Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:Accepting Responsibility (Score 1) 349 349

People apologize when they, or the things they sell, make mistakes. Even if it was unforeseeable.

No, they don't. When everybody involved knows that they're looking at the spurious output of a young image recognition process, apologies don't, and don't need to happen.

Comment: Re:alogrithms aren't racist (Score 1) 349 349

To cite one example, ACORN staffer Clifton Mitchell was arrested and convicted (and did time) for creating fictional voters through thousands of bogus voter registrations. ACORN as an entity was fined $25k for its supervisory role in just his conduct alone. The entire organization dissolved itself while it was undergoing investigation for identical behavior in multiple states.

Comment: Re:eSports commentary is already superior (Score 1) 51 51

Ever listen to football commentary or basketball? Its all color commentary or idiotic observations like "team X won because they scored more points"... no shit, fucktards.

You must have lousy sports coverage in your town, or maybe you just haven't listened to a game in a long time. You get continual analytics in most cases, and statistics that actually mean something. Occasionally, you'll get a fossil like Hawk Harrelson who's just a curmudgeon but even in that case, they teamed him with Steve Stone, who can break down pitch location, OBP, WAR numbers, BABIP, FIP and xFIP.

At least in this town, it's the same for basketball and football, though there haven't been as many advanced statistics developed for those sports. Maybe it's just because Bill James got the ball rolling (sorry) sooner for baseball. But all the announcers are pros and not a single one will give you the kind of obvious nonsense you describe.

Even the hockey coverage in town, whether you're listening to John Weideman and Troy Murry on the radio or Eddie Olczyk on TV, these are guys who will drop numbers on you and give you insights you probably wouldn't have noticed even if you were sitting behind the glass.

Naw man, there hasn't been a "Team X won because they scored more points" in a long while.

We don't need analytics

But people who pay attention to e-Sports and aren't dumb fucks like you might have an interest in analytics. Some people who are interested in video games care about more than whether the female announcer is showing cleavage. One minute you talk about how e-Sports announcers are so great because they give you the "micro" in Starcraft, and then you say you don't need analytics. Do you know what anaylytics are? And did I mention that you're a dumb fuck?

Comment: Re:Type 4 UUIDs (Score 1) 231 231

My concern is how to keep someone between your server and the subscriber's MUA from compromising "possession", or how to establish "possession" the first time.

If you follow the same model with account creation, then you already have possession established. If someone compromises your email account, and knows your user account for this site, and knows your security answers, then yeah, you're borked. But if someone has all of that information already, I'm pretty sure you've been borked for a while and in significantly worse ways than someone having your college transcripts. ;)

I just use a PRNG. If I need it as a GUID, I request 120 random bits and format them as a type 4 UUID. Is that good enough?

"Good enough" is a question that is best answered by the asker. Security isn't a Boolean implementation. You aren't secure or insecure, you are at some level of security across a very wide range. Storing passwords in clear text is vastly more secure than having no authentication on a system at all, but it is vastly less secure than storing a hashed password. And that is vastly less secure than storing a 1-way hashed password. And even that is meaningless if you don't have a secured communication layer, or if you aren't correctly exchanging public/private keys. etc...

Are you trying to keep script kiddies from spamming your content management site with pictures of dicks, or are you trying to keep banking details, SSNs, and credit histories locked up with controlled access via the internet?

With that said, you're likely more on the 'secure' side using a v4 UUID, assuming the rest of your implementation follows the appropriate patterns.

-Rick

Comment: Re:Responses (Score 3) 231 231

[quote]So how do you encrypt this UUID?[/quote]

You don't. It's just a GUID or some other low collision rate hash.

[quote]And what do you send for a password reset?[/quote]

You send them a new UUID in a link. When the link is hit, the UUID resolves back to their account and they are directed to enter a new password, just like a first time user.

The combination of time (the UUID can be time boxed), activity (a successful login nullifies the UUID), and possession (control of the account's registered email address), and if you want to get really wild, knowledge of a security question, creates a scenario where there are no good purely technical solutions for the attacker.

An attacker could, in theory, create a colliding GUID for an account they know the name of (but not password), manually enter the UUID link, and set the new password (assuming there is no security question).

But if an attacker manages to consistently generate colliding GUIDs*, they have accomplished something so monumental that they should be heralded as the second coming of Steve Jobs or something.

(*Assuming the coders didn't decide to come up with their own GUID generation algorithm that is easily reverse engineered and seeded)

-Rick

Comment: Re:alogrithms aren't racist (Score 2) 349 349

Over here we live in reality, and the reality I that getting one of those IDs requires taking time off from work that we frequently either don't get or can't afford to take

Really. What sort of job do you have that didn't involve showing ID in order to submit the required federal tax forms as you were hired? What sort of paycheck are you getting that doesn't involve you using an ID in order to open a bank account or cash a check? Please be specific about the people who are working full time, so hard, that not once in their entire life can they be bothered to get a form of ID. And, out of curiosity, how on earth did they find time to go register to vote, or find time TO vote? You're saying that these are people who will have their routine trips to the polling place, year after year throughout their entire lives, thwarted because they couldn't take five minutes to stop once for a free ID?

Voter fraud is a literal non issue, a nonthreat to the integrity of the election process

So, you're asserting that there are no elections that turn on a matter of just a handful of votes? You're actually going to say that the many local and state elections (which do things like put congressional and senate representatives into power) don't sometimes get decided by only dozens of votes? And then you're going to assert that papers like the Washington Post, who have reported on elections as recently as 2012 where in just one local review there were instances of local voters fraudulently voting twice ... that, what, the Washington Post is lying? Is that because you think the WP is part of some vast, racists, right-wing conspiracy, and manufactured the records that were produced by the election officials, showing the felony-offense fraud?

Your anxious need to trot out the ad hominem shows how much you're aware that you're BS-ing, so I don't really need to go on. You know you're looking to defend fraudulent practices that primarily favor the one party whose activists have been caught red-handed generating tens of thousands of bogus voter registrations. And you're complaining about the person who suggests it's a good ID to make fraud harder to commit. Your opening comments about how difficult it is for full time workers to stop and get an ID that the already have to have was hilarious, though, so thanks for the entertainment.

Comment: Re:alogrithms aren't racist (Score 1) 349 349

Which part? The part where left-leaning activist groups generate enormous numbers of bogus voter registrations? Among others, ACORN did just that (getting busted doing it was why they re-organized and changed their name so nobody would keep bringing it up ... and you're probably hoping nobody will remember actual criminal prosecution for those actions). Or are you saying that the coordinated efforts to talk out-of-state college students into double-voting haven't, despite extensive reporting of exactly that, occurred?

Or you could look to no less a bastion of right-wing win nuttery than the Washington Post, which reported on a review showing thousands of people registered to vote in multiple states, and in one local review, caught over 150 people crossing state boundaries just in the DC area to vote more than once on the same day.

One of the county election supervisors who took time to review information in that instance found an example of where someone had been crossing state lines and voting more than once on the same day in local and national elections for over a decade. He said that in a dozen cases he'd reviewed, the purposefulness of the election fraud was plain, and the actions were class 6 felonies.

In cases where congressional seats or governorships can turn on a mere handful of votes, it's no "pile of bull" to point out that people are deliberately, systematically taking advantage of weak ID requirements and a weak registration system in order to fraudulently corrupt elections.

Comment: Re:alogrithms aren't racist (Score 2) 349 349

That said it is pretty obvious that the main proponents of voter laws are Republicans because they know it will benefit them in elections, and the main opponents of voter laws are democrats because they know it will not benefit them in elections.

Backwards. The Republicans know that the biggest source of bogus voter registrations, and the areas with the largest number of actively dead registered voters and turnout at polling places where the number of votes exceeds the eligible population, are in places where Democrat activists work the hardest to hold on to power. It's not that knowing people who vote are voting legally and only once isn't going to benefit Democrats, it's that such a process is counter to what liberal activist groups work so hard to put in place. Like huge efforts to get college students to register to vote where they go to school, but to also vote absentee in their home state. Stuff like that. When they pour so much work into it that it starts to show (like the thousands of bogus registrations routinely created by the former ACORN), you know they won't like having that work undone by basic truth-telling at the polling place.

If you're worried about people not knowing there's an election coming up, and not bothering to get an ID (really? you can't go to the doctor, fill a prescription, collect a welfare check, or much of ANYTHING else with already having an ID), then why not encourage the Democrats to apply the same level of effort they put into the shady practices described above, and focus it instead on getting that rare person who never sees a doctor, never gets a prescription, collects no government benefits of any kind, doesn't work (but whom you seem to suggest none the less are a large voting block) and, with YEARS to work with between elections ... just getting them an ID?

Comment: Re:Knock it off (Score 1) 237 237

And there are more people who believe (terrestrial) solar energy will become economically viable but think castles in the skies of Venus are just that. Castles in the air.

To be fair, we have solar energy, getting more economical by leaps and bounds, while our rockets are still blowing up at launch.

Comment: Re:Accepting Responsibility (Score 1) 349 349

I wouldn't go as far as to say they are saying that black people aren't smart enough to understand the situation

Sure they are. Because the only people who could possibly take actual offense at this would be those who, having it explained to them, still can't understand it. Those who are insisting that black people be offended by this are insisting that black people can't handle the simple information that would remove any perception of malice from the narrative.

Have you ever noticed that the people who are always trying to tell you `there's a time for work and a time for play' never find the time for play?

Working...