Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:The usual suspects (Score 1) 423

by bbroerman (#46597991) Attached to: Ask Slashdot: Preparing For Windows XP EOL?
I've worked for companies like that. Sometimes it happens. They don't have the time or money to invest in writing all new software. I'm still writing web apps that have to support IE 6 due to a partner using an older version of Developer Studio where the embedded browser widget renders as IE6. They don't have the money to re-tool and rewrite it all, and we have to support them...

Comment: The usual suspects (Score 0) 423

by bbroerman (#46596179) Attached to: Ask Slashdot: Preparing For Windows XP EOL?
Load all patches, install a good antivirus, have a second or third one that you run occasionally manually (not all anti-virus packages get everything), use an updated chrome or Firefox browser. For Firefox, I'd suggest using noscript and web of trust as well. Keep Java in medium or high security mode, only go to reputable sites, and only enable JavaScript when needed.

Comment: The company should be sued (Score 1) 550

by bbroerman (#41103883) Attached to: Should Developers Be Sued For Security Holes?
The company should be sued, not the developers. Its usually company management that tells the developers what to code, gives them too tight a deadline, changes requirements mid-stream, and prioritizes fixes and defects based on the percieve d cost vs. benefits. (i.e. how much a lawsuit costs vs. the cost of fixing it) Usually the poor developers are struggling to keep up, and most aren't trained in security... Most are barely trained, as the companies want to get people cheap. Its really the companies fault.. This coming from a developer with 20 years of professional experience in companies large and small...

Comment: OAuth (Score 3, Interesting) 101

by bbroerman (#40802339) Attached to: OAuth 2.0 Standard Editor Quits, Takes Name Off Spec
Having implemented OAuth1.0 and 2.0 services for communicating with various platforms, I was amazed at the lack of any security in Oauth 2.0. As mentioned by others, it completely relies on SSL/TLS, which is itself somewhat broken. From what I have gathered, it's simpler. That's about it. Actually, I prefer OAuth 1.0 and have modeled many of my own APIs after it.

Comment: Well, if we dont, someone else will... (Score 1) 172

by bbroerman (#37679618) Attached to: Astronauts As Alien Life Hunters?
At least there are other countries out there that have the will and the means. The US doesn't have to be the biggest and best any longer, and won't be for much longer anyway... China, India, and who knows who else will be out there long before we go back... Pretty soon, all the big announcements, advancements, etc. will be coming from them. Who knows, maybe one day we will be humbly asking China if they'll take us along, or let us spend time on their moon base.

Comment: thats why i use my own solution... (Score 1) 665

by bbroerman (#35560070) Attached to: Why Doesn't Every Website Use HTTPS?
that's why I wrote a security framework that runs over HTTP and Ajax but is, as far as I can tell with my testing so far, as secure as HTTPS... with no need for expensive certs... It doesn't give you the nice blue / green address bar or the lock icon, but it's very secure when used properly. Decided not to go the patent route with this project, with all the changes and uncertainty in the patent landscape here in the US... but I would still like to get something out of all of my work and effort... so... I'm willing to give it to a few small companies for free as beta testers (with some consulting services) if they want to do an NDA... also, if there are any security experts out there who want a look-see... just send me an email... NDA there too... I'm going the trade-secret and copyright route on this, but hopefully it'll pay off. Anyone interested, let me know... (check email address on my profile)

Money can't buy happiness, but it can make you awfully comfortable while you're being miserable. -- C.B. Luce