Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:How about a law preventing SSN use for credit/I (Score 1) 125

by CaptainJeff (#48795859) Attached to: Obama Proposes 30-Day Deadline For Disclosing Security Breaches
This is a great idea. Once there is a working system in place to replace the current one. Until that is true, this proposal would prevent many companies from doing business and many customers from obtaining necessary services. It's a fine idea in principle; it's just those nasty details and implementation that are complicated and make this unrealistic.

Comment: Re:Wrong (Score 2, Insightful) 549

by CaptainJeff (#48134297) Attached to: Password Security: Why the Horse Battery Staple Is Not Correct
There's a subtle difference here.
It is absolutely better to use One Time Passwords (like most 2-factor auth solutions these days with a random number either generated by an app or token or something or supplied to you via an out-of-band channel like an SMS message).
It is not better to choose One Time Passwords, as the user experience hit is horrible and can you imagine the horrible passwords one would come up with if they needed to come up with a new one on every login action?.

Basically, users are bad at choosing/creating passwords. And passwords get compromised. So, the best solution (that we currently have, anyway) is to have the user pick one really good (hard to guess) password and then to also use a One Time Password (2FA).

Comment: Re:Suspension of Disbelief (Score 2) 193

by CaptainJeff (#48105801) Attached to: A Critical Look At Walter "Scorpion" O'Brien
One can be "on" - or thinking critically and deeply - only so often. There is valid and merit in entertainment that causes one to not think/ponder/actively-consider for a period of time. Just because something does not require you to think about it and is incredibly stupid does not mean there isn't value in it, even if it does cause you to have to stop thinking things through logically for a period of time. Genius TV sticks with you. You *need* to think about it. You need to figure things out. Your brain can only do so much of this. If you're spending those cycles doing this, you are not using them for more noble purposes, such as thinking about things that actually matter. And that's a poor tradeoff.

Comment: Re:Bill is doing the right things (Score 1) 247

by CaptainJeff (#45305499) Attached to: Bill Gates: Internet Will Not Save the World
Imagine being starving and having no ability to do anything for yourself. You need the fish to get yourself at a basic level before someone teaches you to fish. You need to know the value of the fish and know that understanding how you can acquire your own fish is beneficial and will improve your life quality. You need to understand the value of water condensers, farming techniques, etc, first. Then you learn them. You need both levels.

Comment: Re:And when they get bitten in the ass? (Score 1) 94

by CaptainJeff (#43871179) Attached to: Google Advocates 7-Day Deadline For Vulnerability Disclosure
One of the key concepts taught in *any* decent MBA program is risk management. For a software development company, having more than one person available to make emergency fixes to code is much cheaper than the cost in not being able to deploy a fix in a reasonable amount of time, so any decent MBA graduate will make sure that there is always a backup person available for his purpose.

Comment: Re:SELinux on the host (Score 1) 212

by CaptainJeff (#43841959) Attached to: Ask Slashdot: Safe Learning Environment For VMs?
This is true...
...if you have a valid policy set up for SELinux to enforce. This can be very difficult to construct, especially when you're trying to control the behavior of something like a VM.

For a student lab environment, this is likely to be overkill; if you have students in grades 9 thru 12 finding and exploiting holes in a VMM, you've got much bigger problems.

Comment: Re:Fiction, not fact. (Score 1) 149

Schneier started his career as a computer security and cryptography guy. Over the past five to ten years, he has largely gotten out of that specialty and more into general security practices, and, more specifically, how trust, security, and society all interoperate. He has largely made it his business to determine what works and what does not to solve large scale societal problems that have anything to do with "security," be that real security or not.

Comment: Re:Emulate (Score 1) 233

by CaptainJeff (#42956679) Attached to: Full Review of the Color TI-84 Plus
This statement is incorrect.

Most standardized tests where a graphing calculator would be useful, in fact require such a calculator. The current set of AP tests require/recommend a TI-84 or TI-85. The SAT itself highly recommends a graphic calculator.

Cool story. The SAT specifically does not allow calculators with a QWERTY keyboard. The TI-92 (the original one with the symbolic algebra solving system) had one and was, therefore, not allowed for the SAT. So, TI came out with the TI-89, which runs almost the exact same software as the TI-92, specifically so one could use an SAS-equipped calculator on the SAT. This is why the TI-89 is such an odd beast and somewhat harder to work with; the software was not really designed for that form-factor.

Comment: Re:Cookies and referers (Score 2) 158

I'll always register a new account (usually easy enough) if I really want - too worried about such sites snooping my passwords.

When you use a federated single-sign-on capability like this, your password is NEVER sent to the service provider (the one you're logging in to using you Yahoo/Facebook/Google/etc account). It is only sent to the authenticating service (the identity provider), who already has it, and then that provider generates a signed message in a specific format (OpenID, SAML, etc) that vouches for your identity to the other site. In this model, your password is actually exposed LESS than if you create an account at the site in question.

Invest in physics -- own a piece of Dirac!