Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
What's the story with these ads on Slashdot? Check out our new blog post to find out. ×

Comment Re:Sounds like what we need (Score 1) 47

is a firewall for the firewall.

I just don't understand how people who design commodity networking gear can be so bad at network security.

Another response to your inquiry handles the cynical/pragmatic answer, but there's another half to it: Unfortunately, 'commodity networking gear' has to work for the same type of people who install 'flashlight' apps on their phones that require access to contacts and GPS. If you and I had our druthers, SOHO routers would ship with DD-WRT or PFSense out of the box...but unfortunately, these boxes get sold at Wal-Mart...to the kinds of people who buy routers at Wal-Mart.

I am by no means a network expert, but it seems as though some of these things are just common sense....

Pull 100 people off the sidewalk and ask them if any of these sentences mean anything to them. Odds are good that an unfortunate Saturday afternoon involving whiskey and a circular saw would leave you with enough fingers to count the number of people who could provide an explanation to these concepts. Thus the "common" in "common sense" doesn't really seem to apply.

- Don't have ports open to the Internet ("stealth" or otherwise) by default

Okay. And precisely how do you expect Skype to work? FaceTime? Windows Update? POP/IMAP e-mail? watch all that traffic shuffle over 80 and 443, thus making 'ports' useless...or the applications, in the short term. Saying 'screw FaceTime' is a guaranteed way to ensure that people blame the router, and replace it with something basically mirroring what the router does now.

- Don't use unencrypted protocols... period

That's beyond the scope of responsibilities for a router. With respect to the greater internet, kindly inform me why Windows/Android/iOS Updates need to be encrypted...or Netflix streams (DRM notwithstanding)...or a dozen other kinds of data that are high volume and don't have security requirements...there's no need to waste CPU cycles on them.

- Don't enable wireless by default

A wireless router that ships with wireless disabled...you must be delusional. Remember, there are a whole lot of laptops being sold now that don't have wired capabilities...and cell phones and tablets don't have them at all. People buy routers explicitly for this purpose, and disabling it by default is a guaranteed way to ensure that people return them saying "it doesn't work", the high rate of returns making the entire retail chain roll their eyes, the brand getting a bad reputation, and being suicide for the product. No. Netgear has this right - ship it with a unique WPA2 password, by default, written on the bottom of the router. That is how the wireless problem is, for all practical purposes, solved.

Seems like just doing those things our routers would be a lot safer than they are now.

Yes. Now put one of your routers in the hands of the general public, and see exactly how far 'security' gets them - Their iPads don't connect, Skype doesn't work on their desktop, and certificate authorities get to determine who lives and who dies on the internet.

For places where your line of reasoning is practical, there is SonicWALL, Cisco, Smoothwall, and Barracuda. For home users, there's Asus and Netgear.

Comment Re:Not unlimited, 7 GB (Score 4, Informative) 315

This is not about people innocently using a lot of data on an unlimited plan. This is a plan that offers unlimited phone data (and, so far, they really do mean unlimited) and 7 GB of high-speed tethered data. (After that, it's automatically throttled.) People in question are very aware of that 7 GB cap because they are installing special apps to circumvent its enforcement. The apps make tethered data look like phone data. That's not innocent and not OK.

Like most things in life, the situation is just a little more complicated than that. Personally, I know about the 7GB cap, and I've never hit it - I use tethering basically the way T-Mobile intended - a provisional internet connection when in a place where I need internet access on my laptop, because my phone doesn't cut it.

One thing worth noting about the difference between 'how laptops use internet' and 'how phones use internet' is that computers will open up TCP connections like they're going out of style, whereas mobile devices are generally optimized to avoid that. The switching gear on the carrier side assumes the latter, not the former. It may not necessarily tax spectrum, but it will tax the networking gear, especially if you're torrenting. "But they should have better infrastructure!" In a perfect world, sure. In the world we presently live in, I do think it's unreasonable to expect them to invest millions of dollars in their infrastructure to address a use case that 1.) affects a very small minority of their users, and 2.) involves violations of their ToS.

However, "installing special apps to circumvent enforcement" is based on a number of assumptions, that may not be correct. I root my phone - XPrivacy is a must for me, as is 'getting rid of Google and Samsung crap, and CarrierIQ'. Sometimes, I'll install a custom ROM. AOSP-based ROMs can't do Wi-Fi calling because of the kernel; it's a pretty good assumption that carrier-customized kernels are required in order to have the T-Mobile tethering meter running. Even the ones which are based on the carrier kernel tend to have things like CarrierIQ and Knox removed; many have the data cap evasion code built in. Furthermore, T-Mobile's default configuration is not very VPN friendly; one must reconfigure their APNs in order to get many forms of VPN functioning.

The question that concerns me is whether it is "well-above-average data usage while tethering" that will cause the wrath of Legere, or simply "the absence of data cap enforcement software". If it is truly the latter, then that is concerning. T-Mobile has traditionally been the most mod-friendly carrier. If they're going to change that tune, they will likely disincentivize remaining a customer to the XDA community...and if that comes to pass, it will be interesting to see how the numbers land.

Comment I compromise (Score 1) 519

Personally, I don't use ABP/uBlock. I actually make an effort to allow ads through. However, I have rules:

1.) Thou shalt not track me. Ghostery does a sad amount of blocking from its blacklists, and I have the ad-based one disabled...
2.) Thou shalt not obfuscate what I came to see. BehindTheOverlay is invaluable; it allows me to nix whatever overlays happen to be blocking my view of the content.
3.) Thou shalt not autoplay audio. FlashBlock nixes most ads that play sound, unwarranted.

I feel that I have very reasonable expectations from advertisers. They can advertise. They can use images if they want. I don't fault the website owners from having to make a buck, and advertising firms are, in the abstract, a middleman that makes sense. They cross a line, that's when I lose respect.

In the late 1990's, pop-up ads were the intrusive, annoying ads of their day. Pop-up blockers became so widely circulated, that all of the browsers have one built in. Are we here again?

Comment Re:Insurance is but one upended industry (Score 1) 231

Auto manufacturers

Someone still needs to make the autonomous cars. Even if they can't differentiate models based on acceleration and things, creature comforts and cargo space will ensure that tiered models remain.

Auto repair shops

These guys are probably the ones likely to be hurt the most. A handful will survive, since tires, brakes, and oil still need fixing; general wear will always be a thing. However, the numbers will certainly diminish, as accident-based work becomes less common.

Gas stations

...these cars run on wishing dust now? Unless you've got a self-driving Tesla, you'll still need gas.

Auto parts stores

See the section on mechanics above.

Taxis and Limos

You're not serious, are you? Cab companies may no longer pay cab DRIVERS, but they will most certainly still be necessary in areas where, ehm, they're necessary. Limos will likely be less affected than most - they sell a luxury service. One may possibly be able to make the case that limo DRIVERS are in more jeopardy, but I wouldn't be surprised if they survive as an industry as well.

Motor sports

Dear Lord. it's entirely possible to load precise cannons with basketballs that will land perfectly from half court, every time...but that's not why people watch basketball.

Motor vehicle related advertising

You're right - that will become "in-car advertising", but now we're just changing location.

There's probably a dozen more.

And those will be the interesting ones. One of the victims of cell phone ubiquity: alarm clock manufacturers. No one really saw that coming. Here's another: highway maintenance crews - the ones who pick the trash up off the highway. I anticipate less litter if "immediately ridding your hand of a wrapper without also needing to look for a place to put it" becomes commonplace. I wonder about sign manufacturers - who's going to pay for a whizbang storefront sign instead of just paying Aunt Google more to come up in search results, especially when your passengers aren't looking out the window? I'd add in "turn signal subcontractors", but given their use at present, I'd say they'll be just fine =).

Comment Re:^----- THIS, e.g. Picasa (Score 1) 59

Picasa was free (and decent) there were better ones though ---- or at least software that had actual options --- All of them died and are gone, except for a couple majors.

Free:
http://www.irfanview.com/
http://windows.microsoft.com/e...
http://www.faststone.org/FSVie...

Paid; less than $70:
http://www.acdsee.com/en/produ...
http://www.aftershotpro.com/en...
https://creative.adobe.com/pro... (admittedly subscription)
http://www.arcsoft.com/photost...
https://www.ashampoo.com/en/us...

There is no shortage of local photo management and editing applications available for Windows.

Or Email clients

I won't spend a huge amount of time posting more links; this page is pretty comprehensive:
http://alternativeto.net/softw...

I'm assuming that you're trying to avoid MS Outlook for whatever reason, and "Thunderbird" by some miracle never crossed your desk. Windows Live Mail isn't bad at all (it's still even a usenet reader!) Opera Mail, Zimbra Mail, and eM client are all excellent and free.

There is no shortage of either form of software. Alternativeto.net and Softpedia are great resources for this kind of thing.

Comment Re:What Experts can learn about reality (Score 1) 112

Well, McAfee is definitely more placebo than others; even Norton detects stuff here and there. Kaspersky and ESET are my go-to pair, though Security Essentials isn't the worst scanner in existence, either. Typically, I find that Norton DNS + NOD32 + AdGuard tends to keep the computers of my friends and family clean with a solid amount of consistency.

Comment Re:What Experts can learn about reality (Score 2) 112

"Experts" are much better equipped to work around an update that makes a mess, and "Experts" are better able to pick up UI changes than "Non-Experts". Security is a good reason to update/upgrade, but every non-expert I know whose phone got the Lollipop update described it with obscenities, and would have been perfectly fine with a 'security patch only' update. The problem is that there's no consistent way for non-experts to know whether this will be a "transparent security fix" kind of update, or a "this will f'k up my s't and rearrange everything for no good reason" update. Even updates that don't make a mess of the UI cause other problems. Windows XP, circa 2001, needed 256MB of RAM to run acceptably. by the end of its run, the UI hadn't changed, but somehow, it required at least 1GB of RAM when it was (supposedly) the same OS. Admittedly an obscure example (but the only one I can think of at the moment), an Intel wireless NIC driver update I did once removed the ability to specify my own MAC address. A router firmware update I did once notably decreased the throughput of the network traffic it was processing. We all remember the Slashdot outcry when Sony removed OtherOS from the PS3. "Update" has a long history of having mixed impact on end users, so any "Expert" who both unilaterally applies updates and doesn't understand why "Non-Experts" don't share this practice may well have a thorough understanding of computers, but a piss poor understanding of humans.

I didn't see any experts in the article suggesting blindly installing updates without testing (if possible, like in a corporate environment for instance) or reading the release notes. Anyone with the technical skill to be upgrading a NIC driver or a router firmware should also have the technical skill to A) Test the update, B) Read and understand the release notes, and C) roll back the update if it has unintended side affects

I don't dispute that. The point I was making was that updates are not universally better than their predecessors. Yes, I rolled that firmware back, but the fact that I needed to do so was more where my objection was focused.

Many password managers use Teh Cloud (tm). There's a damn good reason to be reluctant to store all of your passwords on somebody else's hard disk. Local password managers solve that problem, and now we're back to the classical problem of 'backing data up' and 'single point of failure'. Even at that, who do you trust? Heartbleed was a particular mess from a PR perspective because Open Source ("More secure than Microsoft!!11") had a spectacular failure that was used by "Experts" - people who were supposed to be putting security at the forefront. If such a widely circulated OSS project could have such a problematic bug, what possible hope does a regular user have with respect to betting on the right horse? Even if they do, there's nothing that they can do for the far end doing stupid things - all the password managers in the world won't change a blessed thing if the password was for Sony or Ashley Madison. It's all risky at some level, and ultimately, password managers overcome a shortcoming of computers themselves. Non-Experts have things to do. Writing passwords down in a nondescript password book, kept in a room separate from the computer itself, with each of the passwords changed annually, is probably the simplest and cheapest way a non-expert can put themselves comfortably in the third standard deviation.

All software has bugs. Security is always a trade-off between convenience and usability.

Agreed. Where each lies, however, is not always cut and dry. PM's make it more convenient to have 20-character, random generated strings in active rotation, but less convenient than simply using "Hunter2!" everywhere.

A properly written "Cloud" password manager *CAN* do both by only storing the encrypted information in the cloud. It also encourages (and can generate) unique and random passwords for each site. That way when Sony or Ashley Madison get hacked, the perpetrator gets a unique random password that won't give them access to anything else. A properly-written cloud based (all encryption is handled locally, plaintext is *NEVER* in the "Cloud") password manager has the added benefit of working on mobile platforms where the physical book in the other room can't help you if you are on your laptop in the coffee shop or on your phone waiting in line at the grocery store.

The problem with your "properly written" qualifier is that it presents an inherently problematic challenge. LastPass says that it operates the correct way, but how can I verify that? Because their website says so? I have no meaningful way to acquire proof that it does what it's supposed to do. Additionally, if I do may unique, gibberish-string passwords, I officially become dependent on LastPass; that dependency has its own points of concern. It may not convenient to have passwords written in a book that's left at home, but its tradeoff between "not being available in a grocery store" and "not being susceptible to LastPass hacking / ending service / software vulnerabilities / NSL" has definite advantages on both sides.

Funny how you mention the attention Heartbleed got but you fail to mention Microsoft's way worse SSL/TLS screwup last year which didn't get a fancy name or any media attention. Like I said, all software has bugs.

You're right. I wasn't comparing SSL/TLS to OpenSSL, I was saying that a bug in OpenSSL not only made lots of information vulnerable, but the non-experts felt more helpless due to the broad media coverage of the issue that they could do nothing about, but whose solution was to be done by "Experts" who are supposed to be addressing this stuff on their behalf. LastPass wouldn't stop the password from being taken, only mitigating the damage.

Comment What Experts can learn about reality (Score 5, Interesting) 112

Experts recognize the benefits of updates, while non-experts are concerned about the potential risks of software updates.

"Experts" are much better equipped to work around an update that makes a mess, and "Experts" are better able to pick up UI changes than "Non-Experts". Security is a good reason to update/upgrade, but every non-expert I know whose phone got the Lollipop update described it with obscenities, and would have been perfectly fine with a 'security patch only' update. The problem is that there's no consistent way for non-experts to know whether this will be a "transparent security fix" kind of update, or a "this will f'k up my s't and rearrange everything for no good reason" update. Even updates that don't make a mess of the UI cause other problems. Windows XP, circa 2001, needed 256MB of RAM to run acceptably. by the end of its run, the UI hadn't changed, but somehow, it required at least 1GB of RAM when it was (supposedly) the same OS. Admittedly an obscure example (but the only one I can think of at the moment), an Intel wireless NIC driver update I did once removed the ability to specify my own MAC address. A router firmware update I did once notably decreased the throughput of the network traffic it was processing. We all remember the Slashdot outcry when Sony removed OtherOS from the PS3. "Update" has a long history of having mixed impact on end users, so any "Expert" who both unilaterally applies updates and doesn't understand why "Non-Experts" don't share this practice may well have a thorough understanding of computers, but a piss poor understanding of humans.

Non-experts are less likely to use password managers: some find them difficult to use, some don't realize how helpful they can be, and others are simply reluctant to (as they see it) "write" passwords down.

Many password managers use Teh Cloud (tm). There's a damn good reason to be reluctant to store all of your passwords on somebody else's hard disk. Local password managers solve that problem, and now we're back to the classical problem of 'backing data up' and 'single point of failure'. Even at that, who do you trust? Heartbleed was a particular mess from a PR perspective because Open Source ("More secure than Microsoft!!11") had a spectacular failure that was used by "Experts" - people who were supposed to be putting security at the forefront. If such a widely circulated OSS project could have such a problematic bug, what possible hope does a regular user have with respect to betting on the right horse? Even if they do, there's nothing that they can do for the far end doing stupid things - all the password managers in the world won't change a blessed thing if the password was for Sony or Ashley Madison. It's all risky at some level, and ultimately, password managers overcome a shortcoming of computers themselves. Non-Experts have things to do. Writing passwords down in a nondescript password book, kept in a room separate from the computer itself, with each of the passwords changed annually, is probably the simplest and cheapest way a non-expert can put themselves comfortably in the third standard deviation.

Another Iteresting thing to point out is that non-experts love and use antivirus software.

As well they should. Antivirus software is a layer of security, and one that non-experts tend to use more consistently than any other form of threat mitigation. It's not a cure-all (more likely the problem that exists with non-experts using AV software; they throw caution to the wind under the assumption that the antivirus will protect them), but it will be very difficult to convince me that properly updated AV software does more overall harm than good.

Comment Re:Pedestrian cycle! (Score 1) 363

I like this idea. The problem is that in NYC, there are precisely two reasons for the walk/don't walk signals:
1.) in the event of a collision, assigning blame for insurance/lawsuit purposes.
2.) legal compliance for the same.

If you are a pedestrian in NYC, you cross the street when you see a break in traffic. If that happens to coincide with the traffic signals in the 'walk' position, so much the better. If the sign says 'don't walk', and there's room to cross, you cross, along with 100 other people.

This line of reasoning has secondary problems: if you're trying to make a turn and pedestrians start blocking you while you're turning, you're backing up traffic behind you, and that traffic queues up VERY quickly. This becomes even more dangerous on the two-way streets in Manhattan, where such an occurrence can cause a vehicle to camp out in the line of oncoming traffic, and either cause an accident, or cause gridlock. Even a driver who is turning on a protected left will find themselves amidst this. It also causes drivers to be aggressive out of necessity - if a driver doesn't "push" through pedestrian traffic, pedestrians will continue to cross.

A pedestrian cycle will assist in keeping foot traffic going, but in many cases, keeping cars stopped at lights in NYC, even for an extra 30 seconds, will cause gridlock in the streets behind. Additionally, pedestrians that continue to cross will impede vehicle traffic.

Traveling in NYC, no matter how you do it (foot, car, subway [tube]), is its own kettle of fish, largely different than most other places. The population there is incredibly dense, there's the influx of commuters during the work day that add an extra million or so to the numbers, and every one of those people has someplace to be, and something to get done. Travel in NYC scales to the level it does for the same reason the AS/400 scaled better than the earlier versions of SQL server - the users learn to deal with the system; the system itself doesn't change.

Comment My plan sounds better than ever (Score 2) 151

I'm still in a vehicle that is a relic of a bygone era - the era when connectivity was opt-in by making explicit purchases for that functionality. My next vehicle negotiation will involve bringing a Ziploc bag and saying, "please have the folks in the shop place *all* cellular and GPS connectivity equipment in this bag. My purchase of this vehicle is wholly contingent upon this bag being full, and visual confirmation that my in-car infotainment system shows error messages before I pull out of the lot."

I look forward to the funny faces I get from the salesmen at the dealership, but this is the world we live in today, and it is sad that such a notion is even necessary.

Apple, Google, Microsoft, and Amazon need to stay the HELL out of my dashboard.

Comment Re:Why reddit and not forums/usnet? (Score 3, Informative) 452

Why not Forums?

VBulletin/phpBB style discussion boards are great, and there's usually one for basically-whatever you're into - cars, computers, pets, food, crafts, wedding planning. It's not uncommon for a given user to be a part of at least one such community. The problem is that it's a bit more difficult to 'channel surf' that way. If a user participates in a discussion thread in Alpha Forum, they'd have to log in separately to Bravo Forum to participate there. This limits the scope of topics that can be viewed at a given clip. Similarly, different forums have different rules or customs. Some are particularly strict about citing sources for claims, others are super strict in the profanity, others use a 'reputation' point system while others simply use 'thanks' or nothing at all; Reddit is at least a smidge more consistent site-wide with its rules.

Why not Usenet?
I'm still a fan, personally. comp.misc has some interesting discussions, and misc.legal.moderated is frequently some fascinating reading. There are a few groups related to video games and Doctor Who that have interesting discussions, the latter particularly after new episodes air. The fact that a user identify is basically universal is helpful to keep the playing field level. Usenet has its own list of problems though. First and foremost, usenet is something that itself needs to be sought after to a certain extent at this point; few ISPs offer access to it, and neither Windows nor OSX ship with a client. This is further complicated by the fact that a "binary client" and a "text client" are frequently different pieces of software, usually cost money on top of existing internet subscriptions, few real-life friends tend to be able to share the experience, and the search results for the term in Google are usually affiliated with warez, so getting people into it is its own challenge to begin with. Moreover, usenet is much more susceptible to spam, it's not possible to share in-line images or youtube clips (like it or not, responding with memes and animated GIFs is a common practice these days), and it's not possible to 'upvote' posts as to indicate the quality of a particular contribution. Put it all together, and Usenet is a wonderful niche that Reddit simply does better for the majority of internet users.

Comment Re: Competition (Score 1) 61

I think that competition is coming in the form of Apple, who it seems is poised to compete with Google's search, in addition to their maps service.

I'd be okay with that, but in order for that to be accurate, Apple would have to open up - Apple Maps on Windows Phone and Android, an actual search engine that's usable through a web browser, and presumably, iAds to fund these projects - technically not truly necessary, but I don't see the bean counters being willing to spend iPhone stipends on a project where they're not at least recouping their costs.

Apple competes well on its own platforms, but amongst the reasons why Google is Google is because it's neigh impossible to find one's self on a platform that doesn't provide some form of access to Google services. Microsoft is getting much closer to this level of ubiquity. Apple doesn't appear to be trying.

The value of a program is proportional to the weight of its output.

Working...