Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Missing the point? (Score 5, Interesting) 171

He's missing the point. Everyone knows that the post office handles all your mail, but it's still not allowed to tell the police what you're receiving without a warrant. The existence of a record does not imply the availability of that record to law enforcement or the government.

Comment Re:Obligatory (Score 1) 172

Not knowing the likelihoods is not the same as claiming that the likelihoods are equal.

If you present me with a biased coin that you've made, I don't know whether when we toss it, it is more likely to come up heads, or more likely to come up tails. Pointing that out doesn't mean that I think they're both equally likely, just that I have no way of knowing at this stage which is more likely. Notable points:

1. There is a correct answer.
2. You know what it is.
3. I don't know what it is.
4. I don't believe that they're equally likely, but I can't tell which is more likely.

Submission + - New HTTPS Bicycle Attack Reveals Details About Passwords From Encrypted Traffic (softpedia.com)

campuscodi writes: Dutch security researcher Guido Vranken has published a paper [PDF] in which he details a new attack on TLS/SSL-encrypted traffic, one that can potentially allow attackers to extract some information from HTTPS data streams. Attackers could extract the length of a password from TLS packets, and then use this information to simplify brute-force attacks. The new HTTPS Bicycle Attack can also be used retroactively on HTTPS traffic logged several years ago. Hello NSA!

Comment Re: so.... Firefox OS? (Score 4, Insightful) 225

But similarly, you haven't heard the average person talking about wanting native apps either.

Developers and tech bloggers haven't realised that they need to balance conflicting desires (universal availability and version uniformity vs offline access and access to local hardware/services/data) which would induce preferences either way. What you are seeing is the tech community noticing the features they are missing, building them, and throwing away the features they already have in the process, then repeating again in the other direction.

The average person has no idea about any of this, and doesn't care as long as they can still send selfies and cat emojis to their friends. If a native app allows them to do it, they will use that; if a web app does, then that's where they will go. As long as they can click an icon and send the picture, it's good enough for them.

Comment Re:use parameterized statements you moron (Score 1) 66

What is the difference between "business rules that need to be validated and checked" and "sanitize your inputs"?

(Hint: "this field should not contain semicolons" is just as much a sanity check/validation as "this field contains a latitude entry and thus should be between -90 and 90".)

Comment Re:use parameterized statements you moron (Score 2) 66

Who said anything about databases?

You need to sanitize the inputs before you:

  • Send them back to the user in html.
  • Pass them off to another program
  • Send them to your bank or credit card processor
  • Print them onto the worklist for the staff in the factory
  • Send the coordinates to the missile guidance system

I don't care about your fucking database and your fucking parametrized statements, you still need to verify that your inputs are sane.

Slashdot Top Deals

If it happens once, it's a bug. If it happens twice, it's a feature. If it happens more than twice, it's a design philosophy.