Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Just don't buy HP (Score 1) 202

People may need to learn the hard way that there is no free lunch here. If HP original printer + third party ink looks like a deal that is too good to be true, it probably is. Not defending the underhanded and dishonorable tactics of HP here, but in the end they have to make a profit and if they make a loss on the printer, they have to sell their own ink to compensate. This should not come as a surprise and neither should it be a surprise that HP would resort to sabotage.

The right approach is, of course, to buy from a manufacturer that is upfront about the cost both for printer and ink so that they make a profit on both and hence can live with only selling the printer. This whole problem exists because HP printer customers apparently cannot do basic math and are far too trusting. And no, that is not victim-blaming, that is just pointing out the basic fact that if you make yourself look like a victim, some con-men will find you. Here it has been HP.

Comment Re:It's a pity... (Score 1) 126

I am not convinced that helps, because suddenly you have pretty complex crypto on the user's side and that may just leak the passwords as well. Especially as passwords handled right on the server side no _not_ leak.

I do agree that the state of web-application security is a very sad one, but this is an attempt to fix the wrong problem.

Comment Re:How do IoT manufacturers... (Score 1, Insightful) 81

It is time to blacklist these devices and prevent insecure devices that participate in DDoS permanently. This may mean things like MAC-based blocking on ISP-level. In order to make ISPs do this, we may have to drop a few ISPs from global routing first though.

Another option would be to make hacking them to take them down legal, but that is hugely problematic.

Anyways, with the damage these idiots allow the DDoSers to do, terrorism begins to seem kind of irrelevant.

Comment Re:Really? (Score 1) 141

No idea. Maybe you are missing some potentially hidden intermediate server that cashes an earlier error. I had access to the site as soon as this story was up.

Incidentally, the TTLs on my own DNS servers are down to a max of 6h as well after I initially misconfigured something and then had to wait for 2 days for the cached errors to expire. Makes the principles of DNS-caching pretty clear to you ;-)
Dynamic DNS is on 1 minute, same as dyndns.org uses (or used when I last checked).

Comment Re:How many of those... (Score 0) 152

As this is MS, it will include anything they can stick in there without being too obvious. They need to have success with this one, so they are cheating, coercing and lying as far as they think they can go without being slapped down too hard. Better strategy would have been to actually make a good product, but hey, this is MS.

Comment Modders and cheaters are two different things (Score 1) 151

Cheaters in online-games have already failed as human beings, because the do not understand the value of things like personal integrity, honesty or respecting your fellow human beings. They will go on to have a criminal career or one that is legal, but does massive damage to society for a comparable small personal gain. Whether they learn to code exploits or not is immaterial, these people are a massive problem because of personality-defects.

Modders on the other hand are creative people that sometime create amazing works of art and entertainment and quite often generally useful modifications. None of them cause any harm to others by that activity. They do contribute positively to society and increase their skills.

Putting these two in the same basket is about as ignorant it gets.

Comment Re:It's a pity... (Score 1) 126

Indeed. Some people are really clueless. No, the plaintext-passwords can be sent, but the need to be sent over a secured channel and they need to never be stored and erased immediately after comparison.

Incidentally, unless you iterate the hash an appropriate number of times (say at least 100'000 times at the moment, but better use pbkdf2 or far better Argon2 with a similar number of iterations) you will still be insecure.

Slashdot Top Deals

One way to make your old car run better is to look up the price of a new model.

Working...