Follow Slashdot stories on Twitter


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Comment Re:Wait, what? (Score 0) 236

They are both very important but I don't believe that is true.
I found an xpi extension on bugzilla before the first leadership change that I can't fucking find anymore.
It blocks silent cross-site Authentication Header cookies that you CANNOT normally block. They are SuperCookies. The site can silently "authenticate" without your knowledge creating a basic auth authentication "Supercookie" that is remembered and retained until browser exit (Or possibly remembered by your Session saver extension if so configured) and can be used to bypass the normal cookies that Mozilla has been making "easier" to disable, ha, har har, har.
The extension is called authtest.xpi.
Another that to my knowledge hasn't been ported to Firefox yet is WindowNameEraser which conditionaly clears between transitioning sites. Please check out to see the authtest/Authentication Header and Window Name in action as a proof of concept. Also if not already known, and There are others but I don't have the exhaustive list handy.
Then there is geo location/positioning, canvas, webrtc, visited links (Still not fucking fixed and known about since Phoenix/Gecko/Firefox 1 ), cache. Still firefox aside from Torbrowser or Jondo is the most *secureable* browser out there. What ever security "gains" you get with Chrome OR Chromium fly out the window wrt
What is a good site to share an extension on and forget about?

Comment Re:Including Slashdot? (Score 0) 396

It isn't documented any where and I can't recall where I first learned of it because it was years ago but you can get TLS on Slashdot.
Once subscribed and logged in it should transition you to TLS, at least it does for me.
If it does not you can force the matter with Noscript.

Off hand has anyone noticed Noscript unblocking Google analytics and other domains and certain other analytics domains with each new update?

I also use the Calomel TLS grading extension for Firefox.
Slashdot has been graded Red for years. Dice just upgraded the cert a couple of days ago and it is now graded Blue with PFS. Not Green but at least it's not Red anymore.


Displaced IT Workers Being Silenced 398

dcblogs writes A major problem with the H-1B debate is the absence of displaced IT workers in news media accounts. Much of the reporting is one-sided — and there's a reason for this. An IT worker who is fired because he or she has been replaced by a foreign, visa-holding employee of an offshore outsourcing firm will sign a severance agreement. This severance agreement will likely include a non-disparagement clause that will make the fired worker extremely cautious about what they say on Facebook, let alone to the media. On-the-record interviews with displaced workers are difficult to get. While a restrictive severance package may be one handcuff, some are simply fearful of jeopardizing future job prospects by talking to reporters. Now silenced, displaced IT workers become invisible and easy to ignore. This situation has a major impact on how the news media covers the H-1B issue and offshore outsourcing issues generally.

DOJ Launches New Cybercrime Unit, Claims Privacy Top Priority 61

msm1267 writes: Leslie Caldwell, assistant attorney general in the criminal division of the Department of Justice, announced on Thursday the creation of a new Cybercrime Unit, tasked with enhancing public-private security efforts. A large part of the Cybersecurity Unit's mission will be to quell the growing distrust many Americans have toward law enforcement's high-tech investigative techniques. (Even if that lack of trust, as Caldwell claimed, is based largely on misinformation about the technical abilities of the law enforcement tools and the manners in which they are used.) "In fact, almost every decision we make during an investigation requires us to weigh the effect on privacy and civil liberties, and we take that responsibility seriously," Caldwell said. "Privacy concerns are not just tacked onto our investigations, they are baked in."

Comment Re:Telegram (Score 0) 93

Please google OSI and look into "Open Source" that's a capital O and a capital S!
Please also google FSF and look into "Free Software".
Again a capital F and a capital S.
The capitals !@#$@!# matter!
Public Domain does not == Open Source, There is no such thing as open source.
Or are you just trolling!?

Public Domain is public domain. Copyright has expired or been forfeit in order to put it, what ever it is, into the public domain.
With Free Software and Open Source software someone holds the attribution to the rights of the work.

Comment Re:HTTPS Everywhere (Score 0) 206

You are correct that they do not come right out and say that in the faq. I'm not sure if they did in the past.
However in the FAQ at:
At section Subscriptions with question:
Why subscribe to Slashdot? Can't I read for free?
You find the link:
That takes you further down the page with more details where as you said it does not mention this.
*It is an unmentioned plum.*

While you are logged into your account observe on the upper right where I expect you have your Slashbox.
If you don't then go enable it.
With that enabled you have the default content that goes in your Slashbox and it lists your current Karma.
Mine has been Bad since I think about 2007. Haven't seen a mod point sense.
Below Karma you have three links:
Journal Subscription Account

Subscription is this link:

Where in you read:
Absolutely nothing about this!?
Hrm. I could have sworn I read about this and didn't just figure it out on my own.

Okay they either covered this before and removed it. Not sure and don't know why they would do that.
Or I read this in a post several years ago and just assumed everyone I've been reading complain about this just didn't want to subscribe.
I subscribed a few years ago and wanted encryption and also had trouble with this feature due to redirects.
I resolved this by putting
in my forced HTTPS NoScript settings and then added
into the whitelist for the never force https list.
Anytime my session/cookie expires I put in and then get redirected to a https slashdot url.
Hope that helps you and many others and that they don't degrade this for some reason!?

Submission + - GamerGate May Have Been an Op

Bob9113 writes: Casey Johnston at Ars Technica has a story on GamerGate: "A set of IRC logs released Saturday appear to show that a handful of 4chan users were ultimately behind #GamerGate, the supposedly grass-roots movement aimed at exposing ethical lapses in gaming journalism. The logs show a small group of users orchestrating a "hashtag campaign" to perpetuate misogynistic attacks by wrapping them in a debate about ethics in gaming journalism...."

"No, no, I don't mind being called the smartest man in the world. I just wish it wasn't this one." -- Adrian Veidt/Ozymandias, WATCHMEN