Forgot your password?
typodupeerror

Comment: Accessing email on the server (Score 1) 635

by chaoskitty (#47788615) Attached to: Ask Slashdot: What Old Technology Can't You Give Up?

I don't cling to the old because I'm unafraid of change - I keep using it because nothing better has come along.

Shell-based email is still the quickest and easiest way to keep email in one place and have it be accessible even if I'm on a connection the speed of dialup. No matter how many times I try email clients, nothing works as quickly and as seamlessly. The same goes for ytalk instead of IM programs (luckily, many of the people with whom I want to chat have shell accounts, too).

Until someone comes up with something better, like a protocol which allows for downloading just the text of what I want to see, I'll happily ssh and do email on the server, like I've been doing for twenty years.

Comment: Anyone remember, "Write once, run anywhere"? (Score 1, Insightful) 511

by chaoskitty (#47745439) Attached to: If Java Wasn't Cool 10 Years Ago, What About Now?

Sun's slogan for Java used to be, "Write once, run anywhere." Remember that? Sun didn't make JVMs for many platforms, and didn't even have an official JVM for GNU/Linux for ages. Add to that the fact that each major version of the JVM deprecated features and introduced incompatible ways to do things previously done other ways, and it's no wonder it has become the case that we (meaning IT folks) have to keep around an older (perhaps virtual) machine which has an older and certainly insecure JVM to talk to some hardware device or application which requires older Java. Qlogic switches come to mind.

Since the JVM isn't portable, Java isn't portable. Since software written for one JVM version can't necessarily run on another version, it's not very backwards compatible. Since it has so many security issues, you either have to hope that whoever makes your JVM keeps it up to date or that you're very careful about how it's deployed.

I can't personally think of anything more precarious than trying to deploy real software using Java.

Comment: They used to call me paranoid... (Score 5, Informative) 427

by chaoskitty (#47633437) Attached to: Ask Slashdot: Life Beyond the WRT54G Series?

I have long advocated for separating everything - the cable modem / DSL modem should JUST be an interface to the upstream provider, with no NAT and DEFINITELY with no wireless. See the issues with Xfinity and other providers who are now piggybacking their "free" Wifi on customers' connections - I bet it'll be shown in the near future that the already existing NAT table size issues, which already cause many consumer devices to be problematic, are being exacerbated by trying to maintain state entries for the "free" wireless, too.

So you have a cable / DSL modem which is in bridge mode. Then you have some sort of NAT device. If you like running your own OS, a Raspberry Pi or some other tiny StrongARM device is cheap and can run whatever GNU/Linux or BSD you like. Heck, you can even still use your WRT54GL if the CPU in it isn't limiting the speed of your upstream connection.

Then, you have your wireless device. Again, I strongly recommend something that just does bridging - you have the simplest setup because you're not using the wireless device for NAT or any other "features". With all the stories about consumer devices having poor security and intentional back doors, the less exposure, the better. Personally, I pay extra for Apple because the 802.11ac Airport Extreme does wonders with existing 802.11n clients.

The great thing about this is that you can have as many segments as you want without needing a switch which does VLANs. You can plug two USB-ethernets into a Raspberry Pi, for instance, and keep your wireless and wired networks on completely different segments. Or three, and you can have your old device provide a completely separate guest network.

The best thing about this setup is that if one device fails or is shown to be insecure and the manufacturers won't fix it, you can just replace that one device.

Comment: Always plan for nefarious behavior (Score 1) 348

It's much better to assume that a server may be or is exposed to malicious traffic than it is to assume not. Even if there's only ever a direct ethernet connection between two machines, assume someone may compromise one of the machines and protect the other. Using a username and password is one thing; if you can filter based on IP address, use software firewall rules to only allow connections on certain interfaces and from certain addresses (or, better yet, localhost), et cetera, you're always better off.

Hope for the best, plan for the worst.

Businesses

Aerospace Merger: ATK Joins With Orbital Sciences Corp 22

Posted by Soulskill
from the drumming-up-competition-for-spacex dept.
FullBandwidth writes: "Two Virginia aerospace players, Arlington-based Alliant Techsystems (ATK) and Dulles-based Orbital Sciences, are merging to create a $5 billion venture. The companies announced the merger in a joint announcement Tuesday. ATK is also spinning off its lucrative hunting gear segment into a separate company. 'The move is mutually beneficial, company executives said, as ATK looks to bolster its aerospace business and Orbital Sciences hopes to boost the scale of its existing operations as well as gain a foothold in the defense sector. ... Another beneficiary of the merger is NASA, a client of both companies. Last year, Orbital successfully completed a supply run to the international space station using its Antares rocket and Cygnus spacecraft. Orbital’s expansion after the merger will make it a bigger player in the commercial space sector as it competes with the likes of SpaceX, billionaire entrepreneur Elon Musk’s company, said Howard Rubel, an equity research analyst at Jefferies.'"
Cellphones

OpenPhoenux Neo900 Bills Itself As Successor To Nokia's N900 111

Posted by timothy
from the certainly-has-a-similar-name dept.
An anonymous reader writes "The latest device in the OpenPhoenux open hardware family is the Neo900, the first true successor to the Nokia N900. The Neo900 is a joint project of the Openmoko veteran Jörg Reisenweber and the creators of the GTA04/Letux2804 open hardware smartphone at Golden Delicious Computers. Furthermore, it is supported by the N900 Maemo5/Fremantle community, the Openmoko community and the OpenPhoenux community, who are working together to get closer to their common goal of providing an open hardware smartphone, which is able to run 100% free and open source software, while being independet of any big hardware manufacturer." So far, their Indiegogo campaign has raised more than half of the €25,000 they're seeking.

Comment: Exaggerated reports of death, blah, blah... (Score 1) 429

by chaoskitty (#43748117) Attached to: Ask Slashdot: Dealing With a Fear of Technological Change?

People have been predicting the death of Unix and the command line for ages. Most people don't care about long term because they're accustomed to a constant cycle of upgrades to make money for large corporations - it's what they're conditioned to do. If we don't want to run browsers that can get infected, email clients that render whatever they're told to render and systems that have poorly written third party software (I'm talking about you, Flash and Java), then who's the smart one?

I keep wondering if I'm doing old school things just because, but every time I try something new, I find that there aren't enough compelling reasons to modernize and at the same time there are enough good reasons to use what works well.

Comment: Simple: Firefox is NOT platform agnostic (Score 1) 665

by chaoskitty (#40881379) Attached to: Why We Love Firefox, and Why We Hate It

I don't like Firefox because they try to take Windows-isms and force them on Mac users. My user experience is one thing in 99% of the programs on my computer - why should how I select text be different for Firefox? Or why can't I launch Firefox normally by holding command-option and hitting the down arrow like I do for every other program but which sends Firefox into some special "safe" mode?

Firefox shouldn't proselytize specific OS behavior.

Comment: Oh, the irony... (Score 1) 267

by chaoskitty (#39112655) Attached to: With Push for OS X Focus, CUPS Printing May Suffer On Other Platforms

Isn't this exactly what happens elsewhere, but in the other direction? After all, many people think that KDE, GNOME and other large programs are written for GNU/Linux and just happen to be ported elsewhere. Try to Google something about setting up Apache or bash and you'll find Linux this, Linux that even though neither are exclusive to GNU/Linux in the least.

Comment: Expecting rDNS is pretty common (Score 1) 301

by chaoskitty (#37705194) Attached to: Ask Slashdot: Is Reverse DNS a Worthy Standard For Fighting Spam?

Expecting rDNS is pretty common. Expecting PROPER rDNS, on the other hand, is another thing altogether.

If a machine doesn't have rDNS, then it can't send email to anyone at AOL, for instance. It'd be quite disingenuous to say that people who send email through a machine without rDNS would be surprised if they couldn't contact you.

On the other hand, there are too many ISPs who have rDNS, but broken rDNS (doesn't resolve in the forward direction, uses names which don't belong to them, et cetera). I block email from all connecting machines which have rDNS (or HELO/EHLO strings) which say yahoo.com, hotmail.com, gmail.com, or google.com, which cuts down on a LOT of spam. The real services always have blahblah.something.yahoo.com, for instance.

I also block HELO/EHLO names which don't resolve in DNS, and on my backup MX I also block when the HELO/EHLO doesn't resolve back to the connecting IP. This, IMHO, is much more effective than only rDNS checking. People don't always control their own rDNS, but they damned well better control whether their mail server is lying or not.

The bottom line is this: are you expecting email from just anyone? If so, you can't block it but you can increase its spam score. If you generally correspond with the same people and occasionally start corresponding with someone new, you could take the time when someone new has a broken mail server. This is what I've done for years (with HELO/EHLO) and most people thank me once I explain why it's in their best interest to fix it.

Comment: It's not that hard to maintain... (Score 1) 554

by chaoskitty (#37016848) Attached to: Ask Slashdot: Self-Hosted Gmail Alternatives?

I've been doing my own email for 15 years now, and it's really not that hard to maintain. Sure, if your flavor of GNU/Linux changed significantly every time there's a new version, it's a pain to keep up to date, but I've been using similar configuration files, updated a little now and then, with the same software installed across many servers for ages (sendmail, procmail, milted greylist, imap-uw, cyrus-sasl, Squirrelmail for OCCASIONAL webmail only, et cetera).

Some people like to tinker too much to maintain a constantly running server. For them, self hosting is NOT a good idea. Some people like to run GNU/Linux distros which are too difficult to maintain, and again, self hosting isn't an answer. A simple GNU/Linux distro or some flavor of BSD can be much easier to keep up to date and therefore more secure.

There are two primary reasons why I will NEVER move to an outside email provider. The most important one is that in this day and age your email can be subpoenaed without you ever even knowing and employees of any given service can't always be trusted to not do bad things. I want full, 100% control of my email. And in spite of what other people have written in comments about the fact that email isn't secure end-to-end, the archives are always in my possession. But add TLS and at least you've made it MUCH harder for people to see stuff traveling over the Internet.

The second reason is that almost EVERY service is non-deterministic (if I'm wrong, please tell me). I am tired of people wondering where email is only to find out that some cheesy content-based filter silently dropped their email or something else happened and the likelihood that Google or Yahoo will EVER look in their logs to tell you is practically nil. My filtering is based on servers being legitimate, not based on some arbitrarily determined rules. If something is rejected, there's always a known reason and it is ALWAYS logged.

Again, please correct me if I'm wrong, but this has been my experience to date.

Neckties strangle clear thinking. -- Lin Yutang

Working...