Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re: GoDaddy is HORRIBLE. (Score 1) 33

"But outside EV certificates everyone should be using Let's Encrypt certificates. They are trivial to install, secure and renewals can be fully automated. On top of all that they are free. Anyone buying non-EV certificates is neither cost conscious nor values the time of their IT staff."

There are other low-maintenance ways to get certificates, and they don't require you to put all of your trust in one organisation who has no obligations to you.

For all internal uses, we use an internal CA that will automatically renew renewal requests signed by the key of a currently-valid but almost-expiring cert, and an scep client run from cron that will check all certs and enroll for renewals (as well as enroll for the initial cert).

For public certs the certs we renewed before letsencrypt went live are still valid, so for non-security-critical ones we may consider letsencrypt a month or two before those certs expire.

Comment Re: a singular bully or several? (Score 1) 427

The confusion stems from the fact that a lot of the text comes from a definition of the term gaslighting from the linked blog post:

"Gaslighting occurs at the workplace in the form of bullies unscheduling things youâ(TM)ve scheduled, misplacing files and other items that you are working on and co-workers micro-managing you and being particularly critical of what you do and keeping it under their surveillance. They are watching you too much, implying or blatantly saying that you are doing things wrong when, in fact, you are not. As you can see, this is a competitive maneuver, a way of making you look bad so that they look good;"

So, the only behaviour listed that isn't from the blog post is the supposed over-critical code review.

I can't see that there is any evidence either way between:
- the submitter really is competent and the code criticism is unwarranted
- this is the submitters first real job and the first real (valid) criticism he has received, and doesn't know how to deal with it

Comment Re: What percentage? (Score 1) 280

"And you'll have to buy a VM offering like VMware which can help you load balance across your servers, so factor in that cost as well."

What, Hyper-V can't do this yet?

Well, then just run ovirt (on say CentOS or maybe even Ubuntu or Debian), the open-source version of Red Hat Enterprise Virtualisation, which has about the same functionality as vSphere Enterprise (but not quite vSphere Enterprise Plus).

Comment Re: "that I'm aware of" (Score 2) 280

"Where is the evidence for your claim? My experience with my Windows 7 -> Windows 10 upgrade was such that there was a nagware screen from the system tray that afforded me the option to upgrade or not upgrade."

Really, you didn't see all the stories about complaints from users whose Windows 7 devices can't run Windows 10 adequately and got upgraded without ever actively opting in, or in some cases without any notification except being greeted with a Windows 10 login screen, or worse.

Here is an example article of how that dialog you saw changed when Microsoft wasn't satisfied with the slow adoption of Windows 10:

That was the first links from googling obvious search terms ...

Comment Re: My internet died... (Score 1) 119

"Anyway, my internet was down until the next morning and even then, it still required a cable modem reset to fix the connection."

Some network equipment vendors sent out field notices about 2 weeks in advance of the leap second, recommending operators to use leap-second smearing (as implemented in chronyd for example) if they had affected versions of network device firmware deployed that could crash as a result.

(We didn't have affected versions deployed, and it would have been non-trivial - at this time of year - to get all our NTP servers upgraded. It't not recommended to use non-smearing and smearing NTP sources on the same device)

Comment Re: Consumer Reports I trust more than Apple (Score 1) 268

"Well, considering there as less than a WEEK between CR's Review and their alleged refusal to Retest, no one should be surprised that Apple hasn't released a patch yet."

All we have to go on at the moment us this statement from TFA:

"In this case, we donâ(TM)t believe re-running the tests are warranted"

We have to assume the use of present tense in this statement has some purpose. Since Apple has (at present) done nothing to address the problem, there is (at present) no justifiable reason to re-test.

Maybe, if Apple finds and fixes the cause, there would be a reason, and then we would have to see what CR says/does. But, they didn't say they would *never* re-test, as you seem to be implying. If you want to maintain that stance, provide a quote that unambiguously supports it.

Otherwise, I don't understand your line of reasoning, as you seem to believe the following:
1) CRs testing methodology is adequate (you haven't contested this)
2) Apple hasn't done anything to address the problem (sure, there hasn't been much time)
3) It is unlikely the outcome will be different (the consequence of (1) and (2))
4)CR should still repeat the test anyway (maybe "because Apple")? But, that would imply that they are no longer independant.

So, you are either:
- incapable of basic logic
- a troll
- an apple fan-boy

Comment Re: So now, they're digging in their heels? (Score 1) 268

"But what about if Apple just codes to fix the issue, instead?"

Then they should:
- push out an update to all affected devices
- thank CR for finding the issue
- hope CR considers re-testing at their own discretion using the publicly-available update

But, they don't even seem to know what the real cause is yet, and AFAik haven't indicated that they have a fix yet.

Comment Re: Seems overwrought to me (Score 1) 268

"I have a brand new Dell laptop for work, and a brand new Macbook Pro for home."

"Brand-new Macbook Pro" refers to one model in like 4 available configuration all costing over $1200. "Brand-new Dell laptop" refers to about 7 models in 50 configurations costing anywhere from $300.

What model Dell was it? A comparable one?

Comment Re:About fucking time. (Score 1) 88

access through a web browser

that must have a version of flash that was newer than the newest version released for Linux

No, it works with Chrome on Linux. At least it worked for me this morning accessing a 5.5 vSphere Web Client.

(I haven't tried firefox with Flash 24, but there are a number of sites I need that needed a newer version of Flash, and in many cases the version shipped with Chrome works).

Comment Re: People still buy Netgear? (Score 1) 26

I have used a Netgear before (ISP-supplied DSL modem), but I always:
- Use a non-default subnet on the LAN where user devices reside
- Use a generic linux distribution that receives regular updates as the internet gateway (running the PPPoE session, recursive DNS and DHCP etc. from the Linux instance)
- Isolate the modem from the user devices (since it is not the gateway) if it isn't required as the AP as well

Of course, this isn't a complete solution nor one that is suitable for most end users, and costs more than using an all-in-one solution, but avoids easy attacks that work against most users.

Comment Re: Why can't this be detected (Score 1) 110

That is what "3D Secure" does. It allows the bank to implement whatever additional verification they want during the credit card transaction. In early implementations I saw additional passwords, but most banks in my country currently use SMS-based OTPs.

The banks have been enforcing the use of 3D-Secure or threatening to suspend merchants.

As usual, the U.S. is behind most of the world ...

Comment Re: Back to the old model (Score 1) 70

"I'm vaguely aware of the other show they mentioned, Top Gear, but other than hearing the name, I'm not familiar with the show....from the context I'm guessing it is a British show?"

Top Gear was produced by the BBC, and the live portions of the show were filmed in the UK, but many segments and a lot of the 'special' episodes were filmed in other countried including the U.S.

In many other countries, Top Gear (prior to the last season where Chris Evans was the main presenter) was the 2nd most popular show, second only to Game of Thrones.

In some countries, the most popular tech news sites have had multiple news stories covering Top Gear (Clarkson being fired, May and Hammond quitting the show due to that, the abysmal failure of the show with Evans as the lead presenter) and The Grand Tour (the announcement by Clarkson that he was working on a new show, the announcement by Amazon, some stories about some of the filming in other countries, a detailed story with lots of photos about the filming in the country in question etc.) over the past year.

I don't think it is really necessary to do a long introduction of both The Grand Tour or Top Gear, if you don't know what Top Gear is, it's as useful to you as reading and article on IPv6 replacing IPv4 when you don't know what IPv4 is, and complaining about the summary not explaining what IPv4 is ...

Slashdot Top Deals

Consider the postage stamp: its usefulness consists in the ability to stick to one thing till it gets there. -- Josh Billings