Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Re:Use a password manager (Score 1) 38

Although there are various free ones out there, I went and bought 1password. It runs on Windows, OSX, iOS and Android.

1Password is nice if you don't mind paying separately for each platform you want to run it on. I used it a long time ago but dropped it when they started this. There are too many other options out there, both free and commercial, that support multiple platforms for a single fee.

Comment Re:It is a tool to hack, you idiot (Score 1) 179

It doesn't have to be pretty or work well, it just has to breach the target system.

Sure, if you're using the "blast down the front door and storm through shooting" approach. On the other hand if you want to be a bit more subtle then your code needs to be tight and unobtrusive. The best attack is one that the defender never even knows about until it's far too late.

Comment Re:any proxy sales soar (Score 1) 271

So, downloading a film not only cost the distributors money (putting arguments over whether the downloader would have otherwise paid for it aside) - but also the government, which lost out on what would have been a taxable sale. So if you live in Pennsylvania, downloading a copy of "Batman vs. Superman" is not only is a lost sale, but you are evading paying any taxes due on the now-lost purchase. In other words: even though you downloaded it for "free", it does have a dollar value attached to it. So, to the government, you owe taxes on that download.

Didn't the FBI get Dillinger the same way?

Comment Re:They don't make disasters like they used to (Score 1) 675

EMV is the half of the new system that gets the news coverage, but the other half, point-to-point encryption, is more important. The transaction gets encrypted in the credit card pad, and the merchant never sees the card information. So if you break into their network, there's nothing there to steal.

How does the merchant do settlement at the end of the day or representments without that information? Are you maybe thinking about tokenization, where the merchant is given a token by the processor to store in place of the card number? The token is then used for followup transactions.

Comment Re:Oh please. (Score 1) 675

I used to work for a credit card processor and had to test the systems for grocery stores with 20 or so lanes before they were installed. One of the things I was watching for was slow performance (way back in the day of X.25 links. Get offa my lawn. ;) ), so I still pick that up regardless of the swipe versus insert dichotomy.

So what you're saying is that you don't know anything about how the EMV protocol works or how modern POS systems communicate with their processors and from there to the issuer, but you're going to toss out your $0.02USD anyway. Kinda like the guy telling the Tesla owner that his car isn't as fast as it could be. He knows because he worked on Model Ts back in the day and he can just tell that the Tesla just the wrong size jets installed in the carburetor.

Comment The Proper Response? (Score 1) 254

The proper response is of course the same as the one given in the case of Arkell v. Pressdram:

Dear Sirs,

We acknowledge your letter of 29th April referring to Mr. J. Arkell.

We note that Mr Arkell's attitude to damages will be governed by the nature of our reply and would therefore be grateful if you would inform us what his attitude to damages would be, were he to learn that the nature of our reply is as follows: fuck off.


Private Eye

Comment Crap Headline and Summary (Score 1) 43

Vine's Source Code Was Accidentally Made Public For Five Minutes


Twitter's bounty program paid out - US$10,080 - and the problem was fixed in March (within five minutes of him demonstrating the issue).

Who knows how long the docker container was actually available to the public.

had its source code made publicly available by a bounty-hunter

Where did that come from? I saw nothing in the article or the blog post that said the "bounty hunter" made the source code available to anyone.

Comment Re:Translation: (Score 3, Informative) 99

No they haven't, read the description of their implementation.

No thanks, I would rather read their actual implementation (ie open source). The only way you can even begin to trust such a communications system is if it is open source and you can build the client from the provided source. Insert oblig reference to Ken Thompson's "Reflections on Trusting Trust" here. At any rate, the description of the implementation is not the implementation itself.

Slashdot Top Deals

There is never time to do it right, but always time to do it over.