Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment Re:This is a big bitchslap to Mozilla (Score 1) 128

I'm not aware of any browser that can withstand a determined and resourceful hacker. Browsers are huge beasts that are 80% attack surface. So I'll continue to fault Chrome for its memory use and other bad habits, and keep using Firefox.

I'll go further and point out that Pwn2Own folks obviously like using VMs to provide security when browsing, since they are putting VMware in the mix. And that hypervisor was originally designed for administrative convenience and full utilization of hardware, not security (now they are trying to make it a security platform, bless 'em). OTOH, Xen has long touted its security focus and has a really tiny attack surface so I'm happy to be using that in Qubes OS as well.

Comment Re:Sounds good... (Score 4, Informative) 75

That is, if you're near a large supply of readily accessible water.

If you read TFS (not even TFA) you'll see that this has been built "on a naval base in Port Hueneme, Calif." Port Hueneme is on the West Coast of California, right next to the Pacific Ocean. Is that a sufficient supply of water for you?

Comment Re:What do you mean... (Score 1) 181

You're sssuuuuuch a brave iconoclast!

/popcorn_time :D

Code signing is not a good policy. It creates a false layer of trust...

It creates a layer of trust that fails passively which is exactly what people need when they cannot check a billion details about what's running in their systems. You seem to be advocating active security measures, IOW keeping umpteen antisocial numbskulls with ninja hax0r text-mode window managers and other frippery on retainer at great expense. Its also the kind of mentality that actually lends appeal to clusterfucks like Intel ME, and tries to stuff every PC user into only completely opposite roles: you have to be either full-time hacker or proverbial grandma. Fuck that!

The handwaving about secure boot and TPMs is also really special. It sounds like "Get off my lawn!". Qubes already has an open implementation of firmware verification that only requires memorizing a short phrase. Having machines authenticate themselves to users (instead of only the reverse) is a quite natural extension of what they're already doing.

Letting a system go out of date for years because of "stability" reasons will get you hacked, as you are not keeping up with the security updates.

Yeah, way to show you don't know the difference between upgrades and updates. I'll leave you on that brilliant note.

Comment Re:Only Outlaws will Have Encryption (Score 1) 147

Generally, I don't agree with arguments of the form "If we ban X, only the bad guys will have X". (For example, if X is "guns", then total general unavailability of them, would eventually drive manufacturers out of business - and sooner or later all guns (and ammunition) would rust into non-existence and the bad guys wouldn't have them.)

But crypto is different. It's math. Since the math is already "out there", it only takes someone with roughly college-level software skills to turn that math into code.
So it is truly the case that making crypto illegal will simply result in no-back-door-crypto software appearing on the dark net for low-$$$ and the bad guys will have it.

At that point, the lack of crypto in the open market is irrelevant. The NSA (et al) will still need to decrypt the bad guy's messages the hard way.

And if we're honest about it - the real bad guys can probably figure out how to use a one-time pad correctly - which is easy enough to do and unbreakable.

Another issue here is how the law would get rid of all of the crypto that's already out there - do they seriously expect everyone to load new software for every device that uses cryptography in any form? The cost of that would be staggering!

Comment Re:What do you mean... (Score 1) 181

Of course, because no one ever heard of people downloading infected software from compromised distribution sites. And that's just for starters... what about the ability of security software to validate installed apps?

And the fact that you're cozy with your boyscouts-at-the-NSA image has exactly what bearing on this issue? There are people at all levels of society who try to spread malware and they will even fuck around with your LAN to do it.

No, sorry.... The norm for software distribution has to be app authors signing their code and distributing it in a form where verification happens automatically. If you have to tell users they cannot have both verification and current releases then the software ecosystem is sick.

And note that large FOSS authors like LibreOffice and Mozilla do not operate their own PPAs. They leave it up to fourth parties whom even most /.ers have never heard of before. Linux software distribution methods are too much of a hassle even for large FOSS projects. This should be a clue as to why non-libre products cannot grow on these non-platforms (in fact, there are hardly any robust desktop apps from any sector): If you want to have hope of reaching a large segment of a Linux distro's users, you have to hope that your app gets into a default or pre-approved repository and even then your fanbase will be isolated from exciting developments, stuck with stale versions, unless they also suffer the idiocy of upgrading the OS yearly and the high incidence of their systems becoming inoperative.

FOSS platforms need to find ways to facilitate direct relationships between app developers and users - safely. Most are seriously not in ANY sense trying to do that, and instead just get in the way.

Comment Re:What do you mean... (Score 4, Informative) 181

Oops! From the readme:
--
As a general rule, you are recommended to install LibreOffice via the installation methods recommended by
  your particular Linux distribution (such as the Ubuntu Software Center, in the case of Ubuntu Linux). Th
is is because it is usually the simplest way to obtain an installation that is optimally integrated into
your system. Indeed, LibreOffice may well be already installed by default when you originally install you
r Linux operating system.

This "stand-alone" LibreOffice installer is provided for users in need of previews, having special needs,
  and for out-of-the-ordinary cases.

--

They recommend against direct user installs! Who knew?! And BTW, to most people your 'easy' command line install looks like you had an epileptic seizure at your keyboard.

Oh, almost forgot to mention... You just installed unsigned code.

The Courts

SCO vs. IBM Battle Over Linux May Finally Be Over (networkworld.com) 211

JG0LD writes with this news from Network World: A breach-of-contract and copyright lawsuit filed nearly 13 years ago by a successor company to business Linux vendor Caldera International against IBM may be drawing to a close at last, after a U.S. District Court judge issued an order in favor of the latter company earlier this week.
Here's the decision itself (PDF). Also at The Register.

Comment And all the other shit? (Score 1) 425

So, are you going to fix the annoying CDN/download system, ie the one that doesn't give simple URLs, but instead force every download through a CGI script, instead of using a proper fucking CDN, DNS round robin, or load balancer?

Do you have any idea how annoying it is to want to download a tarball from Sourceforge to a remote system I'm SSH'd to, but I can't copy the URL to the clipboard and paste it into the command line without escaping the ampersands, or having to manually rename the file?

Plus, let's be honest here: you're not fixing this crap because you all care about the open source community. You're fixing it because projects left in droves and your advertising revenue dropped. Stop pretending this is about anything other than money.

Comment Re:If it's "settled", it ISN'T "science" (Score 1) 552

You may be right. However, I'm not thinking about how the conditions on the grant are worded, I'm thinking of how they're interpreted. As an example, a grant to study long-term trends in the global climate is nice and even-handed, but if it's never awarded to anybody expressing a contrarian opinion (Please note: this is a made-up example.) the effect is to fund scientists who accept AGW while making it hard for others to test their ideas. I'm not saying that it is happening, but we all know that most politicians are more interested in things that fit their idea of how the world works than in finding out if it does or doesn't.

Comment Re:Reasons why I don't like the Internet of Things (Score 1) 88

Here is some of the evidence: IP cam trolling!

https://www.youtube.com/watch?...

https://www.youtube.com/watch?...

https://www.youtube.com/watch?...

https://www.youtube.com/watch?...

There was an epic one from last week where 4 unwanted pizza deliveries showed up at this person's door before the pranker started shouting "GIMMEE MY PIZZA!" and obscenities at the family. But it got pulled.

Comment Re:If it's "settled", it ISN'T "science" (Score -1, Troll) 552

IMHO the Science isn't settled, because science isn't consensus.

Exactly. I'd also suggest that if you really want to find out what's going on, follow the money. There's lots and lots of grant money out there for people in that field, but only if their results match what the politicians need to push their agendas. You don't even need to bias the peer review (If that's actually going on, that is.) if the only studies to get funded say what you want to hear and the contrarian ones don't get funded.

Comment Re:The real headine (Score 1) 659

That would be incorrect though - they say that only 20% of their readership uses an ad-blocker. Some percentage will doubtless white-list, others (probably not many) will cough up the $1.

No matter what - their readership won't drop by more than 20% (I'd bet 10%) - so saying that they lost "the majority" (meaning more than 50%) would be wildly overstating the effect.

Slashdot Top Deals

"When people are least sure, they are often most dogmatic." -- John Kenneth Galbraith

Working...