Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Bummer (Score 0) 323

by sexconker (#49349633) Attached to: RSA Conference Bans "Booth Babes"

Described what? Like this? "Esp. of a woman: sexually promiscuous or provocative, esp. in a manner regarded as vulgar or distasteful.". So you're injecting your subjective views into what looks mean and attaching a value judgement into that. How is saying that someone looks distasteful not prescribing is beyond me.

Are you really going to the dictionary to dig up "describe" but not doing the same for "prescribe"?
Why? Because you're fucking wrong, perhaps?

Comment: Re:Yes, but.... (Score 1) 257

by sexconker (#49349511) Attached to: Generate Memorizable Passphrases That Even the NSA Can't Guess

Or the other sites that simply truncate your input without telling you, so when you put in 40 characters it only takes 16?
8 character limits were common up until a few years ago. Today I still see 16 (and 15 because of broken front ends) effective limits. 32 seems to be the most common.

Comment: Re:My issue with password restrictions (Score 1) 159

by sexconker (#49346873) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

Why would you even bother with prepending "tesco" unless you were reusing that "20+ psuedo-random character" string across other sites? That's shitty practice on your end.

What pisses me off about password restrictions is that they change and break my existing passwords.
Most recently, T-Mobile changed their shit to disallow some characters / reduce the length allowed, so my perfectly existing password was rejected as being "wrong", my account locked, and I had to fight with their customer service goons to get a reset. During the support session, the customer support clown actually asked for my actual password! Promptly told the bitch to fuck off and escalate the issue - 5 hours later in the middle of the night I'm FINALLY sent a reset token. I received absolutely zero communication from anyone at T-Mbolie about it.
This also happened to me with my electric utility - they say right on the page they take 16 character passwords, and I was able to set a 16 character password, but when logging in it would fail. It worked if I truncated my input to 15 characters (after setting it as the full 16).
Plenty of other sites have fucked me in similar ways. Who in the fucking shit would change password length/character policies to make them MORE restrictive? Who the fuck would do this on the standard login page that can affect existing passwords?

Comment: Re:Still waiting for a "hackability meter" (Score 2) 159

by sexconker (#49346777) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

The plain simple truth is that complexity of a password is barely relevant at all when compared to the threat of an outright data breach at a provider. Who cares if your password is 'veronica' (your daughters name) or `myL1ttleBr0ny%` since an attacker isn't going to bother with brute forcing anything but '123456' and 'password' because they will get tarpitted by any reputable provider before they can guess anything out of a dictionary more than 5 entries long.

Your basis for saying bassword-complexity is irrelevant is that bad people would be doing online brute-forcing? They do matter somewhat when it comes to online-cracking, but the real relevancy doesn't lie there. The passwords matter when it comes to offline brute-forcing: the more complex the password the longer it'll take to crack it even if you have the hash for it. With good passwords and well-done hashing and salting you may end up cracking them for weeks by which time whoever you obtained them from will hopefully already have made their users change their passwords.

Brute forcing offline is only a scenario that can take place after a breach has occurred. In that case, even a password of 'veronica' should be strong enough to last until the breach is discovered (days?), the user notified

Breaches are typically not noticed for months, and companies do everything in their power to NOT notify users for as long as possible and to lie to users about what was accessed and how it was stored. A password of "veronica" would be cracked in seconds.

Comment: Re:Still waiting for a "hackability meter" (Score 0, Flamebait) 159

by sexconker (#49346747) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

You're a fucking shitheel. The vast majority of passwords are cracked offline. The only things saving you, the user, when (not if) shit gets hacked are using strong passwords and not reusing them across services. "2-factor" authentication doesn't do fuck shit because the company got fucking hacked anyway - you can't trust that the keys for the RSA clocks weren't taken at the same time the user table was.

Comment: Re:is this good? (Score 1, Flamebait) 159

by sexconker (#49346685) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

123Password is very strong because it uses numbers and upper and lower case letters.
Those meters are stupid.

As long as it's not one of either this list: or just a copy of your exact username, then yep it will probably suit you just fine. Dictionary attacks don't happen in break ins nearly as often as exploiting password resets (via social engineering or otherwise) or other blatant sidesteps of security (token reuse, etc), since everyone tarpits bad logins, sometimes after as few as 3 attempts.

Hey, retard, pay attention. The typical attack scenario is as follows:
A: Company gets hacked.
B: The user table with password hashes is accessed.
C: At some point in the future the company realizes it.
D: At some later point in the future the company is forced to announce the breach. The company will lie as much as possible about what was accessed, when, how passwords were stored, that they never held onto your credit card numbers, how they're revamping security and they take your privacy very seriously, etc.

Between B and C, the attackers (and anyone they've sold the dump to) are busy cracking the passwords (assuming they weren't stored in plaintext) offline. They don't have to worry about being locked out after 3 fucking attempts. No one does brute force / dictionary attacks against online fucking data you clown. You take the data offline and fuck on it at full speed.

Comment: Handles (Score 2) 56

by sexconker (#49340137) Attached to: Amazon Robot Contest May Accelerate Warehouse Automation

Attach a standardized handle to every item. Have the robot look for and grab the handle.
The handle should be such that when grabbed by the robot in correct orientation, it can properly support the full weight of the item (or the box/packaging containing the item) + some amount of additional torque incurred while moving.
The handle can either go out with the item or be removed by the robot for reuse. If it goes out with the item, it needs to be reusable/recyclable or represent minimal additional packaging material.

Many small items already have the standard ____()____ hole for rack display. Make it easily recognizable (contrasting border) and give robots a little finger to grab it.
Many light items in cardboard boxes have standardized cut-flap handles. Give robots a little hand to grab it.
Heavier items in cardboard boxes often have handles. Standardize, give hand.

Think of it as pallets for individual items. When shipping items you don't need to determine how best to pack, handle, move, or store them, let alone program a robot to do so. You just use a forklift and grab the pallet. All of the thinking for the other shit for each individual item is done by the people making the individual item.

Comment: Re:Coating causes growth of superfluous genitalia (Score 2) 172

I recently saw "imitation American-style cheese food slices". Now, "American" "cheese" isn't legally cheese in most of the world. So what the fsck is imitation artificial cheese?

I'm not even sure it had any dairy in it.

"American" cheese is a very mild cheddar with a low melting point. It is actual cheese.

Yes, we will be going to OSI, Mars, and Pluto, but not necessarily in that order. -- Jeffrey Honig