Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Replacing CMD (Score 3, Insightful) 118

Actually, CMD would be in theoretically worse shape if evaluated apples to apples. However, powershell *puroports* to have security features like execution policies and signing, so it draws more scrutiny. Those are pretty much useless in practice because a cmd script is not subjected to that scrutiny and can just modify the executionpolicy of powershell at will if it really wanted to do some nefarious stuff that required powershell (though they could easily use pretty much any language they want).

Comment Re: what about not giving a printer an public IP (Score 2) 83

worse than HTTP because the latter is a transport layer only. All auth is accomplished through HTTPS.

Strictly speaking, he did say HTTP, which without TLS isn't any better. Of course there's nothing suggesting that HTTP without TLS would be open so it's a bit of a weird leap to make.

I will say in practice HTTPS on embedded IT equipment is only a little useful in most cases, since they have unverified certificates to kick things off. There are rare areas that bother to do proper certificates and/or rare software that gives self signed certs the appropriate treatment, but overwhelmingly people click on https and click through the warning which reduces https to http level security (anyone who can sniff is almost always in a position to inject themselves).

Comment Re:English motherfucker (Score 1) 84

It's not so kludgy really.

I use emby as my media server. It provides a shared point and tv/movie metadata and eyecandy like shots and all. Their frontend (and plex's) is not that good in my opinion.

Kodi is good when you are using a single system and that's it. There is hypothetically some semblance of shared library, but it's hard and doesn't work that well.

Right now I have mythtv (haven't found a better working PVR backend with scheduling) and emby for managing my video content at a central location and each TV and mobile device in the house pulls everything from that while running Kodi.

Comment Re:This is about dividends, not "fanboys". (Score 2) 157

Which is why it was a bad idea to do all that in the first place.

Now that it has happened, all the shareholder objections about how it wastes money previously spent is chasing sunk cost. Shareholders saying 'stay the course' are being fanatical about a failed goal.

The money is gone and it isn't coming back. Throwing more money at the problem is just making the money pit worse.

Comment Shareholders shouldn't be fanboys (Score 4, Insightful) 157

The problem here is the shareholders are being fanboys first and businessmen a distant distant second.

The evidence is overwhelming that MS Mobile platform just isn't going to happen. They've tried everything they could think of multiple times, and no signs that there is anything more they can realistically do and expect a difference. As such, they need to do what they can to be relevant to the large market that matters rather than staying in denial.

Besides, being in hardware is not that appealing. It's full of low cost competitors and very well known brands with insurmountable brand strength. It can be a decent enough strategy if you don't have any way in on the software front, but if you have strength in the software side, you have a lot more lucrative prospects than the hardware side.

In the desktop era, MS overcame the competition by being able to pit the suppliers of hardware against each other and control the 'good' bits. Apple's success in mobile distracted them from this reality, and Google then out-did microsoft in the 'license to OEMs' game (by being free or near free depending, and banking on ongoing revonue).

Comment Re:This is a BAD idea support wise (Score 1) 280

Of course, it's not python-esque, it's much worse. It reminds more more of javascript or perl, but with less power than either in terms of syntax (yes, feature wise you can access all kinds of .net functions, but structuring your pure powershell is very limited and the syntax can be very hard to maintain).

Comment Re:Easier said than done (Score 2) 54

As I said, "There are scenarios where that can make sense where the role of the device is very well defined (ATMs, Point of Sale equipment, etc)", which would include the IoT category. Note that no one is suggesting deploying antivirus onto those platforms, it would be a ridiculous concept.

Anti virus only makes sense on platforms that are open ended. To the extent you have more special purpose applications (document editors), then yes, the vendor should be held accountable for lazily allowing things that never made sense.

But for a general purpose computing device (personal desktops), at some point the user is going to make a decision to run or not run an application. The user needs to be educated to make the right call. If you say you shouldn't be in a situation where the users call could *possibly* be wrong, that means you aren't allowing the user to run applications they want.

Comment Easier said than done (Score 5, Insightful) 54

Advice on safe internet use is "horrible", he added. Telling users not to click on phishing links and to download strange executables effectively shifts blame to them and away from those who manufactured hardware and software that is not secure enough to be used online.

The alternative is horribly locked down appliances that can't do what the user asks it to do. It means distrusting the owner of the device. There are scenarios where that can make sense where the role of the device is very well defined (ATMs, Point of Sale equipment, etc), but personal computers are by their very nature empower their users to do things the vendor would not have necessarily conceived of.

I agree that anti virus measures are not that good, but it just means that user education is all the *more* important, unless you don't want to let the users do anything or you don't have any users doing creative technical work.

Comment Nature of smaller businesses... (Score 4, Insightful) 54

Dominant players in the market tend to recognize ability to rest on their laurels, while smaller players tend to be more aggressively trying to win business. If they fail to do that, they'd go out of business.

Basically a company with prospects for growth will, on average, do better by their customers than a company without any prospect to grow.

Comment Re:Implementation not protocol (Score 3, Insightful) 77

I think the issue for a lot of sysadmins is that trends have ultimately resulted in them losing the practical ability to manage what the software is doing security wise, but are still left accountable for mistakes. There is a great deal of pressure in the industry to be fast, and to be fast, just let the developers own deployment of their own software, enabling various technologies to let the 'user' be 'root' in some special domain to give them freedom.. However, somehow the admins continue to stay on the hook for problems that arise from how that software is deployed, despite having no control over deployment. So an admin in such a position is justified to quiz the developers to make sure *they* understand what they are doing to themselves, and perhaps lead them to more deeply understand the lego block modules they are haphazardly slapping together. Those modules are of widely varying levels of quality and commitment, and no good way to know at a glance if it's a wise decision to use them or not. Even when they are done well, any tool used incorrectly can lead to trouble. Of course, in these cases, the admin staff would take the heat, so they are actually making the correct call on their end, since they are shielded from those sorts of consequences.

I have seen a lot of this 'cobble stuff together' mentality. In my experience, nodejs is the worst (applications that on deployment just npm whatever the latest version of every little bit, and there are a *lot* of little bits people pull in because javascript core is missing so many builtins), though every language with a package repository suffers to some extent. There's no longer any time for test. People don't even mirror a known working copy of their libraries, instead just assuming latest is always greatest and never causes a problem, no matter how many times new problems smack them in the face.

That's not to say that there aren't a lot of good things in these trends, but there hasn't been enough interest in keeping the good bits of the way things used to work and *way* too much confidence in random anonymous peoples' development, support, and test skills and methodologies. If the developers are empowered, they should also be the ones to face consequences. The admin staff can be held accountable for the infrastructure bits they own, but generally speaking they have no real control over any facet of an internet facing service (in select environments, I do know a lot of places where the admins still manage things very thoroughly, much to the chagrin of the application owners).

Slashdot Top Deals

If I'd known computer science was going to be like this, I'd never have given up being a rock 'n' roll star. -- G. Hirst