Slashdot Mirror


User: Bengie

Bengie's activity in the archive.

Stories
0
Comments
6,462
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,462

  1. Re:Flamebait in Headline on SQL Vs. NoSQL: Which Is Better? · · Score: 1

    My points expired a few minutes before reading your post. /sigh I don't think people realize the choke-point ACID creates. It's like a global lock.

  2. Re:lastpass on Nearly Half a Million Yahoo Passwords Leaked [Updated] · · Score: 2

    I agree. Bad management encouraging/enabling poor technicians/developers by not looking for quality hires.

    Either way, we can still blame Yahoo as they have a professional responsibility to make sure their employees know common industry standards. Protecting against SQL Inject is common knowledge. I learned about it sophomore year and StackOverflow users mention it in almost every case where it could happen when a question is posted.

  3. Re:That explains things on Nearly Half a Million Yahoo Passwords Leaked [Updated] · · Score: 1

    Newer antivirus engines use heuristics. Vipre was reviewed to have about 95% effectiveness on 0-day unknown malware. If I ever get an anti-virus, that will be the one. So far the Microsoft one works just fine.

  4. Re:lastpass on Nearly Half a Million Yahoo Passwords Leaked [Updated] · · Score: 4, Informative

    SQL injection is insanely easy to protect against. Your input should NOT be in your command stream

    C# pseudo-syntax
    sql.CommandType=Procedure
    sql.command = "MyStoredProcedure"
    sql.parameters.add("@MyInput",InputValue)


    You will never get an SQL injection through that.(assuming MyInput isn't a string that gets concatenated to dynamic SQL inside the sproc)

    You could even do something like this

    sql.CommandType=Text
    sql.command = "select * from table"
    if(InputValue != null) {
    sql.command += " where table.myfield = @MyInput"
    sql.parameters.add("@MyInput",InputValue) }

    This is also safe from injection

  5. Re:Plaintext passwords again? on Nearly Half a Million Yahoo Passwords Leaked [Updated] · · Score: 2

    You're always in a race against computing power.

    Even if a hash was O(1) and took one clock-cycle no matter the password length, a 14+ char password will be safe for a very very long time. If you had EVERY computer in the world working on colliding your hash, to find your password, it would take decades even if they're lucky and found a way to make 500ghz graphite chips.

    In the real world, hashing scales with the stream length and takes several cycles per char, plus look-up times and no 500ghz chips.

    If someone wanted your password so badly, they would just buy a wrench and some thugs.

  6. Re:Plaintext passwords again? on Nearly Half a Million Yahoo Passwords Leaked [Updated] · · Score: 1

    Expensive hashes are only good for weak passwords. Users shouldn't have week passwords. Just use a strong salted-hash, that's Good Enough(tm), don't care about slowness.

  7. Re:Er, export restrictions? on In Face of Flame Malware, Microsoft Will Revamp Windows Encryption Keys · · Score: 1

    We should just go with ECC already. http://en.wikipedia.org/wiki/Elliptic_curve_cryptography

    Faster than RSA1024 by a few factors, and about the strength of a 256bit symmetrical key, putting it at "universe lifes" for how long it takes to break.

  8. Re:I don't see much to miss on DirecTV Drops Viacom Channels · · Score: 1

    Adult Swim on Cartoon Network, now that would piss me off.

    Only reason I have cable. I'm just waiting for them to open streaming as a paid service and/or enough money to start buying discs from them. Then I can "cut the cord".

  9. Re:The simplest explanation on Weak Solar Convection 100 Times Slower Than Predicted · · Score: 1

    Your weather is reported in kelvin? That is so awesome.

  10. Re:It's like this. on Does Grammar Matter Anymore? · · Score: 2

    double negatives hurt my brain :*(

  11. Re:So what? on Ron Paul's New Primary Goal Is "Internet Freedom" · · Score: 1

    The tax penalty will cost more than dropping the insurance. For those people where it is not the case, the insurance will be nearly free anyway, so there is still no reason to drop it.

    I would love to know what you're smoking so I could live in your world.

    You would make a great Microsoft spokes person for early 2000. You could talk about insecure Linux is because everyone can see the source code. A little bit of reading shows you either don't understand almost anything or you're making strawmen by only showing 1/2 the story.

  12. Re:So what? on Ron Paul's New Primary Goal Is "Internet Freedom" · · Score: 1

    If you have a pre-existing condition the insurance company can - and will - consider it when pricing a plan for you. If you broke your little toe water skiing 20 years ago your insurance company is free to consider that and write up a plan that is 80-300% of your annual income. Sure, you won't be able to afford it, but they met their obligation by not denying you coverage. It's your own stupid fault for breaking your toe 20 years ago.

    They cannot charge your more either. They are not allowed to discriminate in any form.

  13. Re:So what? on Ron Paul's New Primary Goal Is "Internet Freedom" · · Score: 1

    Healthy people will opt out and will pay for minor doctor visits out of pocket and will wait until they really need insurance for major coverage to get back on a plan (they can't be denied), and so all insurance companies will fail.

    Why would someone do that? The tax penalty is greater than my year premium, then if you add in the tax credit, my insurance will be almost free.

    Hmm.. Nearly free insurance or paying a tax penalty.. choices.. choices..

  14. Re:Why is this man allowed to keep so much money? on Bill Gates: the Traditional PC Is Changing · · Score: 1

    In the long run, the interest accumulated on that 99% is worth more than the initial 99%. Most of that money is invested and they use the returns to keep funding projects.

  15. Re:Privacy issue in Europe on Ask Slashdot: Are Smart Meters Safe? · · Score: 1

    Probably to some degree.
    Actually, the water company sent out a flyer talking about their upgrade. Now that they can monitor water demand in real time, they can speed-up and slow-down their pumps around the city. This allows them to be pro-active to keep water pressure up, while saving money by reducing their pumps when demand is low.

  16. Re:Privacy issue in Europe on Ask Slashdot: Are Smart Meters Safe? · · Score: 1

    While they still have to collect at the house level, I do agree that they should only store 15min intervals at neighborhood or higher level.

  17. Re:Privacy issue in Europe on Ask Slashdot: Are Smart Meters Safe? · · Score: 1

    Bit of a jump to go from monitoring power usage over 15min windows to web-cams throughout the house.

    Isn't that a bit like saying "If you're going to cut the child's umbilical cord, why not just chop off an arm?!". Same thing, right?

  18. Re:The physics on Ask Slashdot: Are Smart Meters Safe? · · Score: 1

    We don't kind to logic and facts around here(internet).

  19. Re:As a former developer of Smart Meter Tech on Ask Slashdot: Are Smart Meters Safe? · · Score: 1

    Are you saying they don't use ECC+Skein(1024bit)+Threefish(1024bit) to secure their communications?

    http://en.wikipedia.org/wiki/Elliptic_curve_cryptography
    http://en.wikipedia.org/wiki/Skein_(hash_function)
    http://en.wikipedia.org/wiki/Threefish

  20. Re:The problem is the nature of the Digital Waves on Ask Slashdot: Are Smart Meters Safe? · · Score: 1

    Light has only one attribute... frequency, there is no "flat" or "sine". What you see on a oscilloscope is a visual representation to help humans use their visual processing.

    I'm still going with what mrwilsox said, I just had to point the above out.

  21. Re:Tinfoil hat! Get yer tinfoil hat on! on Ask Slashdot: Are Smart Meters Safe? · · Score: 1

    While it's definitely the power company's right to know how much power I'm using, and even to know in aggregate how much peak versus non-peak power I'm using, but they really shouldn't need to know hour by hour or minute by minute (or even day by day) how much power I'm using.

    What business does a server admin have in knowing hours by hours or minute by minute load? Any admin of an infrastructure probably wants to know usage outside of monthly intervals.

    They already have instrumentation at the substations that tells them how much power my neighborhood

    "Neighborhood"?! Shit, we have one substation for the entire city of 20k people, excluding the factories. They may want to know a little more about how power is used in different sections of the city.

    While data must be collected at the house level, maybe we need laws stating that only monthly data can be saved by customer and any lesser interval must be stored by city section(some larger logical unit).

  22. Re:Tinfoil hat! Get yer tinfoil hat on! on Ask Slashdot: Are Smart Meters Safe? · · Score: 1

    To really get the sarcasm going, you should have put something more like "They are every bit as dangerous as a cellphone through a wall 25' from you."

  23. Re:Privacy issue in Europe on Ask Slashdot: Are Smart Meters Safe? · · Score: 5, Insightful

    My local water company has switched over to smart meters for water usage. Now that they have pseudo-realtime flow information, they have reduced their operations costs by about $200k/year and my water will has gone down because of reduced rates.

    The more information engineers have access to, the more efficient the system.

    If we EVER want to have massive roll-outs of green energy, we'll need smart meters. Fuck green, lets burn coal until we die, I don't want someone seeing how much power I use.

    What we do need is rules stating that the information collected must be securely accessed and transmitted. Possibly limit collected data to just stuff like average power-draw, local voltages, highest burst, standard deviation.. stuff like that.

    They don't need to know what exactly what I'm running, just a category of power demand.

  24. Re:Privacy issue in Europe on Ask Slashdot: Are Smart Meters Safe? · · Score: 4, Insightful

    Power company says "if you want to save money, we need more data"
    Power distribution says "if you want more reliable power, we need more data"
    Customers say "We want cheaper and more reliable power!"

    OMG! they want to know more info?!

    Next thing you'll know, your Doctor will want to know your medical history! Fuck him/her! Why would they need to know that?!

  25. Re:One good reason... on What's To Love About C? · · Score: 1

    Just be careful with "Volatile", as many new CPUs may re-arrange memory access, which can break a lock-less algorithm that assumes Volatile fixes everything.