Please create an account to participate in the Slashdot moderation system


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Do you really trust the OpenSSL Corporation? (Score -1, Troll) 97

by xiando (#48895701) Attached to: OpenSSL 1.0.2 Released
The OpenSSL Software "Foundation" is actually a corporation which happens to be located in Maryland, US - not too far from the NSA corporation (A US Department of Defense subsidiary). Are they trustworthy? Take a good hard look at the heartbleed "bug" and make your own educated opinion. It is interesting to note that according to information presented by Jacob Appelbaum at 31c1 the NSA corporation are able to snoop SSL traffic.

Comment: Just keep it away from Gentoo and I'm good (Score 2, Insightful) 551

by xiando (#48828845) Attached to: Systemd's Lennart Poettering: 'We Do Listen To Users'
System is broken by design and totally violates the UNIX philosophy so it doesn't really matter if Poettering claims to "listen to users" (which he doesn't anyway) or not. What I see as most important moving forward is to encourage free software developers to make support for it optional and not mandatory. We get real problems when important software starts making it a requirement (like GNOME, though they like to pretend it's not but good luck trying to actually compile it). Even Tor git had systemd as a requirement for a few days last week.

Comment: Re:help them (Score 5, Insightful) 89

by xiando (#48397011) Attached to: GTK+ Developers Call For Help To Finish Cross-Platform OpenGL Support
GTK+ used to be a general purpose toolkit and it was originally named the GIMP Toolkit. The gtk+ homepage still refers to it as such. It is, in theory, not only for GNOME. The sad reality, though, is that these days the GNOME developers are busy removing features from GTK+ which breaks existing applications, cripples them and removes features from them so in practice it's basically a GNOME toolkit as of right now. That does not mean you can't submit patches to it in order to make it more general-purpose. If this is worth your time is, as you indicate, an open question, though. Like .. what is the point of submitting a patch like "This patch reverts your removal of icons from menu items and puts the icons back in the menus"? I could go on but you get the idea. Many of us have simply decided to stop using GTK+ for development because of their various unacceptable choices and see no point in contributing to this project which has sadly left only GNOME developers to work on it.

Comment: Re:If this were ten years ago, I would have (Score 2) 268

by xiando (#48361043) Attached to: GNOME Project Seeks Donations For Trademark Battle With Groupon
This: and similar behavior is why I will not contribute a satoshi to GNOME regardless of what I think about this specific issue. If they want to shoot themselves in the foot and cripple their now joke of a desktop then fine, that is up to them. Going around asking other projects to remove features to make them "fit in" with their garbage .. that's just taking it too far. Removing features from GTK and making it clear that all those hours writing software based on it was a huge waste of time also makes it very hard to support GNOME a very hard sell.

Comment: Re: Yes, what are YOU going to do? (Score 1, Flamebait) 95

by xiando (#48267239) Attached to: Secret Policy Allows GCHQ Bulk Access To NSA Data
There are actually several things you can do if you do not like the massive government spy-programs. The first thing you should do is to look into how you can pay nothing or as little as you can in taxes. Most countries have laws against not paying taxes but you are screwed anyway: Most "free" western countries have passed laws against financing terrorist organizations and criminal networks the last decade which means that it is illegal to pay taxes - so you are screwed anyway.

The second thing you can do is to make it as hard as possible for them to gather information. Use Tor, do not use Facebook or other In-q-tel/CIA products, use ixquick/duckducktogo/etc instead of Google and so on. Do not make it easy for them.

The third and probably most important thing is to talk to your friends and family about privacy and why it matters. Try to make them care. I know this is hard to do if the people in question watch television but do try. Western governments are out of control because a whole lot of people (almost all people above 50) love automatism and fascism and think people who think that they should not be forced to have a camera in their living-room by law are nuts.

Comment: Re: I believe you missed who the adversary is (Score 2) 109

by xiando (#48193517) Attached to: China Staging a Nationwide Attack On iCloud and Microsoft Accounts
Grandparent got downvoted to -1 for stating the plain obvious: "Don't be naive. It's so easy to do it without warning. " (..) Remember, it's not just a single hacker, but government that controls whole traffic, that can impersonate not only any domain but any ip they want, they control BGP."

This is ./ so it is to be expected that such true and damning information was swiftly downvoted. I see the reply to that also got downvoted even though it calls the simple truth "shit": "Sorry but you are full of shit, no mystical routing, ip rules or firewalls can remove the warning. The only way to get rid of the warnings are to either get ahold of trusted certificates or to have pwned the client box so you can control the client/MITM connections"

Did you still miss that it is the GOVERNMENT of a major country we are talking about here? Now go take a good hard look at that default list of "trusted" root certificates shipped with all major browsers. And no, using Firefox or Chrome will not help you here.

https is and always was broken by design. It is, and never was, safe against a government adversary and it never will be. You can stick your head in the sand and think "my government lovs me" (that must be why false-flag terrorism is common, why the US has flouride in the water and so on) but that won't change the simple fact that any government agency can simply make a phonecall and get a valid certificate for any damn domain they want and you're none the wiser if you are a target.

Comment: Bitcoin Hitman Story, SERIOUSLY? (Score 1) 993

by xiando (#48078327) Attached to: Lennart Poettering: Open Source Community "Quite a Sick Place To Be In"
1) Post your BTC addresses and say you will kill everyone even remotely famous various places
2) Hope that some BTC dust settles in some of your addresses
3) Watch complete idiots take this seriously and report it as news

Even thinking such threats is anything but lame attempts at making a small profit is utterly ridiculous - it is just as stupid as thinking that an init system should handle everything from systemlog to dhcp.

Comment: PHPmyadmin's history of bugs and problems (Score 1) 191

by xiando (#48062953) Attached to: Silk Road Lawyers Poke Holes In FBI's Story
I see nobody has mentioned that if they for some reason suspected/knew that server was the SR server (how? that is another question) then getting access to PHPmyadmin might have been almost as good as getting root access to the box.. The screenshot in the article does not indicate exactly what version of PHPmyadmin was used, so we do now know if they used a known security hole or not to get at it. And we can only guess how they knew that they should visit that IP in the first place. It could of course be that someone (NSA?) scanning the internets for /phpmyadmin/ found that it was exploitable and looked at what was there and noticed it was the SR. Who knows. One thing we can know for sure is that anyone who has a public-facing webserver can grep for /phpmyadmin/ in their log (regardless of what is actually there) and see dozens and dozens of access attempts daily.

Comment: What do you expect? (Score -1, Troll) 200

by xiando (#47099907) Attached to: Wikipedia Medical Articles Found To Have High Error Rate
Full-time paid employees will always win "edit wars" and be able to put themselves in administrator positions on sites like this. This is why most articles on Wikipedia contain propaganda and fiction instead of facts. If evidence that a government/media story is added on Wikipedia then it is quickly removed and also removed from the edit history (many are not aware that the edit history on Wikipedia is as heavily censored as the articles). It is plain obvious that most of what is on Wikipedia is completely wrong, this should not surprise anyone. That the US government and most governments in the "free" western world employ a large number of "internet trolls" has become "public knowledge" the last year but it has been going on since the Internet came about.

Comment: Good thing they still allow extentions (for now) (Score 1) 195

by xiando (#46970779) Attached to: Mozilla Ditches Firefox's New-Tab Monetization Plans
Two firefox extentions I use now:
"Old default Image Style"
"Classic Theme Restorer"

All they do is restore previous behavior and give back features that have been taken away (like the statusbar). It's really sad that you now need extentions to get previous sane behavior back. And it's also a bit sad that the MemoryRestart extention is still a must since the memory leak problems that's been in Firefox since forever are still present and seem to get worse, not better, each release.

If a thing's worth having, it's worth cheating for. -- W.C. Fields