Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Google Proposes To Warn People About Non-SSL Web Sites

pathological liar Re:Bad for small business owners (396 comments)

first I have to manage to get an SSL certificate (costs serious effort and money)

No, it costs ~$7/yr and takes a few minutes. Maybe 15 if you need to look up how to generate the signing request.

about a month and a half ago

Google Proposes To Warn People About Non-SSL Web Sites

pathological liar Re:Stupid (396 comments)

This is a dumb idea. A very dumb idea.

Since we're assuming MITM, what happens when I inject javascript into the page? Even assuming the browser prevents me from leaking the PROT header, I can still have it make arbitrary requests using your session.

What happens when I just block the original response, pretend your session died, and serve up a bogus login page that gives me your credentials?

about a month and a half ago

Employers Worried About Critical Thinking Skills

pathological liar Pay your taxes (553 comments)

We wouldn't have to slash school budgets if these employers paid taxes.

How's that for critical thinking?

about 3 months ago

Google Finds Vulnerability In SSL 3.0 Web Encryption

pathological liar Re:Stuck between a rock and noplace (68 comments)

The paper explains it.

It is to support old servers (ancient Cisco gear comes to mind) that can't properly negotiate newer TLS versions. Unfortunately those failed negotations don't fail, er, gracefully -- it just kills the connection. Browsers (Chrome, Firefox, probably others) retry using SSLv3. Why? There's a lot of old gear out there.

about 4 months ago

Google Finds Vulnerability In SSL 3.0 Web Encryption

pathological liar Er, they mentioned that (68 comments)

From agl:

We used to have an entry in the preferences for that but people thought that “SSL 3.0” was a higher version than “TLS 1.0” and would mistakenly disable the latter.

"Chrome Users Dumbed Down" might have been a more apt title.

about 4 months ago

Reversible Type-C USB Connector Ready For Production

pathological liar Er, what? (191 comments)

though it might be as simple as including a Micro-USB-to-Type-C adapter with every new smartphone

This is genius.

"This new connector, whose only value is that it's reversible, doesn't work on the billions of existing devices. Why don't we include a non-reversible adapter?"

Hell, for extra convenience, just leave the adapter on the cable all the time.

about 6 months ago

Ask Slashdot: How Often Should You Change Jobs?

pathological liar Re:Job Hopping (282 comments)

You're externalizing blame.

If you have a problem with 'hoppers' have you looked into why you're failing to retain people?

Small companies are especially bad for that: fewer employees means fewer paths for personal/professional advancement: there's nowhere 'up' to move, and wearing a half-dozen hats might seem like variety at first, but you'll be wearing those same hats forever. It's too bad that they have less room to take the hits from people leaving and new people coming up to speed, but it's also unreasonable to expect people to stick around past the point they gain anything from the exchange. People *should* be moving on when they feel they're stagnating.

about 7 months ago

Linux 3.15 Will Suspend & Resume Much Faster

pathological liar Re:so how fast is fast..? (117 comments)

I have an x230 that I put a Corsair SSD in. It's running Ubuntu 13.10, so I guess it's running a 3.11.something kernel. On resume I can see the kernel block for 10+s (by the timestamps in dmesg) waiting for my SSD to get its act together. Screen is on, lockscreen is displayed ... but I can't enter a password because the entire system is waiting on the disk.

It sounds like I will benefit from this.

about 10 months ago

US Government To Convert Silk Road Bitcoins To USD

pathological liar Re:Killing two birds with one stone? (408 comments)

Wrong. Whole Foods accepts bitcoin.

No Whole Foods here.

Less than 50 listed for all of North America, that's hardly a counter-argument.

Overstock.com, Amazon, CVS, Target, Victoria's Secret, Zappos, the list keeps growing.

Of course most of these stores actually use a payment processor that immediately converts the bitcoins to USD for them, but if more and more stores start accepting it, at some point the currency may become so practical that such conversions will no longer need to be made. If a company does business with another company that accepts bitcoin, they may as well take bitcoin from their clients and then use those bitcoins to pay their suppliers. Transaction fees are much lower than those for credit cards, you don't even need any middle men.

Yeah, and if enough people start trying to pay in tulip bulbs, and if they reeeeally believe...

I couldn't believe Victoria's Secret takes bitcoin, and sure enough they don't. They take gift cards.... that can be purchased with bitcoin. Which is exactly what the parent was arguing, "I can exchange BTC for my local currency and then go about my business, but that's about it."

1 year,13 days

What Apple Does and Doesn't Know About You

pathological liar Even if Apple doesn't connect the dots, so what? (214 comments)

Things get more interesting with the second category: "non-personal" information, which is any user data that isn't associated with a specific individual. We're talking about details like customers' jobs, real-time location, habits, and the like. That data, the company says, is collected anonymously. Apple has free reign to share, sell, or store it however it damn pleases.

Just because Apple hasn't explicitly tied a name to the information doesn't mean it's anonymous. Even a fragment of the location data is enough to identify most people.

The point is no longer "What $COMPANY does with the data it collects", though that might be unsettling on its own, it's what the NSA (or any other data aggregator) can do with it.

about a year ago

FreeBSD 9.2, FreeBSD 10.0 Alpha 4 Released

pathological liar Re:Phoronix being strangely useful (133 comments)

They're not providing any value, they're summarizing a release announcement -- and the only things they left out are three bullet points that are just version number bumps for major apps/libraries in base.

about a year ago

Come Try Out Slashdot's New Design (In Beta)

pathological liar Re:Link broken? (1191 comments)

Surely the same criticism came up during the alpha? I know I gave almost the same complaint (minus the Digg threat) in the survey, and other than being a bit more feature complete, the layout looks almost the same.

about a year ago

Google To Encrypt All Keyword Searches

pathological liar Re:Illusion of privacy (224 comments)

You're looking in the wrong place.

The public-key algorithms are only used to auth servers/clients and during the negotiation of a session key for a symmetric algorithm. Thanks to the BEAST and CRIME attacks, and the dismal uptake of TLS 1.2, once you rule out the block ciphers in CBC mode the most secure symmetric cipher that clients/servers can be expected to support is RC4, which now accounts for some huge percentage of HTTPS traffic.

Nobody is suggesting that RSA is broken, but there is speculation that the NSA has broken RC4.

about a year ago

Mozilla Launches Persona Identity Bridge For Gmail

pathological liar Re:And this is impressive why? (114 comments)

You CAN run your own identity-provider, but good luck using it anywhere. OpenID and OAuth are federated standards too, but most "relying parties" only accept a handful of major providers.

about a year and a half ago

What Keeps You On (or Off) Windows in 2013?

pathological liar Bad driver support. (1215 comments)

I just bought a new Thinkpad. I went with Intel hardware because I know they put effort into Linux driver support. Guess I should have looked a little closer.

I installed Ubuntu 13.04 and immediately ran into an ethernet bug (yes, fix released, but not actually available in the distro yet) and a wireless bug (looks like it might have been fixed, then unfixed, but it's hard to tell. It's broken now, anyway.) ... And that's leaving aside how the touchpad behaves worse under Linux, or how I have to screw around with kernel boot options for decent power management (that will still be worse than Windows.)

The kicker is that these are the same problems I've been having for years, every time I try to run Linux on a laptop, despite the huge advances that have been made. It feels like one step forward, two steps back.

Maybe next year...

about a year and a half ago

Google Security Expert Finds, Publicly Discloses Windows Kernel Bug

pathological liar Re:Who cares. (404 comments)

Not to mention with access to a privileged account the malware becomes substantially harder to remove.

about a year and a half ago

Why Working Remotely Needs To Make a Comeback

pathological liar Re:Teamwork (455 comments)

A lot of people (thought granted not everybody) find that after spending some time in a collaborative environment the background conversations move from being a distraction to an undercurrent of information. It becomes possible to tune it out but still hear keywords that might be relevant and allow for better teamwork.

Research doesn't bear that out. Multitasking reduces efficiency, interrupts and context switches hurt. If, for your specific workload, you find it's a net gain... well, more power to you. It's not one-size fits all.

That's true but your way has high latency. Conversations happen much faster.

That's the point. 'My way' allows my coworkers to decide when they can be interrupted. 'Your way' allows people to demand focus.

about 2 years ago

Why Working Remotely Needs To Make a Comeback

pathological liar Re:Teamwork (455 comments)

It probably varies by job and by person. I find it helpful to talk with my coworkers, but a distraction to overhear them.

A mailing list, irc channel, xmpp muc etc. allows me to collaborate on my terms. I can rethink and edit my response, and if I'm in the middle of something I can read it later and respond then. Conversations typically don't work like that.

about 2 years ago

Google Nixes Some Calendar Features and Other Software Offerings

pathological liar Re:Now I have to use the gmail app (235 comments)

Yes because IMAP doesn't have push.

It doesn't?

Client support is a bit spotty (iOS Mail.app didn't support it, stock Android client doesn't either, alternatives like k9mail do), but that doesn't mean it's not there.

more than 2 years ago



IBM: To Keep Your Job, Move To India

pathological liar pathological liar writes  |  more than 5 years ago

pathological liar (659969) writes "Get laid off from IBM? Worried about losing your job? Worry no more (as long as you're fine with making pennies on the dollar halfway around the world.) Alley Insider has IBM offering employees the chance to keep their jobs by moving to India, or a handful of other 'developing markets.' Don't want to move? IBM views refusal as voluntary departure, say goodbye to any severance benefits. From the InformationWeek article, "An IBM spokesman said the program shouldn't be seen in that light. 'It's more of a vehicle for people who want to expand their life experience by working somewhere else,' said the spokesman. 'A lot of people want to work in India.'" Other options include Mexico, the Czech Republic, Russia, South Africa, Nigeria, and the United Arab Emirates."
Link to Original Source

Open Source Tools for Breaking Captchas

pathological liar pathological liar writes  |  more than 6 years ago

pathological liar (659969) writes "A Canadian university student has posted a GPL-licensed toolkit to assist in breaking CAPTCHAs. Eye-melting web design aside, the work looks sound, and he has presented posters at conferences on the materials involved in this. A breaker for Digg and phpBB are included, but the data required to actually use them has been withheld."
Link to Original Source


pathological liar has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?