Follow Slashdot stories on Twitter


Forgot your password?

Comment Re:Basic auth or TLS client certificate (Score 1) 404

In short, I've never seen a good, clean, reliable way to link a user to a session that doesn't involve cookies. If you've got the magic solution to that, please...I'm all ears.

Have the user create a username and password and use RFC 7617 basic authentication. Or have the user create a TLS client certificate.

teach me how to logout (note: "close your browser" is not an acceptable answer) and I might stop despising basic authentication.

TLS client certificate? lol...ok, I'm sure all my users will love that. I'll get on that right away.

Apparently you didn't see where I said "good, clean"

Comment Re:Deny ALL Cookies (Score 3, Insightful) 404

Session variables. If people would use those and not just cookies. It'd be better.

And how exactly do you think session variables work? How do you link a browser to the session? Cookies!!!

Yes, I know you can put a god damn session id in the URL query string, but that's annoying, unreliable, and insecure. IF someone navigates your website for a bit, puts some stuff in the shopping cart, then just goes back to your homepage by stripping everything but the domain name off the URL...TADA!!! You've lost their session!!! Or if they jump to a different part of your website via a bookmark from a previous session...TADA!!!! You've lost their session. Or if they copy their URL and pass it to someone else/post it on a forum...TADA!!!! Someone else is now using their session (yes, you can "solve" that issue by linking the session by a secondary authentication variable like IP, but then you run the risk of having your website broken for anyone that moves between IP addresses).

In short, I've never seen a good, clean, reliable way to link a user to a session that doesn't involve cookies. If you've got the magic solution to that, please...I'm all ears.

Now if you mean websites should only use session cookies instead of persistent cookies, and the "deny all cookies" option only denied persistent cookies (does it do that already? I have no idea), then yes...that is a workable solution for most cases. Off the top of my head, I think the only thing you lose there is the ability to persist your login between browser sessions. But then again, if someone doesn't mind session cookie but dislikes persistent cookies, they could already set their browser to clear all cookies on exit or use a private browsing mode, and then all current websites would work perfectly fine.

Comment Re:Possible problems? (Score 3, Interesting) 167

2. If it's software-based, it'll be cracked and pirated within a month of release.

You would think so, wouldn't you. However, Windows Media Center is software based, and yet (as far as I know) nobody has managed to crack it to enable open source software to mimic WMC and trick the cable card devices into giving full access to the Copy Once and Copy Never content.

Comment Don't be too quick to choose a side (Score 4, Insightful) 167

Reading through the FCC's summary, I can't tell whether this is a good or a bad thing. In principle it sounds good, but certainly there's going to be some sort of certifications involved somewhere, and I doubt open source stuff like mythtv is going to be able to pass the requirements to get certified. Cable card may be less than ideal in implementation as far as open source is concerned, but at least there, if you've got a cooperating cable provider, you can access much of that content in it's digital form, which is better than the previous options of analog capture.

So the question we need to ask is whether, from an open source perspective, this is actually going to improve things for us (I'm definitely skeptical on that), keep it about the same, or make it worse.

Comment Am I the only one confused by Binge On? (Score 1) 217

I find the whole concept of Binge On very confusing, and it makes me feel like there's something fundamental I don't understand.

With typical wired service through your cable company, the most limited resource is on the other side of your ISP, and that's why the ISPs want to get websites like youtube and netflix to cache content locally to reduce that expense. With wireless service, of course that same resource limitation and expense still exists, but by far the much bigger resource limitation is between your phone and the cell tower. That's why cellular plans have much lower bandwidth caps than wired service.

So what sense does binge on make (from tmobiles perspective)? Yes, it reduces their outside bandwidth expense, but I thought that's kind of backward. Perhaps they'll save a few bucks on the backbone connectivity costs, but by making that content free from data caps, they're actually encouraging people to start using services they otherwise might not have used due to that caps, thus greatly increasing utilization of the more limited (and much more difficult to expand) wireless bandwidth.

So what am I missing?

Comment Re:Slow news day? (Score 1) 89

So the banana's just a switch?

Yes, it looks like it just replaces the WPS button.

Nope, the banana actually serves a secondary function. This whole thing is so poorly described, but if you click the reddit link in the summary, and then from there click the link to the original thread:

When you touch the banana, you get an 8 hour voucher for our guest wifi. (the 3 sec timeout is only for demoing)
The PI has 5000, 8 hour vouchers. We are open ~200 days a year. If we have 10 guests a day, then this will work unattended for a couple of years easily.

So the purpose of the banana is to make it so novel that (along with the absolute lack of adequate instructions on the board) people are repeatedly touching the banana over and over again (not really sure of what is going on), thus ensuring that those 5000 vouchers don't last a month.

Comment Re:This is crazy... (Score 1) 301

Police also often commit felonies like murder in the performance of their duties. We don't jail any cop who shoots a suspect, we investigate to determine if they were justified in doing so.

That's not murder until the investigation determines they were not justified. If they were justified, then its considered something else (not sure which term the law would apply....self defense? justifiable homicide? another term that applies specifically for police officers?)

Comment Re:This is crazy... (Score 1) 301

In general I disagree with you. I'm alright with authorities having to set up more elaborate sting operations which require breaking laws to catch criminal. Maybe not your more contrived example of selling drugs indiscriminately and letting everyone run off, but I'd certainly support something like selling drugs in an effort to get further into a major drug organization in hopes of getting access to the top players in the organization. There are limits though. Selling drugs (to adults, not children/teens), fine. Committing murders, definitely not.

However, when it comes to child porn, I agree with you. I can have no tolerance for it. At no time, for any duration or for any reason, should the authorities be distributing it. After all, we've been told that child porn is SO dangerous to children that even the act of sharing CGI generated pictures (in which no child was actually harmed) is harmful to children. If distributing CGI child porn harms children, then just imagine how many children were harmed by these agents distributing ACTUAL child porn photos, in which children were actually directly harmed.

Comment Re:Homebrew used to be about doing better. (Score 3, Interesting) 247

Now he's got throughput he can't actually use, but is missing critical functionality like wireless support.

I personally gave up on wireless support in my router. First problem I was always having was finding a router that had all the features I want. DDWRT is a priority for me, but finding a single device that
1) supports DDWRT easily (ie: doesn't rely on me finding a specific outdated revision of the hardware)
2) is cheap
3) has gigabit ethernet
4) good wireless
5) has a good amount of memory

Getting all of these in one device is difficult. The next problem is that I'd periodically end up with wifi issues. I had issues now and then with different device. Then I got my OnePlus One and the problems got worse. For some reason that device always has connection issues. It would continually get disconnected (so often that I couldn't even backup the videos from my phone via would always lose connection in the middle and I'd have to start over. It might take 10 tries before a video successfully copied over). I tried 4 different DDWRT routers I had access to (4 different device models from 3 different brands) and had the same issues

The last issue is dealing with power outages. All of my networking equipment is in the basement on a battery backup. When power goes down, I'm able to maintain connectivity and continue working from a laptop without issue. However, locating everything in the basement means I have OK signal on the first floor, and terrible to no signal on the 2nd floor and front/back porch. To resolve this issue I put a 2nd DDWRT device (running as a wireless access point) on the first floor, but unfortunately it has no battery backup.

About a year ago, I decided to change my strategy. I ditched the 2nd device, turned off wireless on the router itself, and bought myself a Ubiquiti wireless access point. This solves a lot of issues
1) Wireless is now one less feature I need to concern myself with on a router
2) It's reliability has been impeccable. In 1 year, it has been rock solid, not requiring a single reset, and it's worked flawlessly (and performed well) with every device I connected it to
3) It's designed to use power over ethernet. It's power supply is plugged in to the UPS in the basement, then the ethernet is patched between the powersupply and my patch panel and through the regular house networking.
4) It looks really nice, so I can actually put it in a very central place in the house without it looking ugly. And at this location, the one device provides exceptional coverage for my entire house and the front/back yard.

Comment Re:You should be anyways (Score 1) 303

I agree. Anything I borrow from there I link right back. But not just for the reason you suggest. It's not uncommon to see topics on stackoverflow where an answer was marked as the accepted answer, then years later either the original answer stops working (due to a library or browser change), or a better answer comes along because someone noticed an obscure bug or a better solution is now feasible. If I (or someone else) later encounters a bug in that code, it's best to know where it came from so you can go back, check the comments, and see if there's an update.

Slashdot Top Deals

The world is no nursery. - Sigmund Freud