Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Re:Why Fight It? (Score 0) 125 125

Related- why the hell would you want to innovate at a place that looks unfavorably upon independent thinking? The absolute best thing that could happen is for that business to die a flaming death, consumed by their own ineptitude and bureaucracy. Taking matters into your own hands only extends their reach, propping up their inefficiencies to suck the life out of even more people.

Mooch a paycheck if it is the only thing available, but definitely keep your best work under wraps. They've made it abundantly clear that's not what they are paying you for, so oblige them, even going so far as to gleefully compound their organizational problems. You'll probably get a promotion out of it, which will set yourself up better for finding another job.

Comment Re:Scripts that interact with passwords fields aws (Score 1) 365 365

n00bs, eh? I've been in the software business for almost 40 years, you young whippersnapper.

I suggest you study texts on encryption, and maybe read the technical details of how a good cloud-based password manager like LastPass actually works. https://lastpass.com/whylastpa... https://lastpass.com/support.p...

Your super-whiz-bang method still requires a password, it seems. Without a password manager, users will still need to remember their password and many will either reuse passwords from other sites or choose simple ones. The image/caption thing you talk about is often used as an anti-phishing technique, but that's not authentication. If you're requiring the user to choose from among multiple pictures or captions, then that's effectively another one or two passwords. Yes, it will make it harder to attack YOUR site through the web interface, but doesn't itself strengthen protection of the users' passwords.

The goal for password managers is not to protect individual sites, it's to protect the users against their own misuse of passwords and reducing the risk when some site (not yours, hopefully) gets hacked and has their password database stolen. (How do you hash the passwords for your sites? Still using MD5?)

Comment Re:Scripts that interact with passwords fields aws (Score 2, Insightful) 365 365

Obviously you have limited experience or familiarity with password managers. LastPass, among others, keeps your encrypted passwords "in the cloud", so that they are accessible even if your local disk "takes a dump". For LastPass, there's also a local copy of the encrypted database, and yes, I do have backups. (If you don't have backups, you have a lot more problems than losing passwords.)

Image/phrase/password verification is hardly "better" (better than what?). How many of those can you remember? If you can come up with an authentication scheme better than passwords that you can get every online service to use, then please let us know. The reality is that passwords are what we use today and password managers make them easier to use in a more secure fashion, so that one has a different, strong password for every login. Two-factor authentication is also very helpful (and I enable that where supported.)

Currently the biggest weakness of passwords, other than most people using them poorly, is sites that store passwords insecurely. This, combined with the tendency of those NOT using password managers to reuse passwords, is what leads to the majority of account hacking.

Comment Re:Scripts that interact with passwords fields aws (Score 5, Interesting) 365 365

LastPass is no more proprietary than KeePass. The JavaScript implementation is visible. And while their server was hacked, the thieves got nothing of value since the contents of your "vault" never leave your computer unencrypted and LastPass doesn't have the key.

I agree with the article - blocking password managers lowers security.

Comment Re:For an alternative (Score 1) 581 581

And your entire argument is essentially framing the discourse into something no has demanded.

However, there is a bit of misrepresentation, as reddit originally posited that they were a bastion of free speech. And while it is fashionable to view it as reddit, out of the goodness of their hearts, provided a free platform for miscreants to corrupt the youth, the other side to that is users operated in good faith that reddit would keep their end of the agreement in creating free content.

Not like they can take their ball and go home now is it?

And regardless, criticizing reddit does fall under free speech, does it not? The government aspect is just a red herring.

Comment Re:For an alternative (Score 1) 581 581

Brilliant!

Similarly, being in prison doesn't prevent you from voicing your opinions. Nor does being fined millions of dollars (just earn more money, citizen, so you too can enjoy the same freedoms of billionaires!) Nor does it prevent you from setting up a website to discuss controversial opinions.

Except when it does (funny how credit card companies refused to process donations to Wikileaks right after the release of the Afghan War Diary. But that was just private companies exercising their rights not to make a profit, and had nothing to do with government collusion. Nosiree!).

You might be a little slow on the uptake, but the definition of censorship doesn't specify government and non-government, and as there have been numerous other websites that were harangued by both governments and private companies being leaned on by governments.

You probably think a private company contracted by the government to doesn't abridge 4th amendment protections because, get this, it isn't the government doing it.

Except for the legislative framework that made it legal in the first place.

Idiot.

IBM Advanced Systems Group -- a bunch of mindless jerks, who'll be first against the wall when the revolution comes... -- with regrets to D. Adams

Working...