Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Comment Re:Effectiveness doesn't matter (Score 1) 772

That's clearly a fallacy -- the "effectiveness" argument requires you to buy into the false dilemma that the only way to get potentially live saving information is by torturing prisoners. Certainly the CIA has dug up plenty of information before and since that did not require torture.

Comment Re:I am no economist, but as a geek ... (Score 1) 205

Unless you're advocating a new form of Creationism that I'm not familiar with, the universe wasn't built from human labor. Software, on the other hand, is -- and that's why it costs money to make.

Free software isn't free to make. There's a reason it's free as in libre but not necessarily free as in gratis.

Comment Re:Most severs shouldn't be vulnerable (Score 1) 245

Maybe he's suggesting to just use plain SSL without the initial plaintext exchange and initiation.

Yup. Nobody needed to reinvent traditional TLS/SSL secure sockets in order to send email.

What's wrong with STARTTLS? To quote the original RFC: "...a client that gets a 454 response needs to decide whether to send the message anyway with no TLS encryption, whether to wait and try again later, or whether to give up and notify the sender of the error."

So in other words, if you're writing an SMTP stack you have to handle a severe security edge case by parsing a string instead of getting an exception from your secure socket library. What could possibly go wrong! Oh right... there's a reason this is on Slashdot.

Comment Most severs shouldn't be vulnerable (Score 0) 245

By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted.

Look, most severs these days are configured in such a way that STARTTLS runs on a different port than the plain-text connection. The server will reject login requests until the STARTTLS handshake is completed.

So sure, a few old, badly configured servers will continue over an unencrypted connection. But take it from a guy who worked on an email client, this is not a typical setup these days.

(Also: STOP USING STARTTLS!!!)

Comment Re:Pick a category (Score 4, Interesting) 993

The key difference between non-corporate open source projects and Microsoft or Apple is that companies have HR departments. Problem employees can be dealt with or even fired.

There isn't really an analog in your typical open source community. In fact, smaller open source projects tend to be so grateful for any help that asshole behavior is tolerated -- or even considered the norm. It's a sad state of affairs for the majority of us who want to contribute, but have no interest in dealing with a cesspool of assholes.

Neckties strangle clear thinking. -- Lin Yutang

Working...