Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:Corruption at every level (Score 1) 133

Ok, I'll explain it to you in a way that makes it easier to understand for somebody who is hang up on the idea that either everything should be provided or nothing at all.

A person can offer you to use his kitchen for free to cook your food if you have no kitchen but in exchange for the free use of his kitchen you have to buy groceries from that person. You could say that the person is running a grocery store and the price of using the 'free' kitchen is included in the price of the groceries.

I can extend this further: you are going to a restaurant and you are not bringing your own food with you, you are getting the nice restaurant experience (the interior, the music, the ambient lighting, the climate, whatever) but you are buying the food from the restaurant, you are not allowed to bring your own with you to eat there.

There is nothing at all wrong with a business model that is offering you a SPECIFIC THING and not other things. Of-course in the so called 'freest country on Earth' this idea is long gone after Obama forced the insurance companies to provide insurance plans that include specific things in them, making it illegal to provide insurance plans without those types of things.

Government interference is bad for the market, not good. If somebody is offering a product, as a potential customer it is your choice to take the product or not to take the product. If the price is 'free' but the government says that this product cannot be provided under those specific conditions, you will not get that product at all.

Is it better for you to get a product with limited functionality than no product at all? You decide, but instead of leaving it up to you, the government says: you cannot decide, you are too stupid to decide, you are too ignorant to decide, you are too childish to decide, et.

That's government oppression, not freedom.

Comment Re:The one lesson developers should learn (Score 1) 39

There is nothing wrong to "depend on other people's servers" as long as you have a contract, an SLA in place. To depend on other people's servers is perfectly fine as long as there is an understanding on both sides what that means exactly.

To depend on the servers of people who don't owe you anything and to who you don't owe anything either, that's a different story.

Comment merging threads (Score 1) 1833

Well, I am going to throw it out there, I actually came up with this idea years ago but only implemented a version of it for a client of mine, who decided not to use the feature in the forum that we created for their system. However just a thought, maybe it could be done here and maybe it could have a positive result.

The idea is that often the same question is posed or a statement is made across multiple threads and the answer to all of those could be the same exact one, so why repost the same comment over and over?

The design idea that I came up with and we implemented was to mark a number of comments and then write one reply instead of many replies. Then each one of those parent comments would have a reply to it, that would indicate that this is a merged reply.

Leaving more comments on this merged reply actually moves the conversation to the merged thread instead of keeping individual replies to the merged comment in their individual threads.

I think it's useful, others may disagree.

Oh, also metamoderation - it doesn't work here. People really should have to justify 'Troll' or 'Flamebait' or 'Overrated' because it's easy to use those simply to shut down an opinion.

Comment Waiting for a reaction... (Score -1, Flamebait) 204

I can guess what the reaction is going to be by an average person and I must say that it is justified to react in a reactive manner.

I used to advocate only for banning of copyrights and patents here (and everywhere I can) but I must admit, this makes me want to include trademarks into that list as well, at least trademarks on common words.

This is about using government oppression (a redundant statement, government is oppression, that's all it is) to prevent people from putting titles on things such as: 'mom reacts to ... a spider'.

I mean 'American funniest home videos' can most definitely claim prior art and really anybody who is older than these guys can claim prior act, that's what 1st of April is about - reactions.

But of-course there will be those who will say: banning copyrights, patents, trademarks and really any government protection for things is insane, who would ever create anything if government wouldn't protect them. I will tell you this: you are the scorn of this civilization, brainless zombies. Government is oppression, all it does it steals, it doesn't give you anything because it has nothing to give (at least nothing it didn't steal first). Using government for market protections is using the biggest Mafia guy around for market protection, it is morally wrong and economically stupid at every level and it is counterproductive for the society.

Comment Re:Get Perspectives (Score 2) 216

It's not about whether a site is dangerous per se as much as whether a site is as dangerous as a reasonable person would expect when keying in the URL.

- that's complete nonsense. A person 'keying in' (most just click) a URL expects to get to the site. A browser actively trying to prevent a user from getting to that site based on the fact that the certificate for the site is not what the browser company decides is in the best interest of the company (AFAIC) is not an indicator of the site being secure or insecure.

In most cases nobody is hit with MITM attacks, however ALL communications are stolen and recorded by NSA and the like. It is better to be on an https site with a self signed certificate, when a government is listening to all communications to filter it by keywords than to be on http and not be warned by the browser about anything.

I am not advocating treating https with self signed certificate exactly the same as https with a certificate that some 'authority' verifies. I am saying that a browser treating a site with a self signed certificate as if it is a virus while happily letting people navigate the rest of the http web is not for the benefit of a user.

Comment Re:Get Perspectives (Score 1) 216

I am not talking about myself, I am talking about every user that gets these errors and decides that the site is somehow dangerous in a way that the user doesn't understand, more dangerous than a http site, while in reality it is not more dangerous. Setting up extensions to fix broken browser problems is all great, whatever. My point on this story here stays: GOOD.

Since FF team can't figure out what to do next without looking at Chrome and other 'amazing' browsers first, this likely means that eventually FF will have the same thing Chrome is about to have in it and it will also put a big red 'birdy' near an http site. At least we are going to start achieving some parity, which was the point of my initial comment.

Comment Re:True sense of insecurity (Score 1) 216

You are correct, I was wrong, checked it again, I can see https in the URL.

This does not change my point, FF should treat HTTPS that FF doesn't like the same as it treats HTTP with a detailed explanation that you get by clicking on the grey globe or the padlock sign.

'Unsecured' (from the perspective of the browser ) HTTPS or unsecured (because it is) HTTP, treating one as if it is something to be avoided while not even remotely bringing up attention against the other is a political and/or a financial statement, not a technical one.

Comment Re:Good (Score 2) 216

Of-course it does, it is trying to prevent people from using self signed certificates and pushing them towards CAs. FF today doesn't even display the protocol in the address bar by default, it shows either a grey globe or a green padlock, clicking on these you get 'connection secure' or 'connection is not secure' message. It's that easy to simply check if the certificate is self signed, treat the site as if it was an HTTP site by the browser and provide an appropriate status in the details ( self signed certificate for this connection that claims to be secured but is not verified by a third party authority).

THAT would be meaningful and would help the Internet to switch to https.

Comment Re:True sense of insecurity (Score 2) 216

In the version of FF I am on right now 41.0.1 on Linux Mint 17 I don't see http or https in the address bar. I see a green padlock for https, you click on it and it gives you some details including saying 'secure connection'.

HTTP is just a grey url, click on it and see 'connection is not secure'.

Go to a site with a self signed certificate and get this crap:

This Connection is Untrusted

You have asked Firefox to connect securely to www.pcwebshop.co.uk, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

--get me out of here-- (button)

--Technical details-- (link)

--I understand the risks --(link)

Well, shit, I don't think most people actually understand the risks, but given that FF doesn't even show https in the URL any longer WTF is it doing treating a self signed https site worse than an http site that may also have user name / password on it?

If you don't think this is a case of either stupidity or malicious intent, trying to push people towards CAs while in reality preventing tons of people from setting up SSL in the first place, then you don't get people's behaviour.

Comment Re:Good (Score 5, Insightful) 216

That's not my point, FF doesn't just warn people that the certificate is self signed, it actively tries to impress upon the user that the https connection with a self signed certificate is worse than a plain text http connection, because THAT is what a user compares his experiences to, not to another https site but to plain http.

My position on this is that FF goes to great length to make it seem that an https connection with a self signed certificate is less secure than http, while that is categorically untrue, it is at least AS secure as http. AFAIC CAs are not trustworthy themselves, https is broken, if you think your https session is really secure because it is signed by some 'authority', that's an interesting mental exercise.

Removing gigantic multi-screen warnings with insane messages about self signed certificates would help to increase overall security on the Internet by making it possible for people to use self signed certificates without making it look like self signed certs are a plague while not making the same types of accusations against plain http (which many sites also use!!! to transfer passwords).

Comment with so much demand for lego... (Score 3, Informative) 165

With so much demand for lego pieces isn't it time to start thinking the right way? Forget a 3D printer, how about building a lego pieces making machine? A cutting machine, a moulding machine for home use as opposed to a 3D printer, which will probably not work well enough to make high quality pieces anyway.

Slashdot Top Deals

"Love may fail, but courtesy will previal." -- A Kurt Vonnegut fan