Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re: What's the big problem? (Score 1) 352

Could have been part of their in store security or just some bs story he made up. That is why I included how I was told. I have no insight into it other than what he said. The only card readers i have experience with are connected to computers and you sign a printed receipt not a screen or pad. The option to do that was available but most credit cards were put in an online reservation system and you had to sign a rental agreement at check in that allowed them t to charge ffor damages discovered after checkout so the paper was already wasted.

Comment IAB Creative Guidelines (Score 1) 109

Two of them are easy. "Encrypted" means served through HTTPS. "Ad choice supported" means supporting the YourAdChoices control to turn interest-based ad delivery on and off.

The other two are a bit more vague, but Google iab non-invasive ads returns IAB Tech Lab Solutions with a bit more explanation. "Light" means a maximum data size, as specified in IAB Creative Guidelines. "Non-invasive" means that ads do not cover the body of the article, and ads other than an interstitial before a video body do not automatically play audio.

Comment Re:Ad blocker blocker blocker? Eat DMCA. (Score 1) 109

Present adtech delivers the text of an article through the initial HTML document and advertisements through scripts loaded asynchronously. This means the text of the article is available to the user before the style sheet, images, ad delivery scripts, and the like. A full implementation of access control would encrypt everything in the article below the abstract or lead section so that cleartext isn't available until the ad delivery script has run.

Or should I shut up and not give publishers any ideas?

Comment Depends on extent of regulation (Score 1) 109

Banks I'll grant. They're unusual in that financial industry regulations mean they have the most to lose if a script is found to be unsafe. Healthcare sites are up there as well because of HIPAA (or foreign counterparts).

For sites in less regulated industries, how should a user go about finding whether a site's scripts are safe to add to the user's whitelist?

Comment Re:Computer security is really, really hard (Score 1) 24

Real computer security is impossible.

We can do much, much, much better than we are doing now.
There is no reason that our lower-level systems (at least) can't be secure. You write them once (in the djb style), then don't change them, because they don't need to change.

The problem now is that there is very little motivation for programmers to even care about security. You can't see it, and no manager ever asks at a sprint, "is the code you wrote secure?"

Comment Re:What's the big problem? (Score 1) 352

Someone told me that it wasn't the signature that was important, somewhere there is a camera that grabs a picture at some point in the signature process and signing is more or less supposed to ensure you are in a position to be captured by the camera.

I don't know if it is in the card reader itself or somewhere near the register or if it was unique to this one retailer where I was told. I had kids shut a car door on my writing hand and couldn't move my first three fingers for a couple days so I was signing off hand and it looked nothing like a real signature. I just made a squiggly line once and it accepted it then made a comment about it. The clerk who was also a manager at the place told me about the photo thing. He could have just been blowing smoke too but wasn't too concerned. It might be because I'm there regularly on my way to work too.

Slashdot Top Deals

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (5) All right, who's the wiseguy who stuck this trigraph stuff in here?

Working...