Follow Slashdot stories on Twitter


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Meh (Score 1) 480

by FoamingToad (#42640787) Attached to: Google Declares War On the Password
FTFA: 2012 may have been the year that the password broke. It seemed like everyone on the internet received spam e-mail or desperate pleas for cash — the so-called “Mugged in London” scam — from the e-mail accounts of people who had been hacked. And Wired’s own Mat Honan showed everyone just how damaging a hack can be.

> Firstly, I don't recall seeing *any* spam e-mails in 2012 - at least to my own domain. I get a number to my work e-mail address, but that's because they use, and at any rate the address is likely harvested when software companies demand e-mail address for pricing. At any rate, this is unlikely to be related to the e-mail account being hacked as much as it is marketers gonna market.

> Secondly, I vaguely recall the Mat Honan hack, but I'm reasonably certain I've already got sufficient steps to mitigate the attack he suffered. For one, I don't subscribe to the apple camp. For two, I don't use similar credentials across the web. For three, I think the guy who was affected made a significant number of utter schoolboy errors and would have been subject to an attack sooner rather than later. Lets hope he sufficiently learned his lesson rather than be the subject of another embarrassing hack later on.

Anyway, I'll be happy to see the demise of the password - it does have significant problems with regard to entropy versus memorability; general weakness tied into the idea that humans aren't necessarily designed to cope with arbitrarily long strings; arbitrary and inconsistent requirements, and policy-related changes. On a couple of occasions I've been aghast that somewhere requiring authentication kicks out credentials because they're either too long or they start with a number. The fuck?

But, I don't think Google is the innocent party presenting this for the good of mankind. Any move that reduces the possibility of plausible deniability, anything that increases the confidence that an action can be tied to a person, will directly benefit their bottom line. Therefore, I'd suggest that while the sentiments behind the paper may be good, a different approach may be better (e.g. LiveCD on RW media, with a KeePass or similar database in ~/boringdatabaselogs.

After all though, perhaps my tinfoil hat is on too tighOP HERE, DISREGARD THIS, I SUCK COCKS.

Comment: Re:No trouble at all (Score 1) 191

by FoamingToad (#33559822) Attached to: Child Abuse Verdict Held Back By MS Word Glitch
You haven't seen the word users at my place of work. Page breaks are some form of obscene devil-magic. I was recently asked by a user something like "How many blank lines should I have at the top of a page" (paraphrased, but that's the gist of it). I responded that in the UK and indeed most of Europe, there's a de-facto standard of a 2.5cm top margin. They came back with "how do I check that". It's on days like this I really regret not following my childhood dream to be an astronaut.

Comment: Re:No surprise (Score 1) 334

by FoamingToad (#32377722) Attached to: UK Home Office Set To Scrap National ID Cards
Replying logged in this time. The photocard needs to be renewed every ten years, but there is no such restriction on the old-format paper license. I've just checked mine (which normally resides in a locked filing cabinet) and it's good for another 30 years or so. I'm not likely to change my name, so change of address is the only likely thing. I've lived in my current place for about thirteen years though, and I'm in no hurry to move.

Comment: Re:Bzzzzzt. (Score 1) 582

by FoamingToad (#30714044) Attached to: Best estimate of monthly spending on food:shelter
Replying logged in this time. Mortgage is about £20k remaining on a property that's worth about £70k. While it's not a palace by any stretch of the imagination (two bedroom terrace) it's certainly big enough for me. Combine this with the rock-bottom interest rates in the UK at the moment, and servicing that £20k costs close to nothing.

Comment: Re:*sigh* (Score 1) 254

by FoamingToad (#27009799) Attached to: The Most Influential Games In History?

(And since BioShock is such a recent game, exactly what has it had the chance to influence yet?)

Well, you could look at Fallout 3 - there's a fair bit of the style that looks astonishingly similar to Bioshock... just look at the "Please Stand By" TV display for example.

[Cocking a snook at the blatant neophilia of the list]

Comment: Re:Who got a 120Hz monitor today? (Score 1) 123

by FoamingToad (#26971299) Attached to: Game Technology To Watch In 2009

My ten year-old 21" CRT does at least 1024 x 768 @ 120 Hz. I think it drops down to 100HZ for 1280 x 1024 though, but I'd still be willing to give it a shot.

It's a pity that you can't buy decent CRTs any more, as I've yet to see a TFT that comes close to the performance of my current monitor. I'll be forced to change when it dies, but until then you can pry it out of my cold dead hands.

Comment: Re:Crippled like XP Home (Score 1) 842

by FoamingToad (#26796117) Attached to: Average User Only Runs 2 Apps, So Microsoft Will Charge For More

"It took me nearly half an hour to realize that XP Home doesn't let you change permissions on files."

Really? I though you could get at NTFS permissions using (Explorer) Tools-> Folder options -> uncheck "Use simple file sharing".

If not, you still have CACLS if you're prepared to get your fingers dirty.

Comment: Sounds like an interesting idea (Score 3, Insightful) 420

by FoamingToad (#26734953) Attached to: Users' Admin Logins Make Most Windows Malware Worse

As well as that, how about setting the default admin account so you have no sounds, no desktop wallpaper, no animated cursors - none of the flashy crap that users seem intent on encumbering themselves with. You want the bling == run as a limited user.

However this would require limiting the capabilities of the Admin account, and this is something I'm not entirely happy with (as, admin *should* be equivalent to god mode).

Comment: Agreed (Score 1) 388

by FoamingToad (#26693425) Attached to: Security Hole In Windows 7 UAC

I've been installing Foxit on new machines for about nine months now, and have a lot of love for it. It was the retarded reboot-on-upgrade policy of Adobe that particularly ticked me off (load times notwithstanding).

I noticed earlier today that V3 is out, will be giving this a trial run sometime over the next couple of weeks. Only thing I'm hoping for is that they've improved the process for unattended setups, as this is the only thing that bugs me at the moment.

Comment: I'd respectfully disagree (Score 1) 835

by FoamingToad (#26572505) Attached to: How To Diagnose a Suddenly Slow Windows Computer?

unless the submitter has two identical machines. Reason being, if the hard disc is swapped into another system there's a fair chance the wrong chipset driver will be provided and the compisite machine will bluescreen.

Even worse would be if the machine starts correctly and then installs its own chipset driver causing bluescreens when the hard disc is swapped back.

My first port of call, before the memory diagnostic and before running SMART tests would be the event log. It's neglected far too much for my liking.

I'd follow that with perfmon, and then offline AV scanners / liveCDs. Then I'd start thinking about burn-in testing and swapping out hardware.

Comment: I'll throw in my £0.02 worth (Score 1) 353

by FoamingToad (#26298649) Attached to: 400,000 PCs Infected With Fake "Antivirus 2009"

Had a friend's machine in over the holidays. It would boot, get to Welcome screen, then after logging in machine would log straight back out. You weren't able to interact with the system at all.

Tried safe mode - same symptoms. Therefore I was of the opinion that it was a driver, winlogon-hooked DLL or a service that was tagged to run in safe mode.

The WinPE preinstallation environment allowed me to find/remove some of the offending parties, but still no dice. Snagged UBCD and pulled updates for all of the antivirus / antispyware tools.

Booting to UBCD got _some_ results... Spybot found a large number of nasties (including some identified as Antivirus 2009); A-Squared found some, as did AVG. Even after running all of them, the actual root cause persisted. Unfortunately, SysInternals autoruns wasn't much help, as it retrieves startup info from the currently running system, rather than of the inactive o/s (anyone know whether there's a tool that'll do this?)

Ultimately I waved the white flag and pulled out a repair install of Windows to bring the machine back up, at which point I found the culprit - a process called winlogon.exe in \windows rather than \windows\system32 and invoked via the winlogon registry keys. I kicked myself for not spotting this, but also note that none of the scanners in the UBCD (updated as of 28 Dec) were capable of identifying this as foul.

The offending file has been sent to various AV vendors in the hope that this one can be spotted in future.

Comment: Re:Respect the user perspective, please (Score 1) 855

by FoamingToad (#26275697) Attached to: Tales From the Support Crypt

Then they will take over your computer and make the user watch while they google for the problem and its possible solution. Not necessarily a stupid thing to do, but it tends to undermine confidence. When did you last see a doctor entering your symptoms in Google? At least they don't do it while you watch.

To be fair, when I receive a really asinine query - one that the user should have been able to solve themselves - I take great pleasure in using either F1 or Google with a couple of keywords that said user has used describing the problem, and - cor, look at that - problem's solved. I used to think that this would give end-users a cluestick to F1 / search the internet before calling. My optimism was somewhat unfounded.

Comment: Re:Kill!!! (Score 1) 855

by FoamingToad (#26270029) Attached to: Tales From the Support Crypt

In my experience, it's never a collection of screenshots. It's one screenshot. Usually of the entire screen, not the actual error window.

This is sent via an e-mail client. Since we're in MS land (os/x at a pinch) as evidenced by the use of "Word", then it's a pretty safe bet that whatever e-mail app the user has will support inline images. Instead, they've made you (1) open a word processor to display the image and (2) muck about with zoom settings so you can actually read the damn thing.

Also, what you generally find is that the problem description is in the e-mail, not in the document, so you're also having to juggle windows to work out what's going on.

This happens so often where I work that it just isn't funny anymore.

Consultants are mystical people who ask a company for a number and then give it back to them.