Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:W3C, please. (Score 1) 194 194

The reason people don't respect the W3C specs is because they don't meet application requirements. HTTP and HTML were designed to serve static documents. The W3C thought the web was going to be like a giant encyclopedia composed of book like content with chapters, paragraphs, static images and so on. The statelessness of HTTP causes all sorts of problems that have resulted in hacks like cookies. Consider that HTTP does not specify any way to even authenticate a client. There's no way to do a proper complete stand-alone authentication. So we have to process plaintext passwords on the server over HTTPS. If HTTP had a proper authentication mech, major hacks like those we hear about on the news would be significantly reduced. The whole tool-chain stinks. Nobody understands CSS. The DOM is buggy and generally not that useful. JavaScript is mess. It's all way more complicated than it needs to be. The only upside is that it's so bad, it's an inevitablility that someone will come up with a completetly different "browser" with it's own tool-chain or possibly a browser plugin that just completely replaces the whole W3C toolchain. I hope anyway.

Comment: Re:Computers are making everyone's life easier (Score 3, Insightful) 212 212

Theoretical computer scientists might be intelligent but in my experience they make bad programmers. Computer science professors are almost always really bad programmers. Good programmers are more artist than scientist. And you can't automate art.

Also, I don't know what automation is being referenced because I never met an IDE I didn't hate. And as far as build tools go, the whole automake, autoconf, libtool tool-chain is a bad joke. I wish that stuff were automated. But right now it all seems to be very manual to me.

Comment: Re:RHEL is for servers not desktops (Score 1) 231 231

Last I checked a RedHat subscription was not priced for the non-corporate user.

And I have tried those "long term support" distros more than once (although not RH) and my experience was that a) nobody actually uses them so the support isn't that great (you can't find a lot of answers in forums, blogs and such) and bugs take a long time to get fixed and more likely b) they only support new hardware for a little while so they don't really work unless you buy a laptop at the same time the distro was released. As soon as the kernel is remotely dated, you can't get wireless or suspend or whatever to work properly because there's some new chip the kernel doesn't understand.

Comment: RHEL is for servers not desktops (Score 2) 231 231

I don't think I've ever installed RHEL or CentOS with X Windows. Frankly it annoys me that there are no desktop distros that are maintained for longer than a year or two. Are we really expected to reinstall Linux on a workstation ever year? That scares me because it makes me think the people who are using Linux are just screwing around and not doing real work. Anyone doing real work doesn't have time to reinstall Linux every year.

Comment: It's CNN's fault (Score 1) 2987 2987

Seriously. I think the media coverage of these events inspires these guys. They have to stop reciting every little detail over and over. These shooters are not just raging against something, they want to become infamous. And CNN is making these guys infamous. The media should just report some basic facts and then change the topic. Don't show video, don't show pics, don't play 911 calls and most important stop leading witnesses through each moment of the crime. The shooter's fantasy is people reciting the horror over and over on prime time TV. Please stop!

Comment: NTLMv2 is much stronger and the default as of 2008 (Score 1) 615 615

Note that the article is referring to NTLMv1 which uses 56 bit DES and, as illustrated by the article, that is easily broken. However, the article conveniently fails to mention that as of Vista and Windows 2008, default security policy requires NTLMv2 which uses 128 bit RC4. That is a totally different crypto scheme. Despite the fact that the protocol for exchanging authentication tokens (NTLMSSP) has been around since early Windows NT days, it doesn't matter - cryptographically 128 bit RC4 is fairly secure. At least the difference between 128 bit RC4 and the 256 bit AES used by Kerberos is not the weak link (and as of today Windows domains still default to allowing 128 bit AES to be negotiated anyway).

Also, note that NTLM authentication is absolutely not obsolete. Kerberos clients require access to domain controllers. Kerberos is very sensitive about the name a client uses to authenticate with a service and it is very sensitive about DNS. It requires a lot of manipulation of principal names and key files. Time must be synchronized on all three machines involved in a Kerberos authentication. Stale tickets may need to be purged. If any of these things are not right, it can be non-trivial to track down the problem. NTLM does not have any of these issues. NTLM is much more robust than Kerberos. It's just less efficient and it lacks features like delegation. A "pass through Kerberos" mechanism is being developed to replace NTLM that would resolve some of these issues (the main one being that clients would not be required to access domain controllers), but I suspect it will still be quite a while before it actually does and it's not clear that it will solve all of the aforementioned issues anyway.

In a consumer society there are inevitably two kinds of slaves: the prisoners of addiction and the prisoners of envy.

Working...