Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:I am no economist, but as a geek ... (Score 1) 205

Unless you're advocating a new form of Creationism that I'm not familiar with, the universe wasn't built from human labor. Software, on the other hand, is -- and that's why it costs money to make.

Free software isn't free to make. There's a reason it's free as in libre but not necessarily free as in gratis.

Comment Re:Most severs shouldn't be vulnerable (Score 1) 245

Maybe he's suggesting to just use plain SSL without the initial plaintext exchange and initiation.

Yup. Nobody needed to reinvent traditional TLS/SSL secure sockets in order to send email.

What's wrong with STARTTLS? To quote the original RFC: "...a client that gets a 454 response needs to decide whether to send the message anyway with no TLS encryption, whether to wait and try again later, or whether to give up and notify the sender of the error."

So in other words, if you're writing an SMTP stack you have to handle a severe security edge case by parsing a string instead of getting an exception from your secure socket library. What could possibly go wrong! Oh right... there's a reason this is on Slashdot.

Comment Most severs shouldn't be vulnerable (Score 0) 245

By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted.

Look, most severs these days are configured in such a way that STARTTLS runs on a different port than the plain-text connection. The server will reject login requests until the STARTTLS handshake is completed.

So sure, a few old, badly configured servers will continue over an unencrypted connection. But take it from a guy who worked on an email client, this is not a typical setup these days.


Comment Re:Pick a category (Score 4, Interesting) 993

The key difference between non-corporate open source projects and Microsoft or Apple is that companies have HR departments. Problem employees can be dealt with or even fired.

There isn't really an analog in your typical open source community. In fact, smaller open source projects tend to be so grateful for any help that asshole behavior is tolerated -- or even considered the norm. It's a sad state of affairs for the majority of us who want to contribute, but have no interest in dealing with a cesspool of assholes.

Slashdot Top Deals

It is much harder to find a job than to keep one.