Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Network layer and education (Score 2) 254

by youngatheart (#49104675) Attached to: Ask Slashdot: Parental Content Control For Free OSs?

Do what I did: set up filtering at the gateway and give plenty of time to both discussion and management.

I used a transparent squid proxy with access control lists appropriate for the kid and intercepted and redirected DNS queries. (With more than one kid, I needed multiple acls, ymmv.)

Initially I limited internet access to specific times and a whitelist and discussed what they were doing daily. Over time and with age and maturity, I relaxed the acl to just record what was being accessed and just reviewed their browsing with them when they made questionable choices.

Now they're old enough and hopefully mature enough that I don't need to supervise them other than to keep an eye on their social media activity.

Some people seem to think kids should be given freedom to do whatever they like. Those people must have less experience with kids than I do and were probably much better people as kids than I was. Unsupervised, kids will get into things and situations they will regret later.

Trust but verify. Give freedom but watch everything. Talk to your kids and reason with them. Let your kids explore the world and interact with it so that they can become confident adults.

A parent is responsible for the criminal actions of their children. This fact is relevant. If you think that children should be free from oversight, then you don't understand how badly kids can behave.

Comment: Render unto Ceasar (Score 1) 579

Why does Google keep getting slammed for being the bad guy for releasing information about vulnerabilities? I read about people finding and publishing vulnerabilities all the time and follow discussions on what is responsible disclosure and nobody but Google gets treated like this.

Yahoo does the 90 days thing too. Most I've seen do a lot less than 90 days before disclosure. I understand worrying about script kiddies, but I'd rather know I have a vulnerability than just blithely hope nobody but Google found it.

The odds are that a lot of this stuff is known long before Yahoo or Google or Secunia or whoever announces it. The three months Google is leaving me vulnerable to the talented hackers makes me a lot more nervous than the people who find out about it in the news.

Comment: Re:What rules prevent them from doing this already (Score 2) 221

by youngatheart (#48713141) Attached to: Google Fiber's Latest FCC Filing: Comcast's Nightmare Come To Life

How much does it cost to wire up a town for high speed internet access? Why would a company invest that unless they were confident they'd get a profit? That's why the town offers a special deal and access that the ISP otherwise has no right to.

they should already be allowed to do

You think anybody should be allowed to use whatever city infrastructure they like?

Not that I actually want to defend the mess that is the current system. Perhaps the obvious solution is to allow cities to put in their own ISP structure, but then that's government using it's advantage of force to compete unfairly with private business, which is the reasonable argument for some states to prevent such competition.

Socialist solutions to ISP infrastructure work, but the US tends to have a difficult time with the idea that everyone should be forced to pay for what private companies are already providing to people voluntarily paying for what they actually use.

If the US decides to treat broadband as utility infrastructure, taxes come into the equation, which is money taken by the threat of force, which is completely the opposite of what people like about capitalism. It is a reasonable expectation that it will destroy a private industry and the innovation that is driven by the motive of profit, which is no small trade off in an industry which is rapidly changing.

I actually think that the ISP industry needs to be more strictly regulated by legislation, but it won't take many mistakes to end up with a worse problem than the one we have.

Comment: We all should do what Google did (Score 1) 312

by youngatheart (#48708215) Attached to: Ask Slashdot: What Should We Do About the DDoS Problem?

We all need a massive CDNs and "check for human" built in to our systems. When Google got hammered beyond anything sane, they mostly just absorbed it and tacked on a front end check. Google, Amazon and Microsoft should go into the business of selling DDOS insurance. They already have the CDNs and load balancers and would just need an API into their "check for human" interface.

This is not a problem that can be solved with a protocol or technical trick because the internet will never work that way (SMTP anyone?) until we outgrow the need. This is a problem that can only be really solved by making it an industry standard to develop for cloud based systems with insurance from the giants who can weather the storm and who have the influence to get corrective action out of ISPs in a timely manner.

So what would that look like? When you buy or renew your domain, you'd get an advertisement to "Add DSOS insurance" for a reasonable fee. Bigger companies would get better rates where they made agreements among themselves or negotiated with other CDNs but it would be unusual for any serious website to get knocked down because MS/Google/Amazon and others would also make agreements so that even the worst of the worst attacks would be absorbed.

That and maybe bring back the guillotine.

Comment: Re:Yes (Score 1) 312

by youngatheart (#48705997) Attached to: Ask Slashdot: What Should We Do About the DDoS Problem?

So you think we could change human nature in a couple decades? I don't think we could do it in centuries. Kids love to draw on the wall, even when you tell them not to and they grow out of that phase if given the right environment, but I defy you to find any city of more than a 500 people which has never had any graffiti. It is a basic human impulse to try to make an impact on your surroundings and so long as there is an internet, someone will want to make an impact on it in ways that are not that different from a three year old.

Comment: Re:Are speed cameras bad? (Score 1) 335

by youngatheart (#48705909) Attached to: Out With the Red-Light Cameras, In With the Speeding Cameras

Yup, I am sure you're right.

I think the problem is that the law is supposed to reflect the will of the people, but it actually reflects the will of vocal minorities and the wealthy. It might be reasonable to have the speed limit raised but anyone who does it will be crucified by the media the next time there is an accident ignoring the likelihood of hit happening regardless of speed limit changes. So everybody suffers a longer commute instead.

Comment: Re:Support Yet Another Browser (Score 1) 248

by youngatheart (#48696179) Attached to: Microsoft Is Building a New Browser As Part of Its Windows 10 Push

Just code to standards and... then check in everything and then when some freak out there tells you what you didn't find out is buggy, re-code to standards, but different standards this time, because not every browser follows every standard. Rinse and repeat. Did I ever tell you about the day I accidentally figured out how to crash Netscape so hard the end user couldn't use it anymore? Good times.

Comment: Re:You know what's really sad? (Score 1) 129

by youngatheart (#48431095) Attached to: Court Shuts Down Alleged $120M Tech Support Scam

Really! You were an Apple fanboi until you said this.

I'm an admin, so that probably accounts for a lot of my perspective. I judge a system by more than how convenient it is for me. Most systems have good and bad parts and I've rarely used something I couldn't find both the good and the flaws in. It's not totally unfair to call me a Unix geek, Linux zealot, Apple fanboi and MS shill if you must, they've all helped me earn a paycheck. Even Xenix and SCO had good points. About the only OS I didn't care for at all was an NCR ATM system but even that probably had something good about it if I'd looked harder.

When has Microsoft ever increased security in a application release? There's Vista, where the security was so anal, everyone turned it off. Just about everything else was worse, usually because the microsoft 'extensions' were designed to break the previous version.

I didn't turn off the UAC in Vista for myself or our company; I learned how to work with it. When we moved to Win7, we already had the skills and experience to use it, but I was really speaking of Security Essentials and Windows 8 and 10 building in anti-virus and malware protection. MS had done plenty that they deserve to be faulted for but UAC and integrated AV and Malware protection are things that I think have been good for the industry. It's no SELinux (love it) but it is a step in the right direction.

We would still be limited to Genie/CompuServe/AOL, if that model was really followed.

The open internet seems obviously the way things should have gone now, but back in the days of running a bulletin board system, it wasn't so obvious. Genie/CompuServe/AOL provided a necessary stepping stone. If you think the internet would have developed as quickly as it did without AOLs send everyone a disk approach, you're overestimating the average consumer.

You say how great training wheels are and then whinge you don't want them.

If everyone was like me, there wouldn't be a need for anti-virus and malware protection and UAC. There wouldn't be a need or market for Microsoft for that matter. I can accept that most people need protection from their own bad decisions because not everybody has the aptitude or interest or even energy to learn the things they need to in order to work with computers safely. I'm a long, long way from being an average computer user. It is a hobby, a career and a friggin' paycheck for me. Of course I don't want to follow the normal computer user recommendations, I'm not the normal computer user.

That Windows is a less stable and less secure system is a different issue. Yet many people like you, demand that everyone else be shoved into the walled garden as a solution.

Windows is a quite stable and secure system handled correctly. Microsoft has made the decision to offer backwards compatibility over and over again and there is no doubt that has hurt their ability to make Windows as stable and secure as I wish it were, but Win 7,8,10 have made significant and important strides. Vista had some serious growing pains, but if you move someone from Win7 to Vista now, it is nearly painless, proving the industry was more of the problem than Vista was. When you consider how many programs used to be designed to have free reign without ACL controls, it is clearly Vista that was on the right track. Look what disdain it got them. (Metro was a terrible decision, but it wasn't about security or stability.) The average consumer will make bad decisions even if you try to protect them from it, but making it take more thought is not a bad thing.

Walled gardens have yet to be designed so that people like me can't get around them. (Can I get a woot woot from the Cyanogen crowd?!) If every system was a walled garden, then I might be on the other side of the debate, but the way things are now, people using aptitude, yum, ports and iOS are far more unlikely to mess up their system than people who don't have dedicated package maintainers trying to protect them. You act like iOS keeps people from running what they like but I'm running software on my iPhone now that isn't in the App store without breaking the terms for Apple Care. Anybody really can, but it isn't easy to do by mistake, so the walled garden clearly has gates. If you fear the walled garden then you're either immersed in a esoteric and philosophical debate or too inexperienced to be allowed to take your training wheels off yet.

And they make a lot of money ensuring that you install only devices they approve via their obsolete-in-18-months hardware interface. Plus ensuring that you only install applications they allow and don't want to make themselves

Yup. I run Mint, but my background with LFS, Gentoo, FreeBSD, OpenBSD and other more obscure systems make me desire things that most people don't care about. Most people are happy with the iOS ecosystem. I'm not, but then that's not the same as recognizing that it works well for most people.

It's a lot easier to uninstall a faulty 3rd-party application than a faulty hidden MS service. Plus it's easier to detect that a 3rd-party application is faulty.

Bullshit. I can't tell you how many people I've walked through removing rundll registry keys to replace them with the original OS configuration after a major AV vendor messed them up. Microsoft is far from perfect, but they have the advantage of being able to review an exponentially larger user base's results and they have faster resolution in nearly every case. I was a fan of AVG for a LONG time, but security essentials has a better track record of not screwing things up and I don't think there has yet been an instance of Win8's integrated AV messing something up.

This is outright defamation. A real AV has to use algorithms and databases to check the user is doing the right thing. A fake AV has to open a telnet channel to a data-scraping server. When both are sold at the same price, I have a different conclusion on who is running a scam. And that's avoiding the fact that many real AVs provide virus removal for free.

No true Scotsman? McAfee and Norton pay to get their trialware installed with OEM systems because nobody would pay for them to do what MS now does for free and with lower impact on performance and fewer screwups. They screw up cookie handling or delete registry entries that were useful and harmless so they can appear to be doing something useful. Their business depends on MS not providing decent AV and now that MS is doing just that, they're scrambling to create non-existant problems to fix. The ethical thing to do is close shop and put a "just use the AV it came with" page up instead, but that'll never happen because they have a vested interest in fixing something they don't need to fix anymore. The best way to make money they have now is by deceiving consumers into thinking they need something they don't, and they do that. It may not be illegal but it's shady as hell. It seems to me to be a very, very short step from outright scamming. Why do you think Symantec is doing so many things besides AV now? It isn't because they suddenly decided the other markets needed them, it's because they realized that their money maker market was disappearing.

Sure there are decent AV companies out there. Kaspersky (is a pain in the ass and screws shit up but basically does a good job) and AVG do what they advertise with minimal screwups, but I have yet to see someone suffer by choosing MS's free solution instead. The only one that I still regularly recommend is MalwareBytes and I only recommend that to people who have demonstrated a tendency to fall for scams.

Comment: Re:You know what's really sad? (Score 4, Interesting) 129

by youngatheart (#48422795) Attached to: Court Shuts Down Alleged $120M Tech Support Scam


There is/was a popular scam that involved getting people to look at their Windows error log in order to convince them that they needed "help." It was quite effective because the average user easily accepts that errors are the same as problems.

My mom and a co-worker were both targets of this particular scam. The target would receive an unsolicited phone call from someone who made the target think the caller was associated with Microsoft who would show them the errors on their computer. The caller would then try to convince the target to let the caller have access to their computer. Neither of the targets had a clue that the errors they were seeing were normal and it could have gone quite badly for them. Both my mom and co-worker declined to let the caller do anything on their computer saying that they had someone who handled this kind of stuff for them (me.) Naturally I received a not quite panicked call shortly after and was able to reassure them it was only a scam and their computer was fine, but I think either could have been victimized if they hadn't had someone they know and absolutely trust to handle serious computer issues for them.

My company gives me a phone and it's an iPhone so I can give good tech support to the boss who "needs" an iPhone. Because it is a company phone, I can't jailbreak it or hack around on it in good conscience, but it chafes. I can't put whatever software I want on it or make it work the way I would prefer because Apple makes their customers a deal: trust us completely and we'll make your device work the way it should.

As much as it chafes me to deal with such a walled garden, I can't help but think it's the way consumer products need to be designed. The harder it is for my mom and co-worker to mess up their device, the less time I have to spend fixing it.

With that background in mind, I can't help but hope MS goes more and more down the road toward building in their own computer security because it removes the incentive to get an anti-virus package which has to "solve" issues that aren't really problems in order to appear useful.

If the scammers were just a little less greedy, they could have used the same approach to sell actual anti-virus packages. I think most anti-virus companies are just slightly less greedy or they'd be running the same scams.

Greed is the thin greasy line that separates "legitimate" anti-virus vendors from criminals. For decades I've told people they needed antivirus and security software despite knowing the big vendors introduce a new set of problems, because it was necessary. Now MS is building it in and I can tell them to just use the free MS software that's built in and I get less support headaches. I'm sure it's hurting the AV vendors, but I've had to fix too many problems they caused to feel much sympathy.

Comment: Re: Not a chance (Score 1) 631

by youngatheart (#48255035) Attached to: Why CurrentC Will Beat Out Apple Pay

Shill he may be, but he has a point about the protections of CC vs debit transactions... However, it is worth noting that your check card used as a "credit" transaction comes out of your account and gives you the same protections.

There are two real issues here. First, the credit card companies are going to start having less liability because it is going to go to the least secure system as the changes in law take effect. That's why they're loving it. Second, the battle between Wal-Mart's payment system and Google/Apple/Everybody else is actually about who gets your personal data. NFC keeps your personal data with the one company you decide to trust, where Wal-Mart's approach gives it to each merchant you do business with.

Comment: Re:Battery Life (Score 2) 376

by youngatheart (#47208853) Attached to: Theater Chain Bans Google Glass

It isn't just a bit of regulation that will be required. The freedom of the press means that anyone who wants to, or even claims to eventually want to publish has a right to take pictures and video in any public place so long as their rebroadcast of copyrighted material falls into the fair use category. The right of free press doesn't give people the right to infringe on copyright or the right to privacy, but the right to privacy doesn't extend to public places. Even preventing perverts from taking upskirt videos and posting them on the web wasn't simple to legislate and that relied on defining privacy in a way that was painfully obvious already.

Consider that a ban on public photography is pointless if it applies only to g-glass since there are dozens of alternatives to clandestine video already available and dozens more will spring up as soon as g-glass is banned on a widespread basis. Contacts that take video and hidden cameras doing constant upload that melt without any provable trace of what they were doing will inevitably spring up to meet the demand. More sinister is that the fight against g-glass is is actually a fight against the right of the people to know what is going on. Nothing would make a corrupt government happier than to know that they need not fear public proof of wrongdoing.

The fight against paparazzi has been going on for many, many years and this is just a discussion of one of their most obvious potential tools. This problem isn't confined to g-glass, but the potential remedies to the problem it presents must be considered carefully if they are to have a result which doesn't cause other problems worse than the ones they solve.

You don't want to lose your privacy, and you have a right to that privacy. You're already guaranteed the right to privacy in certain circumstances, such as in your home and on your phone conversations, but that only extends to certain points. Federal wiretapping laws prohibit someone from recording your conversations on the phone unless the person you're talking to knows it is being recorded. Donald Sterling's recent time in the press shows that even in your own home, your privacy isn't guaranteed.

What kind of laws exactly do you propose where amateur journalists and bloggers can still record and report news they feel is in the public interest without having to fight a legal battle against big money and corrupt government interests?

Comment: Re:Times sure are changing (Score 2) 147

We're already doing things that could wipe out the human race overnight. We're already dealing with pythons in the Everglades and zebra mussel epidemics. We've wiped out mammoths, passenger pigeons and very nearly the rhino.

If we can take steps toward showing the world what we've lost by introducing something that will demonstrate how valuable the species we've wiped out were, then I'm a happy camper. (I'll be camping in a kevlar tent with my rifle handy if we manage to reintroduce dire wolves and saber-tooth tigers, but I'll be happy doing it.)

Comment: Re:so... (Score 2) 147

It doesn't make me angry that people have tried to create greater biological diversity, it makes me sad that they have failed. If they fail, then I will be sad, but if they succeed then I will be happy that the world holds something amazing which might help lead to the development of a world where rhinos and mammoths contribute to something even better: a world where the mistakes of our ancestors can be mended.

There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. -- Jeremy S. Anderson