Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Reality is... (Score 1) 171

No, My Gentle Fool, there isn't. It is entirely possible that 1-2-3-4-5 could be _Everybody's_ Password.

You've missed my point entirely. "12345" is the fifth numeric password an attacker would try (after "1", "12", "123", and "1234"). It doesn't matter how securely you store it or how long each guess takes, if an attacker has a reasonably high chance of guessing it by a mere educated guess.

Sure, you could lock the account after X guesses - But then you've just given me a trivial way of locking out the legitimate account-holder as well - Arguably, a lot of kids just out to raise some hell rather than seriously wanting to compromise your accounts would prefer that (applied on as large a scale as possible) than actually guessing the right password. "Oh, look, we just locked the entire Microsoft staff out of their own network, ha-ha!"


Any Password, hashed in any number of many ways repeatedly, and yet each one with a unique Time Stamp embedded and invisible, should do the trick.

That accomplishes nothing more than slowing down any brute force attempts. It certainly doesn't somehow magically make one of the top few million passwords more secure. Or, looked at another way, let's say you use such a horrendously complex hash that each guess takes a whole second. You've just handed any potential attackers a trivial on/off switch to DOS'ing (no leading "D" required) your site, as your poor server farm tries to keep up with just a handful of bad login attempts per second.


Time Stamps supposedly assigned to certain Alpha Decay Chains stuck out like three sore thumbs upon later Analysis.

Would you care to provide a link on how timestamped audit trails have anything to do with brute-force password cracking? It sounds like you've mixed up two separate concepts here. Yes, you can make an RTPS virtually tamper-proof; that doesn't have much in common with proving my identity to Facebook from a previously untrusted computer.

Comment Re:Reality is... (Score 4, Interesting) 171

What form of "properly hashed and securely stored" would make a five character numeric-only password even remotely acceptable?

Mind you, I don't disagree with your premise - The problem here has nothing to do with end-users, and everything to do with expecting them to remember over a hundred distinct "secure" passwords. But that glaring flaw aside (which leads people to use the least secure password a site will let them, and reuse it at every site they can), there *is* still such a thing as a pathetically weak password.

We've all seen, and can debate the exact accuracy of the relevant XKCD strip, but the general idea holds true - We'd all do a hell of a lot better to use memorable three to five word phrases, than trying to squeeze something we can almost remember into leetspeak with an extra random character or two tacked on at the end.

Comment Bad scaling? (Score 1) 116

D-waves systems are inherently statistical. Which means you need many replicas of an experiment to map out the ground state and reliably establish it is the ground state. Doesn't this mean that the more cubits you have the exponentially more replicas you need to run? thus anything short of exponential gains in speed is a step backward in perfromance as you add quibits? or am I wrong.

Comment Re:This sounds familiar... (Score 1) 90

Wrong reputation.

The C*O types would have lined up to throw money at BB had they made any serious software/hardware security collaborations. C*O types don't really care much about governmental meddling. Hell, as we can see from earlier stories, they don't really care about security in general; as long as lip service is paid to security, they're thrilled to write those checks.

Comment This sounds familiar... (Score 2) 90

...probably because it's precisely what I've been saying they should do since the first android hit the shelves. They were outclassed, but they had a great corporate security reputation. They should have ditched the hardware and partnered up with an android maker to provide a corporate secure device, complete with the software backend.

Instead, they sat around pretending their market position could never be threatened, and consequently got left in the dust.

Comment Re:Clickbait? (Score 1) 154

I largely play "Idle" games these days, lacking the time to really get into much more involved than that... And even there you'll find a die-hard community that considers anything other than manually sitting there for hours at a time and clicking furiously as "cheating" (in games where the core mechanic amounts to "level up your resource-producers and come back tomorrow to do it again").

Mind you, many such games' devs have gone so far as to provide straightforward javascript hooks solely for the purpose of more efficient botting; but, good luck arguing that with a purist.

/ (and show me a human who claims to legitimately have the "click a million times" achievement in any game, and I'll show you a liar with an autoclicker. ;)

Comment And IMDB cares about this *why*, exactly? (Score 5, Insightful) 317

"Registrant Organization: IMDb.com, Inc.
Registrant Street: Legal Dept, PO Box 81226,
Registrant City: Seattle
Registrant State/Province: WA"

Dear California: How about "go fuck yourself". That a good answer?

Oh, you don't want IMDB operating in your state? Perhaps you could build some sort of Great Firewall. That's worked out so well for China (and North Korea).

Comment Re:One of those sounds potentially useful.... (Score 1) 36

Back in my college days, we had a saying about student-run experimental design: "Psychology is the study of females ages 18 to 22 with above-average intellect and an interest in psychology".

Although that does mean you need to eventually check your results on a larger, more random pool of participants, it doesn't flat-out make those first-round results invalid. It just means you can get (at least) two papers out of the same results, verifying (or refuting) the external validity of the initial results. ;)

Comment Re:This isn't really that hard to understand (Score 1) 663

No, it is actually VERY VERY SIMPLE.
Yet, later....
Now: to observe the actual effects on the world, is not so easy.

The fact of the matter is that your examples aren't a direct cause/effect. If they were, we could see immediate results yet we don't. Plus the planet is large enough to have large "micro-climates", resulting in even more obfuscation of the data.

Of course, it doesn't help that climate change doomsayers have been at it for 40+ years now, the doomsaying itself a product of how difficult climate science is. Weren't we all supposed to be under 20 feet of water by now? The ice at the poles gone, the poles themselves being the only habitable parts of the world left? And so on, and so on...

Face it; climate science is *hard*. So difficult, in fact, that the weather forecasters still get it wrong. Understanding the science is restricted to the few who have made it their lives to understand it, and of course who knows how biased they are. You'll never sell the general public that way.

No. You have to make the issues smaller and localized. Personable.

Comment This isn't really that hard to understand (Score 5, Interesting) 663

The problem with climate science is that it's so difficult. The average person the street has little hope of understanding all the data and how it interacts. They can never, therefore, have confidence in the results being reported to them. I'm largely in the same boat, btw; despite on and off studying over the past several years, I still don't really have a grasp on how all the data ties together and consequently I don't have a high degree of confidence in the reported conclusions of others.

Given this, attacking on the basis of "CLIMATE CHANGE" is the absolutely worst approach. The ignorance of your target audience will prompt them to respond contrary to your goals. Instead focus should be placed on the specifics; clean air emissions, water discharge standards, ect... Why? Because these are things people can understand, and they are immediately relevant to them. I don't want to live next to a factory dumping shit into the air/water, and neither does anyone else. That should be how climate change is addressed; not on the large scale, but rather the personalized one.

Comment From Glassholes to snapholes (Score 1) 92

Um... didn't we learn something from the abhorrence of google glass. I'd tolerate being in the room with someone wearing these as long as I knew ti was painful for the wearer to use them and put them in visible agony when they were activated. I'm thinking something like glass shard ear pieces and a 50Kv electro shock to the brain when turned on for ten seconds.

Comment Re: Makes more sense (Score 1) 222

The more data that people use in aggregate, the more capacity that Verizon has to build or everyone's data slows down.

Bandwidth does not equal monthly usage.

If Verizon said "we want to implement a time-of-day based surcharge to help reduce network congestion", we could reasonably discuss the merits of using financial rather than technical means of throttling heavy users.

Charging me per GB of 2am Windows updates, however, counts as nothing short of rent seeking via regulatory capture. Every single unused bit of capacity of my nearest cell tower gets wasted forever. It neither costs Verizon more, not saves them a penny, to ever have a tower sitting idle; and thanks to a complete (intentional) failure of the FCC to properly allocate spectrum as a public good, you and I can't simply say "screw you, Verizon, I'll put up my own cell network!"

Slashdot Top Deals

"The Avis WIZARD decides if you get to drive a car. Your head won't touch the pillow of a Sheraton unless their computer says it's okay." -- Arthur Miller

Working...