Slashdot Mirror


User: vux984

vux984's activity in the archive.

Stories
0
Comments
10,772
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,772

  1. Re:None of this (except the passwords)... on Hacker Exposes Parts of Florida's Voting Database · · Score: 1

    The really scary thing is that Diebold is heavily into ATMs as well and should really know how to secure the machines.

    Are you saying its scary because they make secure ATMs yet can't seem to even close a barn door when making voting machines, indicating deliberate incompetence?

    Or are you saying its scary that a company that is so incompetent on security is trusted with making ATM machines, which you expect suffer from security just as completely catastrophic as voting machines?

    Either way... yes ... it is scary.

  2. Re:As well they should on WikiLeaks To Sue Visa/MasterCard · · Score: 3, Insightful

    The moment Wikileaks published a single classified document, they did in fact break US laws.

    Wikileaks is not in the US. They are not subject to US laws. And publishing a document a foreign government deems classified has never been illegal anywhere, ever.

    A farmer in Afghanistan who slaughters a goat and sells the meat is not in contravention with New York state law requiring a meat vendor to have a state issued butchers license.

    A man doing 150km/h on the German Autobahn is not violating Florida state ordinances on speeding.

    Foxxconn paying employees less than $7.25 an hour in China does not violate the US Federal minimum wage law.

    Your claim that wikileaks broke US law is absurd on its face.

  3. Re:Credit Where Credit Is Due on Groupon Deal of the Day: 300,000 Customer Accounts · · Score: 1

    I don't store passwords in the database encrypted or hashed or salted or with a little sprinkling of lemon pepper.

    Just hashed and salted.

    Why would I? To say it is inexcusable (GP of who you replied to) is being simplistic

    Not at all. Its inexcusable not to do this.

    Saying that you need to encrypt all passwords in the database is being simplistic.

    HASH not ENCRYPT

    Security comes in layers, and at least in our case, if you CAN make a SQL query against a database directly and retrieve all the record data we are already deeply screwed.

    You probably are, but if my password is hashed and salted, I'm only screwed on your site.

    That is because you will have already owned us to the point that the whole inner networks are at your disposal, and you long ago got past the DMZ and whatever security our firewalls and hardened API servers were providing.

    Yes, but if you propery salted and hashed the password, whoever owned you still wouldn't have anyones passwords short of brute forcing them.

    Most people reuse passwords because they don't have the ability or desire to remember hundreds, and many of them are for things that aren't that important ... like slashdot. So if your hosting slashdot and you get owned, it would be nice if you didn't give the hacker my password because i use that password to access a couple other forums as well.

    Its inexcusable for you to store my password. You don't need it. You need a salted hash of it. If all you have is a salted hash of it, no matter how badly you get owned, at least you didn't give up my password, which may be (and probably is) used somewhere else.

    How many people use the same password for WoW as they do on a random WoW forum for example... forum gets hacked... they're WoW character gets hacked.

    You can argue legitimately that they shouldn't have used the same password in both places, but if you'd salted and hashed their password, you wouldn't have amplified the damage of their poor decision. .... and since you don't even need to store the actual password its inexcusable that you would.

  4. Re:Population on Cool-Factor Predicted To Spur Energy Conservation · · Score: 1

    If the children are young enough, there's ten-year-long waiting lines for people wanting to adopt healthy children.

    Because poor drug/alcohol abusers living in trailer parks dropping off babies at fire stations are just the thing people are waiting 10 years to get.

    Come on.

    As for stupid parents not relinquishing their rights... the bond between parent and child is pretty strong. Instinct, genetic programmed, survival of the species mechanism for a few millions of years... that sort of thing.

    You'd pretty much have to be a sociopath to give up a child to get tax breaks.

    I don't disagree with you that families need to be smaller, especially among the poor who can least afford them... but I disagree that "give em up or get taxed" would or even could work in the real world.

    Never mind that the amount of political capital you'd need to blow to pass such a thing would ensure it never happened.

  5. Re:Population on Cool-Factor Predicted To Spur Energy Conservation · · Score: 1

    Around here, you can drop off your kid at any fire station, no questions asked.

    And who pays to raise children dropped off at fire stations?

    How would that solve ANYTHING?

  6. Re:A will is a legal document on Lawsuit Claims LegalZoom Is Practicing Law Without a License · · Score: 2

    So if I, all by myself, draws up a will, I'm breaking the law?

    Of course not. If you did it all by yourself you didn't pay anyone.

    However if you bought a book on how to do it, paper, and a pen... you apparently can sue each of those companies for "assisting" you. Possibly the electric company for providing you light while doing it as well.

    That's clearly where the software felt it should be classed. They'll argue the end user is drawing up the will unassisted, and that their software is in the same class as a book or pamphlet on "how to write a will".

  7. Re:Take 'em offline on Massive Botnet "Indestructible," Say Researchers · · Score: 1

    For all intents and purposes that's "inspecting local pcs".

  8. Re:Population on Cool-Factor Predicted To Spur Energy Conservation · · Score: 1

    they'll have to pay someone to look after them.

    Unless they run out, and then society puts them in a shallow hole until they starve to death and then covers them with dirt. Oh... wait... no... society foots the bill.

    What they should do is have a tax break for 1, maybe 2 kids per couple, but after that give them exponentially increasing tax burdens. 3 kids, a very small burden, 4, a moderate one, 5 a large one, etc.

    Your missing the point, though. That won't stop stupid people from having kids. Trust me... they REALLY didn't want to get pregnant and they couldn't bother to take the steps to prevent that... they are NOT going to be thinking about "tax breaks".

    Tax penalties as birth control will work about as well death penalty for people trying to commit suicide.

    Yes, education is good for encouraging smaller families, but it only goes so far, and takes forever to work.

    But it does actually work.

    Look at society these days: there's tons and tons of poor people with huge families. Education is free, but obviously they're not getting the message.

    Smaller families than africa. And the more successful people are the smaller families get. The solution is to get make these poor people successful... your suggesting making them poorer.

    Plus, education doesn't help when the Church tells you that birth control is baaaaddd, mkay?

    Educated people question the church. They may retain faith in God and may identify as cathoic, but they tend to cling less to the dogma. Most of the huge catholic families also tend to fall into the less educated and poorer categories.

  9. Re:Politics making technology useless on The Patriot Act and the EU Cloud · · Score: 4, Insightful

    To be fair... its only because they can address the letter to microsoft, which is in its own juridiction.

    All this means is that a multinational can't move part of its assets to europe and then have immunity to the us govt.

    If MS wants immunity, it has to leave America.

  10. Re:Take 'em offline on Massive Botnet "Indestructible," Say Researchers · · Score: 1

    Nope it'd be full of crap to be sure.

    But how else do researchers "find" botnets, except by looking at infected pcs... ?

  11. Re:Take 'em offline on Massive Botnet "Indestructible," Say Researchers · · Score: 4, Informative

    I'm with you on the use of netcat etc.

    I assume they build honey pot systems, setup with shit security, programmed to randomly surf the web and click on everything that it finds... and then take it offline into a lab and see what there is to see.

    it's fairly trivial to estimate how many clients are connected to it.

    That gives you the LAN but that doesn't tell you how many infected systems there are worldwide.

    To shut it down by the way, once the virus is reverse engineered enough, one can deploy honeypot systems designed to impersonate legit infected machines, and wait for C&C commands to get passed to it via peers.

    Due to it being p2p that won't get you the C&C servers... but it does give you lists of peers that represent infected systems, many of which probably are on the ISP running the honeypot that the ISP could take offline... a few coop agreements, and ISPs could swap lists of infected systems from eachothers networks easily enough as well.

  12. Re:Isn't this is worse then 4 days? on World of Warcraft Goes Free With Starter Edition · · Score: 2

    You are assuming the the player already knows how to play

    If you've played any modern MMO, you know how to play WoW. I got to level 20 in under a day, without trying.

    I was actually annoyed because you actually level FASTER than you can experience it for yourself, unless you go out of your way to avoid any fight that you don't specifically require to complete a quest....

    They've accelerated the rate of XP gain substantially since the game was released... so your "first day experience" in WoW a couple years ago is not the same as it is now....

  13. Re:Who uses Thunderbird? on Mozilla Releases Thunderbird 5 · · Score: 1

    You can do that with gmail.

    You can do a poor and quite limited approximation of that with gmail.

    Depending on which account you have selected in in thunderbird, it chooses the correct reply to address by default, attaches the correct signature, maintains the sent items, drafts, etc, separately, etc. And there's no arbitrary limit to how many you can have.

    There's other things too... like no limit on the amount of mail you receive. I know a few people who are toting around mailboxes (lots of attachments) that would exceed gmails admittedly generous limits.

  14. Re:Invisible? on Massive Botnet "Indestructible," Say Researchers · · Score: 3, Insightful

    It can become pretty well invisible to the infected host system though.

    A bootable CD or flash drive should take care of things, but that's a bit of a hassle, since a bootable disc needs to be up to date to detect the latest threats... or perhaps the way to go on this is to checksum the existing known good mbr and then validate it from time to time offline against the checksum.

    Speaking of which... what are people recommending for actually dealing with this sort of stuff...?

  15. Re:Take 'em offline on Massive Botnet "Indestructible," Say Researchers · · Score: 1

    So what's the difference between this botnet data, an SSL connection to a bank, or an encrypted email/file?

    Well there must be some way to sniff them out or the researchers wouldn't know it existed or have any idea that millions of machines were infected....

  16. Re:Population on Cool-Factor Predicted To Spur Energy Conservation · · Score: 3, Insightful

    I was thinking

    I'm not sure you were. ;)

    tax credits for small families, and tax burdens for large families

    People with large families aren't doing it for the money. Having kids is already a significant expense, and the tax breaks for kids don't really amount to squat in comparison to the expense.

    The childless families are rolling in money by comparison. Both can work...

    No diapers, no day care expense, no extra mouth to feed and clothe, birthday presents to buy, constant school fundraising/fieldtrips/hotlunch days/bookfairs, haircuts, dental work, glasses...

    Nobody has kids to save moeny.

    And throwing a tax burden on them won't stop them from having more kids.

    The trailer park squad is having them because they make bad decisions... and they aren't going to consider the tax ramifications of unprotected sex if they failed to consider the pregnancy ramifications of unprotected sex.

    The no contraceptives for religious reasons group isn't going to stop having sex or having kids due to a tax burden either... they'll just be poorer thanks to you... perhaps driven to live in trailers with the first group.

    Finally its not like large families can 'right size' in response to the burden either, even if they wanted to.

    Meanwhile... the childless couples will putter around in their sports cars and vacations with their disposable income augmented by tax breaks until they get old and apparently have to be looked after by someone elses kids. ;)

    That said.. you said tax breaks for small families... so maybe you mean families of 3 to 5, instead of childless couples. And that's less caustic... but tax breaks for childless couples is demented.

    If you want small families though, taxes isn't the way to do it.Education and prosperity is the path to smaller families.

  17. Re:Isn't this is worse then 4 days? on World of Warcraft Goes Free With Starter Edition · · Score: 1

    Who the hell would mod this insightful? It's a flat out not possible even with bots wearing all BoA + dual boxing RAF.

    Even if its hyperbole, it makes a good point. Getting to 20 in 1 day is beyond easy, even without help, and if your trying it with a group of friends... trivial.

    What are you supposed to do after that?

  18. Re:Search improvement on Google's New Design · · Score: 1

    Is there a search engine that allows for this type of exact searches? One that uses grep syntax would be ideal.

    If your technical enough to understand grep syntax you should be technical enough to understand why it wouldn't work.

    Google indexes things, and then searches indexes. The indexes are compiled by stripping out punctuation, ignoring case, and lately by linking in common spelling mistakes, spelling and tense variations of the same word to the same index entry, etc.

    grep goes the other way... you can't rightly index something for a grep search... what you're asking for is a "full text search of the internet".

  19. Re:Too late. on Google's New Design · · Score: 2

    I like google's design more than bing too. But I can absolutely relate to all the complaints about google returning piles of worthless crap that's been 'SEO' onto the first page, old results, blog results, "aggregators", and plagiarized sites that are just scraping from each others, etc.

    If your google doesn't do that... then it is indeed magic google.

  20. Re:Credit Where Credit Is Due on Groupon Deal of the Day: 300,000 Customer Accounts · · Score: 1

    I tell it I forgot my password. If it emails the password back to me, it's stored as good as plain text. Then I change it to line noise and never go back.

    Right, and if it makes you reset it without sending it back to you... all you know is that it MIGHT be hashed.

    It'd be pretty trivial to write a system that doesn't hash the passwords, but doesn't send them back to the user as part of the password recovery mechanism.

    Taking any 'good' system, and commenting out the calls to hash the password would pretty much do it.

  21. Re:Credit Where Credit Is Due on Groupon Deal of the Day: 300,000 Customer Accounts · · Score: 1

    If they know you are using a well-known open-source backend that they know ,,, ... that it would be trivial for anyone with a bit of programming experience to comment out the calls to hash the passwords during creation and authentication, enabling them to be stored in plaintext.

    If you are a closed-source proprietary app that does not publish their source code for the end-user to read, how is he to know if you properly treat passwords?

    Unless the website host gives you access to the live servers running the site to inspect the source code, how are you to know if the passwords are properly treated?

  22. Re:Too late. on Google's New Design · · Score: 1

    You could just use the sidebar to choose exactly the timeframe you want.

    Or he could use the engine that gives him the results he wants without having to fiddle with a slider.

    I'm curious... if the question were reversed, and someone said:

    Microsofts results are 3-4 years old, while google's tend to be current, would you defend Microsoft by suggesting using microsofts 'timeframe' slider if it had one?

    Somehow i seriously doubt it.

  23. Re:Who uses Thunderbird? on Mozilla Releases Thunderbird 5 · · Score: 3, Informative

    Thunderbird is free.
    Gmail is "free".

    Thunderbird also handles receiving mail from multiple accounts better in my opinion. Yes gmail has all kinds of features to do this, but i like COMPLETELY separate inboxes for some stuff; and stuff like multiple-imap account support is better in thunderbird.

    Thunderbird is an application. Gmail is a web application.Its a good web app, but its still feels like a webapp. Its window handling in particular is REALLY annoying compared to a native app.

  24. Re:And more importantly... on One Week: No Mouse, Just Keyboard · · Score: 1

    >>A search bar ... searches.

    >The start menu search is supposed to be the primary launcher for unpinned applications

    Most people are document centric not application centric.

    >>But a glance before pressing enter works just fine

    >Too slow, hombre! Too slow by far.

    The glance would be when using other peoples computers. I know what program is listed first on my own, and it never changes unless I install something new -- that's deterministic enough for me.

    Classic Shell is awesome. It lets you clean all the useless cruft out of your start menu

    The win7 start menu lets you take practically everything out.

    I can launch my todo.txt file, for example, by typing Win,I,T, and I can do this faster than the draw animation on the start menu.

    You clearly went to a lot of work to organize all that. Which is fine and I don't really have an argument that you are wrong for your needs.

    Win7 brings very nearly that level of performance to everyone with almost no manual configuration. I won't claim its just as fast, but its very fast, and it works out of the box... very VERY few people have put as much effort into optimizing their start menu as you have.

    This is, i think, a better solution for them, so I think Microsoft made the right choice. Perhaps not for you... but for the userbase at large.

  25. Re:Interesting. on Among the Costs of War: $20B In Air Conditioning · · Score: 1

    Keeping combat troops serving overseas in moderate comfort for 10 years? Seems like money well spent to me.

    Having combat troops in afghanistan for 10 years in the first place however is not.