Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Yes, but.... (Score 1) 256

by gewalker (#49351049) Attached to: Generate Memorizable Passphrases That Even the NSA Can't Guess

I limit password length on a few sites because it was of user requirement (all willing to agreed 40 or 80 char max). I figure this is long enough to satisfy most people that understand password security. Of course, I use a one way salted hash. So, I can't send the password back to the user on a reset, also often given as a requirement by the user.

Difference is, I won't do the last one though. Why the difference, pick your battles. 40 character limit, not really a big problem, not using a 1-way hash, big problem.

Comment: Re:The whole premise is wrong wrong. Teach users w (Score 1) 159

by gewalker (#49348239) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

Upon further reading of the research article itself, I discovered that Dropbox created the meter and then shared it as zxcvbn instead of the other way around that I assumed. They apparently also liked the strength checking in the KeePass utility which is also open source.

Comment: Re:The whole premise is wrong wrong. Teach users w (Score 1) 159

by gewalker (#49347929) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

Teach users what entropy is? That is unpossible (as Ralph Wiggins would say).

I have a friend who is clearly quite intelligent, but can't remember how to do cut and paste -- though I bet he knows more people by name than anyone I have ever known. Even a poor quality password meter probably helps password quality more than any single attempt to teach how to make good passwords. After all we have been trying to teach this as an industry for decades without much success.

The problem is that ad-hoc password strength measurement is usually pretty bad because writing a good meter is hard, although again something is usually better than nothing. Best practice would suggest reusing code from someone else, perhaps just as Dropbox did according to the article -- apparently zxcvbn. I am not claiming zxcvbn is actually good, just that the researchers referred to Dropbox favorably in this regard.

Comment: The article is wrong (Score 3, Interesting) 535

The problem in this case is not that Comcast is incompetent. It is that they are flat out lying. This is breach of oral contract. IANAL and certainly don't know the penalties in this case, but I know that legal damages are quite limited in my state -- i.e.. $500 max. Why do you think they won't write out any guarantees?

Comcast screwed my over too as I had checked in advanced, was assured it was wired for cable and only required a phone call to turn it on, etc. Of course, when I made the call took several calls to determine that it was not in fact ready or had ever wired to their network. wired. Fortunately infrastructure was in place and I go service turned on only 10 tens late, but it was not pleasant for me either.

Of course they are incompetent. But they are also lying monopolistic crooks.

Comment: Re:Wait... what? (Score 2) 228

by gewalker (#49337739) Attached to: How Nuclear Weapon Modernization Undercuts Disarmament

No military reason? US casualty estimates for a conventional invasion were typically around 500,000 US casualties (though some were much higher or lower) and estimated Japanese casualties were usually higher. Non-nuclear attacks are also devastating, the fire-bombing of Tokyo likely killed about twice as the attack on Hiroshima

The US considered simply demonstrating a bomb to convince the Japanese to surrender, but ultimately it was decided that this would be more likely to be ineffective. Considering that Japan did not surrender after the first bomb was used this assessment was very likely accurate.

The purpose of the military is to defeat the enemy. If you can drop 2 atomic bombs and end the war without US casualties you have accomplished a large military victory at very low military cost to the US.

Argue against the use of nuclear attacks on Japan on other factors if you like, but stating there was no military reason reveals ignorance or worse on your part.

Comment: Re:Wrong place at the wrong time.... (Score 3, Informative) 110

by gewalker (#49333477) Attached to: Public Records Request Returns 4.6M License Plate Scans From Oakland PD

Probably would not be useful to exonerate as it would only say where your car was, not where you were. For some reason, circumstantial incriminating evidence is is often more likely to be accepted than exculpatory evidence. Of course, it should be the other way around. A good defense lawyer flips this back in your favor.

Comment: Re:FDA-as-disease-process (Score 1) 140

by gewalker (#49286251) Attached to: Gates: Large Epidemics Need a More Agile Response

DES was approved by the FDA, so clearly the FDA was not helpful in preventing the drug from reaching the market.

Thalidomide was not approved by the FDA primarily due to bureaucratic delay. While the FDA doctors would not approve it as they were waiting for evidence it was safe and effective, they would have approved it eventually were it not for the birth defects that starting showing up in other countries. Drug testing protocols simply did not test pregnant women. I.e., the US was largely spared thalidomide babies because the approval process was slower than in other countries as there was nothing in the testing to date that would have prevented approval.

When you read a headline that FDA approves new drug able to prevent 10,000 deaths annually, rest assure this also means the FDA has been blocking a drug that would have prevented 10,000 annually, most likely for quite a few years.

The drug companies have considerable incentive to market new and expensive (non-generic) drugs. But the expense to bring new drugs to market is also very high, at least in part due to FDA rules. The very high costs tend to kill-off promising developments that would simply not be economical to develop. Real life can be a bit complicated.

Comment: Re:What? (Score 0) 1080

by gewalker (#49258449) Attached to: How To Execute People In the 21st Century

The cop did not choke him -- this leaves a mark every time. He died of a heart attack. Were the cops guilty of brutality. Yes. Every takedown is brutal AFAIAC. I don't know if this met the legal definition of police brutality and neither do anyone else. But they did not choke him.

The law was brutal because NYC has to make sure they collect very high tobacco taxes

.

A committee is a group that keeps the minutes and loses hours. -- Milton Berle

Working...