Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re: What an idiot (Score 1) 269

"The biggest mistake that happened in the original article was the violation of company policy of registering his own private email address for the administration account. Because of that move, the school (in my opinion) was justified in suing the guy."

I don't know specifically in this case, but in some cases in my position I have access to some work-related features on Google and Facebook linked to my personal accounts. Since our company has no products/services from either, I can't really do anything else except possibly make a dedicated account for that one purpose.

If my manager fires all my colleagues, then me (and forces us out to avoid paying severance), then locks himself out of his account, why should it be my responsibility to help him recover from this situation that he created?

Comment Re: What an idiot (Score 1) 269

"Hoarding passwords is something that has occurred to all of us, at one time or another. It's such an easy thing to do.

But you can't do that stuff. It's unethical, and immature, and unprofessional."

But, what if you have no other option? What if you weren't actually hoarding, but became the last staff member with rights by attrition, and management didn't show any interest in ensuring administrative continuity (by not filling vacancies etc., or making the effort to see ), even after being informed.

I work for an ISP. Google provides ISPs access to some tools, which require a Google login. Our company doesn't use any Google for business products. Our company doesn't have a policy regarding credentials for 'cloud' services that can't use your company email address. So I used my personal gmail account (like my colleagues and our manager).

Is it my fault if my manager locks himself out after I leave the company, or doesn't bother getting his account linked along with the rest of the team?

I don't think there is a clear-cut case for malicious or negligent behaviour on the side of the employee, but it seems pretty clear that they actively worked him out. In many countries that would have been illegal and he could have sued for unfair dismissal and gotten a year's salary with only a few hour's effort and no significant costs.

But you Americans seem to want to punish any worker who has picked a bad company to work for (what else can explain your lack of basic worker's rights protecting them from vindictive companies such as this one seems to be).

Comment Re: GoDaddy is HORRIBLE. (Score 1) 33

"But outside EV certificates everyone should be using Let's Encrypt certificates. They are trivial to install, secure and renewals can be fully automated. On top of all that they are free. Anyone buying non-EV certificates is neither cost conscious nor values the time of their IT staff."

There are other low-maintenance ways to get certificates, and they don't require you to put all of your trust in one organisation who has no obligations to you.

For all internal uses, we use an internal CA that will automatically renew renewal requests signed by the key of a currently-valid but almost-expiring cert, and an scep client run from cron that will check all certs and enroll for renewals (as well as enroll for the initial cert).

For public certs the certs we renewed before letsencrypt went live are still valid, so for non-security-critical ones we may consider letsencrypt a month or two before those certs expire.

Comment Re: a singular bully or several? (Score 1) 432

The confusion stems from the fact that a lot of the text comes from a definition of the term gaslighting from the linked blog post:

"Gaslighting occurs at the workplace in the form of bullies unscheduling things youâ(TM)ve scheduled, misplacing files and other items that you are working on and co-workers micro-managing you and being particularly critical of what you do and keeping it under their surveillance. They are watching you too much, implying or blatantly saying that you are doing things wrong when, in fact, you are not. As you can see, this is a competitive maneuver, a way of making you look bad so that they look good;"

So, the only behaviour listed that isn't from the blog post is the supposed over-critical code review.

I can't see that there is any evidence either way between:
- the submitter really is competent and the code criticism is unwarranted
- this is the submitters first real job and the first real (valid) criticism he has received, and doesn't know how to deal with it

Comment Re: What percentage? (Score 1) 280

"And you'll have to buy a VM offering like VMware which can help you load balance across your servers, so factor in that cost as well."

What, Hyper-V can't do this yet?

Well, then just run ovirt (on say CentOS or maybe even Ubuntu or Debian), the open-source version of Red Hat Enterprise Virtualisation, which has about the same functionality as vSphere Enterprise (but not quite vSphere Enterprise Plus).

Comment Re: "that I'm aware of" (Score 2) 280

"Where is the evidence for your claim? My experience with my Windows 7 -> Windows 10 upgrade was such that there was a nagware screen from the system tray that afforded me the option to upgrade or not upgrade."

Really, you didn't see all the stories about complaints from users whose Windows 7 devices can't run Windows 10 adequately and got upgraded without ever actively opting in, or in some cases without any notification except being greeted with a Windows 10 login screen, or worse.

Here is an example article of how that dialog you saw changed when Microsoft wasn't satisfied with the slow adoption of Windows 10:

That was the first links from googling obvious search terms ...

Comment Re: My internet died... (Score 1) 119

"Anyway, my internet was down until the next morning and even then, it still required a cable modem reset to fix the connection."

Some network equipment vendors sent out field notices about 2 weeks in advance of the leap second, recommending operators to use leap-second smearing (as implemented in chronyd for example) if they had affected versions of network device firmware deployed that could crash as a result.

(We didn't have affected versions deployed, and it would have been non-trivial - at this time of year - to get all our NTP servers upgraded. It't not recommended to use non-smearing and smearing NTP sources on the same device)

Comment Re: Consumer Reports I trust more than Apple (Score 1) 268

"Well, considering there as less than a WEEK between CR's Review and their alleged refusal to Retest, no one should be surprised that Apple hasn't released a patch yet."

All we have to go on at the moment us this statement from TFA:

"In this case, we donâ(TM)t believe re-running the tests are warranted"

We have to assume the use of present tense in this statement has some purpose. Since Apple has (at present) done nothing to address the problem, there is (at present) no justifiable reason to re-test.

Maybe, if Apple finds and fixes the cause, there would be a reason, and then we would have to see what CR says/does. But, they didn't say they would *never* re-test, as you seem to be implying. If you want to maintain that stance, provide a quote that unambiguously supports it.

Otherwise, I don't understand your line of reasoning, as you seem to believe the following:
1) CRs testing methodology is adequate (you haven't contested this)
2) Apple hasn't done anything to address the problem (sure, there hasn't been much time)
3) It is unlikely the outcome will be different (the consequence of (1) and (2))
4)CR should still repeat the test anyway (maybe "because Apple")? But, that would imply that they are no longer independant.

So, you are either:
- incapable of basic logic
- a troll
- an apple fan-boy

Comment Re: So now, they're digging in their heels? (Score 1) 268

"But what about if Apple just codes to fix the issue, instead?"

Then they should:
- push out an update to all affected devices
- thank CR for finding the issue
- hope CR considers re-testing at their own discretion using the publicly-available update

But, they don't even seem to know what the real cause is yet, and AFAik haven't indicated that they have a fix yet.

Comment Re: Seems overwrought to me (Score 1) 268

"I have a brand new Dell laptop for work, and a brand new Macbook Pro for home."

"Brand-new Macbook Pro" refers to one model in like 4 available configuration all costing over $1200. "Brand-new Dell laptop" refers to about 7 models in 50 configurations costing anywhere from $300.

What model Dell was it? A comparable one?

Comment Re:About fucking time. (Score 1) 88

access through a web browser

that must have a version of flash that was newer than the newest version released for Linux

No, it works with Chrome on Linux. At least it worked for me this morning accessing a 5.5 vSphere Web Client.

(I haven't tried firefox with Flash 24, but there are a number of sites I need that needed a newer version of Flash, and in many cases the version shipped with Chrome works).

Comment Re: People still buy Netgear? (Score 1) 26

I have used a Netgear before (ISP-supplied DSL modem), but I always:
- Use a non-default subnet on the LAN where user devices reside
- Use a generic linux distribution that receives regular updates as the internet gateway (running the PPPoE session, recursive DNS and DHCP etc. from the Linux instance)
- Isolate the modem from the user devices (since it is not the gateway) if it isn't required as the AP as well

Of course, this isn't a complete solution nor one that is suitable for most end users, and costs more than using an all-in-one solution, but avoids easy attacks that work against most users.

Comment Re: Why can't this be detected (Score 1) 110

That is what "3D Secure" does. It allows the bank to implement whatever additional verification they want during the credit card transaction. In early implementations I saw additional passwords, but most banks in my country currently use SMS-based OTPs.

The banks have been enforcing the use of 3D-Secure or threatening to suspend merchants.

As usual, the U.S. is behind most of the world ...

Slashdot Top Deals