Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:eSports commentary is already superior (Score 1) 33 33

Ever listen to football commentary or basketball? Its all color commentary or idiotic observations like "team X won because they scored more points"... no shit, fucktards.

You must have lousy sports coverage in your town, or maybe you just haven't listened to a game in a long time. You get continual analytics in most cases, and statistics that actually mean something. Occasionally, you'll get a fossil like Hawk Harrelson who's just a curmudgeon but even in that case, they teamed him with Steve Stone, who can break down pitch location, OBP, WAR numbers, BABIP, FIP and xFIP.

At least in this town, it's the same for basketball and football, though there haven't been as many advanced statistics developed for those sports. Maybe it's just because Bill James got the ball rolling (sorry) sooner for baseball. But all the announcers are pros and not a single one will give you the kind of obvious nonsense you describe.

Even the hockey coverage in town, whether you're listening to John Weideman and Troy Murry on the radio or Eddie Olczyk on TV, these are guys who will drop numbers on you and give you insights you probably wouldn't have noticed even if you were sitting behind the glass.

Naw man, there hasn't been a "Team X won because they scored more points" in a long while.

We don't need analytics

But people who pay attention to e-Sports and aren't dumb fucks like you might have an interest in analytics. Some people who are interested in video games care about more than whether the female announcer is showing cleavage. One minute you talk about how e-Sports announcers are so great because they give you the "micro" in Starcraft, and then you say you don't need analytics. Do you know what anaylytics are? And did I mention that you're a dumb fuck?

Comment: Re:Type 4 UUIDs (Score 1) 215 215

My concern is how to keep someone between your server and the subscriber's MUA from compromising "possession", or how to establish "possession" the first time.

If you follow the same model with account creation, then you already have possession established. If someone compromises your email account, and knows your user account for this site, and knows your security answers, then yeah, you're borked. But if someone has all of that information already, I'm pretty sure you've been borked for a while and in significantly worse ways than someone having your college transcripts. ;)

I just use a PRNG. If I need it as a GUID, I request 120 random bits and format them as a type 4 UUID. Is that good enough?

"Good enough" is a question that is best answered by the asker. Security isn't a Boolean implementation. You aren't secure or insecure, you are at some level of security across a very wide range. Storing passwords in clear text is vastly more secure than having no authentication on a system at all, but it is vastly less secure than storing a hashed password. And that is vastly less secure than storing a 1-way hashed password. And even that is meaningless if you don't have a secured communication layer, or if you aren't correctly exchanging public/private keys. etc...

Are you trying to keep script kiddies from spamming your content management site with pictures of dicks, or are you trying to keep banking details, SSNs, and credit histories locked up with controlled access via the internet?

With that said, you're likely more on the 'secure' side using a v4 UUID, assuming the rest of your implementation follows the appropriate patterns.

-Rick

Comment: Re:Responses (Score 3) 215 215

[quote]So how do you encrypt this UUID?[/quote]

You don't. It's just a GUID or some other low collision rate hash.

[quote]And what do you send for a password reset?[/quote]

You send them a new UUID in a link. When the link is hit, the UUID resolves back to their account and they are directed to enter a new password, just like a first time user.

The combination of time (the UUID can be time boxed), activity (a successful login nullifies the UUID), and possession (control of the account's registered email address), and if you want to get really wild, knowledge of a security question, creates a scenario where there are no good purely technical solutions for the attacker.

An attacker could, in theory, create a colliding GUID for an account they know the name of (but not password), manually enter the UUID link, and set the new password (assuming there is no security question).

But if an attacker manages to consistently generate colliding GUIDs*, they have accomplished something so monumental that they should be heralded as the second coming of Steve Jobs or something.

(*Assuming the coders didn't decide to come up with their own GUID generation algorithm that is easily reverse engineered and seeded)

-Rick

Comment: Re:Now that was cool! (Score 1) 63 63

your alternative method is inferior as the specific request is tech *skills*, which you find on resumes, people speaking to their merits to get hired

not "tech appearing together on message boards," which indicated a whole host of relationships, relationship by skillset being far down the list

the simple fact is there is no perfect methodology so criticizing the methodology for being imperfect is without merit. and in articulating a yet even more inferior methodology in your latest comment i have to assume you're just arguing for the sake of arguing, you're barely trying, you're not serious, and so this useless thread is over

 

Comment: Re:Now that was cool! (Score 1) 63 63

are you saying there exists some implementation that analyzes every resume in existence perfectly? it's "incomplete" in the sense that any such effort is incomplete and imperfect by nature of the problem. your criticism is invalid, you don't understand the task if you expect completeness is possible

Comment: Re:Now that was cool! (Score 2) 63 63

it's just analyzing the appearance of words in listed skills

actual database pros would not put "database" as an enumerated skill

maybe the kind of person who lists "windows" "internet explorer" and "microsoft word" as tech skills would, but such people would not show up in the data set analyzed here: resumes from serious professionals working in the tech sector

so it makes sense "database" would only be a tiny little distant circle

Comment: Re:Iran is not trying to save money (Score 1) 357 357

hitler liked dogs and thought highly of investing in highway infrastructure

people can be the epitome of evil and still be right about something. your "thinking" on this topic is basically the same as saying you hate dogs because hitler liked them

yes, the right screams about iran's bomb program. that doesn't mean the right is suddenly correct about everything, they are warmongering douchebags. however, they are actually correct *in this one instance* about the fucking bomb program

it also doesn't mean we should go to war. "i agree with the right that iran has a bomb program therefore i have to do exactly what the right says we should do about that" does not actually logically follow genius. but most importantly, it doesn't mean the nuclear program magically does not exist just because neocons are poopyheads and we don't like warmongering neocons

believing iraq has a nuclear program because some iraqi went to niger once and niger had yellowcake is *exactly* as fucking stupid as believing iran does not have a bomb program because we don't like donald rumsfeld: a ridiculous erroneous connection for a stupid prejudicial reason

so: congratulations: you are what you hate. your "thinking" is the same quality as warmongering and propagandized american idiots. intelligence is not doing the opposite of who you hate. that's just the same idiocies in reverse. intelligence is about actually being fucking perceptive and observing reality, actual reality. guided by facts nor prejudices. which means every once in a while *gasp* you and your ideological foes agree on the observation before you. and it doesn't logically follow that you agree with them about what to do about it, right genius? you deny what they want to do about reality, you don't deny reality!

seriously, you are a fucking idiot on this topic. you are to me exactly the same kind of loser as the idiots who thought iraq had a nuclear program. you believe something obviously not real because of who you like/ dislike prejudicially who says the lie. fucking moronic

Comment: Re:What's the next project? (Score 1) 45 45

there's identifying and knowing your weaknesses, planning for them, and failing over swiftly and gracefully

then there's not doing a damn thing about the weaknesses, and using the same damn set up forever

also, we're not talking about exchanging product keys for cracked software. we're talking about a system used in a wold war where thousands of lives and the prestige of nations depended upon a good implementation plan

Comment: Re:Environmentalists will cause the next nuclear a (Score 3, Interesting) 121 121

Every time nuclear power comes up someone blames environmentalists for the industry's problems -- in this case before the problems have manifested. It's an article of faith.

So far as I can see there's only ever been one plant in the US that's ever been cancelled for environmental concerns is the proposed plant at Bodega Harbor, which as you can see on the map would have been right on top of the San Andreas fault. In every other case projects have been shut down after serious miscalculations in the industry's economic forecasting (e.g. lower energy prices in the 80s than anticipated in the 70s), often exacerbated by poor project management performance. In those cases environmentalists were just a convenient scapegoat for management screw-ups.

You can see that because after the very largest anti-nuclear protests in history -- against Seabrook in NH and Diablo Canyon -- the plants were built and put into operation anyway. If a company had a plant under construction that it could make money operating, that plant would get built, even if thirty thousand people turned out to protest.

Comment: Re:Wrong about automation and profit (Score 3, Insightful) 121 121

The article carries echoes of the "profit is evil and government is good" mantra so popular lately.

that's a false dichotomy that only appeals to a simpleton

profit taking cannot occur without the stability and security established by government. likewise, government cannot exist without tapping into the profits it makes possible. government without the individual pursuit of capital is hell. and the social darwinistic pursuit of capital be damned the externalities is a simply another flavor of hell

it's just ignorance to imagine that capitalism and government are enemies. one does not exist without the other

You can do this in a number of ways. IBM chose to do all of them. Why do you find that funny? -- D. Taylor, Computer Science 350

Working...