×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Ask Slashdot: How To Start With Linux In the Workplace?

Burz Re:No. (451 comments)

Its very typical in FOSS to think UI design goes no further than the 'doorknob' level. That's a big part of the problem right there. Y'all don't get it.

I do 'like' KDE. But as a SuSE and Xandros veteran, I can say that the more finely you tune the surface looks to Windows, the more the user will later feel dismay when they should have their curiosity piqued instead. The default KDE look isn't too bad in that regard.

The irony here is that KDE also lets you get closer to OS X look and behavior than Gnome will. Unity, however, comes pretty close in its default config.

What makes Unity a better OSX than heavily tweaked KDE is at being Windows-like is that Canonical actually does pay close attention to how well these cutesy graphical details line up with the vertical integrations they provide (and with each other). Xandros (around versions 3/4) could probably lay claim to an equivalent level of excellence, except that was achieved with a bunch of proprietary components.

about a week ago
top

Ask Slashdot: How To Start With Linux In the Workplace?

Burz No. (451 comments)

As soon as they scratch the thinnest surface they will get very confused. In my experience, configuring KDE like Windows results in rejection after an initial period of brief comfort.

about a week ago
top

Ask Slashdot: How To Start With Linux In the Workplace?

Burz Re:Power management on Ubuntu (451 comments)

Ubunu has an excellent HCL. Check your computer model in the HCL to see if its supported. Then consider purchasing support from Canonical.

about a week ago
top

A Conversation with Ubuntu's Jono Bacon (Video)

Burz Unity is actually very nice. Its Dash that sucks. (53 comments)

Removing Dash/shopping and adding Classicmenu makes for a system that's easy to navigate.

Having people text-search for everything all at once--when all they want is that banking or other occasional tool they run occasionally (what's the name?)--and getting tons of cruft in the results just isn't working.

about two weeks ago
top

Why No Executive Order To Stop NSA Metadata Collection?

Burz This is risible! (312 comments)

Sites like Salon and The Guardian broke the Snowden story, and they keep running with it. There is a very long list of left-leaning sites that keep the issue highly visible, including HuffPo, DKos, Raw Story, TruthOut, DemocracyNow! and I dare even list Ars Technica in that group. Yes, there are Obama-worshippers who try to paint anti-NSA info and sentiment as fifth-column betrayal, but overall if you sample the comments in places like DKos and DU, you'll see some skirmishes over the issue of party loyalty (and accusations of racism) with the anti-NSA crowd handily coming out on top.

As for the lack of protest, lets just say the story was still developing in the fall and its been one heck of a winter.

about two weeks ago
top

CryptoPhone Sales Jump To 100,000+, Even at $3500

Burz Noticed that also. (68 comments)

Slashdot seems to be asleep when it comes to new security products, especially when its a Phil Zimmerman venture and the phone only costs about what an iPhone does.

about two weeks ago
top

Bunnie Huang's Novena Open Source Laptop Launches Via Crowd Supply

Burz Is all the firmware open? (88 comments)

I have toyed with the idea of installing CoreBoot on my Thinkpad as a way to enhance security. The Noveena doesn't appear to have a BIOS, however, and there is little mention about firmware in their pitch... I'm more concerned about this than who designed the motherboard traces.

I'm not much of a hacker, but I do love the overall concept here. Hopefully they will divulge more details as the time progresses.

about two weeks ago
top

Samsung SSD 840 EVO MSATA Tested

Burz Re:Be Aware: Many mSATA slots don't support SATA-3 (76 comments)

OTOH, the drive's IOPS are arguably much more important to how much better a system can perform; SATA-1 doesn't look so limited in this respect. Sequential throughput makes a noticeable difference for more specific applications.

about three weeks ago
top

Canonical's Troubles With the Free Software Community

Burz Re:Infighting: Linux's biggest weakness (155 comments)

Here's a thought experiment:

Imagine you're a 7th grader who has become intrigued by computers. If that kid tries programming on "Linux" and creates her first couple of apps using whatever tools and libraries she can grasp at the start-- then what will happen??

1. She becomes a web developer. OK, fine... but don't expect desktop apps from her. In fact, don't even expect "Linux" to enter her mind when she thinks of users.

2. She gains a yen for all the *nix plumbing and becomes a system-level tinkerer, writing some KDE or Gnome apps as a way to fill some acute voids in a way that fits into her elite usage patterns. Again, don't expect *good* apps from her. She is interested mainly in cool new ways to arrange the plumbing and impressing only her hacker friends.

3. She STOPS coding when those first tentative steps toward her big ideas ended up having zero chance of running on her uncle's or her classmate's "Linux" systems; copying her code to those other systems resulted in a flop. What's more, she wasn't able to describe to those people ways of troubleshooting the problems that prevented the apps from running, getting puzzling descriptions back from them that she didn't recognize.

3. a) She discovers Windows and Mac systems have the consistency she needs to show-off to her non-technical friends and family, and since those are the people she's trying to impress early on (instead of impressing hackers) her personal development as a coder gains a healthy appreciation for the non-techies' point of view and she becomes a good app developer.

TL;DR; The Linux distro eco system cannot "grow" good app developers. It just cannot. Its too chaotic for the right kind of nurturing of talent to take place.

I think Shuttleworth has been inching away from the distro culture and this is part of the reason why Canonical is frequently criticized; they have needs for future releases of Ubuntu that the non-forked 'plumbing' projects aren't meeting. And then there is ElementaryOS, which seems to have a fully realized platform philosophy that doesn't include "Linux compatibility" (whatever that means) in its future; They plan to diverge increasingly in the future for the sake of internal consistency and usability. I wish them both great luck, and advise Canonical to commit to diverging the way ElementaryOS has, because the pack they're associated with now are just pretenders.

about three weeks ago
top

Canonical's Troubles With the Free Software Community

Burz Re:Infighting: Linux's biggest weakness (155 comments)

The apps don't materialize because serious app developers (instead of the system tinkerers in FOSS who like to imagine themselves as good apps developers) with passion and committment to their ideas try out "Linux" and experience the following:

1. Scant control of hardware features (even getting the screen to turn off can be a challenge) and the controls that exist suck, because the proper level of vertical integration isn't there.

2. Myriad desktop environments and administration applets that make the thought of guiding users through tech support a nightmare. This is the most obvious reason why "Linux" is not a desktop platform, because most non-techie users of said distros wouldn't even be able to recognize most other distros (or the same distro with a different DE).

3. Myriad combinations of support libraries; even the common ones are bundled together with versions of each other that create a unique and unsupportable platform 'landscape' for each distro.

4. Distro culture itself: 'Thou art a creepy skank if you sell apps and/or offer direct downloads of a product.' Invoking Yum and Apt are almost like genuflecting before entering a pew. Only its a cult, not a religion, because strong dynamic relationships with people outside the repository are frowned upon.

about three weeks ago
top

Fake PGP Keys For Crypto Developers Found

Burz Re:The chain of trust is broken. (110 comments)

How do you trust these proxies not to be run by state intelligence organizations?

1. The attackers can't be omnipresent at all times

2. Doing a MITM against all randomly-located HTTPS links is probably impossible to do without being discovered.

3. Some orgs like Torproject have an .onion address. Then you don't have to worry about MITM as long as your original copy of Tor was OK. If you're worried about Tor or other program being tampered with, try using one or more Linux Live CDs: Boot, update then install Tor or other secure proxy, then download keys and certs... leverage the built-in keys of the Linux distros.

Really, for anyone planning this type of attack, consistency is a HUGE problem and you only have to be slightly crafty to be reasonably sure about the keys you're getting. The only other thing to increase your certainty is to get key fingerprints from these people in person.

about a month ago
top

Fake PGP Keys For Crypto Developers Found

Burz Re:The chain of trust is broken. (110 comments)

It ought to start by making certs and keys first-class GUI objects, starting with file browsers. Seriously, people should not see a blank square when they are copying or otherwise manipulating a key.

Further, there should be write-once devices that allow us to add keys and other identity info without worrying an attack will subvert that data.

about a month ago
top

Fake PGP Keys For Crypto Developers Found

Burz Re:The chain of trust is broken. (110 comments)

You may have something there. Alarm bells were going off in my head when I saw the summary advocating a move toward not away from X.509. If someone wants us to move toward the tech used by (famously subverted) PKI, they better damn well spell out how PKIs mistakes won't affect verification procedures.

about a month ago
top

WPA2 Wireless Security Crackable WIth "Relative Ease"

Burz Re:It's kind of silly to worry about (150 comments)

That's why security is not a boolean. If you regard it as black-and-white, it'll drive you nuts.

Be thankful you can at least whittle the trust issues down to things like switch vendors.

about a month ago
top

Full-Disclosure Security List Suspended Indefinitely

Burz Re:The whole security world is in a very bad shape (162 comments)

I should also point out that, from a manager or user perspective, a Qubes system is just a re-mix of Citrix client products. Even if the user runs in only one domain, an exploit against PCs is far less likely to break out of the VM, making cleanup a quicker and much more certain task.

It also has ways to protect you from physical attacks on boot partitions and BIOS, so travellers with laptops are less vulnerable.

about a month ago
top

Full-Disclosure Security List Suspended Indefinitely

Burz Re:The whole security world is in a very bad shape (162 comments)

Well, much of it already exists as Qubes OS, and it runs most Linux and Windows apps just fine.

You can get CoreBoot BIOS for several systems, and they're just getting started. And given that Canonical has the best HCL (with the most compatible systems) and hardware partnership profile in the business (apart from MS), I think Shuttleworth's proposal is credible... Good luck to him!

about a month ago
top

Is Weev Still In Jail Because the Government Doesn't Understand What Hacking Is?

Burz Re:Its due to the courts' zeal for punishment (246 comments)

and well..

quite frankly due to the prosecutor not understanding what he had been doing it's just about punishing for joking around. it should be illegal to prosecute something you can't understand. "I don't know what he did but he sure looks guilty, right!? you must convict!".

circa 1997 this happened to me, sort of. ran a traceroute on the wrong night to see where my emails were routed through(our school mandated the use of an internal email system where server wasn't internal and there was no encryption on the email clients(email client was mandated to be a certain windows email reader). now of course I had my machine full of warez(games and early music warez), winnukes, jolt of the day etc(and had winnuked some people so not totally innocent really of everything).

but what shocked me was the police interrogation, because they tried to make me sign something I had not said, because they did not understand the claims made by the "victim"(city) were impossible to have happened from my actions(and claiming shit like me crashing hospital internal network, hopping a supposed airgap and other stuff that I did not do, they just had some internal meltdown of the windows servers routing the traffic on the same day). the way the interrogation went was "you know what you did, tell us" and 16 year old me going "what the fuck dudes?".

originally they wanted me to confess to something technically impossible and it took them nearly 2 years to figure out that they did not know what to charge me with(and for the prosecutor to deem the investigation incompetently done and drop it, and it cost the state quite a lot for nothing...). I mean, the

posting anon but it's not too hard to figure out who this is for those who know.

anyway, doesn't matter which western country you live in always check what the coppers want you to sign and ask the fuckers to rewrite it to match what you actually said. after that ordeal I was convinced 20-30% of "solved" crimes are just pinned on some druggies in withdrawal who don't read what they sign.

Thanks for the advice.

about a month ago

Submissions

top

EU FairPhone starts 25k+ production run in one week

Burz Burz writes  |  about 5 months ago

Burz (138833) writes "Ubuntu Edge may not have made it off the drawing board, but more ambitious FOSS-oriented devices have:

FairPhone has garnered over 32,000 orders for its socially-conscious design of the same name, overshooting the original 25k target in the time they allotted (a second run for the same model will start in January). Unfortunately, this sexy phone starts out as an EU-only product. The FairPhone is priced at 325 euros and will come loaded with Android 4.2, a 4.3" touchscreen, dual SIM slots, replaceable battery, and an admirable array of ports and sensors. What FairPhone aren't interested in selling you, however, is another charging brick-- bring your own! :)"
top

Doctorow tears up ISP contract: lack of neutrality

Burz Burz writes  |  about 6 years ago

Burz (138833) writes "As a reaction to Virgin Media CEO's promise to violate the concept of net neutrality, Cory Doctorow is declaring his ISP contract void, canceling the service, and asking other Virgin customers to do the same. He isn't alone, and neutrality apparently isn't the only reason to drop Virgin. Myself, I am thinking of stopping my Virgin Mobile service in protest."
Link to Original Source

Journals

top

Modern online privacy for the age of Mass

Burz Burz writes  |  about 5 months ago

Invisible Internet Project...
      I2P is best described as a cross between Tor and Bittorrent. That is to say, the onion routing benefits from the fact that most participants contribute to the available bandwidth. It does also come bundled with a bittorrent client and email service. A number of other I2P apps are available including i2P-Bote, a new server-less email system based on DHT.

Qubes OS...
      Qubes is a desktop OS based on a customized Xen hypervisor. It ships with Fedora 18 to provide Linux desktop functionality, but can also host Windows and other VMs. The philosophy here is that paravirtualization, VT-x and VT-d are all employed in concert to reduce the system's attack-able surface to the base minimum while still providing the functionality of a desktop.

My choices in this area amount to a pretty short list because each one is comprehensive in its approach to privacy and security. I2P keeps everything encrypted and anonymous end-to-end without the worrying about app-specific encryption settings (PGP, OTR, HTTPS, etc) which leads to inconsistent usage. That means using mostly I2P-specific apps, though Firefox for I2P Web is the current exception. Qubes OS secures the system by keeping the high-risk subsystems - IP, firewall and X11 - in their own read-only VMs, and also runs my apps in separate domains according to the trust/risk levels I assign to them. For example: a 'banking' appVM to access bank accounts in Firefox, a 'personal' appVM for email, chat and personal files, an 'untrusted' appVM for general roving around the unsecured Web and multimedia entertainment, an 'i2p' appVM for the growing amount of anon/private communications over I2P, etc. The Qubes project goes so far as to claim "strong security" and I believe them... this is not your run-of-the-mill VM system.

More about some of the interesting features in these puppies later...

top

Submissions: Danish paper makes U-turn on cartoons

Burz Burz writes  |  more than 8 years ago

The Media Guardian is reporting on an infamous Danish newspaper's turnaround regarding the publication of certain cartoons. After initially expressing interest in reprinting cartoons from an Iranian paper, they have decided that some caricatures are beyond the pale: "Jyllands-Posten in no circumstances will publish Holocaust cartoons from an Iranian newspaper". This is the same paper in Denmark which posted a boring-then-shocking caricature of the Prophet Muhammed and is now apologising profusely, "peace be upon him".

Meanwhile the U.S. State Dept. says that the Muhammed cartoon irresponsibly incites ethnic as well as religious hatred; a double-whammy that seems to be ignored when debating the issue.

(Posted here cuz I'm tired of seeing my submissions irretrievably drop down a black hole.)

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...