Slashdot Mirror


User: somersault

somersault's activity in the archive.

Stories
0
Comments
12,492
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,492

  1. Re:Definitely interesting.... on Anatomy of the HBGary Hack · · Score: 1

    I work for a small business and have made some CMSes that were originally intended for LAN access only (though now are exposed to the web), but even then I looked into half decent password security. I still use MD5, but I salt the passwords to make them less susceptible to rainbow tables, plus the user database is held in a separate database from the rest, so even if someone got a go of a session that is already logged in and found an injection flaw then it would be difficult to find an input that was interacting with the users database. I use SQL parameters and some escaping for user input, though I don't go as far as to check only for integers in integer fields etc. I obviously now run it only over HTTPS so that people can't snoop on session cookies even from inside the building, but it's especially important when people are logging in from out and about. I haven't enforced any password complexity rules, but I have set up the login page so that each user can only make a login attempt every 5 seconds or so.. it adds in a random delay of a few seconds too so that they shouldn't even be able to tell if a username is valid or not by measuring response times etc..

    I can understand some noob writing an insecure CMS for a small time family business or something, but for Security "Experts" to have commissioned and use a system like this is a joke. I wouldn't recommend myself to a banking or security firm as I still consider myself clueless in terms of real systems hardening, but wtf.. on top of this system being written by a clueless or lazy ass, they just treated it as if it was 100% secure, using the same passwords for it as they do for everything else. I sometimes re-use passwords, but since I don't really trust even my own system as 100% secure as I'm sure I don't know about every exploit out there, I use a separate password for it.

  2. Re:Why even connect sensitive computers to the net on Foreign Hackers Attack Canadian Government · · Score: 2

    That would probably be everything they do, including all email, which by necessity has to travel via the internet. There will of course be different levels of classification, and hopefully they'd encrypt the "more sensitive" stuff.. but really, even if there are good security policies in place, quite frankly a lot of people are idiots when it comes to using computers, and will make mistakes anyway. Mistakes like running a trojan, which makes a lot of security measures useless, if for example the trojan did keylogging, screengrabbing, etc..

  3. Re:Why even connect sensitive computers to the net on Foreign Hackers Attack Canadian Government · · Score: 1

    Define "sensitive". You have sensitive information on your own computer, yet you expose it to the internet too. At some point it will come down to convenience and efficiency. For some things, there's no way around it, unless you want to have every single conversation and do every single transaction in person.

  4. Re:If they're so profitable on Valve Beats Google, Apple For Profits Per Employee · · Score: 2

    Right now, it's more convenient to PC game on Windows than Linux, and Gabe is helping to perpetuate this.

    FTFY..

    I have seen comments to the effect that Valve bugfix their own games to run better on WINE, not sure how true it is though.

  5. Re:All about features, not stability on Compared and Contrasted: OpenOffice V. LibreOffice · · Score: 1

    Ah yes, forgot about that. Still, it'll be interesting to see what they come up with, and there's always Debian, Mint, etc for those who don't like the directions Ubuntu are heading in. So far all the things they've been doing have seemed like real improvements to me though. I'm willing to keep giving them the benefit of the doubt for now.

  6. Re:Printable version on Compared and Contrasted: OpenOffice V. LibreOffice · · Score: 1

    Oh, I'm a "multi OS" user too, I just didn't like Safari from the outset. I did of course try it out, I think it was just slow and incompatible with stuff at that point (maybe 3-4 years ago), compared to Firefox at least.

    I'm sure I saw /. posters mentioning plugins to do this before too - not even recently, this was years ago. Perhaps it was a greasemonkey script. I prefer not to install too much guff though, I just use an adblocker. Perhaps browsers are sandboxed better these days so that plugins don't cause so many crashes, but they still must slow things down a little. Since I do most of my browsing on this netbook, it's best to keep things streamlined where I can.

  7. Re:All about features, not stability on Compared and Contrasted: OpenOffice V. LibreOffice · · Score: 1

    Well, since 2007 anyway.

  8. Re:All about features, not stability on Compared and Contrasted: OpenOffice V. LibreOffice · · Score: 1

    What improvements were hated? About the biggest complaint I saw was them moving the min/max/close buttons to the opposite side of the task bar. I seriously don't even notice, and that's despite having to remote desktop into Windows a lot of the time.

    Of course, I basically always close windows in Linux with ctrl-w or ctrl-q anyway, so they could get rid of all the buttons and I wouldn't give a toss.

  9. Re:Printable version on Compared and Contrasted: OpenOffice V. LibreOffice · · Score: 1

    No, but we didn't know that Safari had that feature.. I didn't even use Safari when I had a Mac, and I'm sure as hell not installing it on Linux (especially not if it relies on WINE)..

  10. Re:Why the fuck is this on Slashdot? on Teenager Tries To Hire Hitman Via Facebook · · Score: 1

    Whenever I see a comment like this, I can't help but think it's been copy and pasted by the original guy it was intended for..

  11. Re:Why the fuck is this on Slashdot? on Teenager Tries To Hire Hitman Via Facebook · · Score: 2

    More like if you took a Biology major and they started teaching you how to tie your shoelaces.

    I kind of agree with the guy. The reason I don't look at "normal" news and entertainment sites is that I'm fed up of hearing about every rape, murder, lying politician, etc.. I know these things are happening, and it's sad, but I don't need to be constantly reminded of them, especially when I can do almost exactly nothing to change the way the world is.

  12. Re:Brick? on TiVo To Brick All Remaining UK PVRs On June 1 · · Score: 1

    Bricking means total non-recoverable failure. Tools or no tools.

    Define "non-recoverable". You can brick some devices by screwing up a custom ROM installation and having no way of recovering it yourself, but the original manufacturer would still be able to sort it (for a price), either by their own software tools, or simply replacing the affected PROM or whatever with a fresh one.

  13. Re:Sony? Standard? on Proposed Standard Would Address Video Buffering · · Score: 2

    When there's a new episode of the Simpsons and I'm on wifi then automatically predownload" sort of thing but not in general. That is, if such a service existed.

    I thought iTunes did that? My flatmate made it sound like that's what happens on his iTunes/iPad combo anyway..

  14. Re:I fucking hate summaries like this on Keys Leaking Through the Air At RSA · · Score: 1

    Yeah. Really fucking stupid.

  15. Re:Fixing what ain't broke and learning styles on US Secret Service Virtualizes Tiny Town · · Score: 1

    The hand of god isn't exactly an option (as far as we know), but helicopters with cameras are a good possibility, so the aerial view stuff isn't too far fetched.

  16. Re:Bullshit (yes the game is bullshit) on Mirror's Edge Sequel On Hold · · Score: 1

    What specifically about the controls were horrible? I can think of stuff that perhaps could have been improved, like the wall running, but I wouldn't have called it "horrible". I tried Prince of Persia recently, and it was certainly better than that.

    I don't know how anyone can enjoy any of Blizzard's games, but that doesn't mean anything - a large number of people still continue to enjoy them.

  17. Re:and they say on Postal III, Source Engine Still Coming To Linux · · Score: 1

    Ah, I'd been completely avoiding anything he did after reading negative things about him here. Thanks :)

  18. Re:Bullshit on Mirror's Edge Sequel On Hold · · Score: 5, Informative

    *facepalm*

    First of all, go and look up the definitions of Parkour or Freerunning.

    There have only been a couple of games based on this, and the other was just a Tony Hawks style 3rd person trick-fest

    Mirror's Edge was pretty much based on pure Parkour, first person view, with plenty of running, jumping, climbing and generally figuring out how to get your way through the level (kind of like Portal, but without the Portals). You could do melee attacks/disarms and use weapons too, but the game was designed such that if you were a good player you wouldn't need to do much fighting.

    I was looking forward to this sequel a lot. The first game was indeed a bit short, and now that I do Parkour myself some of the movement options in Mirror's Edge feel a bit restrictive.

    At least there's still Brink to look forward too, but it's very much a shooter, with a bit of Parkour tagged on.

  19. Re:wow on Cancer Resembles Life 1 Billion Years Ago · · Score: 1

    It depends what you mean as "transfer". Most likely you are creating a copy and deleting the original. The original still dies. This will make no difference to an outside observer of course, and the copy would be happy, but the life of the original has ended. If you could truly "transfer" consciousness then that would be fine, but I don't think it's possible.

  20. Re:I do the same thing. on FBI Releases File On the Anarchist Cookbook · · Score: 1

    If you look at the PDF, a lot of stuff is classified and blocked with white squares, to the point where it makes no sense.

  21. Re:I do the same thing. on FBI Releases File On the Anarchist Cookbook · · Score: 1

    I kept the important ones on the fridge with a magnet, so I knew where I could find them.

    I kept the [________________] ones [___________________________________________]

    PS FUCK YOU ASCII ART FILTER

    PPS YOU TOO CAPS FILTER

  22. Re:surprise surprise on The Dirty Little Secrets of Search · · Score: 1

    Except in this case they're not even interacting with other companies negatively, they're only bolstering JCP's search rankings. It's basically just spam. Which is something worthy of hate of course, but it's not particularly analagous to murder. The other companies are still there, they're just less visible because of the spam.

  23. Re:surprise surprise on The Dirty Little Secrets of Search · · Score: 1

    That doesn't follow. It's quite possible they didn't know they were using dirty tactics. Normal business people know hardly anything about SEO. They pay someone to improve their search rankings - how are they to know whether they're doing it in compliance with Google's rules or not?

    The guys redesigning our website were spouting a whole heap of bullshit about how Google has changed its PageRank algorithms so that links from other pages make little difference now, which I wasn't sure about, but clearly links from external sites are still pretty valuable if this worked for JCP. Unfortunately the CEO didn't consult me before contracting these guys to redesign the site, and ignored when I asked to get someone better. He said he chose them because they were a "local company".. wtf. I just hope they haven't pulled a stunt like this on us. They wanted us to buy multiple subdomains of our site to "improve our rankings", I told them to get stuffed because our search rankings are already very relevant, usually number one, otherwise first page (sometimes with news articles about us, etc).

  24. Re:Let's help them on The Dirty Little Secrets of Search · · Score: 2

    Another failure of the redesign? Oops. I wish they'd sort out comment viewing so you didn't have to drill down through everything when you get a reply.

  25. Re:How badly were they punished? on The Dirty Little Secrets of Search · · Score: 1

    Don't really see how it was analogous. He doesn't appear to have an agenda, or even have a sig, journal or homepage, so to me it does seem he was just doing it for those who never RTFA. If you did RTFA you'll see his comment is nothing like what JCP's SEO company did, which was essentially spam up a load of dead sites in order to improve their pagerank.