Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment: Re:Chrome broke my VPN (Score 1, Interesting) 70

by The MAZZTer (#49507773) Attached to: Chrome 43 Should Help Batten Down HTTPS Sites

It is your IT dept's responsibility to keep the VPN working, not Google's. Google has chosen to drop support for a 20 year old insecure plugin architecture in favor of a more modern, secure one. Sure, it's one developed by Google, but 1) there wasn't an existing standard out there AFAIK so they had to make one and 2) the plugin interface is open source so anyone can go and implement it in their own browser, or in their own plugin.

Oracle's official stance seems to be that Java users should switch to Firefox or IE, rather than see themselves try and put any effort toward porting Java. To be fair, I don't know how well Java will mesh with PPAPI's sandboxing.

I wonder if they'll change their tune... Chrome has a pretty sizable user base now.

Comment: Re:Actually, it's worse than that. (Score 5, Informative) 199

by The MAZZTer (#49474867) Attached to: Chrome 42 Launches With Push Notifications

It was a design decision to improve browser security (NPAPI model is horribly outdated). Almost no one uses Java on the web any more so it was decided it was acceptable. Oracle is free to port Java to NaCl or PPAPI if they want to continue supporting Chrome.

Yeah it sucks for the small % of users who still want to use it, but it's necessary to move security forward.

Comment: Extensions (Score 2) 564

by The MAZZTer (#49171883) Attached to: Why We Should Stop Hiding File-Name Extensions

I think the idea, at least for Windows, is that extensions are a legacy thing, and are still supported because they are the basis for determining file type. BUT, the reasoning is likely that they can be hidden from the user and only show the user the actual file type. Which is fine in theory, except that now you are training the user to recognize file type solely by icon, making it trivial to give a dynamic-icon type (like EXE, or the old SCR which users are unlikely to recognize) the same icon as a text file and subvert the user's expectations and make them think the file is safe. If you are not in Details mode or not grouping by File Type it is IMPOSSIBLE to reliably determine the type of a file without the extension!

Of course MS has added the whole Zone Identifier scheme and displays a nasty warning when trying to run dangerous files from the internet. I think this is a good measure to prevent this type of trickery, unfortunately people tend to click past such dialogs.

Overflow on /dev/null, please empty the bit bucket.

Working...