Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment: Re:Simple solution (Score 1) 327

by n3r0.m4dski11z (#48897083) Attached to: Ask Slashdot: Where Can You Get a Good 3-Button Mouse Today?

"middle button = "paste selected text""

Didn't work in firefox or word, so i doubt it works in all applications.

Shortcuts are funny like that, some people find something invaluable that other people don't even know about.

I ctrl+c and then pressed the middle mouse button and it didn't paste so I dont know what you are talking about.

In firefox the MMB more annoying than anything, because if you accidentally click the middle mouse button, you get a kind of 'fast scroll' of the page instead of the mouse wheel.

Comment: Re:BitDefender (Score 1) 434

by Zibodiz (#48896631) Attached to: Ask Slashdot: Best Anti-Virus Software In 2015? Free Or Paid?
The fact that it's last year's version is a drawback as compared with the paid version, but even last year's version of Bit Defender is better at what it does than a current copy of Norton or McAfee, so why whine about it? If you want the better version, pay for it. Seems pretty fair to me.
You found it naggy? That really confuses me. As long as you activate and confirm your email address, it will never pop up on your computer unless it finds something. I literally have never seen it appear unannounced on my primary computer. If I do open the interface, I don't even see a "CLICK HERE FOR MORE FEATURES!" banner.
As far as it tripping your other AV, I'm not terribly surprised. There's a reason you're only supposed to use one AV. Most AVs won't even allow you to install if they detect another AV present (not without a lot of kicking & screaming, at least).
Encryption

OpenSSL 1.0.2 Released 69

Posted by timothy
from the early-days dept.
kthreadd writes The OpenSSL project has released its second feature release of the OpenSSL 1.0 series, version 1.0.2 which is ABI compatible with the 1.0.0 and 1.0.1 series. Major new features in this release include Suite B support for TLS 1.2 and DTLS 1.2 and support for DTLS 1.2. selection. Other major changes include TLS automatic EC curve selection, an API to set TLS supported signature algorithms and curves, the SSL_CONF configuration API, support for TLS Brainpool, support for ALPN and support for CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.

Comment: BitDefender (Score 2) 434

by Zibodiz (#48890231) Attached to: Ask Slashdot: Best Anti-Virus Software In 2015? Free Or Paid?
I'm really surprised more people aren't recommending Bit Defender. I use the free version on my own machines and install it on customer PCs, and have had very good results from it. Never pops up asking to upgrade to a premium version, doesn't audibly announce it's updating/scanning/etc (in fact you'll only know it's there if something goes wrong). It also doesn't impact performance very much at all -- way better than Avast or AVG. According to http://www.av-comparatives.org..., they're always at the top of their game.

Comment: Re:Once more (Score 1) 99

by dissy (#48889009) Attached to: U.S. Gas Stations Vulnerable To Internet Attacks

>We have to ask why everything NEEDS to be internet connected. A local connection to the sensors will allow the station to determine when they need to refill said tanks. Not much point in putting it out there on the big scary internet. :D

It isn't a "need", it is only a "want"

Just imagine the cost difference between a fleet of IT people posistioned in every city the gas station chain does business in, paying their US pay rates - compared to a poor lone indian guy on the other side of the planet being paid a tiny fraction of US pay rates, not multiplied by the number of employees (or multiplied by one technically) able to manage all 100000 pumps owned by the chain.

The psychopaths at the top of the gas station chain companies get to keep that unspent money for themselves, so the less they pay out the better it is in their mind.

Of course you both get what you pay for, and must suffer the consequences of your own choices and actions once made, but it's pretty rare either of those factors even pops into their minds - and when it does the only reaction is to beef up the golden parachute package for when the inevitable happens.

The point is the whole intention here is not to do things right but to save money and raise profits without concern for the future or security of the company as a whole.

Going by those terms, not only do the pumps need to be on the Internet, but does make them more short term profits, so clearly is the correct solution to their incorrect and needless problem.

Censorship

Blogger Who Revealed GOP Leader's KKK Ties Had Home Internet Lines Cut 413

Posted by timothy
from the coud-be-coincidence dept.
blottsie writes Last month, Lamar White, Jr. set off a firestorm in Washington when a post on his personal blog revealed that House Majority Whip Steve Scalise, the third most powerful Republican in the House of Representatives, was a featured speaker at a white nationalist conference put on by former Klu Klux Klan Grand Wizard David Duke. Then someone climbed in his back yard and severed his Internet cables.

Comment: Re:End of support, not "end of life". (Score 2) 155

by dissy (#48864953) Attached to: Windows Server 2003 Reaches End of Life In July

I agree with IBM to a point but Google doesn't have the best track record of supporting their products after they decide the product has reached the end of its life. In fact, they probably have one of the worst.

Sadly that is true.

In my previous post I was more thinking along the lines of trusting IBM/Google/etc to release updates that actually fix vulnerabilities instead of intentionally injecting new ones - more as in comparison to those shady sites out there hosting windows update msis for people using pirated windows without full access to legit update channels.

While I personally would trust Google in that sense, I do have to agree I can't say the same about them "sticking with it" for the long run.

Of course I don't really see them even starting this to worry about them closing down the beta a few months later ;P
But your point remains.

Comment: Re:End of support, not "end of life". (Score 1) 155

by dissy (#48864895) Attached to: Windows Server 2003 Reaches End of Life In July

Just because something is "inside" doesn't mean you can ignore its security.

I'm curious, which one of "low risk", "risk limited to lan", or "not zero risk for sure" did you interpret as me saying there was no risk and thus security is being ignored?

Or was it just the statement that it actually is being upgraded that sounded like " being ignored"?

I of course was light on details, since they don't really matter here, but I feel I spelled out most of the points in my risk analysis process such that "ignore" is a pretty unfitting adjective for what I actually said.

Comment: Re:End of support, not "end of life". (Score 4, Informative) 155

by dissy (#48863995) Attached to: Windows Server 2003 Reaches End of Life In July

My understanding is that fixing newly discovered vulnerabilities in Windows XP or Windows Server 2003 would be fairly inexpensive.

One more downside to being closed source - if Microsoft won't fix vulnerabilities, no one else can for any sane price.

At work I'm still migrating our last two 2003 servers, one migration nearing completion the end of this month, and the next not even started yet but expecting to take 9-12 months.

Exchange server was our primary risk because by its nature it has to handle SMTP, and while you can't poke that server directly from the Internet (a postfix relay server is the only one with direct internet exposed ports) but those emails still flow through it, and it sends outgoing mail directly so has to connect to other MTAs and everything involved with that like DNS queries... A pretty big risk footprint on that one, so no argument from me that it needs upgraded.

The last 2003 server however doesn't technically require being replaced, the risk is very small and mostly controlled for even then. It would likely run fine until enough hardware failures make keeping the server up cost prohibitive, which is really the biggest reason (though a fairly justified one) to upgrade.

The vulnerability risk footprint is limited to the LAN, and then only really to windows file sharing (that and SQL server are the only exposed services)
Not zero for sure, but taken alone not enough of a reason to justify the cost of an upgrade. Only everything taken together combined with a string of purchase approvals to upgrade everything else that demands it, is why it ultimately will be.

If only another big player could release continued security updates, or ideally more than one to help both competition on price and a choice of whom to trust for such a thing.
There is definitely a market for very long term support, which you have to look no further than IBM to see.

In fact many would trust IBM to fill such a role if they were to do so. Others may trust Google. I'm sure there are plenty of other examples as well.
But I don't see "long term windows support" being in many of those companies interests, nor see microsoft going along with such a plan even if they were.
Microsoft wants you to buy their latest shiney instead, Google would prefer you didn't use Windows at all, and IBM doesn't seem to be as big on the support thing these days even for their own products let alone microsofts.

All of those facts factor in to the cost of providing security updates, and does raise the bar quite a bit higher than it would appear at first glance.

Save a little money each month and at the end of the year you'll be surprised at how little you have. -- Ernest Haskins

Working...