Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Really? (Score 1) 332

It just struck me that this is not just about headphones, but also things like the Square reader that plugs into the headphone jack.

That was about the third thought I had when Apple announced the change. Square developed this card reader that attached to the iPhone, but rather than going through the proprietary Apple connector (where Apple would demand a royalty) they used the good old standard headphone jack (where Apple doesn't get paid).

Obviously I can't prove that...

Comment (Score 1) 216

This was my first thought when I read the summary as well. S/MIME is even built into the default mail app in iOS... not sure about Android (or any of its manufacturer variants).

The biggest problem with S/MIME is managing the certificates. People generally won't want to deal with having a different private key on every device they use for their email... especially when you consider that doing so would require the sender to sign with the correct public key for the device the recipient wants to read it from. Not gonna happen. So you need to have a private key that can be securely copied to every device the user checks email on.

And, of course, the second biggest problem is webmail. Though I have no doubt if S/MIME were to really take off there would be an API for decrypting message in a browser window while keeping the private key private. It would make it impossible to read messages on some random computer... but then again, putting your password into a random computer isn't really a good idea anyway :).

Comment Incoming Security Errors (Score 2, Insightful) 86

Sadly this probably means tons of mixed content security errors are about to start happening. Everybody who linked to an image in their blog with the full URL ( will have images that used to load with no problem start throwing up security errors. I had this problem when I got the Let's Encrypt certificate for my blog. Had to go back and change all the images I had loaded in my previous posts to use my new https URLs. Fortunately, I don't post often so there weren't too many...

Comment Re: Untrusted certs (Score 4, Informative) 67

I'm pretty sure that my SSL VPN would not be included in this survey as we don't publish it and only give the URL to those that need it... But if it were, it would be in this insecure category because of an untrusted certificate. Except it's not. The certificate is signed using our internal CA which is trusted on all company computers. We don't want people connecting using their personal computers so I'm not at all concerned with putting a globally trusted cert on it. Other than that, it is secure. We don't use SHA1, we do use TLS rather than SSL, and we use FS. So while they would call it a fail, I would not.

Comment Re:saner summary. (Score 1) 113

The vendor needs to be taken to task. The vendor has security access to the data. Supposedly, the staff of the vendor should have been trained properly. Also, even if the public agency didn't disclose the breach. The vendor should have publicly disclosed the breach. It obviously didn't either.


Like many people on this site, I work in IT. I get requests for access to data all the time. Some are obvious that they should be granted (a new manager is hired and they ask for access to the management section of the file server). Some are obvious they shouldn't be granted (an engineer asks for access to our controlled documents, which by company policy are restricted to only 2 people [uncontrolled versions are available to larger groups]). Some are less obvious. In those cases, I typically push the request up to somebody who has the authority to authorize (or reject) the request... though not the ability to grant the access.

A request asking that all employees social security numbers and birth dates be published to the public most definitely would fall in the "obvious they shouldn't be granted" category. Seriously, who thought for one second that was a good idea. If I had a request come in to put that list together for anybody, let alone public consumption, you can bet I wouldn't rush to get it done (article says it was same day turn-around). I'd run it as high up the flag pole as I could and get a top level sign-off on it... even if the message said it had been approved by the company lawyers. Somebody should have figured out that Social Security Numbers and Public Access don't go in the same sentence.

Comment Re: The Homer! (FP?) (Score 1) 417

My thoughts exactly. And they also have minute bundles you can purchase. Really? I mean outside of prepay, does anybody even use "minutes" anymore?

There is one feature that appeals to me: the ability to do Remote Start via the app. But it's not available on my model year and definitely not worth $200/yr.

Comment Re: The Homer! (FP?) (Score 1) 417

My Fusion is a 2011 with the old 2 line display. No touch screen, so all my sources are physical buttons (well, kinda... there's an "Aux" button that has the USB, 1/8" jack, and Bluetooth Audio in it).

Do you find that Sync Services has any value? It just seems odd to me that they couldn't have found a better way to communicate with the system than using your phone as a modem, thus requiring a subscription service. I'm not really into that side of things, but couldn't they have used Bluetooth to transfer the required information?

Comment Re: The Homer! (FP?) (Score 1) 417

My other vehicle is a Ford Fusion. It has the Microsoft Sync system built in, though similar to your Mazda, it also has Sirius radio. I bought this vehicle used, but Sirius/XM was nice enough to include a 3 month free trial for me (like you said, to try to hook me... and to get my contact info). I used the 3 month trial which also happened to be football season. I actually did enjoy the talk stations from time to time and did like being able to tune in a game when I wasn't at home to watch it. But, as you said, nowhere near worth the price they want for it. I still get calls and letters from time to time offering me a "great" introductory rate. I ignore them all.

I recently took a trip to Canada. I had the thought that it would have been nice to start a trial as I was pulling out of the driveway (I wasn't ever going to be more than 50 miles from the US/Canada border ... down in the area next to Michigan ... so I'm assuming I would still be able to pick up service. I hadn't set it up, though, so I had to think of other solutions. So I just loaded up Pandora on my phone and blue-tooth streamed it until I got to the border. Then played the music that was stored on the phone. Way cheaper, and streaming Pandora avoided the stagnant music issue I would have had just playing music from my phone the whole trip (not to mention International roaming rates).

Unfortunately, my car does have a physical button for Sirius, but it's only one button in the mix of a whole slew of others, so I can ignore it.

My GM vehicle (an Acadia) does also have XM in it, but like your Mazada it's a touch screen so the vast majority of the time, the "XM" isn't even displayed anywhere... just those darned OnStar buttons.

Comment Re: The Homer! (FP?) (Score 3, Insightful) 417

And in general "concierge services" fail.

I've gotta believe that this concierge service is mostly GM's OnStar. I think the biggest surprise for me in the statistic that 43% of the people never use it is that 57% have. Though I guess just trying it out one time to see how it works would no longer qualify you for the "never used it" category.

The simple fact is that most people don't want to be hit with a $100 (lowest tier paid annually) to $420 (highest plan paid monthly) per year bill on top of their car payment*. I have a vehicle that has OnStar built into it and I would much rather rip the whole thing out (including the buttons they spread through-out the car) and replace it with a simple BlueTooth connection to the stereo.


Comment Re:Dictionary? (Score 1) 157

My question is, how does this apply to DenyHosts?

My guess would be that I'm still safe... try root at all, instant ban. Try an invalid account, grace one time (even I make a typo sometimes). Try a valid account more than 3 times? Banned. Unless, of course, this attack somehow bypasses the mechanism DenyHosts uses to detect those invalid logins... but I don't know that I saw enough information in the article to answer that question.

Comment Re:Learn jQuery (Score 1) 126

So what does it do?

$ is just an alias to the jQuery object (so, as I recall, $.bind() is equivalent to jQuery.bind()...) which would mean that $.bind() is not the right answer (without even using the fact that you asked the question as a hint to what the answer is).

Comment Re:Oddly enough, I support this because... (Score 1) 272

The utility generates at wholesale prices, and then they are forced to buy it back at retail prices. In a way it costs the utility twice, once in lost revenue (arguable as conservation, agreed) and twice in paying more for power than they would when generating it alone.

That is some bad math. They are turning around and selling it at the same price they paid for it. That's not a loss, that's break even.

That may sound logical, but it's not. Changing the amount of energy being generated at any given moment is a very difficult thing to do. Because of that, the utility very rarely sells everything that it generates. They make up for the lost electricity by in the difference between wholesale and retail pricing. There are a lot of other things that are also wrapped up in that cost difference (salaries for all of their employees from the CEO down to the meter reader, maintenance costs for the lines, substations, the transformer on the pole outside your house, future and/or past CAPEX projects, etc). Even if you ignore all those other costs and pretend like they don't exist, the difference between what is generated and what can be sold results in a loss when they have to buy it for the same price they're selling it.

I'm all for saying that the utility should be forced to buy excess power generated by the solar panels. But it does seem that purchasing that power at wholesale would be more fair.

And, while we are at it, have you checked the rates for commercial customers versus residential? Commercial gets a significant discount in price over residential. Fix that outright subsidy before coming after subsidies that pay for the development of cleaner forms of energy.

Have you checked the price of toilet paper at Sam's club vs the local grocery store? Any time you buy in bulk you get a discount.

Comment Re:carsickness (Score 5, Insightful) 435

People who get car sick need windows. Nuff said.

Pretty much. Did passenger cars in trains need windows? Do airplanes need windows? Do houses need windows?

Obviously the windows in today's cars need to provide a LOT of visibility so the driver can see as much as possible. But taking away a driver's need to see doesn't take a way the need for windows.

I honestly can't believe this is even a question.

Slashdot Top Deals

It is difficult to soar with the eagles when you work with turkeys.