Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:set -o nounset (Score 1) 329

by un1xl0ser (#48834467) Attached to: Steam For Linux Bug Wipes Out All of a User's Files


While others have noted that the asterisk circumvents appropriate use of globbing, there are really three fixes.

1. Defensively check the setting of the variable and presence of the directory to print reasonable error messages.
2. Use 'set -u' or 'set -o nounset' to avoid any unset variables.
3. Do not include the unnecessary astersisk to avoid globbing and fall back on modern operating system safe defaults when a bare / is specified.

I only include #1 because when using set -e and set -u as recommended by Pashley (among others), you should probably handle the things explicitly and gracefully for something to be run by an end user.

Comment: Re:I don't think I get it... (Score 2, Interesting) 549

by un1xl0ser (#30040434) Attached to: Murdoch To Explore Blocking Google Searches

I think they are trying to separate themselves to state that if you want the news, come to us and do it properly.

Riiighhht. When I want news done properly, I'll PAY FoxNews to do it properly. Just think about that for a second. The only reason anyone should be remotely concerned about this is because he now controls the WSJ.

Have you ever searched for some information, and Google gave a hit where the surrounding text of the query already answers your question? And then not clicked the website?

No, not for news. Try searching for "2009 election results" or "apple earnings 2009" and see if you can make sense of it (although "who beat rihanna" actually kind of worked). Nobody can use that crap. Even Google News doesn't provide usable news in their largest digest. charging would be fun to watch, glad to see them go first.

Comment: Re:Masking passwords doesn't do much (Score 1) 849

by un1xl0ser (#28474703) Attached to: Nielsen Recommends Not Masking Passwords

Do you think that more people record passwords via CCTV cameras and RF, or shoulder surfing? Now what happens to that number when you remove masking?

Does masking help, yes. Is it fool-proof security, no. It is a layer, and a decent one at that. The biggest issue is that it does reveal length, which really is way too much. No echo is better.

Comment: Re:Um, here's a thought. (Score 1) 849

by un1xl0ser (#28474613) Attached to: Nielsen Recommends Not Masking Passwords

Howzabout we make it optional, so people can decide for themselves?

If we let lusers decide for themselves, they would choose weak passwords, write them down on post-it notes and stick them to their screens, take out full-page adds in the New York Times with them in 256 pt Arial.

Seriously, end users don't understand security. Maybe it can be an advanced setting. ;-)

Comment: Re:hunter2 (Score 1) 849

by un1xl0ser (#28474525) Attached to: Nielsen Recommends Not Masking Passwords

Good security involves locking out the user after a certain number of attempts in order to stop a "dictionary attack". I just had to reset a users PW twice this afternoon because she locked herself out of her account. Sure, it's extra hassle but the security is worth it.

Unchecked, and with low thresholds, this can make it easy for a malicious person to deny service to valid users. Blocking requests from that particular IP address is a far safer option. Introducing long delays before authentication can be attempted again could also be used.

If you think that you are adding to security by locking out users that types the password in 5 times, 10 times, or maybe even 100 times, you are fooling yourself. If you require strong passwords (e.g. 3 classes, at least 8 characters), there is no way anyone is going to do an online dictionary attempt with that few amount of tries.

Sigmund Freud is alleged to have said that in the last analysis the entire field of psychology may reduce to biological electrochemistry.