Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Who doesn't hash/encrypt passwords? (Score 1) 304

I assume that you can copy and paste, so apparently the article has been updated. It now reads: "On some systems, the server will check a cryptographic signature on a token...".

But the answer to your question is yes, it matters. When the place it fails to match changes, this information is leaked by the response time. This is how an attacker extracts information from random guesses.

Comment Re:And that attitude is the whole problem (Score 1) 773

You know, attitudes like yours are IMHO the root of all that's wrong with computers today. And I'm saying that as a programmer, not as Jane Grandma. The whole idiotic OCD idea that you _must_ make up rules about everything, and that your rules are more important than what people are actually trying to do. The idea that if even someone's name doesn't fit "your" database, then you can just brush them off and have a beer.

Your message is more than 140 characters long, and doesn't fit in my database.

Comment Re:This is a random comment. (Score 1) 395

> it can be a small problem, I think, when "non-random" sequences are removed from possible random number generations. [...] it may take a fair slice out of the available keyspace

This is true, and could be a problem if everyone's PIN were randomly generated. Since most PINs are selected by users and conform to a known, decidedly non-uniform distribution, this actually makes sense. If it's known that e.g. 1234 is over-represented in the pool of PINs, that would be one of the first ones an attacker would try. Therefore, it makes sense to filter that out. But note that it's the over-representation of the PIN and the fact that attackers are aware of this skew that makes it worth avoiding, and not anything inherently insecure about "runs" or "pairs".


Revisiting the "Holy Trinity" of MMORPG Classes 362

A feature at Gamasutra examines one of the foundations of many MMORPGs — the idea that class roles within such a game fall into three basic categories: tank, healer, and damage dealer. The article evaluates the pros and cons of such an arrangement and takes a look at some alternatives. "Eliminating specialized roles means that we do away with boxing a class into a single role. Without Tanks, each class would have features that would help them participate in and survive many different encounters like heavy armor, strong avoidance, or some class or magical abilities that allow them to disengage from direct combat. Without specialized DPS, all classes should be able to do damage in order to defeat enemies. Some classes might specialize in damage type, like area of effect (AoE) damage; others might be able to exploit enemy weaknesses, and some might just be good at swinging a sharpened bit of metal in the right direction at a rapid rate. This design isn't just about having each class able to fill any trinity role. MMO combat would feel more dynamic in this system. Every player would have to react to combat events and defend against attacks."

Comment Re:The simple one. (Score 1) 678

> I've been rick rolled plenty, but thankfully there are no memes that involve duping people into going to NSFW sites and getting written up by HR.

Apparently too young to remember when slashdot comments would link to goatse. That was long before "rick rolling".

Comment Re:Three options (Score 1) 1032

Absolutely. I find myself using most of my moderator points marking posts as off-topic. A reply (even an insightful, informative, funny one) to an off-topic comment is itself off-topic. I've even considered saying so in my sig. And yes, I am aware of the irony of posting this, as it has nothing to do with rats or cables.

Slashdot Top Deals

Technology is dominated by those who manage what they do not understand.