Forgot your password?
typodupeerror

Comment: Re:Most severs shouldn't be vulnerable (Score 1) 245

by MrEricSir (#48366097) Attached to: ISPs Removing Their Customers' Email Encryption

Maybe he's suggesting to just use plain SSL without the initial plaintext exchange and initiation.

Yup. Nobody needed to reinvent traditional TLS/SSL secure sockets in order to send email.

What's wrong with STARTTLS? To quote the original RFC: "...a client that gets a 454 response needs to decide whether to send the message anyway with no TLS encryption, whether to wait and try again later, or whether to give up and notify the sender of the error."

So in other words, if you're writing an SMTP stack you have to handle a severe security edge case by parsing a string instead of getting an exception from your secure socket library. What could possibly go wrong! Oh right... there's a reason this is on Slashdot.

Comment: Most severs shouldn't be vulnerable (Score 0) 245

by MrEricSir (#48365227) Attached to: ISPs Removing Their Customers' Email Encryption

By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted.

Look, most severs these days are configured in such a way that STARTTLS runs on a different port than the plain-text connection. The server will reject login requests until the STARTTLS handshake is completed.

So sure, a few old, badly configured servers will continue over an unencrypted connection. But take it from a guy who worked on an email client, this is not a typical setup these days.

(Also: STOP USING STARTTLS!!!)

Comment: Re:Pick a category (Score 4, Interesting) 993

The key difference between non-corporate open source projects and Microsoft or Apple is that companies have HR departments. Problem employees can be dealt with or even fired.

There isn't really an analog in your typical open source community. In fact, smaller open source projects tend to be so grateful for any help that asshole behavior is tolerated -- or even considered the norm. It's a sad state of affairs for the majority of us who want to contribute, but have no interest in dealing with a cesspool of assholes.

Comment: Crowdfunding has jumped the shark (Score 3, Interesting) 215

Kickstarter barely cares what you try to fund anymore, and the other sites are even worse. It doesn't matter if your project clearly violates copyright laws -- or even the laws of physics -- you can post any project you want. This makes the entire crowdfunding ecosystem look incredibly shady.

That said, this has led to some pretty funny stuff over at Kickfailure.

Comment: Re:Counter-productive renaming obsession (Score 1) 352

by MrEricSir (#47884889) Attached to: Microsoft Killing Off Windows Phone Brand Name In Favor of Just Windows

Further thoughts on this are that it may be a reflection of Microsoft's internal political structure and culture, and power struggles, with every newcomer needing to stamp his or her identity on the product, regardless of whether that's beneficial.

Both seem like symptoms of the same problem: nobody's really in charge. This leadership deficit seems like it largely started with Ballmer, who was more interested in yelling and dancing around like a monkey than running his company.

Comment: Great when you're in school (Score 4, Interesting) 213

by MrEricSir (#47572571) Attached to: Vint Cerf on Why Programmers Don't Join the ACM

While you're taking CS courses in a university, ACM membership is great! But in the corporate world there's often not a good reason to join.

I was president of my university's ACM chapter at one point, but I've let my membership lapse. The value proposition just isn't worth it to me at the moment.

In every non-trivial program there is at least one bug.

Working...