Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment how do you know your info is retrieved securely? (Score 1) 782

> t while the proxy can effectively decrypt your https traffic, noone else can

You only know your session is encrypted between your browser and the proxy.
You cannot check who is at the other side of the proxy (unless perhaps you're the proxy admin).
You don't know whether your session is encrypted between the proxy and the other side. You don't know what grade of encryption is used between the proxy and the website, or whether that traffic is encrypted at all. For all that you know, your company's network admin is a nice honest guy, would never dream of snooping on anyone's traffic, but hasn't noticed that the proxy has been failing all SSL negotiation for the past 14 months and is reverting to no encryption. And even if it doesn't, I've seen commercial websites that provided identity through SSL, but did not encrypt the session. My browser warned me that the traffic is not encrypted. I could check the certificate, see that the other side is who he claims he is, see that the sesion is https but not encrypted, and decide not to use my CC on that site. But would not be able to do so if it were thorough a proxy.

Comment Wave was never opened to the public (Score 1) 327

Does it matter that "server-to-server communication is TLS encrypted and authenticated" when there is only one server?

Google Wave was never opened for federation. It was not used as a tool to communicate. Only as a demo for a tool for collaboration between people working on the same system.

People connected to the same computer where able to communicate using the computer. Then in 1971 Ray Tomlinson extended it a bit to allow people with accounts on different hosts to communicate. Email was invented and the rest is history. Wave has never reached this stage. It was a closed garden used only by people using Google Wave accounts. There was no one else running a Wave server and there was no point in doing so when there's no other server open for federation (other than the "sandbox" servers that did not serve any real "users", a.k.a. "people"). Email in 1971 was not close to what it is today. but it was working and allowed people to use it to communicate. "Gadgets" (RFC822, MIME) came years later. In Wave it seems they tried to do it the other way round. Did they expect it to work?

Comment Gmail's spam filtering better? (Score 1) 78

I've deliberately subscribed (also "unsubscribed") some FastMail aliases to some botnet spammers lists. I never got a single piece of spam on these addresses. Subscribing to same lists with other providers produces a steady flow of spam. This has nothing to do with Sieve because most spam never reaches this stage at FastMail. With my Gmail address I don't need to subscribe: the spam finds its way to that address, and there's lots of botnet spam getting into Gmail. True, it's getting into the junkmail "folder", but so are many legitimate messages (false positives) so the spam has to be manually sifted there.
WIth fastMail I know that whatever message is rejected and not delivered into a mailbox (junk box or any other box) is producing an "undelivered" report to the sender. With Gmail there has been reports of disappearing mail: mail that was accepted by their servers yet not delivered to either the recipient's inbox or spam box. I have also seen reports by users of Gmail that get so much spam in their spam box that they gave up fishing for false positives despite knowing that they lose some business this way.

Comment Use IMAPSize to backup Gmail (on Windoze) (Score 1) 296

IMAPSize is an application for IMAP account management (unlike an email client that would sync with your IMAP account, possibly instructing the server to delete things, IMAPSize backup function only copies and backups. Backups can be incremental, of course. And there's other functionality too, like Attachment removal or header modification).

I know it works with Gmail (used it) though I use it mainly with my account.

Comment I'm amazed at Slashdot users ... (Score 1) 489 ???

1. Gmail will include the "secret" account address with every email they send (in the "Sender" header and in the envelope-from address ("Retunt-path"). It will be no safer from spammers than the other address.

2. A brand new email address that is not too short or a very common name used by a child will not receive any spam. It's not a new account of an adult that would be fed into every online merchant's site and immediately shared with "select partners" a.k.a. spammers (I was going to write "an account you setup for your wife" but decided to avoid male chauvenism). Though I might be completely wrong about what children do with their email addresses. My kids only exchange emails with very few friends and teachers.

3. Google's spam filtering is not anything close to being "good". They not only miss a few. They also have a quite high rate of false positives ( I saw more than 1% one month that I made counts). They provide absolutely no control on how spam is filtered (such as sensitivity or opting out of spam filtering) and they do not pass detected spam through filtering rules. There is no way to define rules that precede spam filtering. Also there have been reports on legitimate mail that Gmail haven't even filed in the spam folder (or whatever it is in Gmail that's "not a folder").

4. Anyway the spam is not the real problem since the child is not going to get any. My two sons have email accounts for about 3 years and not a single spam message (but they don't use them to "sign up" for anything, and if they do need to sign up I do it for them with disposable addresses).

5. The real issue is that parents have a esponsibility to watch their childrens actions.

Recently my 8 years old son was required to provide an email address "of his own" to his teacher to communicate with his classmates. What I did is provide an alias in my domain and create a rule to forward a copy to his mailbox and keep a copy in my inbox. I also created a personality in his account that uses he address in my domain by default and bcc's by account with all his outgoing mail (all this is using that hosts my domain so there is no revealing of his account's direct address). That way I can monitor all his mail. Usually I get his mail before he does because I watch my mail much more often (Actually I setup email notification on his computer so he gets notified in real time about incoming email but he is not online all that much). What I plan nest is to open a family account at and then I can (from my account that I will setup with admin privileges) watch the childrens accounts (when they grow older I can use the "privacy" option that allows the admin to be blocked from reading content of individual accounts so older kids can have privacy but still have dad pay for their account).

BTW: I don't have anything to do with except for being a happy customer for many years.

Slashdot Top Deals

It is masked but always present. I don't know who built to it. It came before the first kernel.