Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment: Re:This is not a SSL matter (Score 1) 141

by F.Ultra (#48708837) Attached to: Ask Slashdot: Dealing With Companies With Poor SSL Practices?

You seam to talk about something complete different from what the article is about. This is about a web store storing end users passwords in clear text in their database, not your internal system for employees or what ever. For a web store there is no reason what so ever to use the customer provided password for anything other than authenticating the user for the web service, all other access deeper in the system should use credentials set up between these services.

And even for you set up there is no reason that some deep back end have to use the same password for user X than user X typed in when accessing the web service, if you must need per user passwords inside your system then let the system auto generated credentials upon account creation for b2b authentication.

Comment: Re:Anyone can intercept SSH some of the time (Score 1) 278

by F.Ultra (#48693185) Attached to: Snowden Documents Show How Well NSA Codebreakers Can Pry
Yes failing to properly validate that first warning is one really nasty way to open up for a MITM. Which is why when I built a competitor to Amazon EC2 I made the newly started instance to upload the ssh public key to the meta-server so customers could verify that the warning message matched what they could pull from the web service (always curious why Amazon never thought about that) since one doesn't have physical access to the server when running in "the cloud".

Comment: Re:Anyone can intercept SSH some of the time (Score 1) 278

by F.Ultra (#48688155) Attached to: Snowden Documents Show How Well NSA Codebreakers Can Pry
Not with SSH unless you set the machines password to something that is suspectible to online brute forcing instead of using public keys. And even then it's highliy unlikely that some one manages to brute force your stupid password and have time to add an entry in .ssh/authorized_keys before you had time to scp over the new keys and changed the ssh config to only allow public keys. AND if you for some strange reason do this over the Internet.

Comment: Re:This is not a SSL matter (Score 1) 141

by F.Ultra (#48688137) Attached to: Ask Slashdot: Dealing With Companies With Poor SSL Practices?
If so then you have a faulty implementation and need to change it. If you store user passwords in any other way than a salt+hash then your entire userdatabase will be made public if compromised. Services like Keepass is different since each account is secured with the users master password which is not stored in the database. Databas connections inside your infrastructure should not pass along the end users password, ever.

Comment: Re: Study Written by a non-farmer (Score 1) 115

by F.Ultra (#48678077) Attached to: Scientists Say the Future Looks Bleak For Our Bones
So you experienced both and measured your bone density after each and determined that the physical activity from farming gave you denser bones than hunting animals with say a spear. Ok it was my bad that I wrote "easier on the body" when I really meant that farming puts less strain on the body of the type that promotes bone density than the type of strain that you get from being a hunter/&gathered 12000 years ago. It has nothing to do with which is harder or easier.

Comment: Re: Study Written by a non-farmer (Score 1) 115

by F.Ultra (#48678061) Attached to: Scientists Say the Future Looks Bleak For Our Bones

You still don't get it. Nobody is saying that farming is not hard work or that it's even less hard work than the hunter/gatherer. Bone gets more dense from specific physical activity and not from all, for example running (which hunters do more than farmers) gives denser bone than walking (which farmers do more) and that is even if you walk for hours upon hours carrying heavy equipment vs running just a few hours.

What you also obviously miss completely is that it's a well established fact that the bones got less dense when man begun to farm those 12000 years ago, it's measured objective facts, not just logical deductions.

To make another analogy, if you weight train in a way that exposes your bones with compression power like squats and deadlifts then you also get denser bone than the pecs and biceps boy next to you that performed two bazillion sets to failure and thus exercises a hell of a lot more than you did.

There's no sense in being precise when you don't even know what you're talking about. -- John von Neumann

Working...