Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Ask Slashdot: Stop PulseAudio From Changing Sound Settings?

Foresto Alternatives (281 comments)

I ran into that same problem with Skype's latest release. Rather than giving Pulse a fourth chance to burn me, I decided it might be time to give WebRTC a try.

I'm so glad I did. OS-independent browser-to-browser video chat worked fine. I used Chromium on linux while my friend used Chrome on OSX. The latest Firefox release supposedly supports h.264, so it might work as well. Here are a couple of call set-up sites in case you'd like to try it for yourself:

https://opentokrtc.com/

https://vline.com/

2 days ago
top

Password Security: Why the Horse Battery Staple Is Not Correct

Foresto Re:OpenID and OAuth (546 comments)

So your answer is "trust the user".

No, my answer is that we are already trusting the user, a password authentication system cannot ever be more secure than that trust, and neither system can solve the problems upon which you based your assertion.

That's okay. I don't need to draw this out any further. I just wanted to unerstand how you came to your conclusion, and now I believe I do.

5 days ago
top

Google Finds Vulnerability In SSL 3.0 Web Encryption

Foresto Which protocol is in use right now? (68 comments)

Can someone tell me how to get Firefox to say which protocol it's using for any given session? The Security tab has a Technical Details section that mentions "High-grade Encryption" and TLS, but it doesn't say which version of TLS.

about a week ago
top

Google Finds Vulnerability In SSL 3.0 Web Encryption

Foresto Re:Stuck between a rock and noplace (68 comments)

Can you link to the documentation for this? I'm too lazy to search for it right now. :)

about a week ago
top

Password Security: Why the Horse Battery Staple Is Not Correct

Foresto Re:OpenID and OAuth (546 comments)

"Very few sites (even tiny web forums and such) are willing to trust arbitrary 3rd party."

Those sites wouldn't be trusting a third party; they would be trusting the user. Specifically, they would be trusting the user not to delegate his identity to an impostor-friendly provider, just as they are now trusting the user not to re-use his password on any site that will some day have a database leak or cleartext login form. Anyone who thinks his onsite auth buys him greater security than OpenID either has some magic way to force people into choosing unique passwords, or is sadly mistaken. I'll let you guess which is more likely. :)

I'm curious where you got the "very few" metric. Anecdotal evidence? A study with a large and diverse sample size? If you have some study results, I'd like to bookmark them. I guess it would just go to show that very few admins have a good understanding of overall security.

"There are other problems, like ensuring unique, non-spam/bot users, that can't be done with remote authentication"

Local password authentication can't solve those problems either. Bot and spam problems are solved by other means, like captchas and request rate throttles. Sane sites do this when an account is created, not every time a known-good user wants to log in. Some really careful sites take additional steps during login (like click/request/response timing), but those steps are invisible to the user and can be applied regardless of whether a local password is used.

about a week ago
top

Password Security: Why the Horse Battery Staple Is Not Correct

Foresto OpenID and OAuth (546 comments)

"We do, it's called Open ID, which is what Google leverages for their single-signon (not sure if FB is their own solution or not). It was a really popular thing about 5-10 years ago and got a ton of attention. I think even MS enabled it."

OpenID 2.0 accomplished something very cool: allowing a user to use any ID provider for authentication on any compatible web site, even if the two sites had never heard of one another. Unfortunately, it has two major problems:

  • It's too complex to easily implement. This became less of a problem once OpenID libraries like Janrain's emerged, but there are still subtle details left up to website developers to get right, and since many of them don't bother, a lot of sites that supposedly accept OpenID actually fail with some providers.
  • Perhaps more importantly, the URL-based IDs are not user-friendly enough for non-geeks. Several high-profile sites tried to solve this problem by replacing* the OpenID URL input box with a simple button for each well-known provider, but that meant limiting the user's choices of provider. At that point, the distinguishing feature of OpenID was lost, so lots of sites chose the simpler-to-implement OAuth 2 instead. The Login with Facebook service is one of them. Even Google eventually deprecated their OpenID service.

In my opinion, the issue of relying parties not trusting someone else as an identity provider was not such a big deal; certainly not enough to have killed OpenID. For every such distrustful site, there are dozens more simple web forums and the like that would be happy to get rid of their password database.

*stackexchange is a notable exception; they still offer the input box if you click a link.

about a week ago
top

Systemd Adding Its Own Console To Linux Systems

Foresto Good. (763 comments)

I think I'm glad to read this news, especially right now, because it might motivate someone to develop a better alternative.

I'd like to see something like this:

  • Starts services on demand based on dependencies, not based on order like sysvinit or events like upstart.
  • Has a minimal core that can easily run on its own, just to do the job of a standard init system.
  • Is easy to learn, configure, and understand.
  • Has good documentation.
  • Does not encourage application software to require it.
  • Does not encourage other system services to require it.
  • Works well on linux and non-linux unixes.
  • Is a lot less buggy than the stuff that I've seen from systemd's author.

about two weeks ago
top

Do Specs Matter Anymore For the Average Smartphone User?

Foresto Specs will matter a year or two after you buy. (253 comments)

I wish it was enough to have a phone that runs my apps just fine today, and simply stick with those apps. Sadly, my experience has been that I have to upgrade those apps every so often (even if only for security patches), and when I do, most of them are larger and run slower on my now-older phone. After a couple years of upgrades, those same apps now fill all of my phone's storage space, and many run like molasses. My phone is now painfully slow at doing the same things that worked fine when I bought it, even after a factory reset and app re-install. Lesson learned: the next phone I buy is going to need high-end specs if it's going to keep running well for more than a year or so.

about a month ago
top

Researchers Propose a Revocable Identity-Based Encryption Scheme

Foresto Re:Something seems off... (76 comments)

Could a domain owner be their own trusted third party?

about a month ago
top

Slashdot Asks: What's In Your Home Datacenter?

Foresto Cool and Efficient (287 comments)

I have a low power NAS box with a large hard drive. I replaced the stock firmware with debian. It serves all my shared files (linux ISOs, music, etc.) and runs all my network services (CalDAV, CardDAV, etc.). I periodically run backups to an external drive, which remains powered down and disconnected most of the time, and can be swapped with an off-site backup drive.

Gigabit ethernet connects all my stationary computers and phones. An old wifi base station connects the mobile devices. A wired-only router sits between my LAN and my modem.

I outgrew the desire for lots of computers and big network hardware long ago. That stuff just takes up space, wastes power, and generates heat. I get much more satisfaction from cool, quiet, efficient systems nowadays.

about a month ago
top

Ask Slashdot: Linux For Grandma?

Foresto Ask her. (287 comments)

Seriously, ask her. Show her a couple of options that you're willing to support, point out the differences from her old desktop, and let her choose.

I recommend something with an OSX dock-style launcher, perhaps Unity (with appropriate privacy tweaks) or Avant Window Navigator. I got a 70-year-old to switch from Windows to Ubuntu/Unity in under an hour, with very few follow-up questions.

It might also be helpful to give her a linux distribution that you use regularly, so any support you have to do in the future will be in a familiar environment.

about 7 months ago
top

Two Ubuntu Phones Coming In 2014, Aiming For Top 50 iOS/Android Apps

Foresto Re: Top 50, or Most Important 50? (141 comments)

Thankfully, not everyone in the world is as eager as you to accept the status quo and discourage progress.

about 7 months ago
top

Routers Pose Biggest Security Threat To Home Networks

Foresto Re:PFsense (264 comments)

I prefer open source over a black box mainly to avoid two problems: unverifiable security and abandonware. If Ubiquiti can convincingly show that all security holes are patched before or promptly after someone discovers them, and continue to do so until I no longer have use for the product, then I'm fine with proprietary. I don't know know how they would accomplish the former, though, and so few companies choose to do the latter that I'm skeptical.

about 7 months ago
top

Two Ubuntu Phones Coming In 2014, Aiming For Top 50 iOS/Android Apps

Foresto Re:Top 50, or Most Important 50? (141 comments)

That's pretty much what people used to say about Mac users.

about 8 months ago
top

Two Ubuntu Phones Coming In 2014, Aiming For Top 50 iOS/Android Apps

Foresto Top 50, or Most Important 50? (141 comments)

I don't care a lick about a facebook app and 49 games. Please sell me a compact, reasonably lightweight, open source phone with a good web browser, a good offline sat-nav app, and regular security updates.

about 8 months ago
top

Routers Pose Biggest Security Threat To Home Networks

Foresto Re:PFsense (264 comments)

The Ubiquiti stuff looks pretty sweet, but I don't think EdgeOS is open source. What's their track record of bringing updates to old products? Can anyone outside of Ubiquiti audit the code?

about 8 months ago
top

Debian Technical Committee Votes For Systemd Over Upstart

Foresto Hoping for the Best (379 comments)

I'm among the many who have built up a healthy aversion to certain software after having been repeatedly burned by Pulse. I would not have chosen systemd. That said, I have tremendous respect for the Debian team, and am optimistic that the worst of the problems we find with their choice will be addressed within a couple of years. Let's get the bickering out of our systems quickly, and move on to helping one another turn the new init into something genuinely good.

about 8 months ago
top

FCC Wants To Trial Shift From Analog Phone Networks To Digital

Foresto Re:Hate it (218 comments)

No, VOIP still sucks. Cellular sucks. Cellular plus VOIP really sucks.

Eh. POTS worked okay for me most of the time, except when wet weather made call quality worse than normal. VoIP works well for me most of the time, except when a bad route makes call quality worse than normal. At least VoIP gives me more alternatives with which to work around a problem, and is a hell of a lot cheaper. I look forward to the day when better codecs (on both VoIP and cellular) and encryption raise the "normal" bar, for basically no cost.

about 9 months ago
top

The JavaScript Juggernaut Rolls On

Foresto Just goes to show... (505 comments)

...a programming language (still) doesn't have to be good in order to see widespread use.

about 9 months ago
top

New Home Automation?

Foresto Re:Z-Wave (336 comments)

make sure you include a neutral to all of your wall switch boxes.

This is a good idea even if you don't plan on automating anything. With a neutral at each of your switch boxes you can install all sorts of electronic gadgets, including trailing edge dimmers, which are much more friendly to LED and other modern lighting systems than the dimmers that work without a neutral.

about 9 months ago

Submissions

Foresto hasn't submitted any stories.

Journals

Foresto has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?