Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:I am no economist, but as a geek ... (Score 1) 205

by MrEricSir (#48552413) Attached to: The Failed Economics of Our Software Commons

Unless you're advocating a new form of Creationism that I'm not familiar with, the universe wasn't built from human labor. Software, on the other hand, is -- and that's why it costs money to make.

Free software isn't free to make. There's a reason it's free as in libre but not necessarily free as in gratis.

Comment: Re:Most severs shouldn't be vulnerable (Score 1) 245

by MrEricSir (#48366097) Attached to: ISPs Removing Their Customers' Email Encryption

Maybe he's suggesting to just use plain SSL without the initial plaintext exchange and initiation.

Yup. Nobody needed to reinvent traditional TLS/SSL secure sockets in order to send email.

What's wrong with STARTTLS? To quote the original RFC: "...a client that gets a 454 response needs to decide whether to send the message anyway with no TLS encryption, whether to wait and try again later, or whether to give up and notify the sender of the error."

So in other words, if you're writing an SMTP stack you have to handle a severe security edge case by parsing a string instead of getting an exception from your secure socket library. What could possibly go wrong! Oh right... there's a reason this is on Slashdot.

Comment: Most severs shouldn't be vulnerable (Score 0) 245

by MrEricSir (#48365227) Attached to: ISPs Removing Their Customers' Email Encryption

By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted.

Look, most severs these days are configured in such a way that STARTTLS runs on a different port than the plain-text connection. The server will reject login requests until the STARTTLS handshake is completed.

So sure, a few old, badly configured servers will continue over an unencrypted connection. But take it from a guy who worked on an email client, this is not a typical setup these days.


Comment: Re:Pick a category (Score 4, Interesting) 993

The key difference between non-corporate open source projects and Microsoft or Apple is that companies have HR departments. Problem employees can be dealt with or even fired.

There isn't really an analog in your typical open source community. In fact, smaller open source projects tend to be so grateful for any help that asshole behavior is tolerated -- or even considered the norm. It's a sad state of affairs for the majority of us who want to contribute, but have no interest in dealing with a cesspool of assholes.

The tao that can be tar(1)ed is not the entire Tao. The path that can be specified is not the Full Path.