Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:Responses (Score 2) 243 243

So how do you encrypt this UUID?

You don't need to. Paranoid about it? Wipe the UUID field from the database upon successful verification of the email so it can't be queried against in the future. However it would be better to just do a sanity check in the code that if there's a boolean 1 in the "emailConfirmed" field after querying for the UUID, just notify the user that the account has already been confirmed and doesn't need to be again.

And what do you send for a password reset?

An email to the address on file that has a link to the password reset possibly pre-filling the userID field, but I tend to make the user type that in themselves. If they don't remember the userID... then they'll need to know other pertinent information that the account was created with, otherwise new account time. After the password is reset, then send a confirmation that only states this fact and not giving any identifying information in it beyond that. The same thing you should be doing for any type of change made at the user's account level. If the user is changing their email address, send a confirmation to both the old and the new address that it has been changed, then also reset emailConfirmed to 0, regen the UUID, and force the user to verify the new address, following the same procedure as if it were the first time.

Comment: Re:Goodbye free speech (Score 1) 210 210

But it doesn't stop Jane from decking you if you scream "Jane, you ignorant slut!" at her. Nor does that stop you from suing her for the medical costs associated with the black eye resulting from you being decked. Nor does that stop her from counter-suing for the slanderous defamation of her character. It only stops the government from putting you in prison for the rest of your life simply because of your opinion on Jane's promiscuity.

Comment: Re:Is Haselton going to jail? (Score 1) 187 187

How you test for a brute-force vector without conducting a full brute force attack:

Hey, United, I was able to try 10 user/PIN combinations within 30 seconds of each other and did not hit any timeout walls or seeming account blocks. I was also able to directly use my real account/PIN combination on the 11th attempt that I manually did 5 seconds later and was able to get full access to my account. You might want to take a look at this to make sure that on a proper brute-force scale you're not caught with your pants down.

Comment: Re:No brute-forcing murky... or clear? (Score 3, Insightful) 187 187

I have an idea. How about you learn something before you talk out of your ass? Brute force has never, in the entire lifetime of the phrase, meant that you were pegging a server while you are trying every possibility for the password on an account. Hell, if I send a username and next-in-series password at a rate of one every 20 minutes, that's still classified as a brute force attack, and unless the server is really anemic, there's no chance in Hell that the server is going down. If I'm doing that same type of attack at a rate of 200 attempts per second, or even 2000 attempts per second, that's still not going to blip much on the server's CPU unless it's already bogged with another process, and those are STILL classed as brute force.

The type of attack you're looking for is Distributed Denial of Service, which isn't generally for breaking into accounts but taking the server down with an overwhelming number of requests or pings that the server doesn't have the resources to be able to respond to any further requests.

+ - Warner Bros. Halts Sales of AAA Batman PC Game Over Technical Problems->

An anonymous reader writes: The Batman: Arkham series of video games has been quite popular over the past several years. But when the most recent iteration, Batman: Arkham Knight was released a couple days ago, users who bought the PC version of the game found it suffered from crippling performance issues. Now, publisher Warner Bros. made an official statement in the community forums saying they were discontinuing sales of the PC version until quality issues can be sorted out. Gamers and journalists are using it as a rallying point to encourage people to stop preordering games, as it rewards studios for releasing broken content.
Link to Original Source

+ - NVIDIA Begins Supplying Open-Source Register Header Files->

An anonymous reader writes: NVIDIA's latest mark of their newly discovered open-source kindness is beginning to provide open-source hardware reference headers for their latest GK20A/GM20B Tegra GPUs while they are working to also provide hardware header files on their older GPUs. These programming header files in turn will help the development of the open-source Nouveau driver as up to this point they have had to do much of the development via reverse-engineering. Perhaps most interesting is that moving forward they would like to use the Nouveau kernel driver code-base as the primary development environment for new hardware.
Link to Original Source

Comment: Re:Valve is the lever moving the PC gaming world (Score 1) 57 57

Can't tell if you're willfully ignorant on this or just trolling.

Valve doesn't have a lot of games on Steam. 3rd Party development houses chose to use Steam as a Distribution/DRM platform. Valve has not one iota of power (yet) to dictate that games developed by 3rd parties must also have Linux Binaries. The only binaries that are in direct control of Valve are games that Valve has developed. This is not to say that at a point in the future where Valve believes that Steam as the sort of clout that all other developers cannot do without their service, Valve wouldn't make the terms that in order to make use of the Steam platform for their games, 3rd party devs must provide working Linux binaries as well.

To put it more accurately and succinctly, Valve cannot say "We, as developers, have a lot of games on Steam," since they only have direct claim to ~30 out of the "10,000". They can say, however "We, as a service, have hundreds of developers that use our platform to allow users to purchase thousands of their games (not Valve's games) through that platform." There's a league of difference between those two concepts of ownership over the binaries.

Comment: Re:Valve is the lever moving the PC gaming world (Score 4, Interesting) 57 57

You seem to be confused between games that Valve created versus games created by other companies that use Valve's distribution service named Steam. There's only a small handful of games distributed through Steam that were actually developed by Valve themselves; almost 30 if you include comercial mods and expansions.

Comment: Re:Infinity (Score 1) 1067 1067

So...when you graph the equation 5/x, where X hits zero a line is drawn horizontally and vertically with arrows indicating infinity in all directions, with the two curves shooting off the page of it at the positive and negative points where x no longer equals zero? Funny...I always thought that the 0 lines are completely devoid of any marks, specifically to denote that there is no defined value, infinity or otherwise.

Comment: Re:Infinity (Score 1) 1067 1067

In the most trivial simplification x/0 will be either positive or negative infinity, depending on the sign of x. If x=0 then we can't even say that much.

Actually, in any possible case of x, the result is always both positive AND negative infinity...and it is also always neither. As I mentioned elsewhere, divide by zero is essentially quantum superposition at work. The denominator being zero means that there is no "observer" for the numerator to collapse into a definitive form...and therefore there is no possible way to define the entire equation. Undefined != infinity. Undefined == Undefinable.

Comment: Re: Infinity (Score 1) 1067 1067

if you divide zero apples with zero [people] - how many pieces do you have?

As I stated elsewhere [paraphrased to give a bit more detail for a non-AC]:

[This example] isn't 0/0. It's 0/1, which is 0. The person identified by you has to exist in the equation to be able to process the division, so by default there is 1 person. If there were 0 people then a Schrödinger's Cat situation emerges. Quantum superposition states that if there is no one to observe that there are 0 apples...then there are infinite apples at the same time there are none. To put it more simply, there would be 0 people to even care how many freaking apples there are to be divided. Therefore 0/0 is undefined, and in programming should always throw an exception that can be handled gracefully (ask user to verify inputs, etc). Defaulting 0/0 to 0 in programming is a very dumb idea as it will create more problems than it solves.

"Poor man... he was like an employee to me." -- The police commisioner on "Sledge Hammer" laments the death of his bodyguard