* Posts by GloomyTrousers

9 posts • joined 30 Jun 2009

Mercedes answers autonomous car moral dilemma: Yeah, we'll just run over pedestrians

GloomyTrousers

It's the cyclists

@Doctor Syntax: so by your highly scientific survey, pedestrians and drivers are flawless, and only some cyclists are not? I'll hazard a guess that those individuals of which you speak are dangerous/inconsiderate/oblivious more than the average, regardless of their current mode of transport, and you just notice them more when they're cycling due to your own inherent biases.

You should probably check actual statistics, which would show you that in (say) car vs. cyclist accidents the car driver is found at fault in the majority of cases.

2
2

Come in HTTP, your time is up: Google Chrome to shame leaky non-HTTPS sites from January

GloomyTrousers

Silly question...

...but how are they going to reliably determine that a site is asking for a credit card number? Am I missing summat? Asking for logins, I suppose you could look for <input type="password"... /> and flag on that basis, but I can't think of a reliable method for credit cards.

1
0

BT customers hit by broadband outage ... again

GloomyTrousers
FAIL

Not just BT/Plusnet

Apparently this is the root cause of an outage for some Zen customers too. Tech support say they think this is affecting other ISPs as well.

2
0

Which keys should I press to enable the CockUp feature?

GloomyTrousers
Facepalm

Re: Photo Theives

"Photo By ShutterStock"

0
0

Plusnet customers SWAMPED by spam but BT-owned ISP dismisses data breach claims

GloomyTrousers

user+identifier@mydomain.com not reliable

Problem with the user+identifier@mydomain.com thing: it's a commonly known pattern, so the identifier is trivially removed or spoofed by anyone seeking to obfuscate the source of their list, or direct your attention elsewhere. So you can't really rely on it to identify the source of a leak.

0
0

Zeus botnets suffer mighty blow after ISP taken offline

GloomyTrousers
Pint

Discomfort

"...properly lubricate all objects prior to spammer insertion."

A suitable lubricant can be obtained by mixing superglue, broken glass and rusty nails. Apply liberally to object before using on spammer.

1
0

Verified by Visa bitchslapped by Cambridge researchers

GloomyTrousers
Boffin

CVV

If I remember correctly, way back in the early noughties when I was writing ecommerce sites and the 3-digit CVV was introduced, the instruction was that it was never to be stored anywhere in your DB, on pain of some kind of nastiness to your merchant account. I presume (but don't know) it's also not stored in a machine-readable format on the card.

Thus, the extra level of security this provides is not to turn a 16-digit number into a 19-digit one, but to guard against your card number being usable if a database where it's stored is compromised (quite likely at the time, having seen the sort of shoddy code being rushed out back then) or your card is skimmed.

So, in theory, if a card number is presented with CVV it is more likely that the person presenting it has (access to) the physical card, and less likely that they're using a card number stolen from somewhere.

I do recall having to tell coders who hadn't read the documentation that the CVV wasn't to be stored in the DB, so I'm assuming that there are various implementations out there that do store it and thus neuter it as a security measure - it's a slightly brittle solution in that respect.

0
0

Monty's 'Save MySQL' mudsling gets 15,000 backers

GloomyTrousers
Unhappy

Spam from Monty

I recently received an email invite from Monty to sign this petition - quite obviously a bulk mailshot. Not sure why, as the only time I recall providing my e-mail address for anything MySQL-related would be many years ago in a comment on the documentation, so presumably I have a mysql.com "account".

I was pretty pissed off TBH - if Monty is no longer part of MySQL, how is he able to get hold of this data? No unsubscribe info, unsolicited, bulk, so in my book it ticks all the boxes for being spam.

Not a great way to go about garnering support...

2
0

Masked passwords must go

GloomyTrousers
Big Brother

Stop watching my fingers!

The asterisks stop shoulder-surfing from people reading your screen... but not watching your fingers on your keyboard. If passwords were displayed as typed, it wouldn't take long before people started looking around a little more carefully at who's watching before typing their password, instead of being lulled into a false sense of security by the fact that their password can't be seen on screen, and ignoring the fact that watching fingers is pretty easy (see AC's 70WPM comment).

However, as in many things, there is no 'one size fits all' answer. In some cases, I can see this improving security (and, as seems to have been somewhat forgotten as one of the original points of the article, usability), although in many cases it will of course not do so.

0
0

Forums