Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Talk versus Action (Score 4, Insightful) 47

by BitZtream (#49144183) Attached to: Facebook Puts Users On Suicide Watch

People who are going to actually commit suicide don't talk about it on Facebook, they do it, these people are rarely on Facebook in general. Yes, you hear about some kid once in a while that kills themselves and it gets blamed on Facebook 'bullies', but if someone typing some words causes you to off yourself, you weren't going to last in the real world anyway.

People talking about it on Facebook just seek attention and don't have the courage or conviction to actually do it, nor do they actually want to do it.

Comment: Re: Hard to believe (Score 1) 88

by BitZtream (#49144163) Attached to: Microsoft's Goals For Their New Web Rendering Engine

Add to that the browser is heavily integrated into the win32s code and you're in for a coding nightmare.

No, it isn't, and it never has been. You utterly fail to understand the 'integration' issue with IE.

IE itself can EASILY be removed from a system. Delete the EXE, done. Its been that way ALWAYS. Even during the court battles.

What you'll have a harder time doing is deleting the trident rendering engine, which MANY applications depend on because it provides a standard interface to providing a HTML renderer. File Explorer renders HTML in process ... using the Trident renderer. It doesn't have Trident code in it, it uses the trident ActiveX ... just like everything else. Just like many third party apps that wanted to include HTML, because MS made it drop dead easy to include an HTML renderer in an application.

The whole 'separate the browser from the OS' lawsuit was bullshit from the beginning. The IE ActiveX was fairly well documented, Netscape could have trivially made a compatible control that used the Netscrape engine, but the Netscape code was REALLY SHITTY, its a system issue they have which is why Firefox is crap to this day in so many ways.

They were never going to be able to develop for changes as fast as competing browsers with that model and they knew it.

Funny, you've not been paying attention recently have you, they've been doing pretty good. Of course, unlike other browsers who aren't integrated into everything on the system, they do have to consider that they might break everything on the system when doing code changes, unlike say ... chrome or firefox who just tell you to go fuck yourself and upgrade everything that uses them, regardless of the fact that you might not have the ability or source code to do so ... oh what? You're not using entirely open source software, well then you should definitely go fuck yourself, right?

Just for reference, Apple does essentially the same thing with WebKit on OS X/iOS

As long as they stay dedicated to working with web standards

You do realize that IE 11 more closely adheres to W3C standards that any other rendering engine, right?

Microsoft is a monopoly abusing bunch of pricks who need to be taken out back and shot, but pretty much everything in your post is wrong and easy to verify that its wrong.

+ - ISIS militant 'Jihadi John' believed to be a computer programmer from London->

Submitted by walterbyrd
walterbyrd (182728) writes "The Islamic State militant known as "Jihadi John," who has appeared in several videos depicting the beheadings of Western hostages, is a British man from West London.

His name is Mohammed Emwazi, according to Washington Post and Guardian reports. He was known to British security services, which chose not to disclose his name earlier for operational reasons.

Emwazi graduated from college with a degree in computer programming, according to friends who spoke to the Washington Post. He was a quiet man in his mid-20s who was raised in a middle-class part of London, the paper reports."

Link to Original Source

Comment: Re: Hard to believe (Score 1) 88

by BitZtream (#49144157) Attached to: Microsoft's Goals For Their New Web Rendering Engine

There was no firefox with navigator code. It was written from the ground up without it for various copyright reasons. There are some other bits not related to rendering that uses older code from the netscape days such as the NSS library.

The netscape code died with the failed re-write before they went OSS and started over.

And to be clear, being that they kept those same shitty developers, Firefox has all the same crappy code problems as Navigator did. Its slow, bloated and unreliable because its devs care exclusively about the 'new shiny' rather than making an application that doesn't suck ass.

Comment: Re:Said this 14 years ago. We need to replace E-Ma (Score 1) 274

by BitZtream (#49144037) Attached to: Moxie Marlinspike: GPG Has Run Its Course

I'm an expert, and I never even managed too.

No, you aren't ... because:

E-Mail needs a complete redo/replacement with hard asymetric encryption and zero-fuss key handling and exchange built in as a core specification.

Its called S/MIME, look it up, expert.

Not all messages need to be encrypted, thats stupid. If you think Fidonet was so awesome compared to SMTP then I'm 100% certain you don't know jack shit about how fidonet or SMTP work under the hood, and I can safely assume this because you also make no actual example of why fidonet is 'better'.

Let me go ahead and quote official fidonet policy, which basically says using encryption is not allowed and that everyone along the path SHOULD BE ALLOWED TO READ EVERY MESSAGE:

2.1.4 Encryption and Review of Mail

FidoNet is an amateur system. Our technology is such that the privacy of
messages cannot be guaranteed. As a sysop, you have the right to review
traffic flowing through your system, if for no other reason than to ensure
that the system is not being used for illegal or commercial purposes.
Encryption obviously makes this review impossible. Therefore, encrypted
and/or commercial traffic that is routed without the express permission of
all the links in the delivery system constitutes annoying behavior. See
section 1.3.6 for a definition of commercial traffic.

Thats from http://www.fidonet.org/policy4...

Comment: Re:I use GnuPG (Score 1) 274

by BitZtream (#49144003) Attached to: Moxie Marlinspike: GPG Has Run Its Course

My GnuPG public key is on my web site (www.andycanfield.com). It is not on any "KeyServer"; I don't believe in key servers, that's just another layer that the hackers can break and the NSA can subvert.

... and so is your website, which is trivial to just MITM, making your PGP key less useful than S/MIME from the instant you started using it, and harder to use for everyone else as well.

The important thing is that PGP is a ***standard***. Any idiot can come up with something better, but he can't make it a standard, so my correspondant on the other end of the wire can't use it.

Uhm, this story is about the fact that no one uses PGP, which means your correspondent on the other end of the wire probably can't use it. Paying attention to the world around you might be helpful.

Comment: Re:git blame (Score 1) 274

by BitZtream (#49143999) Attached to: Moxie Marlinspike: GPG Has Run Its Course

Blame Google for not implementing it in Gmail -- Then they wouldn't be able to get ad revenue and user metrics from their "free" email service.

Someone doesn't understand how gmail works. I have used PGP with gmail, works fine. Oh, you mean you want Google to be able to read your email and display it on a web page ... while at the same time not be able to read your email ... okay then .....

Blame MS for not integrating it into Outlook, but why would we expect MS to actually want security in any of their products?

Because its a crap system to make user friendly. You can, of course, buy a plugin that does it just fine.

Blame Mozilla for the creaky plugin and cumbersome import/export publish keys interface in Thunderbird, and support for SMIME over GPG by default.

No, blame PGP for this, this is a PGP problem, not a plugin problem. The PGP philosophy is what makes this a problem, and its the same reason you're unaware of the fact that Outlook plugins exist. The entire PGP system is difficult to use on purpose, thats why it sucks.

Blame the users mostly for not giving a fuck about encryption.

No, I won't. Most users have no reason to care about encryption, most messages simply aren't that important, which is why the post office does its job just fine without encryption. Just because you think everything needs to be encrypted doesn't magically make it true. Are you a doctor? No? Do you blame yourself for failing to do medical procedures that aren't entirely automated because thats what you're saying here.

I can tell you this much: Fuck publishing ANY open source software without signed and verified GPG signatures.

Right, because then when you go verify the key by looking at a key thumbprint on an HTTP server ... you know the thumbprint hasn't been tampered with ... right ... oh wait ... you don't. Key distribution with PGP is a joke because you have ABSOLUTELY NO WAY to verify keys unless you are trading them physically with people directly. The instant you exchange your PGP thumbprint by looking at some website thats not encrypted or authenticated, you've already fucked up, you're just too ignorant of whats going on to realize it

Lets assume the website uses HTTPS ... in which case, your trust depends on a CA ... which means ... it can not possibly be any safer than S/MIME certs from that CA ... and is likely less secure because you've introduced a whole new chain of places for mistakes to be made.

PGP is intentionally broken by design.

And GPG is just a horrible implementation/bad copy of old PGP so lets not pretend like we're not talking about PGP here just because you're probably not been alive long enough to know what PGP is and that GNU did not create the universe.

Grow up, get a clue, your attitude is exactly what PGP sucks ass.

Comment: Re:Same error, repeated (Score 1) 274

by BitZtream (#49143949) Attached to: Moxie Marlinspike: GPG Has Run Its Course

S/MIME does not rely on public key servers any more than PGP does. Technically less so since most clients come with some level of existing trust for certain certificate vendors. You can also include/distribute you own signing cert public key, making it pretty much exactly like the crap that is web-of-trust. The whole idea that 'web-of-trust' is usable is the exact reason PGP will never take off. Unless you are physically exchanging public keys with individuals you are susceptible to MITM attacks since you have many possibilities to fake it along the way.

Basically everything you said about S/MIME applies to PGP and in some cases doesn't apply to S/MIME.

CAs are NOT a single point of failure when you use more than one, which is perfectly acceptable and works in any client I've dealt with. You do not have to use a public CA even, every ActiveDirectory installation has limited CA capabilities built in, and installing the CA server is click next next next finish assuming you're using a version of windows that is licensed to do so.

PGP doesn't get used because its more obnoxious to use than any security it buys. 99.999% of the population don't want to dick around with encryption just because you think your ultra-distributed, no central authorities anyway crap is the way to go ... except wait ... PGP public key servers ... whats that? A less secure system than CAs for various reasons, it is certainly impossible for them to be any more secure than a CA from a technical perspective.

Assuming safe key distribution, which is harder with PGP than S/MIME, then it is technically just as secure. Unfortunately, its fucking obnoxious to use for many reasons, so normal people who don't care about dicking around with software written by developers who don't give a flying fuck about usability, its not even in consideration.

The PGP argument is that individual people can setup trust webs, securely ... more so than they can use the public CA system that S/MIME uses out of the box. This is simply wrong. Techies can do it, everyone else isn't going to because they aren't techies or they don't care, and then when one moron in your awesome little web of trust fucks up, the whole chain is compromised. So do you trust Mark's grandmother to do secure key exchange and not get backdoored? If you do, you're a moron.

Comment: Re:file transfer (Score 1) 210

by BitZtream (#49143897) Attached to: Ask Slashdot: Old PC File Transfer Problem

Don't order it, go to your local computer repair shop.

You'll pay more on shipping if you order it than it costs at your local over priced repair shop.

The new machines lack LPT ports? WTF kind of machine did you buy without an LPT port? A laptop, sure, a desktop? You have to look hard, even today to find a machine that doesn't have a printer port.

With a printer port you could bother to buy lap link, or find any one of various OSS apps to do the same thing over LPT.

If he's asking slashdot, he hasn't looked and in that case I again refer to the local repair shop since if he's unable to Google for the basics, he's probably not qualified to do the transfer in any sane way either, certainly not taking the hardware apart.

Comment: Re:Com port, 2-3,3-2,5-5 and use Zmodem (Score 1) 210

by Zero__Kelvin (#49143635) Attached to: Ask Slashdot: Old PC File Transfer Problem
Or sneakernet, which would be far faster in this scenario. It amazes me that people would be so unable to quite literally think outside the box that it wouldn't occur to some people that just pulling the drive (outside of the box, get it) and attaching it as a second drive to the new PC and copying it in system is the only way to do this that makes any sense.

Comment: Re:Simple methodology (Score 1) 209

by Zero__Kelvin (#49142741) Attached to: The Programmers Who Want To Get Rid of Software Estimates

"One would hope that a good manager would have enough practical and direct experience in writing software to at least come up with a half-decent estimate, no?"

No. That is the whole point, which you have seemed to miss. I'm the software engineer and even I can't come up with a reasonable estimate; why the hell would some manager several layers of indirection distant from the design be better at it?

Comment: Re:All those plans in two words (Score -1, Troll) 88

by Zero__Kelvin (#49142697) Attached to: Microsoft's Goals For Their New Web Rendering Engine
You are basically correct, excepting that they absolutely knew what they were doing. They knew playing well with others and building a quality product was an option. Gates simply knew that he never has succeeded, and never will succeed in accomplishing anything without exhibiting immoral and criminal/borderline criminal behaviour.

Comment: Re:Hard to believe (Score 0) 88

by Zero__Kelvin (#49142667) Attached to: Microsoft's Goals For Their New Web Rendering Engine

"MS mono-culture was caused by the incompetence and greed of those who were in a position to offer up alternatives."

Holy ... frigging ... shit. That has to be the stupidest thing I've read all year. You would literally have to ignore every bit of evidence throughout history to be able to type that in any other capacity than that of Microsux shill.

Any program which runs right is obsolete.

Working...