Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Judge Overrules Samsung Objection To Jury Instructional Video

Outtascope Instant. Appeal. (232 comments)

Un. Fu. King. Believable.

about 4 months ago
top

MtGox Finds 200,000 Bitcoins In Old Wallet

Outtascope Re:Sounds familliar... (227 comments)

They just forgot a decimal place. Always some silly little error like that.

about 4 months ago
top

Tim Cook: If You Don't Like Our Energy Policies, Don't Buy Apple Stock

Outtascope Gad Dummit (348 comments)

I can no longer fully embrace my Apple hatred. Could cook ACTUALLY be what every seems to BELIEVE that Jobs was? Debate amongst yourselves while I hide in the bomb shelter...

about 5 months ago
top

Using Google Maps To Intercept FBI and Secret Service Calls

Outtascope No kidding (137 comments)

Just try getting something fixed on Google Maps. It's nearly impossible. Sorry, let me amend that: It's nearly impossible if you are or work for/with the agency responsible for the legal addresses and contacts shown on Google Maps. If you are some Joe Blow who wants to randomly change some shit, then it appears to pretty friggin' easy to get something changed.

Google Maps has cost us thousands, perhaps 10's of thousands in costs associated with mail being sent to the wrong location over the last few years (pity the poor guy who works in the office with the address they keep listing). They post addresses that they scrape from the underside of some toilet seat somewhere or pull off of someone's twit-pick of their salami and provolone sandwich, but are absolutely deaf when the easily verifiable owners of the municipalities/businesses/addresses in question can give them authoritative information to use. And try reaching a human being at Google that doesn't work in the sales department, good luck.

I know of one other company in the area who says that their experience with Google is completely different. Of course, the biggest difference is that this company is engaged in 6 and 7 figure contracts with Google on a regular basis. The motto may be Don't be Evil, but they never said anything about not being a pain in the ass.

about 5 months ago
top

Are Bankers Paid Too Much? Are Technology CEOs?

Outtascope NOT CEO (712 comments)

Executive chairman. And the idiot can't even do simple math to divide his is unvested equity allocation over 4 years before compairing it to the lowly yearly income of the average CEO. That article is a load of horseshit. Sure, one could argue that he makes too much. But Schmidt didn't bankrupt my dad. So there's that.

about 5 months ago
top

Open Source Add-on Rewrites the User Interface of IE11

Outtascope The security implications (86 comments)

It never fails to amaze me that no one seems to get the negative security implications of an integrated url/search bar, especially given the underwear knots some smart people seem to get over truly esoteric 1 in a billion use case vulnerabilities.

If the URL bar performs search, it is ripe for a mistyped URL to lead you to a fishing site (hell, bad guys don't even need to register every typo iteration in DNS anymore, they can just pollute search results; it's like DNS hijacking made simple.) I have seen my wife and kids do it time and time again, no matter how many times I tell them. They don't type in URLs anymore, they just type in "youtube" or "amazon" or "runescape" and then click on the first link that shows up.

Obviously this is dangerous, but more than that it broadcasts your URLs to Google or Bing or whatever. There is a mountain of information that can be culled from those queries that can compromise not only you but your business/employer. If it were reported that Firefox was sending every URL you entered to Microsoft or Google, people would lose their shit about it. But when the browser is designed to do that deliberately, no one seems to give a flying ----. THIS is the reason that I do not use Chrome. It's a gaping security hole, but because it is Google (who i am generally a fan of) it gets a free pass. That said, all browsers seem to exhibit the same behavior regardless of whether they have a separate search box.

If the URL I entered isn't found, return a 404. End of damn story. THIS is also the reason to still type http:/// or https:/// in the address bar.

But this is all just symptomatic of the larger problem of security in general. To pass my audits I have to take a hit either for being somewhat vulnerable to BEAST or for using the weak RC4 algorithm, pick one. And I don't process financial information of individuals in any way shape or form. But companies like Pandora get away with putting a credit card processing form in an https IFRAME inside a non-https url. And those frigging morons, when explained to them why this is monumentally stupid and that part of the reason for HTTPS is for the user to be able to verify that they are giving their credit card information to the people that they intend to (and to verify the certificates), just don't understand the issue. Their explanation is that it is too intensive to stream music over https so they have to do it this way. How can they be this successful and be this completely brain f'ing dead. Hey, Pandora: _blank. Look it up ass hats!

Or my bank totally not understanding that when I go to the bank page URL and it says "John Smith and 3 other friends like Dumb-Ass Credit Union. Like us on Facebook" that they have just communicated sensitive personal financial information to an incalculable host of 3rd parties. Why in the F does my credit union need to use social media? What the hell is wrong with people? Their response "Dumb-Ass Credit Union doesn't send any personally identifiable information to Facebook, blah blah blah". Seriously? Can they really be this stupid? Here is a hint, I now know that "John Smith" likely has a Dumb-Ass Credit Union account, step 1 in identity theft process complete. Of course, he WAS dumb enough to like it on Facebook, so there's that. I, however, had no intention of telling anyone I had an account at Dumb-Ass Credit Union, but the frigging Credit Union decided to tell Zuckerberg themselves, and they just don't get it.

about 7 months ago
top

Ask Slashdot: MMORPG Recommendations?

Outtascope Re:Recommendation (555 comments)

My apologies s.petry for implying that the original sarcastic post was yours, you were just arguing in support of the post. I stand by my statements as to why that post was offensive/unconstructive, but apologize for having attributed the statement to you in my response.

about 8 months ago
top

Ask Slashdot: MMORPG Recommendations?

Outtascope Re:Recommendation (555 comments)

If you some how believe that there is an implied claim of someone being an idiot for playing a MMO, you are inventing words that do not exist.

The parent's choice of the word idiot is perhaps not accurate (I take you to mean that the OP is uneducated), but it clearly was an indictment of the OP's intelligence in your passive aggressive response. There is no invention of any "words that do not exist" in the parent's interpretation of your smarmy post. It is a common sense interpretation from the words you plainly wrote.

If you invent words that don't exist, there is a severe problem with reading and comprehension.

Your condition is false making your declaration vacuous. Here, I can do that too: If the color green weighs 5 pounds then you are a millionaire. Fun, but pointless.

If someone tells you that you are wrong, that is not hostility.

And there's the weeny. See, the OP wasn't making a declaration of fact that invited your measured judgement of their rightness or wrongness. The OP was asking for suggestions of something within a certain set of parameters. You took it upon yourself not to tell them that there is nothing within that set of parameters that fit (or that there is), you instead chose to imply that they don't know what they are asking. You shouldn't be asking for that. You should be doing this. I know, because I am ZEUSS!

The hostility comes in because of the way you stated your response. You could have said "I used to play MMO's, but now I find that reading a book is a much more enjoyable endeavor." That would still have been an off topic response, but at least it has the pretense of attempting to be helpful.

You declared "Read a book." First, instead of offering a response that was helpful you barked an order. A schizophrenically non-germane order I might add. Question: Hey, what are the best brand of running shoes? Response: Buy some reading glasses. Do you see how silly that looks?

Additionally, the expression "Read a book" is loaded, as you are well aware. I would give you a pass believing that you didn't know that the expression carries the implication that the receiver is illiterate, except that you have now educated us on "reading and comprehension", and are thus clearly in-the-know.
Bottom line, get over yourself. You responded like an ass. You can apologize (either for what you said or for having put it in a manner that was so easily misconstrued as you seem to be arguing), or you can own it, but you can't deny it.

about 8 months ago
top

Surveillance Infrastructure Showing Signs of Decay

Outtascope Ummmmm (1 comments)

...also spurred Google to accelerate projects to encrypt the data flowing between its data centers.

Does it not concern anyone else that this needed spurring at all?

about 8 months ago
top

Ask Slashdot: Best Cross-Platform (Linux-Only) Audio Software?

Outtascope Question Closed (223 comments)

This question has been closed as not constructive by ... oh wait, wrong forum.

about 9 months ago
top

If Java Is Dying, It Sure Looks Awfully Healthy

Outtascope Re: Wake me up... (577 comments)

I would like to embrace and extend your comments, but unfortunately my conscience prevents from doing so.

about 9 months ago
top

Ask Slashdot: Are We Witnessing the Decline of Ubuntu?

Outtascope Re:Yes. (631 comments)

Patches. On Debian it seemed that I was constantly waiting 6 months for a show stopper to get patched, because it wasn't a show stopper for enough people. The only times I have gone to source to fix a problem since switching to Ubuntu was 1 for the G#d Da323ed A4 paper size crap with inkscape (which of course was on the desktop) and for a fix to Glassfish, which has nothing to do with Ubuntu at all. If Debian released things faster, I would use them again. But then Debian wouldn't be Debian, and the deliberation serves as a useful purpose.

about 9 months ago
top

Court Orders Retrial In Google Maps-Related Murder Case

Outtascope Re:This shouldn't be news (152 comments)

Though I think you have to make a distinction between a jury trial and a bench trial. In jury trial, the Judge really is only supposed to rule on matters of law (and therefore procedure). In a bench trial, the Judge is the finder of fact in addition to the finder of law. In both cases, the Judge's only bias at the start of trial should be towards justice, regardless of whether that means guilt or innocence. At the end of jury trial, this should still be the case. At the end of a bench trial, however, the Judge would be inept in his or her duties if he or she had not established a bias towards one of the defense or the prosecution. This bias would extend to the judging the credibility of the witnesses, etc., In the bench trial, the judge is not merely their to manage the adjudicative process, but is also the one and only jurist.

Of course, this only addresses the issue of criminal cases. Civil cases are fraught with bias, and when they result in justice it is just as much attributable to random chance as it is any form of jurisprudence.

about a year ago
top

Chrome's Insane Password Security Strategy

Outtascope Re:A helpful crutch (482 comments)

That is SOOO freaking irritating. I have a password generation program I wrote to create (relatively) easy to memorize passwords that are cryptographically secure. And then find out the site won't handle * or something. Honestly, if it won't take * in a password, i am TERRIFIED of the level of SQL injection vulnerabilities that they are CERTAIN to have, and become quite convinced that the devs of the site don't know what a salted hash is, much less do they use it to store your password.

My favorite was Oracle though (pre-version 10). Passwords were quietly forced to upper case, only the first 8 characters were actually considered, and your password couldn't start with a number because Oracle uses it as an identifier. But hey, it costs $100K so you have to accept their "sophistication". [:rolleyes:]

about a year ago
top

Chrome's Insane Password Security Strategy

Outtascope Re:A helpful crutch (482 comments)

The script is actually quite cool, but it still has the vulnerability that if someone happens to capture the single secret phrase and figures the method you use to generate the scrambled ones, at that point he too can discover all your passwords for any web site.

Pfffft! You are just being paranoid. I mean what, do you think he is going to post the code somewhere public or som... er, nevermind.

about a year ago
top

Google Pressure Cookers and Backpacks: Get a Visit From the Feds

Outtascope Re:Refuse the search? (923 comments)

Ah, those were such civilized times.

Really? I didn't here anyone promise not to torture or execute Matthew Broderick!

about a year ago
top

Nobelist Gary Becker Calls For an End To Software Patents

Outtascope Re:how to delineate software patents? (147 comments)

What a complete load of horse shit. You seem to confuse pro-napster with anti-patent. I could give a shit about copying other peoples code. What bothers me is that I have to hire a legal team to verify that I haven't crossed some ridiculous patent when I publish a "Hello World" tutorial to my website! If the U.S. patent system had demonstrated even the most infinitesimal fraction of an iota of a clue as to what constitutes obviousness with respect to software patents, then I might feel differently. But it has demonstrated such a completely incompetent and disinterested level of expertise that the only reasonable solution that doesn't inhibit the advancement of the art is to get rid of them altogether. It is clear that the system is incapable of putting in place qualified personnel or reasonable measures to ensure the legitimacy of issued patents. The system is supposed to reward those who invest the time and money to build the better mousetrap. But all it is used for today is to guarantee a revenue stream to those who are too fucking lazy to compete in the market place.

1 year,1 day

Submissions

top

Pandora's purchase page security

Outtascope Outtascope writes  |  1 year,16 days

Outtascope (972222) writes "Getting web security wrong is easy. Getting security wrong when you have 200+ million registered users is scary. Pandora's purchase page uses https to transmit your credit card information to their servers, but serves up the form into which you place that information over plain http. I'll leave it as an exercise for the reader to iterate the ways in which this could lead to profit for those with bad intents.

Pandora technical support asserts that this is perfectly secure and meets the requirements of all the credit card processing regulations. They also state that serving music over https would be too resource intensive — apparently because making the purchase page show in a new tab or a pop-up window would rely upon a technology that hasn't yet been invented.

What's your take? Would you or have you made a purchase with Pandora using their payment page without being able to verify the authenticity of that page?"

Journals

Outtascope has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...