Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Keeping a roof over game developers' heads (Score 2) 72 72

They promised [...] freedom [...] for everyone to develop.

When I finally got mine, I turned it on and the first thing it did was ask for my credit card number. Tried to skip it but it was not possible.

If no one is willing to pay for games, then how should everyone keep a roof over their heads while developing games? Or by "freedom" did you mean free as in FSF, with all games having DFSG-free code and assets?

Comment Re:Mobile password entry; acting on user's behalf (Score 1) 312 312

the user won't need to type in that 60-character password on their mobile device. The user can just unlock the password manager and paste in the saved password.

How would the user get the long password into the mobile device's password manager in the first place?

The password manager should run on the user's own PC

Provided the user has an own PC. Good luck logging in at a public library or Internet cafe.

If an app needs to perform an action on behalf of a user, it should get its own distinct, revocable API key.

And store this "own distinct, revocable API key" in what secure manner? Client applications distributed as free software have already run into problems with how to store an OAuth 1.0a or 2.0 client ID and client secret.

Comment 128 different apps (Score 1) 229 229

Yes, and how many of those apps ask for a copy of your address book ? I don't mind sharing if needed for a function, web privacy being a lost cause, but if you want to d/l my 5000 plus contact professional contact list, uh, NO.

Some people want to use a function that requires location; others don't. Some people want to use a function that requires the address book; others don't. If there are seven different permissions that can be used by an optional function, do you expect the developer to make 2^7 = 128 different apps, one for each specific combination of optional functions?

Comment It's about physical size (Score 1) 229 229

A 1024x600 pixel netbook's screen is still physically larger than those phones. To actually read text on those without changing the layout, you'd need a magnifying glass. This is why the web browsers on these devices tend to interpret CSS 1px as 1.5, 2, or 3 actual pixels.

Comment If the alternative is unemployment (Score 1) 41 41

Some people must have a high tolerance for this sort of treatment.

If the alternative is unemployment, which leads to starvation due to inability to afford food and imprisonment due to violations of city sit-lie ordinances, a lot of people are willing to tolerate a lot of BS.

Comment OpenID Connect scales at O(n^2) (Score 1) 312 312

Of course, the real solution is to get rid of passwords. Web sites should switch to using OpenID authentication.

One problem is that a lot of identity providers,* such as Google, have switched from classic OpenID to OpenID Connect. Because of the OAuth 2 underlying OpenID Connect, it has become more common for IDPs to require each relying party* to enter into a contractual relationship with the identity provider. With classic OpenID, if you had an identifier URL from a given IDP, you could use it on any RP. But in OpenID Connect, you can't use your identifier unless the RP has a client ID and client secret pair issued by the same IDP that issued your identifier. There is a Dynamic Client Registration protocol for an RP to automatically obtain a client ID and client secret from an IDP, but no major IDPs appears to support DCR. If there are n RPs and m IDPs, a human has to review and accept a contract m*n times, and managing this becomes O(n^2):

* In OpenID, an "identity provider" is the website that issues OpenID identifier URLs and takes your password, such as Google, and a "relying party" is the website that takes your OpenID identifier and redirects you to the identity provider to log in.

Comment Pinterest, Chicago Tribune, CPALead, Google Survey (Score 1) 229 229

(Some of them don't even have the "X" corner icon. You have to choose one of the presented links to close.)

Such as Pinterest ("There's more to see..."), Chicago Tribune, and any site using CPALead ("Please complete a survey to unlock this page") or Google Consumer Surveys ("Answer a question to continue reading this page"). Unfortunately, Google Search hasn't been good at demoting sites using these.

Comment Old pop-ups were easier to block (Score 1) 229 229

We have one: it's basically a pop-up.

It behaves like one in every way, just the mechanics of how it's displayed is maybe browsers need to dust off their 'pop-up blocker' option code and update it to block these damn things too?

The difference in mechanics makes all the difference. Pop-up blockers could define a pop-up as a call to without a click event below it in the call stack. Showing an in-page pop-up is just changing the visibility of an HTML element, and there are plenty of legit reasons to do that. To work around that, you'd have to put JavaScript on a whitelist; good luck managing such a whitelist on a 4" screen.

Comment Re:Browsing with mosquitoes (Score 1) 229 229

Second, it does anyway for some POS F2P/P2W app [...] Solution? Android, F-Droid

I might be misunderstanding you, but how are apps available through F-Droid a substitute for "some POS F2P/P2W app"? I thought games were one of the few things free software had trouble providing.

Comment Re:A plea to fuck off. (Score 1) 312 312

Why do you allow password logins for SSH?

I imagine that hosting providers default to password logins because it reduces support costs. Their customers tend to be unfamiliar with SSH public key authentication and especially with synchronizing these keys across multiple devices including mobile ones.

Why the hell don't you have port knocking enabled for SSH?

I imagine that hosting providers default to not requiring port knocking because it reduces support costs. Their customers tend to be unfamiliar with port knocking.

When some people discover the truth, they just can't understand why everybody isn't eager to hear it.