Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Citi is the worst, GW2 at the other end (Score 1) 271

by Omega Hacker (#48991157) Attached to: Why Gmail Has Better Security Than Your Bank
Yeah, I supose that's true. But not only does it not make me feel any better about how secure it isn't actually, but it makes it absolutely impossible to actually select a password that can be remembered. See my response above http://news.slashdot.org/comments.pl?sid=6909609&cid=48991127

Comment: Re:Citi is the worst, GW2 at the other end (Score 1) 271

by Omega Hacker (#48991127) Attached to: Why Gmail Has Better Security Than Your Bank
Well, not exactly. The GW2 client remembers the password for you, thus I don't have any reasons to remember a random collection of 4 words. Except when you are forced to reinstall it, or install it on another machine, you suddenly need the password again.

The result is that I now have an email I sent to myself, in a folder, which very clearly states "GW2 password is 'aaa bbb ccc ddd'". It's in a Gmail [apps] account at least (so as per the article it's reasonably secure), but it's really no different than writing my password on a post-it on my monitor from an *actual* security standpoint.

Thus in trying to "improve" security, they force me to have a very infrequently used password that there's absolutely no chance I will ever remember, so I have to store it in an alternate location. Either that or pretty much every time I [re]install the client I have to "forget password", at which point either they're relying on absolutely nothing more than my email account's security, or they randomly require that I send in some kind of identification and wait 24+hrs like my wife had to a month ago.

FAIL.

Comment: Citi is the worst, GW2 at the other end (Score 1) 271

by Omega Hacker (#48990775) Attached to: Why Gmail Has Better Security Than Your Bank
I signed up for a Citi credit card about a year ago, then found out after the fact that not only do they allow short basic passwords, but they MANDATE them. You cannot have any special character at *all* in your password. I called them on this and they told me that they had just made the change in order to "improve security". Even better, the change happened as I was initially setting up my account, so the first form I filled out let me put in a proper password because it hadn't been crippled yet, then the actual login page kicked me out after that saying my password was invalid. I had to call them up and fight through getting my password reset, then hope that the password I created through the form that still didn't check their new rules would actually let me log in.

There's got to be a way to report these outright failures to some kind of regulatory body, and force them to fix these things. I'm just worried that there might not *be* a regulatory body for this....

On the other extreme, I found myself having to "generate a password" for Guild Wars 2, who take http://xkcd.com/936/ as gospel and created a 4-word passphrase for me. Compound this with the fact that they kick out "any password used by you or anybody else *ever*" as a password change, which makes it absolutely clear that they store all passwords in plaintext, and I'm not really impressed with those jokers either.

Comment: Just cursive, or all writing? (Score 2) 523

by Omega Hacker (#48486259) Attached to: Finland Dumps Handwriting In Favor of Typing
I would hope that they're dropping the archaic cursive style of writing because it's just that: archaic. OTOH, ceasing to teach kids how to write in a legible block "font" would be mind-blowingly stupid. No matter what people need to be able to write, but they don't have to write "fancy".

(Not to mention I can't actually manage to *read* most people's cursive writing, no matter what era they were taught it in.)

Comment: Probably fake cards, actually (Score 4, Interesting) 178

by Omega Hacker (#48388783) Attached to: Ask Slashdot: Is Non-USB Flash Direct From China Safe?
If you think you're getting a card for 1/5th the price, you're probably getting 1/5th the card. I have personal experience with cards that claim to be 8GB but only have 1GB of actual flash in them. I won't touch on the malware issue, but before you actually try to make use of the cards you need to find a way to very exhaustively exercise the entire card. I haven't looked for such a program but I hear they're pretty easy to find. If I were writing one I would put a pseudo-random sequence across the entire advertised size of the card, then read it back and confirm that the same pseudo-random sequence comes back. The sequence should be longer than the card, or at the very least not repeat on something like a 1GB boundary. I suspect a common trick in these cards is to simply drop the upper address bits, so you'll read the same contents off e.g. the 2nd GB as you will from the 1st, and all the others.

Comment: Throttling vs routing (Score 1) 398

First off, I assert that whether Verizon is actively throttling packets, or simply not providing sufficient peering to get to Netflix, they are committing fraud by advertising high speeds and not delivering them.

However, to *really* convince people, more rigorous experiment has to be performed: find a VPN (or set up your own with a colo) that's connected as closely to Verizon as possible, as close to their peering with Netflix as possible. That way the route between Verizon and your VPN/colo is as similar as possible to the Verizon<>Netflix route. You can then measure Netflix bandwidth to your VPN/colo, and the resulting full-path bandwidth.

I *strongly* suspect you'll see the exact same behavior, but by doing that you've proven beyond a shadow of a doubt that Verizon is absolutely to blame. It still doesn't separate the packet-throttling scenario from the insufficient-peering scenario, because even though your Verizon ingress point is ideally the same router, Netflix is *supposed* to peer to that router through dedicated lines (e.g. trunked 10G to the next room over where Netflix's router is).

Of course, since Netflix has offered to both purchase and install the 10G cards and wires on their own dime, that scenario is absolutely no different than packet-throttling. Except that in order to do packet throttling, Verizon had to spend *more* money on hardware than they would have to just add more capacity. Now *there's* a bit of research to do: $ to throttle vs $ to add capacity.....

Comment: Unfair? Hardly. (Score 2) 165

by Omega Hacker (#47532739) Attached to: Wikipedia Blocks 'Disruptive' Edits From US Congress
From the article, presumably from a staffer: "Out of over 9,000 staffers in the House, should we really be banning this whole IP range based on the actions of two or three? Some of us here are just making grammatical edits, adding information about birds in Omsk, or showing how one can patch KDE2 under FreeBSD."

Sorry, but if you're a congressional staffer, using a computer in a congressional office, why are you making edits about birds in Omsk, or KDE? You want to make those edits, do them from your own home on your own time. There, I fixed it.

Comment: Re:So wait... what? (Score 1) 314

by Omega Hacker (#47226777) Attached to: California Regulators Tell Ride-Shares No Airport Runs
I try not to feed the trolls, but I just can't pass this one up:

"An order of magnitude more? 200 dollars? Really?"

Apparently you're too dumb to comprehend that he very clearly stated that $20 is *more* than the gas cost by an order of magnitude. That means he's spending $2 in gas for the trip. At the current ~$4/gal with what passes for an "efficient" vehicle in the US, that puts his round trip at ~12.5mi, or roughly 6 miles from the airport.

The depth of your illiteracy truly astounds me.

Comment: BoomerangIt doesn't offer anything anymore? (Score 3, Interesting) 250

by Omega Hacker (#46316945) Attached to: Slashdot Asks: Do You Label Your Tech Gear, and If So, How?
I was actually intrigued by BoomerangIt, until I noticed that a) "BoomerangIt Packs and Subscriptions are no longer available for purchase." and b) the cart indeed does not exist.

I'm a little fuzzy on how you a) start a business selling labels that promise long-term lookup&return, then b) stop selling new labels and thus getting new income, while c) still being required ("nominally") to provide the lookup&return service, without d) running out of money and imploding.

Am I missing something with either their site or their apparent lack of business model???

Comment: Re:Confiscate cameras (Score 5, Insightful) 478

by Omega Hacker (#46277243) Attached to: Ask Slashdot: Anti-Camera Device For Use In a Small Bus?
I think you misunderstand. This has nothing to do with the passengers not wanting their picture taken. This has *everything* to do with the jackass owner trying to ensure that nobody can take their own pictures, because I guarantee he's got a photographer onboard who's taking "professional" pictures which are sold at ludicrous prices. Have you *been* to a themepark?

Breadth-first search is the bulldozer of science. -- Randy Goebel

Working...