Follow Slashdot stories on Twitter


Forgot your password?

Comment Article and post define "sign up" very differently (Score 1) 151

The original posting talks about "signing up" in the general context of creating an account on a site.

The article, however, seems pretty clear in talking about "signing" up to receive emails. (And very clearly puts forward that "no option == spam")

Looking at the two modes of failure for a user receiving emails you can have:
- False positives: user starts receiving email, but doesn't want it
- False negatives: user doesn't get any email, but does want it

The main debate in the original article boils down to:
- Single opt-in results in fewer false negatives, but more false positives
- Double opt-in results in fewer false positives, but more false negatives

At which point the question is one of whether it's better to optimize for fewer false positives or fewer false negatives.

In the context of the original article, if someone is signing up to receive emails, both of the following situations will lead to the original user not receiving the emails that they requested:
- If they misspell their address and the email goes to someone else
- If they enter a different address purposefully and it goes to someone else

For the user signing up for messages, the opt-in message isn't something they specifically wanted -- it's a barrier that prevents them from getting what they wanted (as such, a double opt-in request could be seen as a false positive). For someone whose email was entered in a form by someone else, any message they receive may be seen as a false positive (including a double opt-in request).

Comment No need to keep track of a "list" (Score 1) 140

I'd considered this sort of thing a while back -- there's really no need to use a set list of passwords.

Assuming that the passwords are being hashed, you can have a lookup table where you store:
(Password hash) + (Current # of accounts using that hash)

By setting a threshold for the ratio of (Current # of accounts using a hash) to (Total # of accounts), you can reasonably control the average entropy of passwords in the system.

For example, if you have 100,000 users in a system and set a threshold of 2%, the system would stop allowing anyone else to use that password.

Would be an interesting experiment to see what ratio comes up with the best balance between being secure vs. being too annoying to users.

The big downside of that type of dynamic system is that for low numbers of users, it may become easier to brute force which passwords are in use by iterating through the "change password" process. (Setting a limit on how many times an account can change their password in a given day would help slightly, but might not do much to stop a distributed attack)

In the case of Hotmail (or any other large provider), they're already starting with a large data set, so they'd be able to avoid that issue.

Comment Re:Cui bono? (Score 2) 412

Well, something tells me this is in response to legal activity. There are surely going to be new laws, probably not ones specifically in response to hacking activity, but others that allow various governments all sorts of access to records to track down hackers.

The idealist in me wants to believe that we could also get more laws passed holding corporations more accountable for lax security.

Comment Content Management (Score 4, Insightful) 545

If you look at the solutions for "editing" sites that scale, ultimately you'll find that what you're really looking for isn't a better visual editor, but rather a content management platform.

WordPress has a pretty decent track record for longevity, but there are plenty of other options out there as well.

Comment Too bad Safari still crashes (Score 1) 346

Put it on an ipad hoping that it would fix the crashing issues with Safari & the search in page feature... nope, still crashes!

Amazingly easy to reproduce, too... just open a page with a large amount of text (i.e. a 500KB faq from gamefaqs), enter text in the search bar, click find in page, safari crashes after a slight delay.

Comment Box office data shows PG R for profit (Score 2) 316

Looking at some data for box office revenues, it looks like PG movies are actually the most profitable segment of the market.

Most years in recent history show a ratio of 1 PG-rated movie being released to every R-rated movie, yet the percentages of total gross have remained close to one another in recent history:

Comment Alternative Calculation in some states (Score 1) 377

Here in Michigan (and presumably elsewhere as well), there's an alternative calculation for "use tax" that you can enter in that's based on your income.

Since you're only obligated to pay the lesser of the two amounts, if you order a large amount online it's often in your best interest to just go with the calculation and forget about trying to keep track of purchases.

(In most years, I think I've wound up paying $50-60 or so with the default amount.)

Slashdot Top Deals

The solution of this problem is trivial and is left as an exercise for the reader.