Very valid comment, this deserves to be modded up. Since FTP authenticates in cleartext, anyone capable of sniffing the transaction gets the authentication credentials in full.
That's why it's never, ever safe to attach FTP credentials to anything else.
I believe Dreamhost handles this by issuing a separate password for FTP.
I can see two semi-valid to valid excuses: 1. The additional server load, and cost associated (electricity, maintenance, less clients per 'unit' served and so on) 2. Impossible sniffing & tracing to debug live systems.
Sniffing the data in-house troubleshoot is a great tool. Without it, you have to rely to server-side logging to capture your issues. If these are occasional, hard to reproduce, unclear problems, then you're in for some serious log digging, not to mention considerable work to request from all your services to write a lot of logging details. And then rotate those logs and so on.
When all the data is unencrypted end-to-end, all you have to do is put a few network capture and analysis tools where you think the problem is, write some possible triggers for them to launch capture and synchronize together, and then voilà, you've got yourself "the bug" in the net, and now you can begin fixing.
None of the alternatives work across several browsers on multiple platforms. I have xmarks on chrome, firefox, safari on 2 windows pc and one mac, plus the iphone. All through xmarks.
I know it was mostly for the humor (and it was funny), but Wave is a project that never left "alpha", must less ever came close to "beta". Goo.gl, on the other hand, is official, live, and supported. When they say it'll stay, I'm pretty sure they mean it.
I completely agree with you. Yes Wave had issues (speed, invites, wrong marketing, etc) but the real reason it failed is because of all the morons who couldn't think outside of their limited mindset.
People are resistant change, it's widely known. Try to change people's crappy software for fun. Try to show your office coworkers how to use OpenOffice.org instead of Microsoft Office. They'll probably all hate it, but for the wrong reasons.
Wave solved a metric ton of problems, yet half the comments here and blog posts about Wave's failure mostly consists of "A solution looking for a problem."
Since october of last year, I have been using Wave extensively, every single day, with a group of people. Some are friends, some are colleagues. We have waves for casual chatting, where we just talk and share stuff together, and we have work waves were we discuss projects, and plan work, share files, have meetings, etc.
It's much more effective than threaded/replied/forwarded emails to get any kind of discussion going with a group of people. Emails get impossible to track really fast when several people are all replying to other people's messages. It gets messy. In wave, it's all neat, organized, threaded, and can be moderated. Delete a few messages that were not on the subject, move stuff around.
I can't wait for a stand alone server so I can host it for me, my friends and colleagues.
SP3 causes a rotation issue with a whole lot of ATI video card drivers (for video cards 2-3 years old, at most), making it impossible to have a rotated screen on SP3.
The very same graphic cards are unsupported in Windows 7 because ATI hates their customers.
1. Different size doesn't screw up anything. Modern bill accceptor units realign the bill as it is fed in, center it or push it on one side, and stack them all up nicely and straight.
2. The raised/embossed parts doesn't mess with anything, and the machines don't crunch them more than your wallet already does. We have braille on all our canadian bills, and they're fine.
3. Older machines always need to be updated to new currencies. You might think the last batch of bills was similar to this batch, but it still required extensive updating on the market. It's okay, because vending operators welcome new security changes, as their machines are also the target of counterfeit bills (but not the same time of counterfeiting.)
4. The 1$ bill is a problem not for high value items, but for low value ones. Unless your machines vend exactly 1$ items, the 1$ bill gives you change headaches. Machines must continuously be replenished with rolls of coins to give back to you because you inserted a 5$ for a 1.25$ item. A 1$ coin solves this because it's automatically replenishes by customers on their purchases, and can be used as change for large bills (1.25$ purchase on 5$ bill = 3x 1$ coins, 3x 25c coins. Six coins in total, a good average for change payback.)
5. You guys have a 2$ bill that you don't use. Why? People genuinely enjoy and cherish their stack of 1$ bill. It will never change unless the government force it, and they don't. You will have your 1$ bill in twenty years even when you can't even buy a pack of gum with it. In canada, we had the 2$ bill to use when the 1$ bill was removed, so the transition was easy. And then we removed the 2$ bill as well! Still worked because the next bill was close (5$).
I think he meant it's relatively complex to take a new phone, and attempt to camouflage it into looking like the previous phone, while it would be extremely easy to grab whatever cheap general-fitting iphone case on the market, and put your new prototype in it.
In fact, it would almost be a better camouflage to use a 2$ case than go to the trouble of building a "fake-3GS-shell" case around your iPhone HD.
Not as old as you (in terms of Slashdot readership), but I've been here quite some time as well.
I think that, as readers left this site, editors slashed into the content quality and try the quantity approach. I used to be able to read the site daily and have time to post replies here and there. Now, I have it set in an RSS reader because the volume is much larger to the point that if I miss a day, 20 to 30 stories fly by.
It's not that there are more things to report now than 10 years ago, it's all these crappy filler stories, blog posts about nothing interesting, jokes and whatnot that make this site less and less relevant.
Additionally, while Slashdot used to be where the breaking news was happening, I can now find interesting and important stories up to THREE days later on this site than on digg, for example.
Me and some other people have submitted, days ago, important stories (in our opinion) about a FOSS company that is suing the Quebec government for the right to bid on contracts that went directly to Microsoft. This is being heard by the supreme court right now. The supreme court! And it's not even making slashdot!
It's not too late, but the editors really have to try and voluntarily lose a few percent point of page views in order to bring back quality and, more importantly, fellowship of readers.
It's about time that a TSA agent steps over the line enough for the justice system to finally react and hit back. So far the TSA has been running their own show and making up their own laws so much that I became genuinely scared of passing through the USA on my next trip.
Did you see a few posts above you? Someone spotted what he believed to be about 3 million $ worth of fake processors on a shipping pallet.
That's en extremely likely scenario. You have this up-to-no-good set of suppliers exchanging large quantities of expensive electronics. This particular part (a processor) can't be easily tested or checked because of all the intricate packaging involved. So they came up with a plan to swap one pallet in a warehouse somewhere while it's being loaded/unloaded from a truck. No one will bother to open a skid, then open a box, and then make sure these are *Still* actual processors. They were processors when they were packaged into skipping pallets, so why bother at this point? Even the retail buyer won't open these boxes if they're convincing enough.
So they made these fake packages with fake instruction manual, fake processor, fake fan, etc. If you were to just grab a box, and open the side of the package without pulling the content out, you'd see what mostly looks like a full set of processor, fan, manual and whatnot. That's why they built this fake fan assembly, and that's why there's a stack of paper. Looks just like the real deal when you spend 5 seconds looking at it from the side of the box.
As I've just finished reading the whole thread at threshold 4, you're the first poster that actually gets it. They're not using local storage because they're idiots with computars, they use local storage because nothing else does the job.
The solution is, unfortunately, not possible for this guy.
Can you honestly say that with a straight face while browsing the hundreds of fart apps and stupid slideshows of 5 pictures or less? The App store is indeed cluttered by tens of thousands of utterly useless and worthless apps, but the Wi-Fi finding category is certainly not contributing by much.
So while just about everyone on this thread is actively debating the legality of mass-buying and reselling tickets, as a Slashdot member, I'm interesting in how they broke the system.
It seems to me that, while reCAPTCHA created a very interesting system, they exposed themselves to a ridiculously simple attack: the reuse of previous catpchas and the reuse of their identification numbers.
Fixing this would be very easy. I'm thinking of this method: 1. Every graphic image of captcha in the system is assigned a unique ID along with the response, just like it is right now. 2. When an external website requests a challenge, the system picks a captcha ID at random in the database. 3. Take this captcha ID and write it in a database, along with a random number. 4. From now on, the random number (ie "public random ID") is used for the website that is using it. 5. As soon as the challenge is solved (website proceeds with the rest of the user authentication), the public random ID database item for this number is marked "Wasted", and will never be used again.
Losing 250 toobelts or phones or pants or metal detector wands, fine whatever. But they're losing guns here! You know, those metal things you point at people and they die? Like, forever?
It's really something to witness. I was next to a coworker that was telling me about the damn window that popped up everytime he launched IE8 and didn't know what to do about it. I tell him "Read it?" he goes "okay fine", he reads it skipping every other word, then goes "Well? I don't want anything so waht do I click?"
As an IT administrator, I would like to tape iPads in front of user's screens. This is going to be so simple they can't do it wrong.
That's not all. To this day, we still occasionally receive an email consisting of nothing more than an attachment "winmail.dat"
i eventually gave up on trying to tell mail administrators to set outlook clients properly or to set Exchange rules for outbound formating. I've installed "Lookout" plugin on all users' Thunderbirds.
It's really as if Microsoft deliberately tried to break email interoperability so they can attempt to monopolize it. Hmm.....
Actually, you are just as likely to be hit. A miscalculated oversteer turn (drift) could make the car plunge right on the inside of the track. I would observe a robotic car driving from far away...
Right so I can just go rent whatever crazy car I've never driven before, crash it, and then go "Well you know I wasn't familiar with that particular car."
You're driving a huge metal bullet that can kill many people in a matter of seconds, it's your damn responsibility to know how to operate it. IF you're too dumb to know how to turn the engine off, DO NOT DRIVE THAT CAR.
It pisses me off that driver's education classes teach people to obey traffic laws but give them zero knowledge of how to keep control of this killing machine on wheels.
wondering how they lived without the thing they had no practical use for before they bought it.
So I've been eating my raw meet and crunching vegetables for some time when one day, Borgt brings a thing he calls "iFire" from his city to mine. He tells us iFire is like the sun but portable.
I told him to take it away, as I have no practical use for it. My vegetables are crunchy, and meat tastes good, what could I possibly benefit from fire?
Oh you mean, we can discover NEW USES after being put in contact with new applications of technology?
I guess all those sheeps will still buy iPads, right? Damn sheeps!
Well let's see. Last time we all went nuts over what Apple was possibly going to revolutionize a market with a new innovative gadget or not, was when they were 'about to possibly announce a PHONE'.
What came next? Oh right, a truly innovative phone that revolutionized not only the entire mobile phone market, but the portable-pocket-computer market as well, and then went on to sell millions and millions of those rectangle boxes.
So yes, the entire world comprised of people interested in technology is buzzing around like crazy because, as the speculations, chances are good that the same company will do it again with something else that will possibly revolutionize a whole market and change a part of our lives as technology yet again makes a leap forward.
We're excited because it's exciting.
If this bores you and you can't be bothered until the product is actually out the door, then don't read the stories and don't comment on them. Just scroll down buddy, more stories about Microsoft's hacking vector software is on the way.
By the way, this is not just 'tech'. The same thing happens with cars as well. Some company may or may not come up with a new innovative product and we all get giddy about it and post countless blogs and forums threads about it. And we love it.
Narrator: Of course, since the greenhouse gases are still building up, it takes more and more ice each time. Thus solving the problem once and for all. Suzie: But-- Narrator: Once and for all!
"The End".
Re:Most film cameras don't have a 'shutter speed'.
on
Framerates Matter
·
· Score: 1
And this is why Slashdot remains to me the best site to read news and discussions about technology-related subjects. I'm here reading comments about framerate in videogames when all of a sudden, a group of people spontaneously burst into the technicalities of cinema cameras and how the motion is captured on film.
This is FASCINATING stuff, thank you for that. You're already +5 Informative, but I'll pretend-mod you to +6.
I'm not saying the poster is right on his claims, but the basic principle is that: 1. Take cheap diamonds from conflicted African country 2. Put them in a bag 3. Go to Canada 4. Open the bag in the bottom of a Canadian mine on a Monday night during the hockey game 5. Tuesday morning: Wow! We've just found an assload of diamonds! Let's go laser etch them for authenticity right away!
It's not like that's such a complicated plan. Are they doing it? I have no idea and frankly, I can't decide which sounds more plausible. a) A giant multinational acting kindly? or b) A giant multinational bending the laws for profit.
Slashdot Mirror
Very valid comment, this deserves to be modded up. Since FTP authenticates in cleartext, anyone capable of sniffing the transaction gets the authentication credentials in full.
That's why it's never, ever safe to attach FTP credentials to anything else.
I believe Dreamhost handles this by issuing a separate password for FTP.
I can see two semi-valid to valid excuses:
1. The additional server load, and cost associated (electricity, maintenance, less clients per 'unit' served and so on)
2. Impossible sniffing & tracing to debug live systems.
Sniffing the data in-house troubleshoot is a great tool. Without it, you have to rely to server-side logging to capture your issues. If these are occasional, hard to reproduce, unclear problems, then you're in for some serious log digging, not to mention considerable work to request from all your services to write a lot of logging details. And then rotate those logs and so on.
When all the data is unencrypted end-to-end, all you have to do is put a few network capture and analysis tools where you think the problem is, write some possible triggers for them to launch capture and synchronize together, and then voilà, you've got yourself "the bug" in the net, and now you can begin fixing.
None of the alternatives work across several browsers on multiple platforms. I have xmarks on chrome, firefox, safari on 2 windows pc and one mac, plus the iphone. All through xmarks.
There are no alternatives at the moment.
I know it was mostly for the humor (and it was funny), but Wave is a project that never left "alpha", must less ever came close to "beta". Goo.gl, on the other hand, is official, live, and supported. When they say it'll stay, I'm pretty sure they mean it.
I completely agree with you. Yes Wave had issues (speed, invites, wrong marketing, etc) but the real reason it failed is because of all the morons who couldn't think outside of their limited mindset.
People are resistant change, it's widely known. Try to change people's crappy software for fun. Try to show your office coworkers how to use OpenOffice.org instead of Microsoft Office. They'll probably all hate it, but for the wrong reasons.
Wave solved a metric ton of problems, yet half the comments here and blog posts about Wave's failure mostly consists of "A solution looking for a problem."
Since october of last year, I have been using Wave extensively, every single day, with a group of people. Some are friends, some are colleagues. We have waves for casual chatting, where we just talk and share stuff together, and we have work waves were we discuss projects, and plan work, share files, have meetings, etc.
It's much more effective than threaded/replied/forwarded emails to get any kind of discussion going with a group of people. Emails get impossible to track really fast when several people are all replying to other people's messages. It gets messy. In wave, it's all neat, organized, threaded, and can be moderated. Delete a few messages that were not on the subject, move stuff around.
I can't wait for a stand alone server so I can host it for me, my friends and colleagues.
SP3 causes a rotation issue with a whole lot of ATI video card drivers (for video cards 2-3 years old, at most), making it impossible to have a rotated screen on SP3.
The very same graphic cards are unsupported in Windows 7 because ATI hates their customers.
Hi. IAVMD (I'm A Vending Machine Designer.)
1. Different size doesn't screw up anything. Modern bill accceptor units realign the bill as it is fed in, center it or push it on one side, and stack them all up nicely and straight.
2. The raised/embossed parts doesn't mess with anything, and the machines don't crunch them more than your wallet already does. We have braille on all our canadian bills, and they're fine.
3. Older machines always need to be updated to new currencies. You might think the last batch of bills was similar to this batch, but it still required extensive updating on the market. It's okay, because vending operators welcome new security changes, as their machines are also the target of counterfeit bills (but not the same time of counterfeiting.)
4. The 1$ bill is a problem not for high value items, but for low value ones. Unless your machines vend exactly 1$ items, the 1$ bill gives you change headaches. Machines must continuously be replenished with rolls of coins to give back to you because you inserted a 5$ for a 1.25$ item. A 1$ coin solves this because it's automatically replenishes by customers on their purchases, and can be used as change for large bills (1.25$ purchase on 5$ bill = 3x 1$ coins, 3x 25c coins. Six coins in total, a good average for change payback.)
5. You guys have a 2$ bill that you don't use. Why? People genuinely enjoy and cherish their stack of 1$ bill. It will never change unless the government force it, and they don't. You will have your 1$ bill in twenty years even when you can't even buy a pack of gum with it. In canada, we had the 2$ bill to use when the 1$ bill was removed, so the transition was easy. And then we removed the 2$ bill as well! Still worked because the next bill was close (5$).
I don't think that's what he meant by that.
I think he meant it's relatively complex to take a new phone, and attempt to camouflage it into looking like the previous phone, while it would be extremely easy to grab whatever cheap general-fitting iphone case on the market, and put your new prototype in it.
In fact, it would almost be a better camouflage to use a 2$ case than go to the trouble of building a "fake-3GS-shell" case around your iPhone HD.
Which makes it the best. +5 insightful
Not as old as you (in terms of Slashdot readership), but I've been here quite some time as well.
I think that, as readers left this site, editors slashed into the content quality and try the quantity approach. I used to be able to read the site daily and have time to post replies here and there. Now, I have it set in an RSS reader because the volume is much larger to the point that if I miss a day, 20 to 30 stories fly by.
It's not that there are more things to report now than 10 years ago, it's all these crappy filler stories, blog posts about nothing interesting, jokes and whatnot that make this site less and less relevant.
Additionally, while Slashdot used to be where the breaking news was happening, I can now find interesting and important stories up to THREE days later on this site than on digg, for example.
Me and some other people have submitted, days ago, important stories (in our opinion) about a FOSS company that is suing the Quebec government for the right to bid on contracts that went directly to Microsoft. This is being heard by the supreme court right now. The supreme court! And it's not even making slashdot!
It's not too late, but the editors really have to try and voluntarily lose a few percent point of page views in order to bring back quality and, more importantly, fellowship of readers.
It's about time that a TSA agent steps over the line enough for the justice system to finally react and hit back. So far the TSA has been running their own show and making up their own laws so much that I became genuinely scared of passing through the USA on my next trip.
Did you see a few posts above you? Someone spotted what he believed to be about 3 million $ worth of fake processors on a shipping pallet.
That's en extremely likely scenario. You have this up-to-no-good set of suppliers exchanging large quantities of expensive electronics. This particular part (a processor) can't be easily tested or checked because of all the intricate packaging involved. So they came up with a plan to swap one pallet in a warehouse somewhere while it's being loaded/unloaded from a truck. No one will bother to open a skid, then open a box, and then make sure these are *Still* actual processors. They were processors when they were packaged into skipping pallets, so why bother at this point? Even the retail buyer won't open these boxes if they're convincing enough.
So they made these fake packages with fake instruction manual, fake processor, fake fan, etc. If you were to just grab a box, and open the side of the package without pulling the content out, you'd see what mostly looks like a full set of processor, fan, manual and whatnot. That's why they built this fake fan assembly, and that's why there's a stack of paper. Looks just like the real deal when you spend 5 seconds looking at it from the side of the box.
As I've just finished reading the whole thread at threshold 4, you're the first poster that actually gets it. They're not using local storage because they're idiots with computars, they use local storage because nothing else does the job.
The solution is, unfortunately, not possible for this guy.
Can you honestly say that with a straight face while browsing the hundreds of fart apps and stupid slideshows of 5 pictures or less? The App store is indeed cluttered by tens of thousands of utterly useless and worthless apps, but the Wi-Fi finding category is certainly not contributing by much.
So while just about everyone on this thread is actively debating the legality of mass-buying and reselling tickets, as a Slashdot member, I'm interesting in how they broke the system.
It seems to me that, while reCAPTCHA created a very interesting system, they exposed themselves to a ridiculously simple attack: the reuse of previous catpchas and the reuse of their identification numbers.
Fixing this would be very easy. I'm thinking of this method:
1. Every graphic image of captcha in the system is assigned a unique ID along with the response, just like it is right now.
2. When an external website requests a challenge, the system picks a captcha ID at random in the database.
3. Take this captcha ID and write it in a database, along with a random number.
4. From now on, the random number (ie "public random ID") is used for the website that is using it.
5. As soon as the challenge is solved (website proceeds with the rest of the user authentication), the public random ID database item for this number is marked "Wasted", and will never be used again.
There! Fixed.
They're fucking GUNS!
Losing 250 toobelts or phones or pants or metal detector wands, fine whatever. But they're losing guns here! You know, those metal things you point at people and they die? Like, forever?
It's really something to witness. I was next to a coworker that was telling me about the damn window that popped up everytime he launched IE8 and didn't know what to do about it. I tell him "Read it?" he goes "okay fine", he reads it skipping every other word, then goes "Well? I don't want anything so waht do I click?"
As an IT administrator, I would like to tape iPads in front of user's screens. This is going to be so simple they can't do it wrong.
That's not all. To this day, we still occasionally receive an email consisting of nothing more than an attachment "winmail.dat"
i eventually gave up on trying to tell mail administrators to set outlook clients properly or to set Exchange rules for outbound formating. I've installed "Lookout" plugin on all users' Thunderbirds.
It's really as if Microsoft deliberately tried to break email interoperability so they can attempt to monopolize it. Hmm.....
Actually, you are just as likely to be hit. A miscalculated oversteer turn (drift) could make the car plunge right on the inside of the track. I would observe a robotic car driving from far away...
Right so I can just go rent whatever crazy car I've never driven before, crash it, and then go "Well you know I wasn't familiar with that particular car."
You're driving a huge metal bullet that can kill many people in a matter of seconds, it's your damn responsibility to know how to operate it. IF you're too dumb to know how to turn the engine off, DO NOT DRIVE THAT CAR.
It pisses me off that driver's education classes teach people to obey traffic laws but give them zero knowledge of how to keep control of this killing machine on wheels.
wondering how they lived without the thing they had no practical use for before they bought it.
So I've been eating my raw meet and crunching vegetables for some time when one day, Borgt brings a thing he calls "iFire" from his city to mine. He tells us iFire is like the sun but portable.
I told him to take it away, as I have no practical use for it. My vegetables are crunchy, and meat tastes good, what could I possibly benefit from fire?
Oh you mean, we can discover NEW USES after being put in contact with new applications of technology?
I guess all those sheeps will still buy iPads, right? Damn sheeps!
Disclosure: Ba-a-a-a-h.
Well let's see. Last time we all went nuts over what Apple was possibly going to revolutionize a market with a new innovative gadget or not, was when they were 'about to possibly announce a PHONE'.
What came next? Oh right, a truly innovative phone that revolutionized not only the entire mobile phone market, but the portable-pocket-computer market as well, and then went on to sell millions and millions of those rectangle boxes.
So yes, the entire world comprised of people interested in technology is buzzing around like crazy because, as the speculations, chances are good that the same company will do it again with something else that will possibly revolutionize a whole market and change a part of our lives as technology yet again makes a leap forward.
We're excited because it's exciting.
If this bores you and you can't be bothered until the product is actually out the door, then don't read the stories and don't comment on them. Just scroll down buddy, more stories about Microsoft's hacking vector software is on the way.
By the way, this is not just 'tech'. The same thing happens with cars as well. Some company may or may not come up with a new innovative product and we all get giddy about it and post countless blogs and forums threads about it. And we love it.
"Global Warming Or: None Like It Hot!"
Narrator: Of course, since the greenhouse gases are still building up, it takes more and more ice each time. Thus solving the problem once and for all.
Suzie: But--
Narrator: Once and for all!
"The End".
And this is why Slashdot remains to me the best site to read news and discussions about technology-related subjects. I'm here reading comments about framerate in videogames when all of a sudden, a group of people spontaneously burst into the technicalities of cinema cameras and how the motion is captured on film.
This is FASCINATING stuff, thank you for that. You're already +5 Informative, but I'll pretend-mod you to +6.
You must be new to smuggling.
I'm not saying the poster is right on his claims, but the basic principle is that:
1. Take cheap diamonds from conflicted African country
2. Put them in a bag
3. Go to Canada
4. Open the bag in the bottom of a Canadian mine on a Monday night during the hockey game
5. Tuesday morning: Wow! We've just found an assload of diamonds! Let's go laser etch them for authenticity right away!
It's not like that's such a complicated plan. Are they doing it? I have no idea and frankly, I can't decide which sounds more plausible. a) A giant multinational acting kindly? or b) A giant multinational bending the laws for profit.
Tough choice!