sotweed - Slashdot User

Comment Proposal to improve visibility and raise awareness (Score 1) 339

by sotweed on Saturday December 31, 2011 @01:57PM (#38549382) Attached to: Ask Slashdot: Changing Passwords For the New Year?

Here's an idea/meme: Create a way to describe both the password rules and storage policy for a web site in a few characters.
Then encourage sites to put those characters next to the "Enter Password" box on their site. The intended effect is to make users
aware of the rules of the site, and ultimately to force them to improve their policy. Here's an example of what I mean:

0 means "we store your password in the clear"
1 means "we encrypt your password using standard techniques"
2 means "we one-way encrypt your password and store only the encrypted value"
3 means "we one-way encrypt your password with salt, and store only encrypted, salted value"
4 means "3 and also we have an effective means in place to prevent repeated guessing by an external agent"
(some sort of time-delay for bad guesses, getting progressively longer, or something similar..)

(Any more needed?)

and maybe use a letter for the password policy:

A means "password has a short maximum length" (8?) and silly constraints on what characters must be present"
C means "No restriction on password length, but some constraints on characters" ....
Z means "Password can be arbitrarily long and include any character you can type."

So 0A would be a disaster, and the goal would be to move sites toward 4Z. And you'd see what the site does
every time you log on (assuming, of course, that they're honest, but this would be easily auditable..) Even people
who didn't understand what the specifics mean could be educated to know that closer to 4Z is better. (This is just
an example... I'm sure a better encoding is possible...)

Comment Applications I trust? (Score 5, Insightful) 299

by sotweed on Thursday September 30, 2010 @01:38PM (#33749666) Attached to: Many More Android Apps Leaking User Data

It is hard enough to know if I should trust my child, and I raised him. He doesn't
tell me much. App developers tell me less, and some of them are devious. This is not
a good security model. And Google knows better.

Comment Duhhh.. 50,000... or 5,000? (Score 0) 134

by sotweed on Thursday September 16, 2010 @08:21PM (#33606236) Attached to: Some Netflix Users Have Rated 50,000 Shows

The heading says 50,000, which is pretty crazy.. but all of the text refers to numbers more like 5,000....

Comment Consultants and architects (Score 1) 421

by sotweed on Monday September 06, 2010 @04:19AM (#33486868) Attached to: Ideas For a Great Control Room?

I don't want to cast aspersions (or worse!) on your experts, but in my experience most of those
people (especially architects) never go back to see how what they built is working out, what they did
wrong, what could be improved in their next project, etc. I'm sure there are some who do, but it certainly
is not standard practice, so you're wise to ask the slashdot crowd for real experience.

Comment This service is available in the US, too... (Score 1) 152

by sotweed on Friday April 02, 2010 @10:12PM (#31712264) Attached to: Finland To Try Scanning Snail Mail

.. from a company called Earth Class Mail. They receive your mail, send you an image of the envelope, and let you tell them what to do with it: shred it, recycle it, open and scan contents and send PDF, deposit check, etc. The company was the subject of a sort-of documentary last year.

Submission + - A Manual for Writers for computer science theses? 1

Submitted by jonbca on Monday July 27, 2009 @05:04AM

jonbca writes: I'm writing my first computer science thesis. I've been using Kate Turabian's excellent Manual for Writers but it's very heavily geared to the humanities and social sciences. What I'm really looking for is a similar bible for writers of theses in mathematics and computer sciences. Any suggestions?

Submission + - States slam Google Firefox: no match for Microsoft (computerworld.com.au) 4

Submitted by Bergkamp10 on Wednesday November 28, 2007 @07:09PM

Bergkamp10 writes: State antitrust regulators have dismissed companies such as Google and Mozilla Corp, and software technologies such as AJAX and SaaS as "piddling players that pose no threat to Microsoft's monopoly in the operating system and browser markets". According to the report ten US states, including California, New York and the District of Columbia have called for an extension of monitoring of Microsoft's business practices until November 2012. They claim that little has changed in the OS and browser spaces since the 2002 antitrust case ruled against Microsoft. In their most recent brief, the states countered Microsoft's contention that Web-based companies — Google, Salesforce.com, Yahoo, eBay and others — and new Web-centric technologies constitute what Microsoft dubbed a "competitive alternative to Windows." Not even close, said the states, claiming that while these companies' products provide functionality for users they still rely on Operating Systems and browsers — the two spaces where Microsoft dominates. Experts were apparently even more damning, claiming competition in the market has not been restored since 2002 and that the collective powers of Google, Firefox and Web 2.0 are about as effective as a one legged man in a butt-kicking contest when it comes to unsettling Microsoft's monopoly of the market. Ronald Alepin, a technical adviser at law firm Morrison & Foerster LLP, and a frequent expert witness for parties facing Microsoft in court, even claimed Apple is too weak to capitalize on its successes, and ultimately no threat to Microsoft.

Slashdot Top Deals