×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

WhatsApp vs. WhatsApp Plus Fight Gets Ugly For Users

Jesus_666 Re:Even in Chrome it doesn't fucking work (190 comments)

What device would you be carrying with which you expect to use a web application over Wi-Fi? Or do "normal" people still carry laptops?

I'd ask "Do 'normal' people still carry tablets?" as the tablet-on-the-go fad seems to have cooled off quite a bit. I see a lot of people with smartphones and a sizable number of people with laptops but pretty much nobody with a tablet. Tablets are commonly found in homes but they definitely don't seem to be popular for mobile computing.

This might be because tablets suck for the two things I commonly see people do with their laptops on the train: Watching movies (big stationary screen, easy to view with more than one person) and working (big screen, physical keyboard and sometimes software that has no smartphone equivalent).

4 days ago
top

TWEETHER Project Promises 10Gbps MmW 92-95GHz Based Wireless Broadband

Jesus_666 Re:Watch that capitalisation (54 comments)

No, with the big M in there it's a megameter wave. I'm not sure whether 300 Hz is a good frequency for a new broadband standard, although penetration would be excellent. Antennas might be a bit big, though.

about a week ago
top

Ask Slashdot: Has the Time Passed For Coding Website from Scratch?

Jesus_666 Re:Choose a CMS you like (302 comments)

If you want to lock down the login the easiest way (besides using a nonstandard admin user with a good password) is to rename wp_login.php and write a little plugin that changes the login URL to point to the new file. There's actually a hook for that. That way all brute force attacks will get 404'd by Apache without the WordPress core getting involved, which saves a ton of resources. In case someone mounts a distributed brute force attack on you this might mean the difference between somewhat elevated traffic and the server going down. (Yes, that happened to us already. Renaming wp_login.php took us from base load of 6 with spikes of 120(!) to a base load of 1 with spikes of 3. Login limiters and fail2ban weren't nearly as effective against distributed attacks.)

XML-RPC should mainly be disabled because of pingbacks; not too long ago these could be exploited to make your site participate in a DOS attack. XML-RPC itself not a significant security risk these days. You can go for a more nuanced approach by only disabling the functions used for pingbacks (there's a hook for that too) but if you don't need XML-RPC it might be easier to just rename or delete the entire file.

Trackbacks should be disabled because of trackback spam. Yes, you can install plugins that help you deal with it but - seriously - pretty much no Wordpress-as-a-CMS user cares about trackbacks (or pingbacks, for that matter) in the first place. Disabling them means fewer hassles.


Again, these days the biggest security risk are badly-written plugins. We once had an infected WordPress where it turned out that the attacker never compromised any user account. They didn't need to because a plugin allowed them to execute PHP code on the server. They just injected their attack code directly into WordPress and could do whatever they wanted, such as displaying dodgy pharma ads without even touching the database. That's the kind of danger unreviewed plugins pose.

WordPress can be quite capable when managed correctly. Just don't make the mistake of assuming that you can just install a plugin and get new functionality without any risk. Badly-written plugins are common and they can screw you just as much as an insecure admin account can.

about a week ago
top

Ask Slashdot: Has the Time Passed For Coding Website from Scratch?

Jesus_666 Re:Choose a CMS you like (302 comments)

Not so fast, my friend. While I agree that the WordPress core has come a long way and is reasonably secure once hardened (such as by removing the XML-RPC and trackback files, two of the biggest attack vectors) I decidedly disagree on plugins being even remotely secure.

Some WordPress plugins are well-written and secure. Most WordPress plugins are messy and were written by people who haven't even heard of code injections. If you want your WordPress to be secure, don't use plugins. Ever. At least not without a full code review by someone who knows how to write secure code in PHP.

Seriously. Most WordPress CVEs these days are for plugins and after having seen the code of a few dozen plugins I can see why. Do not trust a WordPress plugin you have not verified yourself.

about a week ago
top

Ask Slashdot: Has the Time Passed For Coding Website from Scratch?

Jesus_666 Re:Choose a CMS you like (302 comments)

WordPress itself is actually reasonably secure these days provided you rename wp-login.php and delete the files for XML-RPC and trackbacks (comments too if they're not needed). The plugins, however, aren't. Most WordPress plugins are written by people who know a bit of PHP and need an itch scratched, not by people who know what MVC is or how to prevent code injection. The former just makes maintenance a hassle but the latter is what gets your network pwned.

You can use (a hardened) WordPress without much issue except for poor performance when compared to plain websites. If you intend to extend it in any way, however, you really should do a full code review of every plugin you use every time it is installed or updated. That means either your customers get their WordPress without plugins and further support or you rack up the billable hours doing code reviews for them.

The company I work at is actually migrating away from WordPress because our customers demand non-core functionality and keeping the plugins reasonably secure is simply too expensive.

about a week ago
top

Time For Microsoft To Open Source Internet Explorer?

Jesus_666 Re:Yeeeeeees! (165 comments)

The problem is not really the customers themselves but the expected visitors to the site. (And yes, I'm talking about websites. Web apps follow different rules as the customer and the user are the same person.)

Generally, customers expect future visitors to use something similar to what they themselves use. If the customer uses IE8 they will assume that a significant number of visitors will also use IE8. Telling the customer to switch to Firefox is useless as they can't assume that all visitors will now also magically have switched to Firefox. The only argument that does work is if we can show to them that the IE version in question has a negligible market share.

If there was a legitimate new version of IE for old Windowses it might help in driving old versions out of the market, even if it only gets the IE diehards to upgrade. Over here in Germany we already had mainstream media telling people to stop using IE (especially after the DHS and the BSI issued warnings); we might very well see computer mags reporting on an open-sourced IE for those who can't switch. That would further reduce market share and make the day when IE8/9 can be safely ignored come sooner.

(Then all we need to do is get rid of iOS <8 and Android <4.4 and we might even be able to ditch most remaining vendor prefixes.)

about a week ago
top

Time For Microsoft To Open Source Internet Explorer?

Jesus_666 Re:Yeeeeeees! (165 comments)

Nobody cares about IE6. At least nobody who counts. As far as web design is concerned, the current shambling zombies are IE8 and IE9. Those are the ones I see people asking about and those are the ones we could get rid of if we could backport newer Trident versions.

People generally don't use these versions of IE because some internal web app requires them. They use them because they're the most recent versions available for their version of Windows. And they're not going to upgrade Windows because they don't need to; their current setup works for them and there's no business case for upgrading before something breaks.

about a week ago
top

Time For Microsoft To Open Source Internet Explorer?

Jesus_666 Re:Yeeeeeees! (165 comments)

No, the problem is exactly Microsoft and old versions of Windows. "I need this specific version of Internet Explorer for this custom intranet app" may be of relevance in big corporations but for SMEs the limiting factor is usually their Windows version.

Internet Explorer is tied to Windows. You can't install IE10 on Vista. It's simply not possible. That means that for any SME running Vista IE9 is the latest version of IE. And they expect their shiny new website to be equally shiny in IE9. And no, they aren't going to buy new computers or install a different browser because their web designer told them to. (Plus, they know full well that their new site's visitory might also run IE so "just use a different browser" won't convince them even if they do switch browsers themselves.)

If Windows 8.1 was free and had the same requirements and UI as Windows Vista you could perhaps convince some of these people to upgrade. It isn't, though, and that means that either you cater to their browser choice (which usually means the latest version of IE supported by the oldest version of Windows they run) or they'll take their business elsewhere.

Having an open Trident/Son-of-Trident would at least allow people to backport it. If the mainstream tech media reported on it word might actually reach these businesses and they might consider installing the latest OpenIE. Not all of them but perhaps enough to further drive the old-IE user base further down until we can finally declare 8 and 9 irrelevant like 6 and 7 already are. Even Microsoft wants that to happen.

about a week ago
top

Time For Microsoft To Open Source Internet Explorer?

Jesus_666 Yeeeeeees! (165 comments)

Whether they'd open-source Trident or whatever comes next, I'd be all for it. Then perhaps people could backport it to older versions of Windows and we could stop writing our websites against decade-old IE versions because people can't upgrade IE without buying a new computer.

about a week ago
top

Why Run Linux On Macs?

Jesus_666 Re:a better question (592 comments)

The price/performance ratio for Macs has always been highly dependent on what kind of device you're getting. Since the G4 iBook (which is when I started using Macs) their notebooks have been a pretty good value for what they did, especially if you want to run some kind of unixoid without having to fiddle around or compromise on capability. Since the unibody MBP they're pretty damn robust, too.

Their desktops, on the other hand, cater exclusively to a) people who need big workstations and b) people who see a sleek form factor, no fans and fewer cables on the desk as serious value-adds. I fall into neither of these categories, which is why my desktop is built from COTS parts.

Unfortunately even the notebooks are becoming less attractive as Apple is focusing on the "I want my notebook to be as light and thin as possible" demographic at the expense of everyone else. My next notebook will still run OS X because I'm used to it but it won't come from Apple.

about two weeks ago
top

In Paris, Terrorists Kill 2 More, Take At Least 7 Hostages

Jesus_666 Re:Bar fucking barians ... (490 comments)

Doesn't this boil down to "people advocate their own way of life"? It's hardly surprising that people who have spent much or all of their lives under sharia law are basing their beliefs and opinions on that law. Just think about all the Americans who uncritically assume that freedom of speech is universally good and all the Germans who uncritically assume that suppressing national socialism trumps unrestricted freedom of speech. Turkey is a good example as great pains were taken to make Turkey a secular state. (Turkey is still rather quirky in many regards but religious nuts they're not.)

Also, your first numbers are about what those Muslims who believe sharia should be the law of the land have to say about leaving Islam. We're already talking about people who want a theocracy and their opinion on the specific case of someone leaving their religion. If we look at other numbers we see a different picture. Firstly, if we take the number of people who ask for sharia in the first place into consideration we see that the results are very regional with South Asia being the most sharia-friendly.

Even in places like Pakistan where most Muslims would like more sharia in their lives the vast majority still support religious freedom (pg. 63). As a matter of fact, the most intolerant country, Egypt, still has 77% in favor. Also note that virtually everywhere people are quite concerned about Muslim extremist groups (pg. 68) and that the only people who can muster even lukewarm approval of suicide bombings are those in very unstable regions like Palestine and Afghanistan.

If anything, the Pew study tells me that it's not a religious problem but a regional and social one. The most extreme opinions come from regions that are either politically unstable, have been dominated by extremists for decades or are Pakistan. (I don't know much about Pakistani culture so I can't tell what colors their opinions.) Also, the great Islamic crusade to convert everyone in the world is a myth. Broadly claiming that Muslims everywhere behave like telegenic extremists in particularly extremist countries is like claiming that the entire USA are like the Bible Belt and that the Westboro Baptist Church is representative of popular opinion in the States.

We have to figure out a way for everyone to get along. Painting an entire religion with broad strokes in a situation where religion is a politically charged topic is counterproductive, especially when all you have in favor of this is media coverage of extremists putting on a show for the media.

about three weeks ago
top

FreeNAS 9.3 Released

Jesus_666 Re:Why (115 comments)

Jailed Time Machine service? I just made a share with the appropriate settings and that was it; no jail or service required.

about a month and a half ago
top

FreeNAS 9.3 Released

Jesus_666 Re:Small NAS box suggestions? (115 comments)

As long as you just want basic ZFS without fancy stuff like deduplication you can use an HP Microserver. I've got an N54L with four gigs of RAM, which is currently running FreeNAS 9.2 with a mirrored two-disk setup (because my budget didn't allow more then two disks when I put it together). It works just fine and didn't put a huge dent into my finances. Also nice is that there is a modding community for those things so if you want to replace the DVD drive with more fixed storage you can easily find an article by someone who has tried just that.

Newegg quotes 229 USD for one with 4 GB, which leaves ca. 250 USD for HDDs once S&H is factored in. Get two nice HDDs or perhaps three slightly worse ones. You've got four caddies to work with so future expansion is not a problem. Or put in more RAM.

Oh, and don't forget the USB drive. For FreeNAS 9.3 you'll want one with at least 8 gigs.

about a month and a half ago
top

Node.js Forked By Top Contributors

Jesus_666 Re:Joyent unfit to lead them? (254 comments)

The blog is useless. I read the Github discussion on the pull request and the revert. Here's what happened:

1. A pull request containing only two very minor changes to comments in the source code was made.
2. Mr. Noordhuis rejected the pull request with a terse "Sorry, not interested in trivial changes like that."
3. A flamewar erupts about the appropriateness and neccessity of the singular "they". Mr. Noordhuis is not participating in the flamewar.
4. The pull request is forced through while the flamewar rages on.
5. Mr. Noordhuis reverts the forced landing on the grounds that it violated project policy. The revert immediately begins to accumulate a fair number of hostile comments.
6. The flamewar intensifies. Allegations are made about Mr. Noordhuis's character.
7. A joyent employee, acting in an official role and using Joyent's official blog, decided to write and publish a text about how Mr. Noordhuis is sexist and would've gotten fired from Joyent on the spot, indirectly calling Mr. Noordhuis an asshole in the process. Joyent, by not taking the text down, implicitly endorses it.
8. Mr. Noordhuis posts into the discussion to point out that the rejection/revert had been made on purely procedural grounds. He simultaneously announces that he will leave the project, which I can fully understand.

After that the flame war goes on. Some people actually point out that Joyent's behavior is highly unprofessional, which the Joyent employee disregards because "'Fired' isn't a gendered word that has larger social ramifications that careless use of pronouns does." So yes; according to Joyent, publicly calling someone so sexist that they would've been fired on the spot is less bad than using "he" in a gender-neutral role. (Bonus points for one woman in the discussion calling the whole thing a "witch burning". For the record, she was also the one person to offer a solution instead of flaming about pronouns.)

If IBM and Oracle worked remotely like that they'd be up to their ears in wrongful termination suits. And libel suits. And, depending on whether insults are an actionable offense in the relevant jurisdiction, suits about that too.

The sad thing is that early on someone offered a perfectly reasonable way of resolving the situation: Mandating the singular "they" in the project's coding guidelines and then floating changes to existing code until they can be mixed in with other refactoring commits. Of course it was completely ignored.


(For the record, I am a proponent of singular-they and I still think that the term "social justice warriors" with all its negative connotations entirely applies here. Many of the people involved completely went off the rails as soon as the pull request was rejected and immediately assumed Mr. Noordhuis to be a moustache-twirling antifeminist villain.)

about 2 months ago
top

Ask Slashdot: IT Career Path After 35?

Jesus_666 Re:Simple... (376 comments)

Not just startups run by kids. Be wary of companies run "like startups" who want to be all kinds of agile by exclusively hiring people who have started but not finished a CS degree because those people are supposedly both experienced (because all CS students are experts in all things computer) and extremely creative (because people over 25 can't keep up). Experience is considered problematic as apparently it translates into higher salaries but not higher skill.

I work in such a hellhole (well, until I'm done with my degree) and the sheer amount of stupid mistakes we're making because nobody has any kind of experience is mindboggling and is the reason why the company has been in damage control mode since 2010. The kicker? The owner of the company is in his 50s. He's still convinced that only CS students can ever be reasonable employees in the IT world.

Not just young bosses can be stupid about hiring.

about 2 months ago
top

Elite: Dangerous Dumps Offline Single-Player

Jesus_666 Re:Apparently "backers" don't understand the term (473 comments)

And the solution is to do a chargeback for item not delivered. Suddenly kickstarter will feel the pain of the chargebacks and stop trying to foist the responsibility onto it's customers.

What's keeping Kickstarter from recouping the lost money from the creator? I haven't read the fine print of the deal between Kickstarter and a creator but I'd be surprised if it didn't contain a clause that allowed them to do exactly that.

about 2 months ago
top

Elite: Dangerous Dumps Offline Single-Player

Jesus_666 Re:Even Donations Come with Obligations (473 comments)

Crowdfunding is a bit of a gamble. I've backed a few projects that are massively overdue. On the other hand I also backed Shadowrun Returns and Wasteland 2, both of which are here and immensely enjoyable. And a high-efficiency LED bulb I'd buy again if I needed another one. Aside from Kickstarter I bought myself into the Path of Exile closed beta and PoE became a succesful and very fun game that I spent a lot of time with.

Of course there are some wasted Euros in there. I'm not going to deny that. And I'm still waiting for a few promising-looking games, although at least I get status reports every once in a while. One semi-example for a failed Kickstarter would be Preaching to the Perverted; while the Blu-Ray version works fine and looks great, the promised digital download first turned into an iOS app (I don't own a recent iDevice) and then had to be redone from scratch because Apple wouldn't allow it on their store. If I remember correctly it's still being worked on.

You have to accept that it's always going to be hit-and-miss with crowdfunding. Sometimes you get a polished, fun product that will leave you entirely content with how much money you spent to obtain it. Sometimes you get something disappointing or the project folds due to mismanagement. In my experience the former is more common (even if time overruns are the norm), especially if it's a high-profile project. But it's still a gamble and it's up to you to decide whether you're willing to take it.

about 2 months ago
top

Elite: Dangerous Dumps Offline Single-Player

Jesus_666 Re:Real investments come with guidance (473 comments)

The gist of it is that a terrible and untouchable community manager managed to get several backers to a point where they felt that the only effective way to protest a community management issue was to financially hurt the developers. You can find the details online; a search for "mighty number 9 chargebacks" should bring up relevant stories. There's a dash of Gamergate towards the end but it's only tangentially related to the core issue.

about 2 months ago
top

Apple Disables Trim Support On 3rd Party SSDs In OS X

Jesus_666 Re:Why? (327 comments)

There's the commercial-restricted approach. Sell your hardware and your software, and only allow a select-few others to sell hardware or software that is compatible with your products. The upside is that the platforms are highly stable, but the downsides are that users will sometimes find they simply can't do something because it's disallowed. It also requires the company to be ever-vigilant about pushing more features and capabilities, as stagnation will mean death. Apple currently leads this community, but SGI, Sun, NeXT, Commodore, and a whole bunch of computer companies throughout the years have tried it and ultimately closed up shop.

NeXT didn't close up shop, they were bought by Apple. Then they replaced several of Apple's top execs (including the CEO) with their own and used NeXTSTEP as the foundation for the new MacOS. In essence, NeXT bought Apple for minus 400 million Dollars.

about 2 months ago
top

Buying Goods To Make Nuclear Weapons On eBay, Alibaba, and Other Platforms

Jesus_666 Re:If so damn many people are making nukes (260 comments)

You are painting with broad strokes. By the same measure one could argue that guns have pretty much one use: Accelerating bullets. The kinds of targets the bullets can be accelerated towards are varied, one of which is murder victims. There is considerable societal interest in regulating guns' use in bullet acceleration leading to the production of murder victims.

You conflated all chemical reactions with bomb making, which does not make much sense, just like my conflation of all gun use with murder doesn't.

Also, by your logic, hydrocarbon fuels should be severely restricted because they can be used to make ANFO. Also vegetable oil because you can use that for ANFO, too. Or you leave the ammonium nitrate away and just build a fuel-air bomb. Society has interest in regulating the production of those, too. And let's not forget that electricity can be used to electrolyze water into hydrogen and oxygen, which can also be used as an explosive. Access to electricity should be regulated as well.

Or we agree that just because something can potentially be used for actions that are against the interests of society we can't assume that this is a particularly common use.

about 3 months ago

Submissions

Jesus_666 hasn't submitted any stories.

Journals

Jesus_666 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?