Become a fan of Slashdot on Facebook


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:Provide your phone number for extra security? (Score 2) 146

This adds no additional security to a system secured with a password

Sure it does - It means you have two passwords, rather than a password and a piece of publicly-available information... Though the GP already gets that, I basically just rephrased his "type garbage, and save a copy" as something a bit more user-friendly. :)

That said, I otherwise agree with you completely - Though, I also don't really see the problem here. Biometrics would solve some of the usability issues with passwords, but at the cost of introducing entirely new ones.

Really, I think a lot of this comes down to "how much security is enough"? Sending an SMS for two-factor counts as far, far more than adequate 99% of the time; and that even counts as massive overkill 99% of the time. For virtually all uses, just using something like your favorite porn star's name is good enough.

Comment Re:Provide your phone number for extra security? (Score 1) 146

Also, security questions are a joke. Where was I born? The whole world knows by now. Why would I provide yet another vector for compromising my account?

You realize that you don't need to give a meaningful (nevermind "true") answer to those security questions?

"Mother's maiden name?" "#10 dual-window envelopes".

Comment Re:Someone Please Explain The Glitch (Score 2) 82

or rather, they designed the game to need access to your GPS so they can get your geolocation for advertising purposes

I would normally agree with you, but PoGo has exactly zero ads in it (not even the voluntary "Watch this short ad for a buff" type so common in Freemium games). Nor, for that matter, have I received a single even remotely spammy email of any kind at the throwaway GMail account I used to register.

Really, no need - People apparently can't throw money at it fast enough. Can't say I quite get it, though... Cute toy, but to have literally doubled Nintendo's market cap in the past few weeks? Wow.

Comment Re:Failed Strategy (Score 1) 72

That link doesn't support your claim. The single strongest claim in that article says "Google pays taxes in Ireland, where it is charged at a lower rate than in France" - Not exactly a smoking gun, just France behaving in its usual petulantly xenophobic way over the horrible, horrible unfairness that any non-French company dare to exist.

Comment Re:Thanks to (Score 1) 359

We'll always have flat-out trolls, no doubt. I can easily ignore those.

I find it much more annoying to try to follow a thread when 2/3rds of the participants post as AC. They may have meant to troll, they may have meant it legitimately, but I can't even tell when a response to me comes from the same person to whom I responded.

I firmly believe in allowing people to post anonymously; but Slashdot makes it trivial to create an account with zero connection to someone's real identity. For that reason, I answered this poll with a "yes" - You can remain anonymous while still using a consistent pseudonym for the sake of discussion.

As a thought, perhaps this amounts to merely a matter of phrasing - Instead of disallowing anonymous posting, how about we call it "ad hoc" posting?

Comment Re:Failed Strategy (Score 1) 72

Google, and all the other companies we keep bitching about, do pay their taxes. They just don't pay more than the law requires them to.

Do you pay more in taxes than you need to? Do you skip itemizing your mortgage interest because you consider it an unfair advantage over renters? Do you keep your retirement savings in a taxable taxable brokerage account rather than "dodging" your fair share of capital gains tax with one of those evil 401k "tax shelters"?

Same deal here. Google, Apple, et al have done nothing more illegal than intentionally structuring themselves to minimize their tax liability. Yes, those loopholes damned well need to end; but you want to blame someone? Don't look at Google, blame yourself for voting for the status quo (D, R, makes no difference). You want the system to stop favoring billionaires and captains of industry? Stop electing billionaires.

Comment Not so fast, there... (Score 4, Insightful) 610

Make no mistake, this didn't start with the Millennials. We started firmly down this path in the 1930s; WWII saved our grandparents, the cold war saved our parents, and the advent of the "Computer Age" saved Gen-X.

Unless the Millennials can pull a similar rabbit out of their hats, should it really surprise us that FDR's pyramid schemes (yes, plural) have finally run out of new suckers and can only head one way from here?

Comment Wow. Just... Wow. (Score 1) 173

Holy shit, and people make fun of "preppers" in the US?

Guess what, China - The US already has high-res satellite imagery of every base, outpost, cave, and jeep (or whatever brand) you own.

It would better serve the Earth's (and your own, as inhabitants thereof) needs if you focused more on not spewing crackpot bullshit like TFA, than worrying about whether or not we notice your target practice city-grids out in the middle of nowhere based on kids not crawling around them looking for pokestuff.

Comment Re:A question of definitions? (Score 1) 165

Buying a $100 safe is massive overkill?

No, that part counts as a pretty standard practice. The rest of your procedure, however:

in a safe that requires 2+ people to open

Congratulations, no two-out-of-three of you can now go on vacation at the same time, even though it might only take one of you to "keep the lights on" on a day-to-day basis. In fact, you shouldn't even ever ride in the same car together.

What you describe makes a great low-tech way to split a secret into X parts such that it takes at least Y<X participants to access it; but when X=3 and you all work together... Not really practical.

Comment Re:A question of definitions? (Score 1) 165

While nice in theory, what you describe counts as massive overkill unless you have PCI/HIPAA/similar data protection requirements for your systems.

In the real world, a few people all have the root/sa/admin/whatever passwords, and if one of those people leaves, the rest simply change the passwords.

I will agree that TFA makes for a really shitty test case for whether or not shared passwords violate the CFAA; but not every random data warehouse needs its DBAs to swear a blood-oath and split the holy crystal of access into four parts, scattering them to the four corners of the Earth.

Slashdot Top Deals

Somebody ought to cross ball point pens with coat hangers so that the pens will multiply instead of disappear.