Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment a cynical take (Score 4, Funny) 86

...allow me to plug my own banal "checkin" service, based on things "most people do"...

FourGoHookupPlaces: for telling your friends when and who you procreate with! BONUS: use your iphone's built-in accelerometer to compute your "performance", and try to best your friends! Become the virtual "mayor" of PEOPLE! Make lovemaking an ONLINE social game!

Security

Submission + - Gaming foursquare with 9 lines of Perl (uic.edu)

caffeinemessiah writes: With the recent launch of Facebook Places, the rise to prominence of Foursquare and GoWalla, and articles in the New York Times about the increasing popularity of "checking in" to locations using GPS-enabled mobile phones, a number of businesses are wondering how to reward frequent patrons. But exactly how susceptible are these "location based services" to being abused? A researcher at the University of Illinois at Chicago shows how easily Foursquare can be gamed in 9 Perl statements, and invites readers to submit more succinct versions of the code to game the system.

Comment Re:Hypocrisy Isn't Free (Score -1, Troll) 671

Last I heard, American soldiers were supposed to be fighting to preserve a way of life, a way which includes freedom of expression.

Except this has absolutely nothing to do with freedom, but rather good taste and a little sensitivity towards their target market (unless they're planning on selling this game in Afghanistan).

Comment Re:Hill Climbing (Score 5, Insightful) 64

It just sounds like the classic hill climbing algorithm to me.

That's because it's very similar -- with a massive stochastic component. It might be effective at routing, but I image leaving "pheromone traces" over network routes to indicate quality (latency, bandwidth, whatever) is something that will make sure security researchers have jobs for a long, long time.

Comment Re:The great tradeoff (Score 2, Insightful) 115

So, now, if I get all the people I want to call on Facebook and get them to use this app, then we can call each other be buying the $10-15/mo unlimited data plan and buying 0 min/mo. Heck, it's a lot cheaper.

Which is precisely why you can't buy a plan that has no voice and only data. The ultra-cheap $15 data plan is in addition to the clusterf**k that is your monthly base price, plus the tons of fees added. Sure, you can get a broadband card, but try sticking one of those things in your shiny new iphone. Every phone operator, pretty much the world over, is a thieving a-hole.

Comment Re:researchers? (Score 1) 101

He's more of an operating systems/networking kind of guy. This just seems like fluff research to keep the department chair happy while he actually does his teaching and "real" research. Academia has this tendency to prioritize quality over quantity, and I think this provides an example of the pressures even good profs feel from the top re: publishing.

That's a very generous assessment. Obviously, I don't know the guy, but another possible hypothesis is that he's made the oft-repeated mistake of an expert outside his own field, who thinks he's also good enough to be an expert in another field. Academia is chock full of this -- having a good publishing record in one field tends to inflate one's ego, and can frequently lead to moronic research in even a closely related field.

I'm thinking of you, "obesity spreads through a social network" guy, who is actually a political scientist.

Comment Re:Is that a joke? (Score 1) 191

Passphrases are not harder to brute force. In general if you have 26 random characters its hard to brute force.

Passphrases encourage the use of numbers, capitalization, longer passwords, and punctuation. If the common password is all lowercase letters and maybe digits, your looking at a search space of (26+10)^k for a password of length k. If you throw in the 30 or so punctuation marks, and capitalization, the search space is (26+26+30)^k for the same length of password.

Given that so many people use lowercase+digits passwords, I'd be inclined to think that anyone brute-forcing a bunch of passwords would stick to the (26+10)^k search space, and therefore leave yours uncrackable. If they're just going after yours though, all bets are off, but then you should probably be using some uber-fancy authentication scheme anyway.

Comment Re:Use passphrases (Score 1) 191

That's an even worse solution. Do you really think end users are going to be willing to type a 200 letter phrase in instead? We use passwords for a reason- its as much as most people are willing to type before becoming annoyed.

You, sir, have outdone yourself, even for slashdot standards. A passphrase is NOT "a phrase as a password", but rather a phrase as a mnemonic for your password.

Example:

Passphrase: 100 quick clicked commentors barely read Slashdot each day!
Password: 100qccbrSed!

I'll leave it to you to figure the magic out.

Comment Re:Good (Score 1) 277

big trend of people with relatively crappy ML research gussying it up with some sexy applications (usually bio-related) and then publishing it in a general-readership science journal

Mark Newman! PNAS! The list goes on...generally seem to be people from field X trying to stuff from field Y (where Y is often ML/statistics/algorithms, and X != math or CS).

Comment Re:Why not (Score 4, Insightful) 520

However, I am concerned that putting developers around a table could potentially be distracting consequently diminishing productivity by increasing coding errors.

I agree with parent, and have you considered that developers whose code quality is affected by seating arrangements relative to other developers might not be...um, the best developers? Otherwise, I'd say you might be overthinking the issue.

Comment Re:Uh, no (Score 3, Insightful) 104

Great, so they want to redesign the Internet because people don't want to learn how to identify a phishing site and can't understand that giving your account numbers to unverifiable strangers is a bad idea?

Oh please, I think Sony put an end to the delusion that only grandmas and morons are susceptible to phishing or malware. Allow me to give you an example which most people here won't be able to do detect instantaneously: zero-day exploit in Flash + rootkit + trojan. I run a tight ship like the next nerd, but my AV software still flags trojans that somehow make it onto my system from time to time, and those are only the ones that it CAN detect.

And yes, there are zealots who will undoubtedly say things like "Flash is for suckers" or "what do you expect with Windows?", but these people should consider the fact that (a) not everyone lives in caves, and (b) some people just have more important things to worry about, like losing their homes.

Comment Re:and again.... (Score 3, Insightful) 200

One of the company's key areas of expertise are in "data mining technologies". Do you really *think* they're THAT concerned with your security, given the situation?

Look, we as nerds must STOP treating "data mining" like an epithet, or at least a scarlet letter on one's resume. The term has been abused by the popular media in connection with the NSA's wiretapping, but people tend to overlook the fact that "data mining" is just a bunch of algorithms to find statistical patterns in different kinds of data. When it's referred to as "exploratory data analysis", no one seems to mind. When it's referred to as simply "applied statistics", no one seems to mind. Read the statement by ACM's data mining special interest group, SIGKDD.

That said, I completely agree with you -- of course Facebook is interested in mining the social graph and f***ing it for all its worth. They're a for-profit company whose only asset is detailed information about people and their interactions. Why is anyone shocked that they don't want to make the world a better place, and would rather become very rich instead off their only asset. For a capitalist country, a lot of nerds in the US seem to have rose-colored glasses on.

Slashdot Top Deals

Bus error -- driver executed.

Working...