Become a fan of Slashdot on Facebook


Forgot your password?

Comment Re:OpenWRT vs DD-WRT (Score 2) 94

Do these groups communicate at all? I ask because I have the Buffalo WZR-1750DHPD router that comes with DD-WRT straight from the factory. Full open source, etc.

That's because DD-WRT is not "full open source, etc." It's open source Linux, but closed source device drivers. It comes from Linus's "pragmatic" desire for Linux to be used, with no interest in the political reasons for the GPL.

I don't know the process at OpenWRT exactly, but they tend to use open source drivers more than DD-WRT does. On the minus side, this means it supports much fewer devices. On the plus side, this means "supported" devices really are supported and have updates available to them, while DD-WRT is just throw a firmware at a device and never give it a feature or security update ever again even if there are open-source drivers for it.

Comment VR displays (Score 4, Insightful) 198

4k seems like it should be obviously useless. 2k already makes it really hard to see individual pixels, and more pixels take more power to push.

Where 4k makes sense is for VR displays. The Samsung Gear VR and the Google Cardboard use the phone for the display. And the accelerometer. Those do need higher resolution to look good.

Comment Re: No router with out open wrt. (Score 4, Informative) 198

In my opinion, OpenWRT is better than DD-WRT because OpenWRT is under pretty active development and has features that matter for making a better Internet.

DD-WRT is very difficult to compile, so in practice when a device comes out, you have one guy making a firmware stuffed with like 4 hotspots and 4 VPNs and 2 VoIP switches and DynDNS, or as many of those things as he can fit, and there’s no space for your own programs on the router. IPv6 is not a top priority at DD-WRT. And then nobody makes a new firmware for that device ever again, no matter how many security holes appear over the years.

In contrast, the latest OpenWRT comes with FQ-CoDel, IPv6, and DNSSEC. The default web-based administration these days is not bad, and the package system allows you to add interesting stuff, if your device has enough space. The Kconfig build system and the plain text configuration files make customization pretty easy.

The main downside is that OpenWRT is more picky about hardware. For DD-WRT, you have an ancient WRT54G, that’s fine, just install an equally ancient firmware. Ignore the problems; everybody else ignores the problems. Current releases of OpenWRT insist on a device that can run a modern kernel, with at least 4MB of flash and 32MB of RAM.

Comment Re:Yes and no, but mostly no. (Score 1) 83

Right, that’s why I said, “develop” something better, and not just look into alternatives. If you want to leak secrets to journalists right now, or if you want to sign your distribution releases right now, then OpenPGP is the best alternative. If you want to communicate securely with family, probably S/MIME is better, because it’s way more compatible and less hassle to use. Already, security is bifurcated into incompatible solutions.

For practical use, probably the biggest improvement in people’s security has been Gmail. Sure, it’s entirely the plaything of the Borg, and vulnerable to the rubber stamp of FISA, but the actual connection to the server is protected by TLS, with pinned certificates in the major clients. I don’t remember who it was, but somebody said switching to Gmail has been the biggest improvement in actual email security, because they have good technology and a legal team that actually puts up a fight.

The biggest problem with OpenPGP is that it doesn’t protect the metadata. It has to be backwards-compatible with the existing mail system, and that mail system needs to be replaced. The most interesting alternative that I have noticed is Dark Mail, but that is only an incredibly complicated RFC right now.

Comment Re:Yes and no, but mostly no. (Score 1) 83

No, rjh is correct. The problem with cryptography is that it is incredibly tricky. If you don’t do it just right, then you compromise your security. If you get it really wrong, then it’s as good as not having cryptography at all. GnuPG has to be complicated to be compatible with the design-by-committee OpenPGP standards, including its clunky manual key system.

rhj is probably also correct that OpenPGP gives the best security for email. My problem is that no security system is useful if nobody uses it. OpenPGP is used a lot for verifying that open source contributions come from particular developers, so their public communications can be authenticated. So far, so boring. It’s not used at all for communicating with friends and family. S/MIME at least has transparent key distribution, but that is not used by anybody, either.

The most interesting alternative to me is Dark Mail, but so far that is nothing but an incredibly complicated RFC. The proposed architecture looks interesting, though, so I want it to succeed.

Comment Re: Why is there so much work to be done? (Score 1) 83

The fundamental problem is that SMTP was not designed for security, and there's no provision to change over everybody at some point.

Also, privacy adds significant usability problems. You need to generate and copy your private key manually, instead of having your machines provision it among themselves. And privacy means webmail providers can't monetize the contents of your email, and you can't search through past emails efficiently.

Comment Re:Therapy? (Score 1) 133

if it is good hardware why not put a new operating system on it and make it work for a few more years, no sense in filling the landfills up just because the software became obsolete,

the computer i am typing this on was built by me in 2000, i used to dual boot a copy of windows 2000 and Linux Slackware-8 when it was new, today windows is gone and i am running Debian Jessie on it, the hardware is old but it works good so why not put a new operating system on it

Because you can’t.

The computer I built in 2003 has 1.5GB of RAM and 200GB of storage. This is enough to run Windows 7, though not Windows 8 or 10 because it doesn’t have SSE2 nor NX. With Linux and BSD and various strange options, I have endless choices of what OS I get to run on it.

The typical phone of 2007 has less than 128MB of RAM. You are not running a modern OS on less than 128MB of RAM. Furthermore, while the PC was relatively open, most phones have depressingly closed drivers. Just look at CyanogenMod releases: No gyroscope, or no GPS, or no sound, or very likely most of the hardware not working. That’s if you can get it to boot, or even accept and install a third-party ROM.

Just forget running anything other than iOS on iPhones. Not gonna happen.

Comment Not very good at Windows, this reviewer (Score 4, Informative) 321

First, he complained about the download. I anticipated this problem, downloaded the ISO on Windows 7 with Microsoft’s stupid downloading program, and burned a DVD/USB. Problem solved. Also, you can buy Windows 10 OEM media in stores.

Then, he complained about the updater not having a clean install option. It’s not obvious, but there’s an option somewhere in the installer to “Keep nothing.” This does a clean install.

He did not complain about tying the Windows account to a Microsoft account. It’s possible to make a local account not connected to a, and it’s more obvious how to do so than in Windows 8.

Then, he complained about the hybrid Start menu. That can be resized.

Other than that, I guess the review was okay. I liked the part about the Hi-DPI experience.

Comment Re:Except that seveal /8's are wildly underused (Score 1) 215

There are a number of /8's which frankly don't need to exist.

Human brains just don’t get exponentials.

We’re in the exponential-looking part of the growth curve of the Internet. That means even 5% of a resource that has lasted for 30 years is now only enough for maybe a few months. And all it would take to win those few months is convincing some famously risk-adverse organizations to take new risks. The thought of just scheduling the necessary meetings makes me shudder.

On the other hand, the vast address space of IPv6 means, for those of us who do understand it, it’s a no-brainer. Why fight for scraps in the wilderness when you can have a feast in a buffet?

We need to switch to IPv6.

Comment Re:The sky is falling! News at 10. (Score 1) 215

The first step is the carriers / ISPs getting everyone an IPv6 address.


The big question is: why haven't the telcos moved home / small business over yet?

Probably one of the biggest problems for IPv6 is Amazon. Total apathy, there. is not accessible via IPv6, and last I checked, AWS isn’t available over IPv6 unless you go all-Amazon with your DNS and Elastic Load Balancers.

North America is just so awash with IPv4 addresses that businesses don’t suffer from lack of IPv6. I was hoping that the threat of inevitable pain would get American businesses to switch, but it looks like we’ll just have to wait for actual pain.

Comment Re:wft ever dude! (Score 1) 215

There aren't four billion public IP addresses in use. The problem is that in the early days they handed out class A subnets like they were candy, wasting millions of IP addresses with every one.

Incorrect. Getting an address should be cheap like candy, but that is not the problem. Even if they practiced austerity from the beginning, killing Internet adoption before it could start, there would still be a problem.

The actual number of public addresses that can be used is much less than the 4 billion that you get by raising 2 to the 32nd power. Addresses are allocated in power-of-two groups, so an organization that needs 127 computers online and an organization that needs 250 computers will require the same 256-address amount of space. And each network that joins the Internet increases the global routing table that is copied to every important router in the world, so there is an incentive to allocate larger address groups. You can’t just take one address from one 256-address group and give it to another group; you have to transfer an entire group. I think the actual occupancy of addresses is closer to 50%, or 2 billion. We obviously need more than 2 billion computers and devices online, so that’s where NAT comes in.

NAT works because there is a separate pool of 65 thousand port numbers per IP address for individual application connections. Essentially, your computer does not have an IP address, but it has access to another machine that does, and that machine is dynamically allocating its port numbers to your computer’s applications. Each application uses multiple ports. Web browsers, especially, use a lot of ports. To work, your computer eventually needs access to a public address with enough open port numbers to work.

And this particular tactic to stretch out IP addresses is already stretched about as far as it will go. Servers don’t share ports because client programs use the port to find the server program. And the more smartphones and smart TVs and stuff that go into homes, the fewer the number of homes that can be supported on a single real IP address.

No, on a planet with 7 billion people and having a use for multiple addresses per person, IPv4 is just at least a couple orders of magnitude too small. We need to move to IPv6.

Comment Re:Who makes these decisions? (Score 2) 628

Just don't take the "bait" and don't "upgrade" to free Windows 10. At least for desktop users there is no advantage over Windows 7 pro or ultimate.

Windows 7 Pro or Ultimate went out of mainstream support in January, and they run out of extended support in 2020. Windows 7 also cannot run Universal apps, and it does not back up to OneDrive. Seamless backup is important because ordinary humans suck at backing up.

Life in the state of nature is solitary, poor, nasty, brutish, and short. - Thomas Hobbes, Leviathan