1. User names and passwords are sensitive. 2. CPU is cheap. 3. Time to force end users to use a real ftp client and/or have MS or Apple implement a modern protocol.
Sending the actual password to the end-user via email in clear-text is stupid. The end-user will likely go "ohh, right" and keep using it. Much better to send them a random one-time use password or a link that allows them to reset the password once.
They could see if the number was recently ported, yeah.
They would not be able to see if I called up your carrier and had your number [b]forwarded[/b].
Lets say the phone companies $8/h CSRs are absolutely infallible when it comes to social engineering. You've still got hundreds of relatively poor CSRs that may or may not take a few hundred dollars to forward a number somewhere.
The bank should not be validating account ownership based on who answers the phone. It's far too easy to steal a phone, tap a line, or use other methods to compromise the circuit. To be completely honest I'm not even a fan of the automated letters that they send to your house with an access code on them either as all anyone needs to do is acquire your mail. It's not difficult to have the post office redirect mail or just steal it while your not home.
The best way for a bank to allow resets would be an in person visit with photo id and have photo on file to compare it with. Inconvenient, definitely. Reasonably secure? Yeah.
With just about any large system there is potential for a catastrophic failure.
Dams: If the dam fails it could kill hundreds to thousands of people. Likely, no. With terrorist help or just plain stupidity yeah there is a nonzero chance of disaster. Oil spills: These happen much more frequently than nuclear issues and cause significant damage.
Using your logic it would be appropriate to ban planes, cars, trains, etc.
People need to stop letting fear and ignorance rule and actually look at the facts.
It wouldn't make a significant difference even if they did.
There are thousands of examples of carriers being tricked into forwarding numbers by 3rd parties. I do it all the time for customers that port into us if something goes wrong with the porting process.
Often all I do is: 1. Identify myself as $MYNAME from $MYCOMPANY. (NOT $THEIRCLIENT) 2. State that I'm calling on behalf of $THEIRCLIENT. 3. Tell them that $THEIRCLIENT is in the process of moving to our services and need to forward the number temporarily. 4. Carrier asks for the forwarding number and it's generally done in 1-2 hours.
The only shred of validation that might happen is them checking my caller id. I've never needed an account number, billing contact name, authorization code, or anything. Just the phone number.
I've even offered to pay for the forward but been declined because I'm not $THEIRCLIENT. They were happy enough to charge the $THEIRCLIENT on my behalf.
Phones/SMS/etc will never be a reliable way to verify an account holder because it really can be anyone on the other end.
Really, why should I care about FF any more? They're killing us and themselves with all of these major version releases. >> Yes, because it's really hard to say yes to the update button and restart your browser.
>>it's painful when dealing with web development Write proper standards compliant code and this ceases to be an issue.
>> plugin usage Flame the shit out of your plugin devs. The new plug-in API has been static since FF4 and they intend to keep it compatible to resolve this issue. FF4 was released March 22, 2011 which means there is absolutely no excuse for plugins to not be compatible with FF4-7.
>> or even just to know what version is "latest". Help > About.
>> And that doesn't count all the pain with the major bugs that just languish while the UI is endlessly tweaked for no good reason (exactly why was the status bar removed?) It wasn't removed. It was upgraded and renamed. View > Toolbars -> Add-on Bar. It's not enabled by default to give more screen real estate. I don't agree with it but it takes half a fucking second to adjust.
As always it's just a fucking number. Who cares if they increase by +1 instead of +0.1 or +1,000,000.
Hi,
You've obviously never worked for a company that horribly mismanages distribution groups.
They've got 1500 servers sending several reports a day. 99% false positives. The mailing list has been signed up for all kinds of spam and we MUST read it for fear someone emails something important to the stupid list.
I automatically delete the automated reports. Fucking waste of time and have to muddle through the rest.:(
You obviously haven't heard of poison, explosives, throwing knifes, mines, axes, several siege engines? A gun is a tool like any other. The problem is the user and always will be. Would it reduce the number of crimes of passion? Maybe, for a time until society adjusts but another tool will replace it. It's human nature to kill. Nothings going to stop someone from strangling someone to death, beating their head on concrete, stabbing them with a knife or any other of the endless possibilities.
It's nonsense like this that allows gun control laws to erode the peoples rights.
Here they get nothing. Unless you account the small royalty for the initial purchase of the books and I think most are donated copies anyway.
If they want my money they should encourage their publishers to provide the content in acceptable formats. Most of the books I read, not all, I would be happy to pay a fair amount for a book in a decent format (no drm, works almost anywhere).
One book that was released last month was available in a acceptable format but due to piracy concerns the author held the e-book release for months after the audio book/paper book release. The audio book was up for torrent in a few hours and a scanned/OCR version of the paper book was available within a week. The net result was I read the OCR version instead of paying for the e-book. I would have paid just so I wouldn't have had to wait a week. Why would I pay to wait months?
I did by books at one point it time but I'm in a situation now where I don't have a lot of shelf space and I find e-books more convenient. The first time (and last time) I bought a e-book was a nightmare. I chose the Adobe PDF format because it was only format that was available on just about any platform. The provider would not EVEN RESPOND to my complaints regarding the undisclosed DRM which made it unusable on my Linux Laptop. Never again.
If I want a book these days I'll pirate it or get it from the library. Never really understood the difference. Yes, the first is illegal and I really don't care. If the choice was paying for DRM'ed crap or not reading it -- I just wouldn't read it. The reason they are losing my money is DRM not piracy.
I'm not sure where you'd getting the idea that a RWD is horrible for winter conditions. I live in Canada and winters here are considered pretty bad. (I've woken up with snow in the drive way up to my hips and had exams canceled for a week because it was -53C/w windchill) I grew up driving RWD, AWD, and FWD vehicles and in my experience it's the driver that gets the vehicle stuck or loses control.
I'm not saying the beast as we liked to call it was good on gas -- it had V8 307 -- but it was a great winter car and got hot fast. It actually averaged around 25-30MPG on the highway when driven properly (we lived in a rural area so highway efficiency was more important). After all these years it still is my favorite car to take for a cruise in the winter. Only hit the ditch once when I was screwing around and over-countered a slide and all I had to do was reverse out of it. My Mom on the other hand famously managed to slide off the road twice in a single two city block trip in her FWD van. It was absolutely hilarious.
Don't go blaming the tool when you've got it upside down and backwards.
1. This would depend on the circumstances involved and the article does not provide enough information to decide either way. If the US government was contacted and the didn't do anything regarding it my ethics would compel men to release the document regardless of the law. Given the treatment Assange from the US government I really wouldn't hold it against him if he didn't follow the proper channels.
2. I'm not familiar with the law regarding this but again if my ethics would compel me to disregard it if I felt it was in the best interests of the public.
3. Even if I agreed with this, and I don't, nothing in the article shows that Assanges' actions put anyone in danger.
In my mind my personal ethics always come first and the law last.
Assange is not an American citizen. He has absolutely no obligation to follow American laws or processes. Just because it's the law does not make it the "right thing".
To rent a bloody mail box I had to sign six different documents and two pieces photo ID. They can sell a bloody house without setting foot in the country?
If I were the buyer or seller I'd sue the shit out of the real estate company, bank and everyone else involved for being so bloody negligent.
My brother works as a plumber and makes around $55k gross pay annually. I work as a technician consultant and make around 50k gross pay annually. Looking at these numbers alone would lead to the assumption that my brother's job is better than mine.
This is only true if do do not consider the expenses involved. I generally end up spending around $5k on technician toys, odd parts, lab supplies, office supplies, transportation, and other random expenses. My brother on the other hand spends between $400-500/mo just on fuel, 5k/yr on marketing, 200-400/mo on various tools, $400/mo on fast food, and generally spends around $600/yr keeping his van running.
When you add everything up it's not so clean and clear. I spent a lot more time on my ass screwing around still making money. (Retainer Fees). When he doesn't work he doesn't get paid. He also has to get up when there is all call because for some crazy reason he offers 24/7 services. When I get woken up I get paid double just for answering the phone.
Which is better? I really don't know. I likely get to keep more of the money I take home and I know I don't work as hard has he does. What it comes down to is that annual revenue is not a good measure of profitability. To me it seems akin to deciding which company is better based on what kind of car the CEO drives.
I don't think I'd even use it for a rough approximation as it really does not describe the profitability of the company. It would be like looking for jobs and they each say: $1000, $100000, $1000000 without providing the period of time you earn it in. It could be a month, a year, or 100 years which changes things drastically and the numbers alone don't even hint at what is the better option.
Anyone that uses gross revenue as the sole basis for valuating a company is an idiot. GoDaddy's profit margins on domains are next to insignificant as they are paying Versign $7.34 for every.COM registration. GoDaddy often sells domain registration at a loss to sell their extra services.
I took pre-calculus in highschool which is by no means advanced math but I've never seen () used in place of a variable.
That said, even as drunk as I am, I simply removed both 2's and evaluated 4+3. Not terribly difficult by any standard. Either students find use of the parentheses confusing or I'm a lot smarter even while drunk than I think I am.
Well, you don't really have a choice, if you make your code FOSS. Either anyone including 'people you don't like or agree with' can use the code or it ain't FOSS.
It's not the security researchers responsibility to cover Microsoft's ass. Anything he gives them is a gift not a god damned right. If you want to blame someone for all the exploits blame the dumb ass that decided to couple html help shit with everything and allow it to execute binaries. Just fucking stupid.
Sounds to me like Microsoft sat on it's ass for three days and then told him/we will get back to you on Friday/ which would piss me the fuck off too. You can't fucking figure out if you can commit to having this fixed within a 60 day time-line in three days? And to all the dumb fucks saying he should have released after the sixty days like he said: He wanted a sixty day commit in order to withhold the advisory. He didn't get one so he promised nothing.
Slashdot Mirror
I'm getting really tired of idiots that think NAT is a security solution. It's not. It's a hack that breaks end-to-end connectivity.
The only way IPv6 can be a security issue is because incompetent fucks don't understand security.
Use rsync over ssh.
1. User names and passwords are sensitive.
2. CPU is cheap.
3. Time to force end users to use a real ftp client and/or have MS or Apple implement a modern protocol.
Why store the password in a retrievable fashion?
Sending the actual password to the end-user via email in clear-text is stupid. The end-user will likely go "ohh, right" and keep using it. Much better to send them a random one-time use password or a link that allows them to reset the password once.
They could see if the number was recently ported, yeah.
They would not be able to see if I called up your carrier and had your number [b]forwarded[/b].
Lets say the phone companies $8/h CSRs are absolutely infallible when it comes to social engineering. You've still got hundreds of relatively poor CSRs that may or may not take a few hundred dollars to forward a number somewhere.
The bank should not be validating account ownership based on who answers the phone. It's far too easy to steal a phone, tap a line, or use other methods to compromise the circuit. To be completely honest I'm not even a fan of the automated letters that they send to your house with an access code on them either as all anyone needs to do is acquire your mail. It's not difficult to have the post office redirect mail or just steal it while your not home.
The best way for a bank to allow resets would be an in person visit with photo id and have photo on file to compare it with. Inconvenient, definitely. Reasonably secure? Yeah.
"estimated 1.26 million deaths worldwide in the year 2000"
http://en.wikipedia.org/wiki/List_of_countries_by_traffic-related_death_rate
Going by the statistics here even if the number was 100,000 people due to premature deaths it's still relatively insignificant.
People like to throw in the exposure-related deaths with nuclear and ignore the deaths but ignore them for Coal and other fossil fuel resources.
With just about any large system there is potential for a catastrophic failure.
Dams: If the dam fails it could kill hundreds to thousands of people. Likely, no. With terrorist help or just plain stupidity yeah there is a nonzero chance of disaster.
Oil spills: These happen much more frequently than nuclear issues and cause significant damage.
Using your logic it would be appropriate to ban planes, cars, trains, etc.
People need to stop letting fear and ignorance rule and actually look at the facts.
It wouldn't make a significant difference even if they did.
There are thousands of examples of carriers being tricked into forwarding numbers by 3rd parties. I do it all the time for customers that port into us if something goes wrong with the porting process.
Often all I do is:
1. Identify myself as $MYNAME from $MYCOMPANY. (NOT $THEIRCLIENT)
2. State that I'm calling on behalf of $THEIRCLIENT.
3. Tell them that $THEIRCLIENT is in the process of moving to our services and need to forward the number temporarily.
4. Carrier asks for the forwarding number and it's generally done in 1-2 hours.
The only shred of validation that might happen is them checking my caller id. I've never needed an account number, billing contact name, authorization code, or anything. Just the phone number.
I've even offered to pay for the forward but been declined because I'm not $THEIRCLIENT. They were happy enough to charge the $THEIRCLIENT on my behalf.
Phones/SMS/etc will never be a reliable way to verify an account holder because it really can be anyone on the other end.
Really, why should I care about FF any more? They're killing us and themselves with all of these major version releases.
>> Yes, because it's really hard to say yes to the update button and restart your browser.
>>it's painful when dealing with web development
Write proper standards compliant code and this ceases to be an issue.
>> plugin usage
Flame the shit out of your plugin devs. The new plug-in API has been static since FF4 and they intend to keep it compatible to resolve this issue. FF4 was released March 22, 2011 which means there is absolutely no excuse for plugins to not be compatible with FF4-7.
>> or even just to know what version is "latest".
Help > About.
>> And that doesn't count all the pain with the major bugs that just languish while the UI is endlessly tweaked for no good reason (exactly why was the status bar removed?)
It wasn't removed. It was upgraded and renamed. View > Toolbars -> Add-on Bar.
It's not enabled by default to give more screen real estate. I don't agree with it but it takes half a fucking second to adjust.
As always it's just a fucking number. Who cares if they increase by +1 instead of +0.1 or +1,000,000.
Hi, You've obviously never worked for a company that horribly mismanages distribution groups. They've got 1500 servers sending several reports a day. 99% false positives. The mailing list has been signed up for all kinds of spam and we MUST read it for fear someone emails something important to the stupid list. I automatically delete the automated reports. Fucking waste of time and have to muddle through the rest. :(
You obviously haven't heard of poison, explosives, throwing knifes, mines, axes, several siege engines? A gun is a tool like any other. The problem is the user and always will be. Would it reduce the number of crimes of passion? Maybe, for a time until society adjusts but another tool will replace it. It's human nature to kill. Nothings going to stop someone from strangling someone to death, beating their head on concrete, stabbing them with a knife or any other of the endless possibilities.
It's nonsense like this that allows gun control laws to erode the peoples rights.
Here they get nothing. Unless you account the small royalty for the initial purchase of the books and I think most are donated copies anyway.
If they want my money they should encourage their publishers to provide the content in acceptable formats. Most of the books I read, not all, I would be happy to pay a fair amount for a book in a decent format (no drm, works almost anywhere).
One book that was released last month was available in a acceptable format but due to piracy concerns the author held the e-book release for months after the audio book/paper book release. The audio book was up for torrent in a few hours and a scanned/OCR version of the paper book was available within a week. The net result was I read the OCR version instead of paying for the e-book. I would have paid just so I wouldn't have had to wait a week. Why would I pay to wait months?
I did by books at one point it time but I'm in a situation now where I don't have a lot of shelf space and I find e-books more convenient. The first time (and last time) I bought a e-book was a nightmare. I chose the Adobe PDF format because it was only format that was available on just about any platform. The provider would not EVEN RESPOND to my complaints regarding the undisclosed DRM which made it unusable on my Linux Laptop. Never again.
If I want a book these days I'll pirate it or get it from the library. Never really understood the difference. Yes, the first is illegal and I really don't care. If the choice was paying for DRM'ed crap or not reading it -- I just wouldn't read it. The reason they are losing my money is DRM not piracy.
I'm not sure where you'd getting the idea that a RWD is horrible for winter conditions. I live in Canada and winters here are considered pretty bad. (I've woken up with snow in the drive way up to my hips and had exams canceled for a week because it was -53C /w windchill) I grew up driving RWD, AWD, and FWD vehicles and in my experience it's the driver that gets the vehicle stuck or loses control.
I'm not saying the beast as we liked to call it was good on gas -- it had V8 307 -- but it was a great winter car and got hot fast. It actually averaged around 25-30MPG on the highway when driven properly (we lived in a rural area so highway efficiency was more important). After all these years it still is my favorite car to take for a cruise in the winter. Only hit the ditch once when I was screwing around and over-countered a slide and all I had to do was reverse out of it. My Mom on the other hand famously managed to slide off the road twice in a single two city block trip in her FWD van. It was absolutely hilarious.
Don't go blaming the tool when you've got it upside down and backwards.
1. This would depend on the circumstances involved and the article does not provide enough information to decide either way. If the US government was contacted and the didn't do anything regarding it my ethics would compel men to release the document regardless of the law. Given the treatment Assange from the US government I really wouldn't hold it against him if he didn't follow the proper channels.
2. I'm not familiar with the law regarding this but again if my ethics would compel me to disregard it if I felt it was in the best interests of the public.
3. Even if I agreed with this, and I don't, nothing in the article shows that Assanges' actions put anyone in danger.
In my mind my personal ethics always come first and the law last.
Assange is not an American citizen. He has absolutely no obligation to follow American laws or processes. Just because it's the law does not make it the "right thing".
Heh. This is beyond retarded.
To rent a bloody mail box I had to sign six different documents and two pieces photo ID. They can sell a bloody house without setting foot in the country?
If I were the buyer or seller I'd sue the shit out of the real estate company, bank and everyone else involved for being so bloody negligent.
Lets make a better one then.
My brother works as a plumber and makes around $55k gross pay annually. I work as a technician consultant and make around 50k gross pay annually. Looking at these numbers alone would lead to the assumption that my brother's job is better than mine.
This is only true if do do not consider the expenses involved. I generally end up spending around $5k on technician toys, odd parts, lab supplies, office supplies, transportation, and other random expenses. My brother on the other hand spends between $400-500/mo just on fuel, 5k/yr on marketing, 200-400/mo on various tools, $400/mo on fast food, and generally spends around $600/yr keeping his van running.
When you add everything up it's not so clean and clear. I spent a lot more time on my ass screwing around still making money. (Retainer Fees). When he doesn't work he doesn't get paid. He also has to get up when there is all call because for some crazy reason he offers 24/7 services. When I get woken up I get paid double just for answering the phone.
Which is better? I really don't know. I likely get to keep more of the money I take home and I know I don't work as hard has he does. What it comes down to is that annual revenue is not a good measure of profitability. To me it seems akin to deciding which company is better based on what kind of car the CEO drives.
I don't think I'd even use it for a rough approximation as it really does not describe the profitability of the company. It would be like looking for jobs and they each say: $1000, $100000, $1000000 without providing the period of time you earn it in. It could be a month, a year, or 100 years which changes things drastically and the numbers alone don't even hint at what is the better option.
Anyone that uses gross revenue as the sole basis for valuating a company is an idiot. GoDaddy's profit margins on domains are next to insignificant as they are paying Versign $7.34 for every .COM registration. GoDaddy often sells domain registration at a loss to sell their extra services.
Hi,
Just because he was guilty does not mean that there was enough evidence to convict him.
I took pre-calculus in highschool which is by no means advanced math but I've never seen () used in place of a variable.
That said, even as drunk as I am, I simply removed both 2's and evaluated 4+3. Not terribly difficult by any standard. Either students find use of the parentheses confusing or I'm a lot smarter even while drunk than I think I am.
Probably but I don't believe it qualifies as FOSS if you put restrictions on it's usage. (e.g. non-commercial)
Well, you don't really have a choice, if you make your code FOSS. Either anyone including 'people you don't like or agree with' can use the code or it ain't FOSS.
bah.
It's not the security researchers responsibility to cover Microsoft's ass. Anything he gives them is a gift not a god damned right. If you want to blame someone for all the exploits blame the dumb ass that decided to couple html help shit with everything and allow it to execute binaries. Just fucking stupid.
Sounds to me like Microsoft sat on it's ass for three days and then told him /we will get back to you on Friday/ which would piss me the fuck off too. You can't fucking figure out if you can commit to having this fixed within a 60 day time-line in three days? And to all the dumb fucks saying he should have released after the sixty days like he said: He wanted a sixty day commit in order to withhold the advisory. He didn't get one so he promised nothing.