Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



MIT Unifies Web Development In Single, Speedy New Language

KidSock Re:W3C, please. (194 comments)

The reason people don't respect the W3C specs is because they don't meet application requirements. HTTP and HTML were designed to serve static documents. The W3C thought the web was going to be like a giant encyclopedia composed of book like content with chapters, paragraphs, static images and so on. The statelessness of HTTP causes all sorts of problems that have resulted in hacks like cookies. Consider that HTTP does not specify any way to even authenticate a client. There's no way to do a proper complete stand-alone authentication. So we have to process plaintext passwords on the server over HTTPS. If HTTP had a proper authentication mech, major hacks like those we hear about on the news would be significantly reduced. The whole tool-chain stinks. Nobody understands CSS. The DOM is buggy and generally not that useful. JavaScript is mess. It's all way more complicated than it needs to be. The only upside is that it's so bad, it's an inevitablility that someone will come up with a completetly different "browser" with it's own tool-chain or possibly a browser plugin that just completely replaces the whole W3C toolchain. I hope anyway.

about a month ago

New Book Argues Automation Is Making Software Developers Less Capable

KidSock Re:Computers are making everyone's life easier (212 comments)

Theoretical computer scientists might be intelligent but in my experience they make bad programmers. Computer science professors are almost always really bad programmers. Good programmers are more artist than scientist. And you can't automate art.

Also, I don't know what automation is being referenced because I never met an IDE I didn't hate. And as far as build tools go, the whole automake, autoconf, libtool tool-chain is a bad joke. I wish that stuff were automated. But right now it all seems to be very manual to me.

about 3 months ago

RHEL 6 No Longer Supported By Google Chrome

KidSock Re:RHEL is for servers not desktops (231 comments)

Last I checked a RedHat subscription was not priced for the non-corporate user.

And I have tried those "long term support" distros more than once (although not RH) and my experience was that a) nobody actually uses them so the support isn't that great (you can't find a lot of answers in forums, blogs and such) and bugs take a long time to get fixed and more likely b) they only support new hardware for a little while so they don't really work unless you buy a laptop at the same time the distro was released. As soon as the kernel is remotely dated, you can't get wireless or suspend or whatever to work properly because there's some new chip the kernel doesn't understand.

about 2 years ago

RHEL 6 No Longer Supported By Google Chrome

KidSock RHEL is for servers not desktops (231 comments)

I don't think I've ever installed RHEL or CentOS with X Windows. Frankly it annoys me that there are no desktop distros that are maintained for longer than a year or two. Are we really expected to reinstall Linux on a workstation ever year? That scares me because it makes me think the people who are using Linux are just screwing around and not doing real work. Anyone doing real work doesn't have time to reinstall Linux every year.

about 2 years ago

27 Reported Killed In Connecticut Elementary School Shooting

KidSock It's CNN's fault (2987 comments)

Seriously. I think the media coverage of these events inspires these guys. They have to stop reciting every little detail over and over. These shooters are not just raging against something, they want to become infamous. And CNN is making these guys infamous. The media should just report some basic facts and then change the topic. Don't show video, don't show pics, don't play 911 calls and most important stop leading witnesses through each moment of the crime. The shooter's fantasy is people reciting the horror over and over on prime time TV. Please stop!

more than 2 years ago

Cheap GPUs Rendering Strong Passwords Useless

KidSock NTLMv2 is much stronger and the default as of 2008 (615 comments)

Note that the article is referring to NTLMv1 which uses 56 bit DES and, as illustrated by the article, that is easily broken. However, the article conveniently fails to mention that as of Vista and Windows 2008, default security policy requires NTLMv2 which uses 128 bit RC4. That is a totally different crypto scheme. Despite the fact that the protocol for exchanging authentication tokens (NTLMSSP) has been around since early Windows NT days, it doesn't matter - cryptographically 128 bit RC4 is fairly secure. At least the difference between 128 bit RC4 and the 256 bit AES used by Kerberos is not the weak link (and as of today Windows domains still default to allowing 128 bit AES to be negotiated anyway).

Also, note that NTLM authentication is absolutely not obsolete. Kerberos clients require access to domain controllers. Kerberos is very sensitive about the name a client uses to authenticate with a service and it is very sensitive about DNS. It requires a lot of manipulation of principal names and key files. Time must be synchronized on all three machines involved in a Kerberos authentication. Stale tickets may need to be purged. If any of these things are not right, it can be non-trivial to track down the problem. NTLM does not have any of these issues. NTLM is much more robust than Kerberos. It's just less efficient and it lacks features like delegation. A "pass through Kerberos" mechanism is being developed to replace NTLM that would resolve some of these issues (the main one being that clients would not be required to access domain controllers), but I suspect it will still be quite a while before it actually does and it's not clear that it will solve all of the aforementioned issues anyway.

more than 3 years ago

Obama Helicopter Security Breached By File Sharing

KidSock Lockeed Martin VH-71? (408 comments)

The article on this are horribly inadequate. First, any helicopter is "Marine One" as soon as the president steps on board. So what helicopter is it? Is it the 30 year old Sikorskys that we're used to seeing or is it the new Lockheed Martin VH-71?

more than 5 years ago

High Tech Misery In China

KidSock There is an up-side (876 comments)

I bet they type faster than Data from Star Trek TNG.

more than 5 years ago

Phantom OS, the 21st Century OS?

KidSock Just a semantic difference (553 comments)

Files or "persistent objects", it doesn't make any difference since things are ultimately serialized to streams. In fact, the whole thing sounds pretty clumsy to me.

more than 5 years ago

The Economist Suggests Linux For Netbooks

KidSock Linux is for servers - not laptops (445 comments)

I've been using Linux on my laptops for almost 10 years. I've used RH, Fedora, then CentOS for a long time, Ubuntu very briefly and now I'm well into Fedora 9. So there's my street cred - ok.

I'm sorry to say that running Linux on a laptop has some serious problems, always has, and I suspect, always will. It's nothing that a seasoned Linux power user can't fix but for the average person it's not something you want to mess with. There are almost always problems with video, wireless, sound and suspend/resume. Meaning they just don't work and require serious tweaking or sound dies after suspend/resume or if you're unlucky need a kernel module which means it will break again on the next kernel update. Etc, etc, etc... This has been going on forever. It's gotten a little better over the years (e.g. no more XF86Config "modelines" thank you) but until there is a paradigm shift in how the kernel developers interface with hardware vendors I have a feeling we're going to go on having problems with Linux on laptops.

Linux is for servers. And it kick's ass on servers. Solaris is dying (or at least it's dying like FreeBSD is dying). Their edge used to be large hardware support but that has become less and less important as people start to accept the idea of lots of little cheap $5000 servers instead of a few really big multi-million $ servers. Windows is not a good choice for a server if you don't need Windows libraries. If you're just running web apps, some Java, a DB, etc Windows is a liability with all that code you're not using.

Of course there's always someone who claims they have never had a problem with Linux on their laptop. Any then five minutes later the can't get on the WiFi network because NetworkManager is lost. And pretend it's nothing ...

more than 6 years ago

Microsoft Working For Samba Interoperability

KidSock WRONG (221 comments)

make it available, so not every friggin windows machine has to do unencrypted passwords across the network to access SAMBA shares

This is completely WRONG.

Samba fully supports NTLM and NTLMv2 which Windows will initiate without any configuration. And if the Samba machine is a domain member, Windows clients will also do Kerberos.

A few years back Samba required that you run some goofy commands to setup the password database. As a result, some users would simply punt and turn off encrypted passwords. I think that might be what you're thinking of.

No one should every be sending domain passwords over the network in plain text. However, last I checked, Windows clients actually do have a security policy setting that instructs the client to use plain text authentication. But you should never use that in a domain environment. It's for home users who just want to drop the pants on security for maximum compatibility with legacy systems (e.g. Windows 3.x).

more than 6 years ago


KidSock hasn't submitted any stories.


KidSock has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?