Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:bwahahahaha (Score 1) 122

finally musk has lost all his marbles.

Not really. This is nothing new. Elon doesn't have a filter between his brain and his mouth. He thinks out loud. He spews a constant stream of idea and opinions. But he has made enough of his crazy ideas actually work that it would be foolish to dismiss anything he says.

Comment Re:Let's Get One Thing Fixed... (Score 0) 122

Fair enough. But I don't think we want to adopt their policy of facing a firing squad for failure.

There is no evidence whatsoever that NK has done that. That is just Western propaganda. They have deliberately chosen a "fail fast" strategy, and that doesn't work if you shoot your best engineers. Sure, Kim shoots people for political disloyalty, but that is an entirely different thing.

Comment Re:Let's Get One Thing Fixed... (Score 4, Interesting) 122

Let's try to solve the exploding rocket issue first before we start sending people to Mars, kk, Elon?

That is not the best strategy. It is better to push forward, take risks, and fail fast. You learn more from your failures than from your successes.

Look at North Korea, a poor impoverished country that has made huge strides by developing in fast cycles without worrying too much about failures. Their first rockets either blew up on the launch pad or shortly after liftoff. The world laughed. Yet they were ready to try again just a month or two later. That one blew up too, but it went further. Now, a few years later, they can put satellites in orbit, and they will soon have the technology for ICBMs that can reach North America. Nobody is laughing anymore.

Comment Re:i.e. I think I can ignore the law if I want to (Score 3, Insightful) 92

The law bans active jamming of Wifi signals. That is not what Hofstra did. They just made a policy announcement. That is not the same thing at all.

Should it be illegal for movie theaters to have cellphone bans? How is this different?

Comment Re:What selfish bastards (Score 1) 166

So, the baby is an immigrant to where?

No, the baby is not an immigrant. I was making a joke. The GPP's suggestion that families desiring healthy children should instead just support a more permissive immigration policy is so patently absurd that I didn't think it deserved a serious answer.

30 year old woman to boyfriend: I want to get married and have a baby.
Boyfriend: Sure, we could do that ... or we could just make a campaign contribution to Angela Merkel.
Woman: Okay, that would be fine, the end result is the same per capita GDP, and that's all that matters.

Comment Re:Scan your signature (Score 1) 197

This is why I keep a transparent-background PNG file with my signature around. Easily inserted into a LyX document and no one on the other end of the fax call can tell the difference.

That is what I meant by "e-sign". They rejected it. They could tell because there were several pages requiring signatures, and they were all exactly the same. They can also tell by the size/speed of the transfer. If only the sig is a scanned image the transfer will be much smaller than if the whole page is rasterized.

As much as hospitals charge, do you seriously believe that they aren't staffed up enough to detect fax cheaters?

Comment Re:Just don't buy HP (Score 4, Interesting) 197

What is this "printer" thing you people speak of?

If you deal with governments, lawyers, or doctors, you still need to print stuff on paper. I emailed a form to my local hospital, and they called and said I had to fax it. So I "e-signed" it, and sent it with my fax card. They called again and said that they could not accept e-signatures, so I had to print it out, sign it with real physical ink, scan it back in, and then fax the image. That was two months ago, and I haven't used my printer since.

Comment Re:Or they could have just adopted (Score 2) 166

Hardly fair to call the baby malicious names even if you disapprove of this medical technique.

The same thing happened back in 1978, when Louise Brown was born. Today everyone accepts IVF as routine. This time will be the same: The first baby is on the front page, the 2nd baby is mentioned on page 6, and the 3rd baby is ignored.

Comment Re:Something deeper.. (Score 4, Interesting) 414

Palantir is located across the street from Stanford University. There are plenty of extremely well qualified Asians in Palo Alto. Palantir has a "boys club" culture, and tends to hire by referrals. I don't think they intentionally set out to avoid hiring Asians, it is just their hiring practices are biased toward white guys recommended by white guys.

Comment Re:It's a pity... (Score 1) 126

And how, please tell us, are you supposed to do that login without sending the salted hash?

And how, please tells us, would it be better, in any way, to send the plaintext password instead?

Push some code to the client? Not smart at all.

The entire web is based on servers sending stuff to clients. How is sending code over HTTPS any less secure than sending plaintext passwords?

Comment Re:It's a pity... (Score 1) 126

this is moot if you use a secure channel and appropriately salt the password on the server.

... and your system is absolutely perfectly secure in every other possible way, and all your employees are perfectly competent, and their loyalty has been guaranteed by Suk Imperial Conditioning.

The resultant hash *is* effectively your password and is just as susceptible to password leaks via weak encryption or bad caching practices.

... except the consequences of that leak are less severe because it is worthless for attacking other systems. It doesn't make your site more secure, but it makes your users more secure, and it makes us all collectively more secure.

DO NOT STORE THE PASSWORD ON THE SERVER!!! This, of course, includes caches.

How many PHP back end coders know how to clear a kernel cache?

Comment Re:It's a pity... (Score 2) 126

Sending the plain text password to the server is the way to go

There is no advantage in doing that, and many disadvantages.

since you can't and should not trust the client to do any cryptographic work for you with it.

Hashing on the client is an additional level of security, not a replacement for existing levels, so no extra "trust" is required.

But what you SHOULD do for sure is use HTTPS...

Yes. Duh.

then it doesn't matter that it's plain text, using HTTPS will be your encryption for sending it over the network.

HTTPS only protects you during transmission It does not protect you from server side attacks or from dishonest/incompetent employees.

Chrome has started flagging pages that have login forms submitting to HTTP to notify users the page is not secure. Good move.

Yes, that is a good move. The next step would be to warn users if their just typed password is being transmitted in plaintext. That would encourage best practices, and would have prevented the leak described in TFA.

Slashdot Top Deals

A freelance is one who gets paid by the word -- per piece or perhaps. -- Robert Benchley