Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Debian Votes Against Mandating Non-systemd Compatibility

Foresto Perl as an example of what, now? (535 comments)

Perl is hardly an example of improvement. Its widespread usage despite its fundamental flaws has given us a large body of software that is often entrenched and almost always a maintenance nightmare. I hope our OS distribution maintainers have the sense not to repeat that mistake with our init system.

4 days ago
top

Ask Slashdot: Is Non-USB Flash Direct From China Safe?

Foresto F3 (178 comments)

I don't have any experience with malicious flash drives, but since we're on the topic of fakes, F3 is a handy test program:

http://oss.digirati.com.br/f3/

about two weeks ago
top

Ask Slashdot: How To Unblock Email From My Comcast-Hosted Server?

Foresto Apply to be Whitelisted (405 comments)

Facing a similar problem a couple of years ago, I discovered that yahoo provides email filters not only for its webmail users, but also for several other companies. They have a procedure for requesting an exemption from their filters. It took a couple of tries, but I eventually got my server accepted. Here's the form:

http://help.yahoo.com/l/us/yah...

about two weeks ago
top

When We Don't Like the Solution, We Deny the Problem

Foresto Not only in politics (282 comments)

I've observed the same behavior in software development, particularly in the open source world. Some project maintainers are happy to have people helping by reporting the problems they find, while others will deny that a problem exists (and sometimes go as far as trying to discredit the reporter) if they don't happen to be affected/bothered by it. I guess inconvenient truths are hard for some people to accept.

about two weeks ago
top

Ask Slashdot: Where Do You Stand on Daylight Saving Time?

Foresto Against it! It has no benefits. (613 comments)

As far as I can tell, there has never been any statistically significant evidence that redefining time twice a year saves any energy, or has any other net benefit at all.

Meanwhile, it continually wastes the time of people who have to deal with the problems that it causes; moreso than ever since the world started depending on computers, and since international interactions have become common.

Just get rid of it, please. Forcibly playing games with people's clocks in the name of pretending that seasons don't exist is just stupid. Let businesses adopt winter hours if they want to align with daylight.

about three weeks ago
top

Tao3D: a New Open-Source Programming Language For Real-Time 3D Animations

Foresto Re:The Republicans... (158 comments)

"Democrats and republicans can twist any topic to be a battle between democrats and republicans."

FTFY. :)

about three weeks ago
top

Proposed Penalty For UK Hackers Who "Damage National Security": Life

Foresto Frighteningly Dangerous (165 comments)

So it's basically carte blanche for anyone with a job in in politics, law enforcement, or prosecution to destroy the life of anyone they choose, based on nothing more than conjecture. Does anyone else find this frightening? Would the dangers of this idea be more obvious if the words "computer users" or "hackers" were replaced with the word "people"?

about a month ago
top

Ask Slashdot: Stop PulseAudio From Changing Sound Settings?

Foresto Alternatives (286 comments)

I ran into that same problem with Skype's latest release. Rather than giving Pulse a fourth chance to burn me, I decided it might be time to give WebRTC a try.

I'm so glad I did. OS-independent browser-to-browser video chat worked fine. I used Chromium on linux while my friend used Chrome on OSX. The latest Firefox release supposedly supports h.264, so it might work as well. Here are a couple of call set-up sites in case you'd like to try it for yourself:

https://opentokrtc.com/

https://vline.com/

about a month ago
top

Password Security: Why the Horse Battery Staple Is Not Correct

Foresto Re:OpenID and OAuth (549 comments)

So your answer is "trust the user".

No, my answer is that we are already trusting the user, a password authentication system cannot ever be more secure than that trust, and neither system can solve the problems upon which you based your assertion.

That's okay. I don't need to draw this out any further. I just wanted to unerstand how you came to your conclusion, and now I believe I do.

about a month ago
top

Google Finds Vulnerability In SSL 3.0 Web Encryption

Foresto Which protocol is in use right now? (68 comments)

Can someone tell me how to get Firefox to say which protocol it's using for any given session? The Security tab has a Technical Details section that mentions "High-grade Encryption" and TLS, but it doesn't say which version of TLS.

about a month ago
top

Google Finds Vulnerability In SSL 3.0 Web Encryption

Foresto Re:Stuck between a rock and noplace (68 comments)

Can you link to the documentation for this? I'm too lazy to search for it right now. :)

about a month ago
top

Password Security: Why the Horse Battery Staple Is Not Correct

Foresto Re:OpenID and OAuth (549 comments)

"Very few sites (even tiny web forums and such) are willing to trust arbitrary 3rd party."

Those sites wouldn't be trusting a third party; they would be trusting the user. Specifically, they would be trusting the user not to delegate his identity to an impostor-friendly provider, just as they are now trusting the user not to re-use his password on any site that will some day have a database leak or cleartext login form. Anyone who thinks his onsite auth buys him greater security than OpenID either has some magic way to force people into choosing unique passwords, or is sadly mistaken. I'll let you guess which is more likely. :)

I'm curious where you got the "very few" metric. Anecdotal evidence? A study with a large and diverse sample size? If you have some study results, I'd like to bookmark them. I guess it would just go to show that very few admins have a good understanding of overall security.

"There are other problems, like ensuring unique, non-spam/bot users, that can't be done with remote authentication"

Local password authentication can't solve those problems either. Bot and spam problems are solved by other means, like captchas and request rate throttles. Sane sites do this when an account is created, not every time a known-good user wants to log in. Some really careful sites take additional steps during login (like click/request/response timing), but those steps are invisible to the user and can be applied regardless of whether a local password is used.

about a month ago
top

Password Security: Why the Horse Battery Staple Is Not Correct

Foresto OpenID and OAuth (549 comments)

"We do, it's called Open ID, which is what Google leverages for their single-signon (not sure if FB is their own solution or not). It was a really popular thing about 5-10 years ago and got a ton of attention. I think even MS enabled it."

OpenID 2.0 accomplished something very cool: allowing a user to use any ID provider for authentication on any compatible web site, even if the two sites had never heard of one another. Unfortunately, it has two major problems:

  • It's too complex to easily implement. This became less of a problem once OpenID libraries like Janrain's emerged, but there are still subtle details left up to website developers to get right, and since many of them don't bother, a lot of sites that supposedly accept OpenID actually fail with some providers.
  • Perhaps more importantly, the URL-based IDs are not user-friendly enough for non-geeks. Several high-profile sites tried to solve this problem by replacing* the OpenID URL input box with a simple button for each well-known provider, but that meant limiting the user's choices of provider. At that point, the distinguishing feature of OpenID was lost, so lots of sites chose the simpler-to-implement OAuth 2 instead. The Login with Facebook service is one of them. Even Google eventually deprecated their OpenID service.

In my opinion, the issue of relying parties not trusting someone else as an identity provider was not such a big deal; certainly not enough to have killed OpenID. For every such distrustful site, there are dozens more simple web forums and the like that would be happy to get rid of their password database.

*stackexchange is a notable exception; they still offer the input box if you click a link.

about a month ago
top

Systemd Adding Its Own Console To Linux Systems

Foresto Good. (774 comments)

I think I'm glad to read this news, especially right now, because it might motivate someone to develop a better alternative.

I'd like to see something like this:

  • Starts services on demand based on dependencies, not based on order like sysvinit or events like upstart.
  • Has a minimal core that can easily run on its own, just to do the job of a standard init system.
  • Is easy to learn, configure, and understand.
  • Has good documentation.
  • Does not encourage application software to require it.
  • Does not encourage other system services to require it.
  • Works well on linux and non-linux unixes.
  • Is a lot less buggy than the stuff that I've seen from systemd's author.

about a month and a half ago
top

Do Specs Matter Anymore For the Average Smartphone User?

Foresto Specs will matter a year or two after you buy. (253 comments)

I wish it was enough to have a phone that runs my apps just fine today, and simply stick with those apps. Sadly, my experience has been that I have to upgrade those apps every so often (even if only for security patches), and when I do, most of them are larger and run slower on my now-older phone. After a couple years of upgrades, those same apps now fill all of my phone's storage space, and many run like molasses. My phone is now painfully slow at doing the same things that worked fine when I bought it, even after a factory reset and app re-install. Lesson learned: the next phone I buy is going to need high-end specs if it's going to keep running well for more than a year or so.

about 2 months ago
top

Researchers Propose a Revocable Identity-Based Encryption Scheme

Foresto Re:Something seems off... (76 comments)

Could a domain owner be their own trusted third party?

about 2 months ago
top

Slashdot Asks: What's In Your Home Datacenter?

Foresto Cool and Efficient (287 comments)

I have a low power NAS box with a large hard drive. I replaced the stock firmware with debian. It serves all my shared files (linux ISOs, music, etc.) and runs all my network services (CalDAV, CardDAV, etc.). I periodically run backups to an external drive, which remains powered down and disconnected most of the time, and can be swapped with an off-site backup drive.

Gigabit ethernet connects all my stationary computers and phones. An old wifi base station connects the mobile devices. A wired-only router sits between my LAN and my modem.

I outgrew the desire for lots of computers and big network hardware long ago. That stuff just takes up space, wastes power, and generates heat. I get much more satisfaction from cool, quiet, efficient systems nowadays.

about 2 months ago
top

Ask Slashdot: Linux For Grandma?

Foresto Ask her. (287 comments)

Seriously, ask her. Show her a couple of options that you're willing to support, point out the differences from her old desktop, and let her choose.

I recommend something with an OSX dock-style launcher, perhaps Unity (with appropriate privacy tweaks) or Avant Window Navigator. I got a 70-year-old to switch from Windows to Ubuntu/Unity in under an hour, with very few follow-up questions.

It might also be helpful to give her a linux distribution that you use regularly, so any support you have to do in the future will be in a familiar environment.

about 9 months ago
top

Two Ubuntu Phones Coming In 2014, Aiming For Top 50 iOS/Android Apps

Foresto Re: Top 50, or Most Important 50? (141 comments)

Thankfully, not everyone in the world is as eager as you to accept the status quo and discourage progress.

about 9 months ago
top

Routers Pose Biggest Security Threat To Home Networks

Foresto Re:PFsense (264 comments)

I prefer open source over a black box mainly to avoid two problems: unverifiable security and abandonware. If Ubiquiti can convincingly show that all security holes are patched before or promptly after someone discovers them, and continue to do so until I no longer have use for the product, then I'm fine with proprietary. I don't know know how they would accomplish the former, though, and so few companies choose to do the latter that I'm skeptical.

about 9 months ago

Submissions

Foresto hasn't submitted any stories.

Journals

Foresto has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?