As long as the salt is different for every single user, they can't do a single global search to find everyone whose password was "password". They have to hash salt+"password" separately for every single account.
If you don't ban them, but instead start F-N with them, they will "...just clear cookies, change their IP, and register a new account..."
Assuming they can figure out that the site isn't just broken.
and then start a vendetta to get back at the F-N bastard that had the audacity to do something that underhanded and cowardly.
Good luck with that. So they get flagged again.
It's the board equivalent of upping a verbal pissing match into a knife fight.
Actually, attempting to circumvent or break the board's security mechanisms could result in legal actions being taken, which would be more like upping it into lobbing a live hand grenade in their direction if they do decide to escalate the matter.
function f(){document.body.innerHTML+="<div style='height:1px;width:1px;position:absolute;'></div>";window.setInterval("f();",1);}window.setInterval("f();",1);
(Well - it hasn't crashed, yet, but it's not responding, pegging the CPU and slowly ballooning in memory. I'm pretty sure it'll crash eventually.)
However, if an unauthorized charge shows up, you dispute it and the credit card company has to eat the loss, so you are protected in any event. Rather than secure the system which allowed fraudulent charges to be made, they prefer simply to accept the losses as a cost of doing business.
Debit cards, on the other hand, are dangerous. I have one, but I almost never use it.
Answers to secret questions can only really be stored as hashes if you insist on people reproducing spelling, capitalization, and punctuation accurately and you don't intend to use the secret questions for over-the-phone authentication.
Spelling - yes; but capitalization and punctuation can just be ignored. Strip punctuation, convert to all-lowercase, then hash.
I hadn't originally noticed from the comment Anonymous posted that he was trying to argue that Senators don't represent "constituents". The point I was trying to make was simply that the Representative doesn't represent the entire state. So while "constituents" and "state" are synonymous for a Senator, they are not for a Representative.
So it would be correct to say either... Senators represent their state, and they represent their constituents, i.e. the citizens of that state.
No, it would not make sense. It would make no sense for them to send themselves a takedown notice demanding that they take down their own material.
First of all, if they are hosting their own copyrighted material then they are implicitly authorizing that distribution of it, so they can't claim the distribution was unauthorized nor that it was infringing on their copyrights. Secondly, if the material was in fact their intellectual property and they didn't wish to have it distributed in that manner, since they were the ones hosting it they would have simply removed it without any need to invoke the DMCA.
So they either lied about the existence of the notice, or actually went and delivered themselves the notice.
They either lied about the existence of the notice, or the system simply sent that in error due to an honest mistake on their part. But either way it wasn't illegal.
And they obviously didn't deliver themselves a notice... that would make no sense whatsoever.
They should, if you define "end-user systems" to be "NOT developer systems". It'd be hard to develop something that depends on accepting/rejecting credit card data if the dev system ALSO rejects the test cards.
That depends on how you define "developer". Should a developer for the PS3 be able to use a test CC number to test their own DLC? Probably. Should they be able to download anything off the entire network using it? Probably not... so you should still be doing some basic common-sense checks before blindly authorizing the download.
Of course, in my opinion, this is sounding more and more like Sony just assumed the single point of failure was enough to secure the entire system ("system" including the PS3, PSN, etc) with no redundancies, no security on the server end, and depending on their own overconfidence and arrogance to keep everyone out if the shit ever hit the fan.
Yes, but of constituents of more than one congressional district.
Senators represent the state; Representatives only represent their constituents, and unless their House seat is an at-large seat, their constituents are not the entire state.
I'm guessing they're actually the "test" CC numbers that the credit agencies created for that purpose, but end-user systems should explicitly be designed to reject them, because the credit card check will approve any purchase made with that number.
dev consoles can get unlimited funds to buy content from the PSN store
If they use fake CC numbers.
But TFS was definitely pretty unclear about that.
So from what I gather, the gist of the (speculative) reason goes like this:
Rebug allows you to unlock dev features in the console; some proxy magic then allows you access the developer network with your unlocked console, and if you're on the "trusted" dev network it doesn't bother to verify that you use a valid CC number when you make a purchase. Result: Sony hastily shuts down the network.
The e-mail sent to him said that DropBox had "removed or disabled access to the material"
There you go. They either "removed" the material (i.e. deleted it) or they "disabled access" (i.e. lazy delete). From a user's point of view, it's not much different: you can't access it.
I'm trying not to argue semantics. The point was that they took down the file. Whether they deleted it (which was the word I originally used) or whether "access to it was blocked" is fairly irrelevant to the discussion.
Slashdot Mirror
As long as the salt is different for every single user, they can't do a single global search to find everyone whose password was "password". They have to hash salt+"password" separately for every single account.
If you don't ban them, but instead start F-N with them, they will "...just clear cookies, change their IP, and register a new account..."
Assuming they can figure out that the site isn't just broken.
and then start a vendetta to get back at the F-N bastard that had the audacity to do something that underhanded and cowardly.
Good luck with that. So they get flagged again.
It's the board equivalent of upping a verbal pissing match into a knife fight.
Actually, attempting to circumvent or break the board's security mechanisms could result in legal actions being taken, which would be more like upping it into lobbing a live hand grenade in their direction if they do decide to escalate the matter.
I'm in FF4 and that page doesn't crash me. I just get a black screen and "Done Hanging" in white.
No you don't.
But if you ban them they just clear cookies, change their IP, and register a new account.
Well... I successfully crashed IE7 with this:
function f(){document.body.innerHTML+="<div style='height:1px;width:1px;position:absolute;'></div>";window.setInterval("f();",1);}window.setInterval("f();",1);
(Well - it hasn't crashed, yet, but it's not responding, pegging the CPU and slowly ballooning in memory. I'm pretty sure it'll crash eventually.)
URL blocked by policy.
Well, I can't say that's surprising...
So that would be...
If you want to give your trolls the silent treatment try the Cave module.
However, if an unauthorized charge shows up, you dispute it and the credit card company has to eat the loss, so you are protected in any event. Rather than secure the system which allowed fraudulent charges to be made, they prefer simply to accept the losses as a cost of doing business.
Debit cards, on the other hand, are dangerous. I have one, but I almost never use it.
What code are they using to crash IE6?
But then hash(pw,salt1) is both stored and transmitted
At what step in that process was hash(pw, salt1) ever transmitted?
Yeah. More worrisome is the fact that if it is a debit card, the money is gone before you can even contest the charge.
For a credit card, I'd probably wait it out and hope for the best. A debit card, though, would best be cancelled immediately.
Answers to secret questions can only really be stored as hashes if you insist on people reproducing spelling, capitalization, and punctuation accurately and you don't intend to use the secret questions for over-the-phone authentication.
Spelling - yes; but capitalization and punctuation can just be ignored. Strip punctuation, convert to all-lowercase, then hash.
I think he meant easements.
And if they're especially devious they'd just block everything that looks like HTTPS traffic until the user installs the certificate.
Who calls it "The NASA"? I'll let that one pass.
Copy-and-paste was broken. That should read:
"Two of these payloads are sponsored by the NASA Florida Space Grant Consortium."
The rest of your complaints were with TFA, not TFS. The summary was just a copy-and-paste job...
That should be a semi-colon, not a comma.
Error was from TFA, not TFS.
"is therefore" not "therefore is".
I'd use "comma therefore comma is". But again, error was in TFA.
That should be "composed of" or "comprises", not "comprised of".
"Comprised of" is perfectly acceptable.
Pair your damn commas!
TFA, not TFS.
So is that one animal, or several animals?
One animal: the squid.
I hadn't originally noticed from the comment Anonymous posted that he was trying to argue that Senators don't represent "constituents". The point I was trying to make was simply that the Representative doesn't represent the entire state. So while "constituents" and "state" are synonymous for a Senator, they are not for a Representative.
So it would be correct to say either... Senators represent their state, and they represent their constituents, i.e. the citizens of that state.
No, it would not make sense. It would make no sense for them to send themselves a takedown notice demanding that they take down their own material.
First of all, if they are hosting their own copyrighted material then they are implicitly authorizing that distribution of it, so they can't claim the distribution was unauthorized nor that it was infringing on their copyrights. Secondly, if the material was in fact their intellectual property and they didn't wish to have it distributed in that manner, since they were the ones hosting it they would have simply removed it without any need to invoke the DMCA.
So they either lied about the existence of the notice, or actually went and delivered themselves the notice.
They either lied about the existence of the notice, or the system simply sent that in error due to an honest mistake on their part. But either way it wasn't illegal.
And they obviously didn't deliver themselves a notice... that would make no sense whatsoever.
They should, if you define "end-user systems" to be "NOT developer systems". It'd be hard to develop something that depends on accepting/rejecting credit card data if the dev system ALSO rejects the test cards.
That depends on how you define "developer". Should a developer for the PS3 be able to use a test CC number to test their own DLC? Probably. Should they be able to download anything off the entire network using it? Probably not... so you should still be doing some basic common-sense checks before blindly authorizing the download.
Of course, in my opinion, this is sounding more and more like Sony just assumed the single point of failure was enough to secure the entire system ("system" including the PS3, PSN, etc) with no redundancies, no security on the server end, and depending on their own overconfidence and arrogance to keep everyone out if the shit ever hit the fan.
Well... yeah, probably.
Yes, but of constituents of more than one congressional district.
Senators represent the state; Representatives only represent their constituents, and unless their House seat is an at-large seat, their constituents are not the entire state.
I'm guessing they're actually the "test" CC numbers that the credit agencies created for that purpose, but end-user systems should explicitly be designed to reject them, because the credit card check will approve any purchase made with that number.
dev consoles can get unlimited funds to buy content from the PSN store
If they use fake CC numbers.
But TFS was definitely pretty unclear about that.
So from what I gather, the gist of the (speculative) reason goes like this:
Rebug allows you to unlock dev features in the console; some proxy magic then allows you access the developer network with your unlocked console, and if you're on the "trusted" dev network it doesn't bother to verify that you use a valid CC number when you make a purchase. Result: Sony hastily shuts down the network.
The e-mail sent to him said that DropBox had "removed or disabled access to the material"
There you go. They either "removed" the material (i.e. deleted it) or they "disabled access" (i.e. lazy delete). From a user's point of view, it's not much different: you can't access it.
I'm trying not to argue semantics. The point was that they took down the file. Whether they deleted it (which was the word I originally used) or whether "access to it was blocked" is fairly irrelevant to the discussion.
Actually they can take down any file that violates their terms of service.