×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Congress Passes Bill Allowing Warrantless Forfeiture of Private Communications

PAjamian Re:Everyone who blamed Bush for everything... (379 comments)

But frankly, if Obama doesn't Veto this, then he is the same scum of the Earth and frankly both sides need to be tossed out on their bums...

It doesn't matter, he can't veto it. 325-100 is a veto-proof passage.

about a week ago
top

Congress Passes Bill Allowing Warrantless Forfeiture of Private Communications

PAjamian Re:Over to you, SCOTUS (379 comments)

He doesn't have to for it to become law anyways, 325-100 is a veto-proof margin.

about a week ago
top

FCC Says Net Neutrality Decision Delay Is About Courts, Not Politics

PAjamian Re:Today I realized... (60 comments)

I find that I tend to get them after making a few posts, I think their algorithm identifies active participants and gives them points.

about a month ago
top

ISPs Removing Their Customers' Email Encryption

PAjamian Re:Anti-Spam Measure? (245 comments)

There are other options than Amazon, have a look at Madrill

about a month ago
top

ISPs Removing Their Customers' Email Encryption

PAjamian Re:Anti-Spam Measure? (245 comments)

It's done to help with anti-spam in general on the internet. A large percentage of PCs (especially windows PCs) are compromised and blocking outbound port 25 is a standard measure by ISPs to prevent those from being used as spambots. If you have a legitimate need for outbound port 25 traffic then most ISPs will unblock it for you on request (if you have a static IP, that is). That said, even if they do you will still likely be listed on a number of different policy blacklists which you will then have to play whackamole with to get your email accepted by other servers on the internet. A much better approach is to use a relayhost or to get a cheap VPS to relay through.

about a month ago
top

ISPs Removing Their Customers' Email Encryption

PAjamian Re:Most severs shouldn't be vulnerable (245 comments)

For one it can't be hijacked as easily as these ISPs are doing.

...which they're *not* doing. This article is a farce written by someone who can't even configure his email client to use the correct port for submission. He's trying to use port 25 which is only for MX to MX communication and not for submission, he should be using 587 and if he did there would very likely be no problems.

about a month ago
top

ISPs Removing Their Customers' Email Encryption

PAjamian Re:Meh (245 comments)

TLS in this regard would be handy if you're on an open wi-fi and are sending login information to the mail server.

Yeah, that's pretty much all that STARTTLS really accomplishes.

about a month ago
top

ISPs Removing Their Customers' Email Encryption

PAjamian Re:Most severs shouldn't be vulnerable (245 comments)

Look, most severs these days are configured in such a way that STARTTLS runs on a different port than the plain-text connection.

Wrong. STARTLS specifically allows for both plain text and TLS on the same port.

The server will reject login requests until the STARTTLS handshake is completed.

Partially correct. A well configured server will behave this way on the *submission* port (587) but if the MX port (25) were configured this way then you would be blocking a lot of legitimate email from old servers on the internet that do not support STARTTLS and as such is is not recommended to require STARTTLS for port 25 MX to MX communication. Also even when STARTTLS is used the connection is still plain text until STARTTLS is negotiated.

But take it from a guy who worked on an email client

Thanks for giving me a link to yet another piece of software written by someone who doesn't understand the technology behind it.

(Also: STOP USING STARTTLS!!!)

Wrong again. The only way to have an encrypted SMTP submission channel without STARTTLS (other than tunnelling through ssh or something like that) is via SMTPS (port 465). SMTPS is long ago deprecated and should not be used. Port 465 was *never* officially registered for this use and was essentially "hijacked" and there are only a very small number of old email clients that support SMTPS but do not support STARTTLS. You *should* be using STARTTLS over port 587 which is the submission port. Also STARTTLS is the only legitimate means of encryption between a submission server and an MX.

Of note (which I've also said elsewhere), the real reason the author of the original article had problems is because he is trying to use port 25 for submission. He should be using the submission port (587) and it is highly unlikely that his ISP would be blocking the STARTTLS flag on that port.

about a month ago
top

ISPs Removing Their Customers' Email Encryption

PAjamian Re:smtpd_tls_security_level=encrypt (245 comments)

Kind of, smtpd_* is for when postfix is the server and smtp_* is for when postfix is the client (ie when it connects to another server to relay mail). At any rate this setting should only be used for submission and not for server to server communication otherwise you will end up blocking mail to and from other servers that do not support TLS (there are many). The default setting for this is "may" which is for "opportunistic" TLS which can fall back to plain text if need be.

If you RTFA you will see that the author is trying to submit mail to port 25 on his email server which is supposed to be for MX to MX communication only. If he were to submit to the proper submission port (587) he would likely find that the STARTTLS flg is not blocked by his ISP, in other words this whole article is a farce written by someone who doesn't know what they're talking about.

about a month ago
top

ISPs Removing Their Customers' Email Encryption

PAjamian Re:Anti-Spam Measure? (245 comments)

I recall the general consensus being that it's an anti-spam measure, and (is supposed to) only happen when connecting on port 25 to a non-local machine

Yes and that's exactly what's happening, FTFA:

They determined Cricket was intercepting and blocking STARTTLS on port 25

(port 25 is supposed to be for server-server communication only). Normal clients are supposed to be able to avoid the issue by changing your MUA to submit mail on port 465 (smtps) or 587 (smtp).

Absolutely correct, with the exception that smtps is long deprecated and only port 587 (submission) should be used for the submission of email.

I suspect people running their own SMTP servers will probably need to negotiate with their ISPs, or relay their mail through their ISP's SMTP server as a smarthost.

This is fairly normal. Many ISPs simply block outbound port 25 rather than filtering out STARTTLS. Personally I think that's the better approach for these ISPs (to just block the port alltogether), but either way this article is a bunch of crap written by someone who can't even set his email client to connect to the right port.

about a month ago
top

Ask Slashdot: Where Do You Stand on Daylight Saving Time?

PAjamian Re:It's stupid - switch to GMT (613 comments)

Exactly, it would actually make the situation worse. Consider that when you call someone you may ask, "what time is it there"? What you (usually) really want to know is what part of the day / night is it. Making everyone live under GMT would answer the first question but not give you any useful information to what you really want to know and just make it harder to find out.

about a month and a half ago
top

Ask Slashdot: Where Do You Stand on Daylight Saving Time?

PAjamian Re:Against it (613 comments)

I wonder if those in the "DST helps to save energy" camp took into account the significant amount of energy used by computers around the world to account for DST in time-zone conversions?

about a month and a half ago
top

Ask Slashdot: Where Do You Stand on Daylight Saving Time?

PAjamian Re:I live in Arizona, and it's a pain (613 comments)

We don't celebrate DST in Tucson, but all my distant suppliers etc. do, so I have to adjust my mental clock to deal with their different offsets.

Try living in New Zealand and having clients in California. Since NZ is in the southern hemisphere our summer is during your winter and vice-versa, so during our summer (and your winter) we are three hours apart* from US/Pacific, but during our winter and your summer we are five hours apart and in-between there is about a month where DST overlaps in both fall and spring and we are four hours apart.

* Actually 21 hours, but it's easier to think of it as us being a day ahead and three hours behind.

about a month and a half ago
top

Microsoft Considered Renaming Internet Explorer To Escape Its Reputation

PAjamian Re:All white meat (426 comments)

Right, chickens have both white and dark meat. The white meat comes from the breasts and the dark meat comes from the thighs, legs and wings. The white meat is known to be healthier, while the dark meat contains more flavour. McDonalds is simply saying that the old nuggets had both white and dark meat while these new ones are only white meat. It's a play to try to say they are healthier now.

Of course the health benefits of this switch when the nugget is battered and then deep fried either way are debatable. It would be more admirable if they switched to white meat, a wholemeal batter and baked them instead of deep frying, but good luck getting them to do that.

about 4 months ago
top

New Zealand ISP's Anti-Geoblocking Service Makes Waves

PAjamian This could backfire (153 comments)

... if the service (as I suspect) routes your traffic to a given IP from another IP in the same country, this could backfire as some services are actually better from outside the country, some examples:

mlb.com (and other sports streaming services) which applies blackout restrictions if you're trying to watch games from inside the US or its territories. Watching baseball games from New Zealand, however, has no blackout restrictions.

Purchasing goods from sites that apply sales tax if you're browsing from the same country that the site is based in (more far fetched, they usually apply sales tax according to shipping destination).

about 5 months ago
top

One Month Later: 300,000 Servers Remain Vulnerable To Heartbleed

PAjamian Re:Certificate extortion (60 comments)

In any case why revoke them, just replace them with a new, free cert.

What is the point in replacing a cert if you aren't going to revoke the old one? Replacing the cert doesn't solve anything if the old one is still valid and usable.

about 7 months ago
top

Red Hat To Help Develop CentOS

PAjamian Re:Odd... (186 comments)

I didn't catch that bit of the announcement. It'll be interesting to see what actually happens in that regard, then. At any rate I think it will probably be a minor adaptation to get the sources from git instead of SRPMs and it should make tracking changes in the sources easier. Also it may be possible that the CentOS project itself will continue to release the sources which would be almost identical to the RHEL ones anyways.

about a year ago
top

Red Hat To Help Develop CentOS

PAjamian Re:Odd... (186 comments)

Oracle is a less expensive RHEL,

No, Oracle rips off RHEL just like CentOS SL and others do, but Oracle doesn't add value to RHEL, instead they compete with RedHat and with less expensive you get a fourth party to the sources (after they have gone through the original project, then Fedora, then RHEL) trying to provide support for something they only cloned off of someone else, whereas RedHat are pretty much 2nd party to the sources and have a lot more knowledge on them, so you get what you pay for in terms of support or with Oracle even less than what you paid for.

Cent tends to lack security updates after RHEL releases,

CentOS has been pretty onto it as of late, 6.5 only took about a week after RedHat released (iirc) and they are very quick on updates, usually the same or next day. Also now that the devs are getting paid (by RedHat) for their time it should be even faster.

Scientific is dependent on government funding but gets security updates in what could be called a timely manner compared to Cent.

There have been times that SL has beaten CentOS and times that CentOS has beaten SL.

If this means Cent gets security updates in a timely manner after RHEL version bumps then it is a good thing.

My understanding form the original CentOS announcement is that CentOS will still have to build their own binaries from the publicly available sources (RedHAT won't allow them to use RHEL binaries) so that part won't change, but as I said above, the devs are now paid for their time which will make a huge difference, plus I imagine that they will have better access to RedHat for issues with rebuilding the sources. RHEL is not self-building and as such has always had difficulties trying to get it to build, especially after a new major release. Often times you can look at the sources and wonder how RedHat managed to get it to build. Now they should have better access to get help with these issues instead of having to figure it out for themselves.

about a year ago

Submissions

top

Fedora 19 to Stop Masking Passwords

PAjamian PAjamian writes  |  about a year and a half ago

PAjamian (679137) writes "Maintainers of the Anaconda installer in Fedora have taken it upon themselves to show passwords in plaintext on the screen as they are entered into the installer. Following on the now recanted statements of security expert Bruce Sheiner, Anaconda maintainers have decided that it is not a security risk to show passwords on your screen in the latest Alpha release of Fedora 19. Members of the Fedora community on the Fedora devel mailing list are showing great concern over this change in established security protocols."

Journals

PAjamian has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?