unacceptable.
If only you hadn't wasted all that effort building a broken beta site, and had instead focused on improving the classic site.
Out of interest, what drove the decision to start over with a new layout and code base instead of trying to improve what you had? Is the Classic code really that bad or something? I remember when the mobile site launched and one of the developers listed all the cool technologies they were trying to shoehorn in to it, so it really just seems like a desire to pad their CVs and play with new toys was the main motivation.
Have you considered open sourcing the code again? I'm sure there would be plenty of people willing to improve it for free.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
No need to start from scratch. Just keep classic as default and beta as an option.
Two words come to mind: Polishing. Turd.
No, the Beta site is beyond repair, and better rewritten from the ground up. Sometimes things are so failed that you have to let them go and start over. This is a perfect example.
2) Posted user ID is an important consideration when I read a post. I will give a post that seems offensive another look for clarity if the UID is lower and I am much more forgiving of an ignorant post if the UID is very new.
3) My internet is down, the power is off, it is cold, and I will have to start a vehicle to charge this android phone i am thumb-typing on in the driveway so that I can post this reply. That's how much I love this site.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
I don't hate the current beta site but I do find it unusable. The beta site has made some improvements over the months but I doubt that it will be fulfill the minimum requirements any time soon.
My current complaints:
1. Fixed width and a lot of wasted space. I browse with a window width of 1200 on a PC. The comments end up being around 400 pixels wide, that is a lot of wasted horizontal space. On a tablet I can understand having a dead area around the edges of the screen to help avoid accidental touches but on a PC it's wasteful. Also that side bar is completely worthless once someone has scrolled below it yet it still takes up the screen real estate.
2. The side bar can't be customized. On the classic site I can add/remove different widgets for things that I care about. I realize that the web has moved on since those widgets were first designed so I can understand changing them. But that doesn't mean that I want to have widgets that I actively ignore, I haven't cared about the slashdot poll in years and that's not going to change; also I don't care about what was on the site 10 years ago this day.
3. The comments seem to have bugs. On the main site there are 7 replies to this comment's parent while on the beta site there are only 2 replies. What happened to the other comments? It seems that the only the first 2 comments by date are displayed meaning some +5 comments aren't being displayed which brings the average of the entire comment system down by a significant amount.
4. Make a dedicated forum/thread/story/etc where you engage with community about the new site. Currently people are complaining in the comments of every article because that's the only place they feel like they can vent. Make a dedicated area to talk about the new site design and where the designers explain their design decisions. I know that showing people how the sausage is made is scary and that it will invite a lot of criticism but it also can create a lot of trust.
The stores aren't heated. They're FREEZING!
Well, aren't you just an entitled little shit.
He is entitled to leave and not come back. In fact so are you, please exercise that entitlement.
The whole point of the beta is to get feedback from the community. If we were ignoring you, we would have just flipped the switch and not looked back.
Soul, I know you are in a difficult position, having been told to do spin control for a furious userbase. But you don't have to insult our intelligence. Redirects to beta were going on well before this, and the sentiment hasn't changed. It's been negative from the moment people started getting redirected. Management has been ignoring the users from day one under the notion that they'll like it once they get used to it, and hey, look at how Facebook changes things and people complain, but keep using Facebook.
But your seniors don't seem to understand that this isn't Facebook. This isn't a site for the general population, and it's not irreplaceable nor without intense competition. There are thousands of internet forum sites out there, many of whom have the same target audience. I do not buy the argument for one second that management was ignorant of the poor opinion held of it's new "beta".
I get that they bought the house and now they want to repaint it so it's "theirs", but they've gone too far. Very far too far. They have failed to understand their target audience completely, believing that we're just like any other of the dozens of assets they hold in their portfolio, and it'll homogenize with the rest if they just stay the course.
It won't. They're going to tank their investment and once the users bail, they won't come back. They'll be like the MySpace of the IT world: It was popular at one time, but now it's a ghost website nobody cares about, just another content aggregation website, and not even a particularly valuable one. Nobody wants to see this happen... apparently, except for the senior management. We've spoken clearly, and unequivocably, in every possible way, that this is a bad decision. We've been doing this for days, and have received no indications from these people that they've even noticed.
Do we have to set fire to the facilities they live in? DDoS all their sites? I mean, really, Soulskill... we've exhausted every avenue to let these people know "Hey dudes, train coming. Train. Big train. Honk honk. Motherfucking train, on the mother fucking tracks, coming your way. TRAIN." ... And they seem to be content to just lay there like some drunk and wait for it to run them over.
If this is how it has to be, fine. But at least tell us that if Slashdot goes tits up someone on the Dice board of directors is getting shit-canned... because otherwise, the nerd rage that has built up here is going to find other, less pleasant, ways of extracting their pound of flesh from Dice. If you think the Slashdot Effect on other websites is bad... wait until a hundred thousand pissed off IT people each sitting on massive bandwidth pipes, decide to ping the SS Dice Fail Boat. It will not be pretty.
#fuckbeta #iamslashdot #dicemustdie
I just tried to cruise the comments section using the beta, and that is where things are the worst. There is no quote parent button, and it made me copy and paste the reply title by hand. There is no link to get a permanent reference to a single comment. Comment text does not show bold or italic. Quoted text is merely italic, but not indented or anything.
This horrible re-write is particularly insulting because the old site is relatively good, minus a few quirks (like having comments formatted with html only). A superficial design change should not need to break so much functionality, unless they are actively trying to eliminate it.
Apply your silly argument to electrical wiring and you'll see exactly how silly it is.
Considering the likely consequences it's worth treating this stuff almost as seriously as electrical gear. You should NEVER have building facilities staff routinely making changes without informing the IT department in such an environment. The consequences of failure are too great and a part time cable monkey is so cheap. It doesn't take long at all to turn a member of building facilities staff into someone that will know what they are doing and will inform IT when changes are made.
"But it does take engineering resources to maintain."
As if your new EXTREMELY WASTEFUL (check it yourself, bandwidth usage is up) beta will do any better in resource usage.
"eventually, something about the old site will break, and we'll have to dedicate engineering time to fixing it. "
You're already doing that to the beta. This is how I know you're not engineers - you fail to follow the motto - 'Make it work, then make it work better.' Forcing beta is BROKEN and doesn't work, quit trying it.
"Whenever we roll out a new features on the new version, we'll have to think (read:test) to make sure it doesn't screw anything up on the old site."
Quit trying to be new. Seriously. It's like playing catch-up with the Johnsons. Not only is it fucking annoying, but it's a waste of time, resources, engineering (ha) skills, and money.
DID YOU HEAR THAT, DICE? YOU ARE WASTING MONEY. SHIT IS LEAPING OUT OF YOUR POCKETS.
"Our engineering team is small."
I'm the ONLY engineer on my team, and I handle over six hundred food production sites (including programming, monitoring, maintenance, crop checking, website development and maintenance, etc.) ACROSS THE GLOBE. I do that on a budget so infinitesimally small as to make you guys look fucking rich in comparison. What's your excuse, now?
"We're going to leave the classic site up for some period of time, but it's a non-zero drain on limited resources."
Hey, here's an idea from a REAL ENGINEER - quit wasting limited resources on a failing design, dump it, and divert those resources into improving what works.
"And as time goes by, that drain only gets bigger, as the codebases diverge."
Yea, so quit diverging codebases, stick with what works. You call yourselves engineers, start acting like them.
"Regardless, I'll bring it up again with the engineering team and see if we can at least extend classic site some more."
How about you fire your engineering team and just hire me on?
Looks like I can do all of their jobs, plus mine, plus work at a warehouse running one of the most expensive and difficult forklifts on the planet, plus ensure that hundreds of stores remain stocked with inventory, without a problem. Sounds like your engineers don't know how to do jack with limited resources. One person is essentially running three companies at once. How many are you using to run ONE?
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
There is already something like that, here.
But it deals with the CSS only, and will not handle the backend part. See my comments on the above comment.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
"Slashdotted"? Should be "Diced" instead.
i prefer really wide comments section(like before) as i have a side by side dual monitor layout, and prefer indentation in the threads over box-within-box. I have set my display to be at arm's length, like when i might need to tilt the flatscreen. The boxes' lines can be annoying instead of helping, but if you must use them,at least alternate them, something like black lines-dark-lines-gray lines, and so on.
har, har!
"We're not paying for two networks! Do it all on one!"
-Target
"The Beta is harder to read and harder to comment on."
how so? I find it to be the opposite.
"There is too much whitespace, and not enough text."
And...?
"Has anyone seen even one single thing you could count as an improvement?"
sure. The look, the design, it's faster, easier to read, and far more appealing to a newer generation.
The Kruger Dunning explains most post on
Are you stupid? that is not a constructive suggestion. It's a statement.
Are you really that stupid?
The Kruger Dunning explains most post on
and I like the new site.
Oh, right, you think you speak for the community.
The Kruger Dunning explains most post on
beta hatin'
Could be.
Why not do this in an open/community driven manner?
Set up a persistent discussion (make it a tab, "Changes are a coming to Slashdot", weigh in with a comment) and explain what changes you want to make, and why. Let the community hash it out. Maybe let us vote on a feature, and allow us to test it out on some dummy (or real) test stories to see how it works.
Or, instead of committing to wholesale, all at once change, change subsystems and let the community test them. See if slashdot can be slashdotted. And move forward.
You know, like actual professional software developers do. Not like Microsoft does.
Reeses
In my redirects to the beta (on mobile) it was immediately (and I mean immediately) obvious that whoever designed the beta had no fucking clue how people used the site and turned it into some sort of engadget clone.
I don't know how whoever designed it thought that all I wanted to read were headlines on my phone. It was embarrassing. And disappointing.
The changes have helped, but the mobile experience still doesn't completely "get it". But it's getting better.
Reeses
This is the same thing I sent them on my feedback email. If I can't have classic, I'll simply stop coming. Speaking AC as I already moderated.
Big box retailers that have say 1000 or more stores realize that they can save significant amounts of money by controlling HVAC and lighting. None of that is controlled at the store - there might be an override that a manager can use - but it's one of those THINGS that is purposely a PITA to make them not want to do it...
Temperature, humidity, ventilation, light levels - all controlled by a schedule tied to how the store is used. There's one level for overnight stocking/cleaning, and another for customer times... Occasionally, the store is open earlier for a sale and the local or regional schedule has to be accommodated. The PLC's that control all this stuff need to be programmed accordingly, so rather than paying a fully-loaded Big Box employee, they pay a consultant, who pays a gnome to handle it.
They remote in, upload the schedule, or push out an immediate change (like Jimmy the Overnight guy had a heart attack, turn all the lights on for the ambulance!) and it's all good.
The problem is that they rarely restrict those logins once they're logged into the network... Or there's some common hole to get around... A big box retailer I worked at had a Unix-based system... vi was the editor. Anyone remember :! sh ?? Dropped you to a shell, and ummm, the whole thing was running as root, so need I say more?
Everyone seems to be assuming that because the hack *started* with the HVAC account, that it was done *only* using said HVAC account.
The first step in such an attack is to get access to the network. The access level doesn't have to *start* with your ultimate goal, you just need to get your foot in the door. From there, you take advantage of network/OS/software security flaws, social engineering, etc. to gain the access privileges you ultimately need.
You're wasting your breath frinsore. Many of us who had early access to the beta complained about the exact list of things that has the general /. population so upset. We were ignored.
You had your constructive feedback Soulskill and you pissed on it. Please stop coming here pretending to want feedback.
If you actually give a shit stop talking and prove it. Fix the stuff you've broken in beta.
+1 This is the most concise argument I've seen yet for why the current commenting system is so loved:
"... because the design permits unfettered chaos while providing the means for users to wade through it quickly and efficiently, so they can easily promote the best content to the top!"
OMG...focus your efforts on making this feature of the site more awesome and forget the rest of the window dressing.
Here's what I want to know. Did the NSA have knowledge about this vulnerability? If they did, and they didn't report it, they should be held at least partly accountable. Based on what we've learned that the NSA knows, it's likely they both knew about these vulnerabilities and knew that Target was vulnerable to them. Target should launch a FOIA request to find that out, and then sue the NSA for failing to disclose these vulnerabilities.
i build targets...infact i do the cabling side of it and i can tell you it is nessisary for the HVAC companies to have external access to networks, and they do have separate VLANS to try to avoid these kinda of things but i think the hacker prolly just knew what he was doing....duh they were a hacker lol
Beware the InsaneClown!!
It is where they started. Do they do online purchases? Do they do cash register purchases? So there is somewhere where store centric networks and corporate networks converge, probably an accounting system
So some store had remote access for climate controls, and also had the store network attached to the hvac controls so the manager could turn up the heat. HVAC credentials dropped a sniffer, found a user device coming in, jumped on there, back to the rest of the network.
Some idiot didn't just trip over the keys to 70 million records. Someone didn't decide to do this the day before Thanksgiving for BlackFriday. It was a very long process that didn't get noticed until the real hackers gave some script kiddies the keys to muddy the waters.
Our Building Automation (HVAC, Lighting, ect) system does not need VPN to work.
https://www.facebook.com/tcsbasys
My Point: Where major consequences are possible care should be taken.
The electrical wiring bit was an analogy of something else with major consequences so there's no point shifting the goalposts to low voltage (WTF?) especially since that doesn't apply to building wiring anyway apart from in a few rare edge cases.
The issue is simple. An outsider needs limited access. You can do that without complex ACLs on everything.
Outside of computing it's managed pretty damn well with door keys that give differing amounts of access so why should we think we are special just because we work with computer networks?