Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Account recovery is ALWAYS the weakest link (Score 1) 105

What happens if your password safe is a) compromised b) destroyed?

Using a password safe decreases security over all by adding a single point of failure for all of your accounts, and additionally decreases reliability by allowing you to lose access to all of your accounts at once if anything were to ever happen to it.

Comment Re:So much for that meme! (Score 1) 105

My point was that we do not know the level of technical expertise of the attacker, because their exploit was not of a technical nature. While pointing out that there is no reason to believe that there is any correlation between the 2 different skills.

To emphasize the point I used a humorous stereotype in response to their stereotype, however it was not the point of the discussion, and I in fact specifically called it out as a stereotype as opposed to claiming that it was real.

Comment Re:Account recovery is ALWAYS the weakest link (Score 0) 105

Slightly less secure than a password alone.

An attacker can still get in with the password, but they can also now get in by gaining access to the vault. Now you could argue that the vault is more secure than the passwords, so the risk is minimal, but it still decreases rather than increases security over all. Additionally, what if the vault is destroyed? If you're talking one in your home, if your home is destroyed the vault could be as well. While it's true that you then have "bigger problems" to worry about, do you want to also be dealing with loss of access to all your online accounts at the same time?

Comment Re:Account recovery is ALWAYS the weakest link (Score 0) 105

So now people can hack your password manager and get access to ALL your sites instead of just one.

A password manager is another "account recovery" option, it weakens your security. By how much depends on the type of password manager used.

And how does the password manager solve the Tumblr incident I just mentioned? Or what if the password manager stops working for some reason (corrupt or lost database, cloud provider goes bankrupt, etc etc)

Comment Account recovery is ALWAYS the weakest link (Score 4, Interesting) 105

It doesn't really matter what that is, but if there's a way to "recover" your account, then it's by necessity, a way to completely bypass any other authentication you had. The more ways to recover the account, the more attack vectors there are.

It's why I hate "recovery questions", they're usually bad questions that anyone could find out, and if I use some other answer, then I'm likely to forget what it is anyway.

If I need a password to access the site, at least it's only one thing to remember, and only one point of weakness for an attacker.

So the big question is, which is more important? the ability to recover an account you've been locked out of? or the security of knowing nobody else can either?

Of course companies can really screw this up too. For instance Tumblr recently re-set everyone's passwords and forced them all to use their recovery option because their password database had been compromised. Anyone who did not have a working recovery option was completely screwed, even though their account was otherwise more secure.

Comment Re:Ownership of the product (Score 1) 301

Sorry, that's completely incorrect.

If someone sells you something WITHOUT any form of license, it's implied that you own it and can do whatever you want with it. It's only because the video game disk and windows came with license agreements that they retain any control over it. As Tesla's software does not come with a license agreement, they have not retained any rights to it and are implied to have ceded all those rights to the purchaser.

It's the same reason I don't need permission to modify a painting I bought, or to write all over the margins of a book I own.

That said, copyright would still apply if I tried to copy the software and give it to someone else. But that's an entirely different prospect than modifying my own property or using it how I see fit.

Comment Re:Ownership of the product (Score 1) 301

Physical ability, maybe, legal ability, no. Tesla cars currently do not come with any form of contract limiting what you may do with the vehicle. When you buy one you sign a form saying that you bought it, but no limitations at all on your use of it.

Now maybe a lease would be different as technically Tesla would still own the vehicle, but for sales, Tesla transfers all ownership rights to the new owner, and does not retain any.

Comment Re:Look closer at the EULA for this car (Score 1) 301

Interestingly enough, Tesla currently does not have any EULA for buyers of it's cars. Which actually makes their sales stuff more open than some of their competition.

I bought the car outright, nowhere in any documentation I signed with the vehicle did it include any restrictions on what I may do with my own property after I bought it.

Now maybe they plan to start offering an EULA, but so far they do not.

Comment Re: Uneducated voters, yay! (Score 1) 409

Those people are educated, by definition. That doesn't mean that they are smart, or that they can read and write well. It just means they have more education.

People seem to assume that education equates to all sorts of other things, but it doesn't always. Just because it doesn't equate to all the things people want it to equate to though does not mean that more education does not make one more educated. By definition more education will always make you more educated, even if it doesn't make you smarter, more productive, or better in any other way.

Comment Re:self-driving or assisted driving ? (Score 3, Interesting) 185

The manual for the Model S and Model X both disagree with you. They explicitly state not to use autopilot in slippery conditions. Just like every other cruise control system on the market.

That said, we also know that this new hardware is NOT enough for full AP in inclement weather, or even a light drizzle of rain, because none of the rear cameras have wipers on them, and if you've ever tried to use the backup camera in the rain you'll see the problem.

Cameras are essential for forward vision to deal with lane markings and signage, however to see cars coming behind you, you need radar, and they still haven't included rear radar.

"Level 5 autonomy" in a car that can't drive in the rain is ridiculous.

Comment because they're using the wrong criteria... (Score 1) 185

So why is the sideline technology so hard to get right?

Because the criteria for selecting all of the equipment was solely which manufacturer paid them more to use it as opposed to who had a product suitable for the purpose? When your selection decisions don't include end users, or even an evaluation of their needs, nor do they compare the product to those needs, it's not a surprise when it doesn't do what your users need.

Slashdot Top Deals

It's later than you think, the joint Russian-American space mission has already begun.