Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Comment Re:Stop whining and RTFA (Score 2) 189

Read TFA closer. They do have a repeat offender policy.

I never said they didn't.

(I'm glad it got someone to read the article. teehee!)

The article shows Cox's stance, which is that they have a repeat offender a policy. The judge, for reasons we don't know yet, thinks that their policy is inconsistent. For all we know, Cox has no actual policy, and merely drafted up something right now on the fly, then used previous cases of banning users to support the claim that they had a policy all along. Cox claims that their policy it is not inconsistent, it is discretionary. Is their policy sufficient to meet the criteria for a repeat offender policy as described in the DMCA? *shrugs* We don't know. The judge will decide that. DMCA itself isn't super clear on the topic, which is why I looked it up and linked to the EFF's opinion on those policies.

IMHO, Cox is right. Those copyright trolls send a gzillion notices with little to no supporting evidence. Neither the ISPs, nor the individuals, should be obligated to respond to them. The trolls should have their errant and unsupported DMCA claims discarded, and they should be held liable for damages. Hopefully that is what will happen here. Even if Cox's repeat offender policy was not sufficient, it does not make the DMCA claims valid. But if Cox didn't follow the DMCA rules than it puts a wrinkle in things and makes this a bad case and increases the chance for the trolls to succeed. This is a lesson to other ISPs: Get your repeat offender policy in alignment with the law, or fear losing your safe harbor status. That would be a huge ball of suck.

My post was not a criticism or a defense of Cox. It was to point out that there is a lot more nuance than the overzealous Slashdot summary would have us believe. The summary implies that the judge threw-out safe harbor for arbitrary reasons. The article indicates otherwise.

Comment Stop whining and RTFA (Score 2) 189

The DMCA gives Safe Harbor to ISPs who implement the rules. If Cox never implemented the "repeat offender" policy then they are no longer entitled to the safe harbor provisions. Since the trial has not yet begun, it remains to be seen if they actually did so. We also don't know anything about the DMCA filings that Cox received.

The EFF has an article on what the DMCA repeat infringer policy means.

Comment Translate please! (Score 1) 190

I have questions!

Registration is mandatory prior to operation of a UAS in the NAS not at point of sale.

UAS = Unmanned Aircraft Systems AKA "RC aircraft"
NAS = ???

Persons must be 13 years of age to register.

I don't think you have to be 13 years or older to purchase or operate one, so this seems like a loophole.

Comment Re:PASSWORDS (Score 1) 482

Short passwords are easier to remember than longer passwords,

Are you sure?
Short complex password, or long dictionary passphrase?
Until someone points to a study on the topic this will remain a matter of opinion. But I suspect that people find short passwords hard to remember because of the arbitrary and inconsistent rules on character case, symbols, numbers, and length. If it was just a matter of comparing biscuit' to 'I ate biscuits for dinner last Tuesday" then shorter would be better. But when it becomes 'B1scu!t' the scales tip toward the passphrase. More evidence of this is that people take passphrases, and create rules for turning them into short passwords. Ex: 'I ate biscuits for dinner last Tuesday' becomes 'i8bfdlT'

if it is done correctly on your phone, they don't get your phone number

Oh, you are referring to using OTP algorithms. I find most online services don't support that: They just want your cell number and they text you something.

As for the rest of your post: I agree.

Side question: Could you help me understand something that happens with online discussions? I find that people seem to reply to posts, and restate something that I said, but in a way that implies I disagreed with it. Is a debate technique to try and discredit someone? For example, you posted "two-factor capability makes it more secure, not less." That statement implies that I said two-factor capability is less secure. I did not say that, I said short passwords are less secure. I even pointed out, albeit indirectly, that two-factor is more secure when I said "I *might* reconsider for my bank." Another example is your statement that the other factor could be a a phone or a token. Was there something in my post that implied I didn't know that? I specifically mentioned both phone and keyfob. I'm just trying to understand since this seems to happen a lot.

Comment Re:Make the US Post office key to identity managem (Score 1) 482

Dangit! I lost my mod points because I commented. I have wanted this for years. I hate signing-up for electronic delivery of anything important (tax forms, bank statements, credit card statements) because I fear something technical will go wrong, or I'll get massive spam. Those problems are largely eliminated with postal mail. The government backs it, so it is reliable enough to be used for legal purposes. And it has a cost so the volume of spam is limited.

Comment Re:PASSWORDS (Score 2) 482

Wow, that sounds like the exact opposite of what I want.

1. Short passwords = harder to remember and less secure.
2. Two factor authentication means I have to give my cell phone number to everyone and have it on hand, or I have to carry 500 keyfobs. I can't login quickly because I have to wait for a text, and if I lose my phone I can't login to anything. I personally choose never to use 2-factor authentication, and instead have good passwords. I *might* reconsider for my bank.

Comment Re:The problem is the user (Score 3, Interesting) 482

1) In general, criticizing a citation is only valid if you can provide a better citation. In this case, a newer article would qualify.
2) People still use 7-year-old electronics.
3) Newer articles seem to indicate this is still a problem. Ex:
PS4: 10 watts
XBOX One: 13 watts
"Is standby growing or shrinking? It's probably growing."
Displays: 12 watts
(Source: http://www.energysavingsecrets...)

Comment Re:Everyone has to learn about it. (Score 1) 191

Hmmm... then I reword my question: "I'm curious to know why a senior programmer was writing code to concatenate strings of SQL." Fortunately, you answered it already when you said "It's a natural way for someone who doesn't realize the risks to do it." That is probably the most common reason for SQL injection vulnerabilities. But that statement concerns me. I expect someone labeled "senior engineer" would already know about these risks. Exceptions might be someone with a very narrow but deep focus like an embedded C programmer, or a PHD with little real experience. Am I off-base in my expectation that senior engineers would know this? I work in a place that has a mix of embedded engineers and higher-level programmers, so I am tempted to take a survey.

Another area that I think many "senior" engineers don't know is security. Lots of them find an encryption library and call Encrypt(data, key="12345" + "abcde") and think they are secure because they used 256-bit encryption and obfuscated the key.

Comment Re:Everyone has to learn about it. (Score 2) 191

I'm curious to know why a senior programmer was writing code to handle apostrophes in the first place when that is probably built-in to whatever library you use. I'm legitimately interested, if you wouldn't mind following-up with a reply at some point. The answer is probably to the heart of why SQL injection continues to be an issue.

All power corrupts, but we need electricity.