Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: Re:Also, stop supporting sites with poor encryptio (Score 1) 314

by Just Some Guy (#49594697) Attached to: Mozilla Begins To Move Towards HTTPS-Only Web

You should find another bank.

Yep. There are plenty of banks to choose from that - whatever their other flaws - at least take security seriously. If your bank can't or won't lock down their website, then you already know that they're negligent in at least one area. What else are they neglecting?

Comment: Re:Wait a minute... (Score 1) 314

by Just Some Guy (#49594671) Attached to: Mozilla Begins To Move Towards HTTPS-Only Web

I don't think it's extreme at all. I think we're past the point that's it's socially reasonable or responsible not to encrypt all traffic by default.

Even if you're 100% OK with visitors to your site being snooped on, consider that adding to the amount of crypto in use worldwide makes it hard for repressive governments to tell what their citizens are doing online. Maybe your site would be the straw that broke the Great Firewall's back and lets some kid read uncensored news.

Comment: Re:Waitasecondhere... (Score 1) 393

by Just Some Guy (#49587717) Attached to: Tattoos Found To Interfere With Apple Watch Sensors

Outside of Portland, what percentage of the population has full sleeve tattoos? 1 in 10,000, maybe? I'm not asking to be funny; except for in very certain cities, those are almost unseen. Even working in San Francisco I see very, very few. Oh, there are lots of smaller tattoos, but sleeves are unusual.

I'll bet more people are sensitive to the materials used to make the watch than are unable to use it because of their ink. That's not Apple's fault or a flaw in the watch, though: no one product can be useful to everyone.

Comment: Re: wait, what? (Score 1) 89

by Just Some Guy (#49571171) Attached to: New Zero Day Disclosed In WordPress Core Engine

Wordpress provides a large amount of hardening functions like this

...which are completely freaking worthless if they're turned off by default. 99.9% of users will never visit and study every available config option, and the other .1% will be wondering why it's not the default setting if it's so great.

Your post is like those who insist that MySQL has safe data settings for those who know how to enable them, while ignoring the fact that almost everyone uses the configuration as shipped. Unsafe by default is an insane and undefensible way to distribute software. In fact, I can't think of a good justification for ever allowing the unsafe values to be set.

Comment: Re:1 port for a hub (Score 1) 300

For me, still one. I never use a hub when away from my desk, and always use one when I'm at my desk. Think of it as a docking station and that's pretty much my usage pattern. If I can get a thinner or lighter laptop by throwing away the "extra" ports, I'd leap at the chance.

Comment: Re:This product reminds me of... (Score 2) 174

by Just Some Guy (#49547609) Attached to: Apple Watch Launches

You know the famous quote.

This one?

"As a general thing, I have not 'duped the world' nor attempted to do so... I have generally given people the worth of their money twice told."

The one you're likely thinking of is irrelevant here, because I've spent more on dinners than I did on my Sport watch that's due for delivery today. You say "suckers", I say "people who don't mind spending $350 on a watch they'll be using every day and that's easily worth the money in sheer entertainment value".

Comment: Re:Not a Piece of Shit (Score 3, Insightful) 128

by Just Some Guy (#49540307) Attached to: POS Vendor Uses Same Short, Numeric Password Non-Stop Since 1990

People are stupid if they don't realize a password is like a key.

They do, and the problem is that they treat it exactly like one. When you buy a lock, do you immediately re-key it? No: you use it as-is. Now maybe if the key looked very suspicious, like say it was a perfect sine or square wave or it was completely smooth, then you might ask the blacksmith whether that's normal. I bet those shopkeepers would be asking the same of their POS installer if the password was "123456" or "111111".

But to their (and my) untrained eye, "166816" looks reasonably random. It looks as random as my Schlage house key does. Maybe there's a locksmith forum where experts are making fun of me for not changing my obviously default lock. After all, they can tell at a glance that I have the standard factory issue! How stupid am I for using it without making my own pattern!

No, I think you're exactly wrong. People think of these passwords as keys. They use the ones manufacturers give them. They hand them out to the same staff that have keys to the front door and cash drawers. They don't routinely change them when people quit. They don't audit their usage. They treat them just like the little medal danglies on the ring in their pocket, no more, no less. We've done a very poor job of telling them why they should think otherwise.

Comment: Re:Not a Piece of Shit (Score 4, Insightful) 128

by Just Some Guy (#49537537) Attached to: POS Vendor Uses Same Short, Numeric Password Non-Stop Since 1990

provide a secure configuration guide so that customers are aware of everything they need to do in order to properly configure their stuff

So much this. In the Slashdot echo chamber we presume that everyone in the world should be the security experts we are. No one outside forums like this thinks the way we do. Your average mom & pop grocer doesn't know about security, can't imagine what a "default password" is or why it would be bad, and sees a POS as an appliance much like a refrigerator or stove.

Tell a restaurateur that they're stupid for not changing the default password, and they're likely to tell you how your stupid home food storage and cooking methods are likely to give you listeriosis. We are experts in our domain, and expecting everyone else to care about it (especially while remaining ignorant of their specialties) is a major failing on our part, not theirs.

Hacking's just another word for nothing left to kludge.

Working...