Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Passwords: Too Much and Not Enough

Tom Re:not news (206 comments)

Because everyone writes absolutely perfect code, no one ever loses anything, and there are no exploits out there.

No, because there is a difference between looking for the perfect castle and realizing that maybe having a wall isn't so stupid and closing the door and night isn't a bad idea, either.

Making brute force attacks difficult is not a question of perfect code. It's a question of not allowing unlimited tries at unlimited speed (online) or not storing unsalted password hashes (offline). It's not a matter of protecting your server from compromise. A serious defense strategy always includes the assumption that several layers of your protection fail and you should still not suffer a total defeat.

you'd better hope they're salted with a strong salt, per-user, and hashed with a function like bcrypt or PBKDF2.

You see, this is the point. Whether or not they are is not a matter of hope like rain and sunshine. It's something you actively control.

There aren't any magical solutions.

No, but there are good and stupid solutions, and it's time we stop using the stupid ones. It's a feature of this anarchy we love so much, because if software was a car... well, at least in the western world you can't legally sell a car without brakes anymore.

3 hours ago
top

Passwords: Too Much and Not Enough

Tom Re:Computers: They can respond fast -and- slow (206 comments)

or lock out the console/IP entirely, after N failed attempts.

Which opens the door to DOS attacks on target accounts, but there are several smart ways to work around that (send an unlock link to the e-mail address for that user, for example).

I hope security "analysts" catch on to reality soon.

There are two kinds of security people in the business world. Those with a real interest in advancing the field and making computing more secure, and those working for large consulting and IT "Security" companies. I am exaggerating some, of course, and there are great people in those companies as well, but unfortunately the business concept of too many of them is based on solving problems in such ways that you can sell the solution to many other customers, not on finding a solution that takes care of the actual problem.

It's the same with consulting companies and the insource/outsourcing cycles. There are good arguments for both of them, but if you've watched the business world for a decade or two you understand that they are hyped in cycles so the same consultants who sold outsourcing to a company last period can sell insourcing to the same company next period or after the next CTO change.

12 hours ago
top

Passwords: Too Much and Not Enough

Tom not news (206 comments)

Me and other security experts have been saying such things for years.

Basically, our password handling systems and policies are completely broken. It's not just what xkcd pointed out - it's worse. Those policies are based on making brute-force attacks more difficult. But to sum up a complex topic in a soundbite: If your system allows for brute-force attacks, your system is fatally broken.

13 hours ago
top

Texas Health Worker Tests Positive For Ebola

Tom Re:hubris (421 comments)

But the fact that you used that slur will be used against you by your competition in the campaign. Duh.

I'm not afraid of that. Media and opponents will find something to use against you anyways, and if they don't, they will make it up.

And your apparent deviant character as demonstrated by your racist bigotry online will be used to help convict you.

I pity you for the country you live in. Or maybe I'm just idealistic and believe that whether or not I committed the crime I'm accused of will be used to judge me.

Since you're on the level of ad-hominem attacks now, with no discernable actual content, I'll leave it at that.

about two weeks ago
top

Texas Health Worker Tests Positive For Ebola

Tom Re:hubris (421 comments)

You're not a luminary shining light on the true inner workings of human minds,

I'm not? Now you confuse me. :-)

Maybe I'm influenced by being a European, so I don't have this history of living-memory slavery of black people and so the word is not such a trigger. But that's not the point. I didn't intend or claim to read peoples minds, but let's be honest here: If the Ebola outbreak were in Italy, the worlds reaction would be quite different. There is a definite element of racism involved in how we treat the matter, including the often made "let's just stop all travel" argument.

I don't care enough to try and dox you, but thanks for giving public permission to anybody who might. If what you say is true and you ever decide to run for public office, you're accused of a serious crime, you go through family court litigation, or you face any other circumstance whereby others have incentive to put your character under scrutiny, then God help you.

You're a bit strange. If you run for office, your private address will be public record almost immediately. Your family can be assumed to know where you live. If you're accused of a serious crime, you're going to be in jail, so it doesn't matter. So whatever point you were trying to make, I'm afraid your rage blurred your rationality.

about two weeks ago
top

Eggcyte is Making a Pocket-Sized Personal Web Server (Video)

Tom cute, but flawed (94 comments)

It's a really cute idea, but from what I've seen so far is lacking a few fundamentals.

Firstly, there's little mention of user interface design, which if you want this to be used by average Joes and Janes is about the most important thing.

Secondly, sharing your stuff on your own server is cute, in fact we've only had it for about 30 years, even before the Internet with BBS etc. - the problem is connections, networks. Facebook solved that problem and that's why it works and people use it. If everyone has mynamewithsomerandomadditionbecauseitwasalreadytaken.eggcyte.com - how do you find them? You will need a social network layer on top, at which point you're basically back to Facebook, minus distributed data storage.

Thirdly, the idea of having it mobile and being able to plug it in anywhere is cute, but it also means that the device - and thus everything I want published - is unavailable while in transit. In practice, the mobility will be a non-issue because of this.

about two weeks ago
top

Commerce Secretary: US Wants Multi-Stakeholder Process To Preserve Internet

Tom others (57 comments)

The United States will resist all efforts to give "any person, entity or nation"

other than the US, that is. Because we think our laws are applicable world-wide, our jurisdiction covers Earth and we invented the damn thing (ignore that this is only partially true) so get on your knees and thank us.

about two weeks ago
top

Texas Health Worker Tests Positive For Ebola

Tom Re:Robots? (421 comments)

drinking the water used to wash the dead

I didn't read about it before, but a quick Google search seems to confirm it. Thanks for the information!

about two weeks ago
top

Texas Health Worker Tests Positive For Ebola

Tom Re:hubris (421 comments)

Would you choose different words were this an on-the-air interview instead of an anonymous Internet post?

No, I wouldn't. I post with my real name here as well, and finding my physical address is a matter of following some links and knowing how whois works, or for my business address, not even that.

You speak as you choose, damn the consequences.

Sometimes I choose the words that others only have in their minds, in order to expose their thinking to themselves. Also, sometimes a bit of provocation is helpful. See the first troll reply, who clearly stopped reading after "niggers".

about two weeks ago
top

Texas Health Worker Tests Positive For Ebola

Tom Re:hubris (421 comments)

That is actually correct and the only reasonable explanation I could find so far. Parent deserves being modded up.

about two weeks ago
top

Texas Health Worker Tests Positive For Ebola

Tom Re:hubris (421 comments)

Wow, you either forgot to post as AC, or are from somewhere so racist that your racism seems casual enough to drop the N bomb into regular speech.

You didn't read until the end of my statement before your rage exploded out of you.

about two weeks ago
top

Mining Kickstarter Data Reveals How To Match Crowdfunding Projects To Investors

Tom Re:goodbye Kickstarter (20 comments)

Uh, the whole Internet is a shopping channel.

It's not. It's a shopping arcade or something. If you don't see the difference, I can't help you.

about two weeks ago
top

Texas Health Worker Tests Positive For Ebola

Tom Re:Robots? (421 comments)

To get to the point that a nurse is infected means that protocol wasn't followed. That it wasn't EVERY nurse and EVERY doctor that touched the patient is quite telling.

We know some details about the nurse that was infected in spain: She touched her face with her hands before disinfecting them.

Yes, protocol wasn't followed. But here's the point: You need to follow protocol 100% of the time to be safe. You only need to make one mistake to be infected. For a virus with such a crazy lethality rate, that's not good. Treating an ebola patient is a lot like playing russian roulette.

Just don't lick it, and you're fine.

Very few of the people who are now dead licked it. Yes, the media loves fear stories and it's overblown, but you're underblowing it.

about two weeks ago
top

Texas Health Worker Tests Positive For Ebola

Tom hubris (421 comments)

Who thought that bringing Ebola patients into countries not yet infected was a smart idea? Apparently, the thought of an american dying in Africa like all those niggers was too much for someone to stand, yes? Newsflash: The virus isn't racist, it doesn't give a fuck if you're a rich american or a starving african.

We have the same in Europe. At least one health care worker here has been infected and will probably die because someone thought it's smart to bring people infected with a 90% lethality virus home for treatment. Good job.

We cannot contain these viruses, and our assumption that we in the west are better than those primitives in Africa and we will certain contain it to the hospital wards has been smashed. Like basically anyone who's not an idiot could have guessed.

(and for the mentally challenged readers: Of course my use of "niggers" and "primitives" is to outline the very hubris I criticise. If you think I'm a racist, you're projecting too much of yourself into my words...)

about two weeks ago
top

Mining Kickstarter Data Reveals How To Match Crowdfunding Projects To Investors

Tom goodbye Kickstarter (20 comments)

The moment I get spam about Kickstarter projects, I'll delete my account there. Who else?

Kickstarter is a cool concept, but one of the things that made it cool is that at its core, it has this idea of presenting your idea and letting people come to you. The more you reverse it, by "reaching out" (marketing speak) aka spamming (real human speak) people with your project, the more it is simply and advertisement platform. And nobody gives a flying fuck about advertisement platforms, as we can see from the absence of the Internet equivalent of the shopping channel.

about two weeks ago
top

Core Secrets: NSA Saboteurs In China and Germany

Tom our american friends (228 comments)

I'm from Germany. Ever since it was leaked that the NSA was spying so extensively on our government that by international standards it could reasonably be considered an act of war, I wonder what it'll take for our USA-lapdog chancellor to grow a spine and do more than giving Obama a stern talk.

about two weeks ago
top

FBI Says It Will Hire No One Who Lies About Illegal Downloading

Tom poly-pseudo-graph (580 comments)

(Left un-explored is whether polygraph testing is an effective way to catch lies.)

And here I was watching from Europe thinking that this question had been settled years ago. Nobody else in the world is taking the polygraph seriously, it's a leftover from the time shortly after WW2 when too optimistic pseudo-scientists (mostly, some scientists as well) thought very soon now technology will solve every problem of the human race.

about two weeks ago
top

Europol Predicts First Online Murder By End of This Year

Tom Re:Self fulfilling prophecy (155 comments)

We're not talking radio-controlled. These drones use networking technology, and if their IP address is pingable from your location is not exactly the major point.

Given that many drone victims are civilians, in a conflict that is not officially a war, the only difference left seems to be that the murderers are not civilians. That's one of the flimsiest excuses ever to call something by a different name.

about two weeks ago
top

Tesla Is Starting a Certified Preowned Program

Tom Re:Battery Life (126 comments)

It's not yet successful (hearing in 2015), and anyone can bring a lawsuit for any stupid reason. But if they succeed, I'll lose what's left of my faith in humanity.

about two weeks ago
top

Europol Predicts First Online Murder By End of This Year

Tom Re:Self fulfilling prophecy (155 comments)

Mod parent up. The first "online murder" happened the day they put weapons on a drone. TFA is just the usual news-that-try-to-scare-you bullshit.

about two weeks ago

Submissions

top

Supreme Court strengthens First Sale Doctrine

Tom Tom writes  |  about a year and a half ago

Tom writes "The Supreme Court has sided with Supap Kirtsaeng regarding the resale of textbooks. Publisher Wiley had tried to keep a $600,000 judgement from the lower courts because the student had sold textbooks in the US that he had imported from his home country Thailand, where they are sold much cheaper. The Supreme Court ruled that while it realizes that US companies often try to get different prices in different markets, the copyright law does not provide a right to such business models."
Link to Original Source
top

Hotfile countersues Warner

Tom Tom writes  |  more than 3 years ago

Tom (822) writes "Hotfile went out of its way to bow to the movie industry and gave the likes of Warner a special account that they could use to delete content — any content. Apparently, that's just what they did as Hotfiles countersuit claims after Warner sued them anyways. They claim Warner deleted Public Domain content, Free Software and many other items that could not possibly be confused with copyrighted movies if one took even a single look.
The funny part? They are suing Warner under the DMCA, the very law the music industry bought/bribed for themselves."

Link to Original Source
top

MS loses European anti-trust case

Tom Tom writes  |  more than 7 years ago

Tom writes "The court has spoken in Microsoft's case against the EU anti-trust commission, and the result is even more damaging to the monopoly company than analysts expected.
The court upholds all major decisions of the commission, including the record half a billion Euro fines. Most importantly, it smacks down MS entire defense line of "we can't make interoperability possible because we need to protect our copyrights and patents"."

Link to Original Source

Journals

top

The Trolls

Tom Tom writes  |  about 7 months ago

Wow, it's been 15 years but I've finally got my own personal troll! :-)

I must apologize to everyone I've ever called a troll now that I've seen a real one. Yeah, there are trollish comments, but this... it's a different league. If you ever wondered who these brain-damaged morons were who set up geocities homepages with blinking purple text on blue background with red dots in Comic Sans - that kind of different league.

Now it does make me wonder about trolls in general. Has there been a study on this? I really wonder if psychologists have tackled this because quite honestly, you cannot be mentally stable and post in this and this content at the same time. So I do wonder if trolls on the Internet (the real trolls, not the people occasionally posting something stupid) do have a mental problem. It definitely looks like it. Probably insecurity issues, definitely an exaggerated need for attention, might be related to borderline syndrome or schizoprenia.

And, of course, the Internet provides:

As someone who has had to deal with family members suffering from mental illness, let me tell you that it's not funny. So despite the fact that they are, in fact, obnoxious, aggravating assholes, these sad little fucks also need help and their miserable little existence is not something you'd want to trade for yours, no matter how much you think your life sucks. Trust me, with a mental illness on top, it'll suck more.

Obviously, we can't offer therapy to people who usually comment anonymously and will often go to great lengths to avoid being tracked down. What we can do, however, is get a better understanding for how they act this way (they can't help it, mental illness is stronger than your conscious mind) and that the best thing we can do for them is to not continue the feedback loop. "Don't feed the trolls" - old wisdom there.

The last link in that list contains a few more ideas.

Now that I'm at the end, I kind of regret the smiley face at the top. But I'm leaving it in because this journal entry is a bit of a journey, even if it is short. Thanks to some Internet resources, a bit of research and connecting the dots, I've come a short way, changing my mind a little on this particular sub-sub-sub-part of life.

-----

A short additional statement on how to treat trolling. From what I've gathered from the resources above, a few comments (both here and in the various spammed threads) and my own life experience:

First, don't feed the trolls. Most of them seek attention, so if you stop giving it to them, they become frustrated and go away. Notice that they seek attention, not validation. A rebuke or an angry rant or even a shootout of personal insults satisfies them as much as anything else. Much like the old PR saying "there is no negative publicity", it is all about the attention itself, not about its content.

Second, stand your ground. Do not leave the site or stop commenting just because you're being trolled. It takes a bit to do that, yes. Trolls consider it a "victory" if they shut you up, either by simple flooding or by frustrating you enough to disappear. In their twisted minds, it gives them validation and somehow proves that they were right.

Third, if you see someone else being trolled, give them support. Doesn't take much - a single sentence is more than enough. Someone under attack by a real troll is being flooded. The troll will commonly post under multiple aliases or otherwise attempt to appear as more than one person. Psychological experiments such as Solomon Asch's show how we humans as social animals experience conformance pressure. So give that other person support by showing him that the flood he's getting is no the only opinion around. It doesn't matter if he consciously knows it's just one troll, the pressure is subconscious.

-----

I'd like to have comments disabled on this journal entry, for obvious reasons, but you can't publish a journal entry with comments disabled, so... 1000:1 bet that he's stalking the journal as well and will add his drivel below?

Also, if the formatting looks atrocious, turn off beta and revert to classic. Seriously.

top

The "new" and "de-improved" Slashdot

Tom Tom writes  |  more than 5 years ago

If you've known /. for a while, you've certainly noticed all the recent changes. The front page articles auto-load-extend (presumably through AJAX code), the link to get to your own page has moved twice, and now there are two (that both look alike - your username - but work differently), and checking if anyone has replied to your comments has been a two-click journey instead of the old one-click for a while now.

Then there's the annoying inline popup (so it's not caught by popup blockers) that tells you that "Firehose is paused due to inactivity". Whatever that means, it doesn't seem nearly important enough to interrupt my reading.

Quite frankly, from a user interface design standpoint, the "new" slashdot sucks. Badly. Maybe I'll try disabling all javascript for slashdot.org and check if that improves the experience.

top

Giving up on Wikipedia

Tom Tom writes  |  more than 6 years ago

I'm giving up on Wikipedia today. Which means no more editing, and a lot less using it.

The reason is one word: Deletionism.

The details are three points:

a) It goes so against the spirit of Wiki, because a deletion is a non-reversable, non-reviewable change. The history gets lost, all work of everyone gets lost, and nobody can see and check it later. Every other change in a Wiki is documented, and you can see exactly what was changed, by whom, and when. Not so with a deletion. If you are lucky, you can find out that there used to be a page named this, but nothing about its contents.

b) It is destructive. You put hours of work into something, and it just gets deleted. Not updated, changed or even vandalised, but deleted. Poof, gone, as if it never existed. Have you ever lost your documents folder with no backup? Then you know the empty feeling. Don't do that to people, especially not those who might be new (and could have become worthy contributors, if they hadn't be hit in the face for their first attempt).

c) Notability-Nazis. Some time ago, the main reasons for deletion where actually valid. Nowadays, the main reason for deletion is notability, or in simpler words "I've never heard about this". My position on notability is very simple: Add a "non-noteable" category, namespace or at least archive and move stuff there, but it should not even be on the list of reasons for deletion. To me, an encyclopedia is where I look up the stuff that I've never heard about, so it'd better be there.

So for all these reasons, and a few minor ones, I've really switched sides over the past few weeks. I think I even begin to understand why large parts of the science community view Wikipedia with scepticism, and that much of the media's portrayl of their reasons is grossly simplified.

Slashdot Login

Need an Account?

Forgot your password?