×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Ask Slashdot: Making a 'Wife Friendly' Gaming PC?

Richard_J_N Fanless is possible (720 comments)

I've been using fanless machines for ages. Basically, you use heatpipes to the case. QuietPC.com are extremely helpful - I have a system with a Streacom FC9 case which is big enough for a high-end CPU, but still dead silent. Of course, if you want the ultimate in graphics cards, you may still have to put up with a fan.
Also, signals travel along cables at about 2/3 speed of light - so your mere cable length shouldn't be a problem. HTH

about three weeks ago
top

Eizo Debuts Monitor With 1:1 Aspect Ratio

Richard_J_N Definitely :-) (330 comments)

Great that they are making these (though it would be nice to get them in HighDPI too). I'll certainly be getting a few.
(Currrently using 3x 1600x1200 20.1" screens, which is an excellent productivity setup, though the backlights are all beginning to fade).
While we're talking wishlits, give us a monitor that can go to 1200 lumens+ for outdoor use - I'd love to work outside in the summer time, though I need a monitor that can be viewed with sunglasses on, in partial/direct sunlight.

about a month ago
top

Launching 2015: a New Certificate Authority To Encrypt the Entire Web

Richard_J_N What about SSL proxy appliances (212 comments)

What do we do to defeat SSL proxying, where there is an "official" MITM? For example, a Bob uses a web browser on his work computer, which trusts an SSL proxy appliance, because Eve (sysadmin) installed that cert into all browsers on the office machines. Alice (as the server-operator) wants to protect Bob (who doesn't know any better) from this. Key fingerprinting would allow Bob to discover this, but how can Alice verify this?

about a month ago
top

Ask Slashdot: Best PDF Handling Library?

Richard_J_N HMRC's CT600 form - PDF forms (132 comments)

Is there anything that can handle the gruesome CT600 forms that the UK Tax authority require us to fill in every year? These have lots of embedded scripting and can only be read with Acrobat Reader. However, this year, Adobe have stopped releasing Acrobat for Linux.

(An added bonus, the internal logic of the CT600 is buggy: for example if a particular tax option does not apply, it is fussy about the distinction of 0 vs empty, and this leads to subsequent validation errors (naturally with confusing messages). It also has about 20 pages of irrelevant data required, in order to reach a single number, which we have already calculated.)

about 5 months ago
top

Comparison: Linux Text Editors

Richard_J_N Any editors with good auto-completion? (402 comments)

I wonder whether anyone has an editor with really good auto-completion suggestions.
For example, in HTML, I might type:

Alternatively, in PHP, I might type: forea
and the editor should offer me: foreach ($key => $val){

It should also be able to show the documentation for the functions within a tooltip, do inline syntax lint checking, and support refactoring.

So far, I would also mention "Brackets" and Github's "Atom" editors as worth looking at.

about 5 months ago
top

Firefox 29 Beta Arrives With UI Overhaul And CSS3 Variables

Richard_J_N Re:CSS variables? (256 comments)

Personally, I found that dynamically generating my CSS from PHP is the solution. It's easy to understand, easy to write, cross platform, and (using the etag trick), has good performance and bandwidth use.

So I have a bunch of rules like this:
echo "body{ height:100%; background: $colour_body_bg; font-family: $fontface_body; color: $colour_body_text}\n";
Even better, I can support slightly different versions of the stylesheet by linking to "style.php?style=theme_name".

Then, to handle performance and bandwidth, I use etags. The browser will always cache this document at least 10 minutes. After that, it will check for a newer version, but the server will usually reply with 304 (unchanged).
$last_modified_time = filemtime(__FILE__);
$etag = md5_file(__FILE__);
header("Last-Modified: ".gmdate("D, d M Y H:i:s", $last_modified_time)." GMT");
header("Etag: $etag");
if (@strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) == $last_modified_time ||
        trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) {
        header("HTTP/1.1 304 Not Modified");
        exit;
}
header("Cache-Control: max-age=600");
header("Content-type: text/css");

about 9 months ago
top

Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

Richard_J_N Re:Why is this legal? (572 comments)

That would be ideal, but it requires elevated privileges (no idea why that should be). So I'd have to put it in a firefox extension.

I'm trying to protect normal users who may not be aware that their employer is MITMing them by providing them with a web browser which has been misconfigured into trusting the cert of an SSL proxy appliance.

about 10 months ago
top

Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

Richard_J_N Re:Why is this legal? (572 comments)

How does DNSSEC help?

I'd like (ideally) to write a php script that would detect when my users are on "compromised" machines, and warn them.
What I want is to write some javascript that would send back to the server what the client *thinks* is my certificate fingerprint.

about 10 months ago
top

Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

Richard_J_N Why is this legal? (572 comments)

As the operator of the webserver, I certainly don't consent, even if the employee had no choice..
Is there any way to detect this server-side?

about 10 months ago
top

Most Alarming: IETF Draft Proposes "Trusted Proxy" In HTTP/2.0

Richard_J_N Re:Hidden problems with proxies (177 comments)

Why? If the connection is being MITMd, then both sides need to be able to figure this out.
There was a long discussion on this (regrettably rejected by the browser vendor) to allow the SSL fingerprint to be obtained in JS. That would make it reasonably easy for the site operator to verify that the SSL cert hadn't been tampered with. (Of course, a really evil proxy can scan for the JS, but that game of whack-a-mole is usually easier for the good guys to win, at least sometimes).

about 10 months ago
top

Most Alarming: IETF Draft Proposes "Trusted Proxy" In HTTP/2.0

Richard_J_N Re:Hidden problems with proxies (177 comments)

As a website operator, I want to know if my content is being MITMd en route to the user. I know about the SSL fingerprint trick that lets a really technical user discover proxying, but I want to automate this process server-side, and stick up a big banner to say "Your employer is snooping on this connection, please log in from a trusted machine" (and then I'll prevent the user from logging in).

about 10 months ago
top

Ubuntu 14.04 Brings Back Menus In Application Windows

Richard_J_N Merge window buttons and menu bar? (255 comments)

I've never understood why we can't get the window-manager and the application to play nice, and share one bar. Usually, there's plenty of space horizontally, and too little vertically. So, why not have the combination of:
[icon] File Edit View History Bookmarks Tools Help ....... "The window title goes here" ....... _ [] X

about 10 months ago
top

Nokia Turns To Android To Regain Share In Emerging Markets

Richard_J_N Re:...and the high end? (146 comments)

Of course . but the consumer could then have their favourite OS and phone. For example, I might like a Nokia running Android, while somone else might prefer an S5 with Windows. (What I really want is an iPad with Lubuntu).

about 10 months ago
top

Nokia Turns To Android To Regain Share In Emerging Markets

Richard_J_N Re:...and the high end? (146 comments)

But a dual-boot phone, especially if it shipped with both would be widely liked, I think.

about 10 months ago
top

Nokia Turns To Android To Regain Share In Emerging Markets

Richard_J_N Re:...and the high end? (146 comments)

True, but how many consumers would like a phone that can run their choice of OS? I certainly would.
If necessary, I'd even pay for MS as long as I don't have to use it. (as with almost all laptops)

about 10 months ago
top

Nokia Turns To Android To Regain Share In Emerging Markets

Richard_J_N ...and the high end? (146 comments)

If I can get a high-end Lumia and have Android, that would be amazing.

about 10 months ago
top

California Bill Proposes Mandatory Kill-Switch On Phones and Tablets

Richard_J_N Just require decent service from the police. (341 comments)

I've found twice now that, on reporting stolen devices (to the UK police), even if we know exactly where they are (trackers, phone home etc), there's no way to get the police to react (promptly) to go and get it back. If the police would quickly go and retrieve stolen devices, the problem would vanish.

about a year ago
top

Adware Vendors Buying Chrome Extensions, Injecting Ads

Richard_J_N Is Firefox safer? (194 comments)

Specifically, can we assume that any extension loaded into Firefox via the official extensions repository, is open-source, and that someone from Mozilla is checking the extension before an update is released?

about a year ago
top

CyanogenMod Integrates Text Message Encryption

Richard_J_N Key distribution and metadata? (118 comments)

I looked at this, and there are 2 things I can't understand:

1. How does key distribution work? Even public-key crypto of this type doesn't necessarily work if there is a man in the middle.
2. How is metadata protected? For an SMS, often the timestamp and sender/recipient pairing is as revealing as the message content.

1 year,15 days

Submissions

Richard_J_N hasn't submitted any stories.

Journals

Richard_J_N has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?