Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Comment Re: How would they know the order? (Score 1) 101

Except though, how often do you only press the four digits of your pin. When you make a deposit of $10 or more you need to press at least 4 digits, the dollars and cents. So now you've pressed 8 numbers, and someone has to figure out which of the 8 buttons are for the pin #.

After 3 failed attempts the machine eats the card, and if it's retail the cars gets disabled.

So even best case scenario of having 24 combinations, you won't make it past 3 attempts.

Comment Re: wait, what? (Score 3, Insightful) 89

And all this can be prevented if administrators simply adding one line to their wp-config.php

define('DISALLOW_FILE_EDIT', true);

Wordpress provides a large amount of hardening functions like this, others allow the overriding of default file permissions of uploaded documents to 644 instead of 755 to prevent execution of uploaded scripts.

Developers need to educate themselves on the software they are provides to beat learn how to administrate it.

Comment Re: Like the 100 mpg carburetor (Score 1, Insightful) 67

Greedy? They are providing FREE Internet to the third world. I hardly consider that greedy.

They developed it as an education and communication tool, allowing access to Wikipedia, Google and Facebook.

That gives them access to knowledge, news, email, chat and other communication tools.

The only other thing I would add is Khan Academy.

Comment Re:Bullying (Score 1) 183

Use Slashdot's moderation and meta moderation style system. One irate idiot cannot negatively impact the score of a post or a users reputation. Multiple people need to report the same thing for a score to hold, then the meta moderators determine if the score assigned to a post was justified or not.

I assume Microsoft won't allow a single person's review of another user to hold much weight until multiple users are reporting the same thing, Likewise, I assume that users with a good reputation down voting a bad player will have more klout than a user with a bad reputation trying to down vote another user.

Comment Re:Without her permission? (Score 1) 367

As a parent, I will never give my kids school permission to access her cell phone, email accounts, Facebook or any other online account. If they have concern about the content of a post she makes, or a message she may have sent, they can raise the concern with me and I'll deal with it accordingly. If they track her online usage while at school, fine - all organizations do it, they have to from a liability standpoint, but demanding her password? I'll raise hell.

Comment No, not really (Score 1) 187

Yes, they got rid of the pinkish coloured background from top ads, and removed the separator from the side bar. But the ads are still separated by a grey line, have a yellow icon in front of the ad with the word "Ad" in it, and an exclamation mark in a circle beside the ad blocks. If you can't tell they are ads, you aren't paying attention.

Comment Other Legit Reasons (Score 1) 417

Our company has three root certificates installed, and I can't find a single MITM on any domains.

There are other legit reasons for issuing internal root certs, such as accessing secure internal resources, like intranets, email, domain authentication, attendance/payroll systems, etc.

Try going to a secure site, like facebook, and check to see if the cert was hijacked, then you know for sure.

Comment Seem Negligible (Score 0) 155

Seems like a negligible improvement. I mean really. With hard drive space plentiful, and bandwidth faster than most users can use at any given moment, saving 20-60Kb on a 1Mb file is like a fart in the wind, even for mobile users.

I'm with the AC in the first post, I use PNG for 90% of my images, since it supports transparency. The file may be slightly bigger, but who cares.

Comment customer service portal (Score 5, Interesting) 236

Years ago I worked for one of the two big American cable companies currently merging. I identified a security flaw in the public facing side of their customer service portal, essentially giving access to all the config files, which contained admin credentials in plain text. I proposed simple solutions, like not allowing directory listings of folders, among others.

They shrugged it off, and to the best of my knowledge, last year the vulnerability was still accesaible

Comment Great in Theory (Score 3, Interesting) 324

The app is great in theory, but horrible in implementation. I checked out the App Ops functionality and if you don't know what you are doing you can cripple your phone. The problem is it allows you to change the functionality of system apps and core services by denying them access to the device *oops*.

I definitely think this is a needed feature, but it needs to be implemented at installation of apps from the play store. When an app says "We'll need the following permissions" the user should be able to toggle off each one they dont want the app having access to, then use the traditional permissions manager to modify it in the future.. From the App Ops, I learned that Angry Birds accesses your location when you run it. For what user-supporting function? None... There is no reason why it needs access to my location. My Grocery Store locator? That needs access to my location, but not my contacts.

The secret of success is sincerity. Once you can fake that, you've got it made. -- Jean Giraudoux