Follow Slashdot stories on Twitter


Forgot your password?

Comment Re:Wait, what? (Score 0) 236

They are both very important but I don't believe that is true.
I found an xpi extension on bugzilla before the first leadership change that I can't fucking find anymore.
It blocks silent cross-site Authentication Header cookies that you CANNOT normally block. They are SuperCookies. The site can silently "authenticate" without your knowledge creating a basic auth authentication "Supercookie" that is remembered and retained until browser exit (Or possibly remembered by your Session saver extension if so configured) and can be used to bypass the normal cookies that Mozilla has been making "easier" to disable, ha, har har, har.
The extension is called authtest.xpi.
Another that to my knowledge hasn't been ported to Firefox yet is WindowNameEraser which conditionaly clears between transitioning sites. Please check out to see the authtest/Authentication Header and Window Name in action as a proof of concept. Also if not already known, and There are others but I don't have the exhaustive list handy.
Then there is geo location/positioning, canvas, webrtc, visited links (Still not fucking fixed and known about since Phoenix/Gecko/Firefox 1 ), cache. Still firefox aside from Torbrowser or Jondo is the most *secureable* browser out there. What ever security "gains" you get with Chrome OR Chromium fly out the window wrt
What is a good site to share an extension on and forget about?

Comment Re:Including Slashdot? (Score 0) 396

It isn't documented any where and I can't recall where I first learned of it because it was years ago but you can get TLS on Slashdot.
Once subscribed and logged in it should transition you to TLS, at least it does for me.
If it does not you can force the matter with Noscript.

Off hand has anyone noticed Noscript unblocking Google analytics and other domains and certain other analytics domains with each new update?

I also use the Calomel TLS grading extension for Firefox.
Slashdot has been graded Red for years. Dice just upgraded the cert a couple of days ago and it is now graded Blue with PFS. Not Green but at least it's not Red anymore.

Comment Re:Telegram (Score 0) 93

Please google OSI and look into "Open Source" that's a capital O and a capital S!
Please also google FSF and look into "Free Software".
Again a capital F and a capital S.
The capitals !@#$@!# matter!
Public Domain does not == Open Source, There is no such thing as open source.
Or are you just trolling!?

Public Domain is public domain. Copyright has expired or been forfeit in order to put it, what ever it is, into the public domain.
With Free Software and Open Source software someone holds the attribution to the rights of the work.

Comment Re:HTTPS Everywhere (Score 0) 206

You are correct that they do not come right out and say that in the faq. I'm not sure if they did in the past.
However in the FAQ at:
At section Subscriptions with question:
Why subscribe to Slashdot? Can't I read for free?
You find the link:
That takes you further down the page with more details where as you said it does not mention this.
*It is an unmentioned plum.*

While you are logged into your account observe on the upper right where I expect you have your Slashbox.
If you don't then go enable it.
With that enabled you have the default content that goes in your Slashbox and it lists your current Karma.
Mine has been Bad since I think about 2007. Haven't seen a mod point sense.
Below Karma you have three links:
Journal Subscription Account

Subscription is this link:

Where in you read:
Absolutely nothing about this!?
Hrm. I could have sworn I read about this and didn't just figure it out on my own.

Okay they either covered this before and removed it. Not sure and don't know why they would do that.
Or I read this in a post several years ago and just assumed everyone I've been reading complain about this just didn't want to subscribe.
I subscribed a few years ago and wanted encryption and also had trouble with this feature due to redirects.
I resolved this by putting
in my forced HTTPS NoScript settings and then added
into the whitelist for the never force https list.
Anytime my session/cookie expires I put in and then get redirected to a https slashdot url.
Hope that helps you and many others and that they don't degrade this for some reason!?

Submission + - GamerGate May Have Been an Op

Bob9113 writes: Casey Johnston at Ars Technica has a story on GamerGate: "A set of IRC logs released Saturday appear to show that a handful of 4chan users were ultimately behind #GamerGate, the supposedly grass-roots movement aimed at exposing ethical lapses in gaming journalism. The logs show a small group of users orchestrating a "hashtag campaign" to perpetuate misogynistic attacks by wrapping them in a debate about ethics in gaming journalism...."

A freelance is one who gets paid by the word -- per piece or perhaps. -- Robert Benchley