Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

Comment: Re:This is not a SSL matter (Score 1) 98

by tepples (#48687585) Attached to: Ask Slashdot: Dealing With Companies With Poor SSL Practices?

So to fix this we added the "get connected" feature. Basically it's a page after the initial login where people can open a session to all their social networks and provide all their frequent email addresses. This way they can login with any of these. This helped a lot.

The Stack Exchange network has a similar feature. Each user can associate a Facebook account, an e-mail address and password, and multiple OpenID identifiers (Google, AOL, Ubuntu, etc.) to his Stack Exchange user account. The one thing I'm surprised they don't support is Twitter login.

Comment: Re:This is why "biometric" authentication is usele (Score 1) 52

The where clause in your example does not work out as a valid authentication feature. It can be used as a flag to show that "there's something not right here", but it cannot answer one important question: Which transaction was genuine, the one in Paris or the one in Melbourne?

You can use various plausibility checks on top of it, depending on the actual application (e.g. in banking you can draw from the transaction patterns so far and flag suspicious transactions that differ greatly in target or amount) and these things are actually being done, but they have nothing to do with the basic authentication process.

Comment: Re:IMO, The biggest problem with fingerprint.... (Score 3, Insightful) 52

The biggest problem with fingerprints is very simply that, if compromised, it's damn hard to change them, unlike passwords.

Second problem, unlike your password, you can't really help but compromise them. You leave them littered about everywhere. Every waiter can have your prints if he so chooses.

Comment: Re:Biometrics (Score 1) 52

100% security is actually possible. It is just very, very expensive. And as soon as the security expense outmatches what you try to secure with it, it stops fulfilling its purpose because it becomes actually cheaper to have your security broken.

I remember back when I was still programming peopel used to say "90% of the work take 10% of the expenses, it's the other 10% that cost 90% of time and money". In security the rate is close to 98:2. You can get your system very secure at very little expense. Getting it absolutely secure costs a fortune.

Comment: Re:This is why "biometric" authentication is usele (Score 5, Insightful) 52

It all boils down to the triad of security: Something you know, something you have, something you are. It's GOOD practice to pick one from each group in your authentication process (or at least, as it's common, one of two groups, usually a token and a PIN). It's useless to pick more than one from each group.

All three would e.g. mean that you have a guard sitting there who compares your face to a book of "accepted" faces (something you are) while you hold your RFID card (something you have) against a scanner after punching in your PIN (something you know). That's about as good as it gets. Nothing you could do that ADDS to this could improve this part of your security. Using two of one group is useless. It's useless to require two different PINs. For the obvious reason, someone who can force you to hand over your first pin will also force the second one out of you. Equally it's useless to require two tokens. Where you can steal one, you can steal two.

You can of course improve by using better means to do either of the three groups. You could give the guard additional tools, use better encoding for the cards, use longer PINs. But you cannot improve by using two features from the same group.

Comment: Re:"Just" four million? (Score 5, Interesting) 59

4 millions, 40 millions, 4 billions... does it intimidate you any more? It does not matter whether I owe someone 4 million or 4 billion bucks. It makes zero difference AT ALL. In either case I will NEVER work again, knowing that no matter what I do or how hard I even remotely would want to work, I could never pay that. And no matter what I do, I will never get to keep any of the money I earn. Instead, all such a verdict could accomplish is that I will do my best to get by with illegal work and try to do my best to match the damages to the verdict.

Comment: Re:FFS just keep the Warthog (Score 1) 258

Don't worry, it won't. The very LAST thing an enemy in your asymmetric war would want is you to stop using them. They cost insane amounts of money to keep them flying. Every hour that thing is in the air is running for your enemy.

Again, the asymmetric war is not about killing Americans. It is about making them spend more money on its military than it can. Interestingly enough, exactly the same strategy the US employed against Russia in the cold war.

And we know how that ended.

Comment: Re:The real issue (Score 1) 157

by Opportunist (#48681171) Attached to: Boston Elementary, Middle Schools To Get a Longer Day

As I explained above, the tests don't show whether the student is learning. The tests show whether the student understood the underlying system. I can honestly say that I don't have any clue about bookkeeping despite allegedly learning it for 5 years and passing with a B average.

Tests have a fundamental flaw that they are testing whether you can work as a sponge. Soak up any and all crap and reproduce it at request, without the need to retain anything of it for any longer period of time.

Comment: Re:FFS just keep the Warthog (Score 1) 258

Well, the US (unlike the Reich) pretty much has to go high-tech with its army, simply because high losses would quickly mean that support for any kind of war would decline sharply. Not really a problem for a dictatorship, but certainly one in a democracy. So what the US strives for is a high-tech army that reduces the risk of losing personnel and instead favors spending money. Which would be a great thing if it was done with the main goal of protecting soldier lives rather than keeping home front war support up. But not the point right now.

So in general it's not a bad idea to use better technology instead of more manpower. The problem arises when your enemy can do the opposite with impunity as we see in asymmetric warfare. The US need a huge infrastructure and logistics apparatus to keep its military going, the overhead is incredible. It boggles the mind to ponder just what is necessary to get the average US soldier in the field supplied. With this in mind it can be successful to actually wage war against such a huge military machine, simply by spending a tiny fraction of its expenses and hence weighing it down under its own weight. If putting a gun in the hands of some fanatics is all you have to do to "force" the US to field aircraft carriers and deploy field HQs in some godforsaken corner of the planet (which both needs incredibly complicated logistics and tons of resources to keep running), you can get the international warfare equivalent of a reflected DDoS running: Invest minimal resources that forces your target to waste more resources than they can afford.

Software production is assumed to be a line function, but it is run like a staff function. -- Paul Licker

Working...