Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Comment Re:Scripts that interact with passwords fields aws (Score 1) 365

n00bs, eh? I've been in the software business for almost 40 years, you young whippersnapper.

I suggest you study texts on encryption, and maybe read the technical details of how a good cloud-based password manager like LastPass actually works. https://lastpass.com/whylastpa... https://lastpass.com/support.p...

Your super-whiz-bang method still requires a password, it seems. Without a password manager, users will still need to remember their password and many will either reuse passwords from other sites or choose simple ones. The image/caption thing you talk about is often used as an anti-phishing technique, but that's not authentication. If you're requiring the user to choose from among multiple pictures or captions, then that's effectively another one or two passwords. Yes, it will make it harder to attack YOUR site through the web interface, but doesn't itself strengthen protection of the users' passwords.

The goal for password managers is not to protect individual sites, it's to protect the users against their own misuse of passwords and reducing the risk when some site (not yours, hopefully) gets hacked and has their password database stolen. (How do you hash the passwords for your sites? Still using MD5?)

Comment Re:Scripts that interact with passwords fields aws (Score 2, Insightful) 365

Obviously you have limited experience or familiarity with password managers. LastPass, among others, keeps your encrypted passwords "in the cloud", so that they are accessible even if your local disk "takes a dump". For LastPass, there's also a local copy of the encrypted database, and yes, I do have backups. (If you don't have backups, you have a lot more problems than losing passwords.)

Image/phrase/password verification is hardly "better" (better than what?). How many of those can you remember? If you can come up with an authentication scheme better than passwords that you can get every online service to use, then please let us know. The reality is that passwords are what we use today and password managers make them easier to use in a more secure fashion, so that one has a different, strong password for every login. Two-factor authentication is also very helpful (and I enable that where supported.)

Currently the biggest weakness of passwords, other than most people using them poorly, is sites that store passwords insecurely. This, combined with the tendency of those NOT using password managers to reuse passwords, is what leads to the majority of account hacking.

Comment Re:Scripts that interact with passwords fields aws (Score 5, Interesting) 365

LastPass is no more proprietary than KeePass. The JavaScript implementation is visible. And while their server was hacked, the thieves got nothing of value since the contents of your "vault" never leave your computer unencrypted and LastPass doesn't have the key.

I agree with the article - blocking password managers lowers security.

Comment Re:The VMS Common Language Environment (Score 1) 484

Free advice is worth every cent, Steve. Wasn't that you?

Yup.

I should also have mentioned that the common language environment meant that mixed-language applications were far easier than on most other operating systems. How about mixing BASIC, RPG II, Pascal, Fortran and Ada? Easy.

Comment The VMS Common Language Environment (Score 1) 484

I'll admit that I am biased, as a former VMS developer for DEC, but in my opinion VMS did one thing right from the start that I have not seen any other OS duplicate before or since - the Common Language Environment. VMS defined a common calling and exception handling standard that was used by all of the 20+ programming languages supported on VMS. The system services and the common run-time library were usable from all of the languages. Yes, many of the languages needed extensions to support things such as "pass by descriptor", but it was done in a consistent fashion. There was also a naming standard that separated system and user namespaces to avoid namespace collisions. This was all documented in the standard VMS manuals and was designed to be extended as needed.

This also meant that pretty much all of the system library routines were language-independent and there were large collections of these that could be called from most languages. For a long time, Windows had something close to this with the Windows API, but in recent years it's been shifting to C++ class libraries that shut out other languages.

Comment So this is what is behind "Aurora" (Score 3, Interesting) 228

I just finished reading an ARC (Advanced Reader Copy) of Robinson's latest novel "Aurora", not yet published, which is about a generation starship sent out to colonize a planet orbiting Tau Ceti. Mild spoiler - the colonists find it's much harder than anyone anticipated. I found it a bit of an odd take given Robinson's Mars trilogy (to be honest, I made it to about a third of the way through Blue Mars and gave up) which seemed far more optimistic. Now I know why. Unfortunately, pessimism doesn't sell as well as optimism, so I don't have great hopes for commercial success of Aurora. Oh, and if you weren't transfixed by Red/Green/Blue Mars, you probably won't care for Aurora either.

Comment Re:someone explain for the ignorant (Score 3, Interesting) 449

Yes, in fact they can, and this has happened in Europe. One problem with C&P is the "offline PIN" mode which doesn't exchange data with the bank. In the UK, at least, the consumer is liable for any fraud with a C&P card as it is assumed that if the PIN was entered correctly it was by the cardholder. In the US, all the card issuers assume liability for fraud, no matter what, so there is less incentive to require a PIN.

The article you linked to is informative, but as the US transitions to EMV, it will become harder for thieves to use magstripe cards.

As I noted earlier, the biggest benefit of EMV, with or without PIN, is that merchants and payment processors aren't holding on to vast quantities of card numbers, and card skimming becomes far more difficult.

Comment Re:someone explain for the ignorant (Score 4, Informative) 449

Chip yes, PIN, no. In the US, "Chip-and-signature" is what we get, with extremely rare exceptions. It is more secure than the magstripe to stop massive hacks such as Home Depot and Target, but does nothing to stop stolen card fraud. Note that if your card does not support chip-and-PIN (it can support it even if it's not the default, but US banks aren't doing this), then you can't use the card at many automated kiosks (train stations, etc.) outside the US.

I disagree with the summary that contactless goes along with the chip - it doesn't. There are some banks offering contactless payment cards, but this is not common right now.

Comment Re:Use FairPoint, avoid Comcast (Score 1) 214

I agree 100% with Okian Warrior here - I'd do without rather than buy service from Comcast. I have the FairPoint fiber service that used to be FiOS and it works well, but if it's not already run on your street you'll never get it. For TV go satellite - I use DirecTV.

One, hopefully temporary, hitch is that Fairpoint workers have been on strike for several weeks, slowing down installs and repairs.

Really, FairPoint nowadays isn't a bad company to do business with. They're focused on staying in business and aren't interested in meddling with your Internet content.

Comment Been there, done that (Score 5, Informative) 214

This is not new for Verizon at all - they have been shedding their landline and FiOS business for years. Back in 2007 they abandoned Maine, New Hampshire and Vermont, selling off the business to FairPoint Communications, a tiny North Carolina company that struggled for years to overcome billing system issues. FairPoint announced then that they would not be expanding the fiber Internet service (FiOS TV never got started here) and the service has been static since then. (On the positive side, my bill hasn't increased since 2007!)

Even in Massachusetts, where Verizon still operates FiOS TV, they announced a couple of years back that they would not expand service to more areas. This tripe about Net Neutrality is just a convenient smokescreen for what they've been planning all along.

Comment Re:I am a spamcop user and didn't get that e-mail. (Score 1) 44

I am also a SpamCop user - have three accounts with them. All three got the email. You are quite correct that there's nothing on the web site, but this doesn't astonish me as the email service has been running on autopilot for a few years now. Note that the blocklist and reporting system are now owned by Cisco, but the email service was not part of the purchase and has been increasingly unreliable. There is discussion on the SpamCop user forum at http://forum.spamcop.net/forum...

I moved my main personal account to Gmail quite a while ago. The other two accounts will also move to Gmail. It was nice while it lasted.

Comment Yet another bogus theory, in my opinion (Score 5, Interesting) 72

My son contracted Kawasaki Disease in 1987 when he was 4. It was a terrifying experience as the doctors could not explain what was causing his symptoms, including a fever of 104. The poor kid underwent spinal taps and more. Eventually he was transferred to Boston Floating Hospital for Children where they concluded he had Kawasaki. There was no test for it - it's one of those "process of elimination" diagnoses and not all who have KD have all of the symptoms. At that time, there was no known cure but my son was enrolled in a random trial of gamma globulin infusion and, thankfully, the dosage he was assigned turned out to be the one that worked the best. He recovered and tests showed no lasting heart damage.

At the time, there were many wild theories as to what caused it. One of the more prevalent notions was that it was triggered by carpet cleaning chemicals, since debunked. This paper smacks to me of "correlation does not equal causation". I'm especially dubious about the supposed geographic origins given that incidents, while clustered around metropolitan areas, were not confined to the west US coast (we live in New Hampshire.)

Over the years I have read many articles and research papers about Kawasaki Disease. I don't think we're any closer to an explanation than we were in 1987.

Adding manpower to a late software project makes it later. -- F. Brooks, "The Mythical Man-Month"

Working...