Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Misunderstood (Score 4, Insightful) 99

There seems to be a lot of confusion and in traditional Mozilla fashion all this is poorly communicated.
First, Flash no longer gets updated for NPAPI (Netscape API) which is the way it talks to Firefox. Only PPAPI (Pepper API) gets updates, which is what Chrome uses.
Mortar adds support PPAPI and deprecates/removes NPAPI.
It does not mean you need flash or that it adds stuff you "don't want". It just means it still works for the people who need it - that's it.

By that means it also means any other PPAPI plugin works, so the PDF reader too. It doesn't mean PDF.js (Firefox' own reader) goes away. It just means you can also use PPAPI stuff. If Chrome's PDF reader ends up being better than PDF.js over time, then they can switch over to it as default.

It's not using Chrome's rendering, layering, etc. engine. It's not using Chrome's UI. It's not browsing the web with Chrome, at all.

Comment Unpopular opinion (Score 1) 132

I use Edge every now and then, and beside the extension/addon support that is still a bit in its infancy, it's a *great* browser.
This is my "real life" experience, and keep in mind that I'm biased towards Firefox as my browser of choice - but I like to try to keep an open mind and test things out.

1) It feels faster than Chrome or Firefox, as in its responsive.
2) It uses as little energy as them or less, as in my laptop run out of battery later (be it because edge is partially loaded all the time or not, I don't know)
3) Everything that's modern works. This is not Explorer.
4) I hate the bing integration, but you can turn that off.
5) Dev tools don't seem as nice as Firefox or Chrome.

At the end of the day I still use Firefox, though I run Edge every now and then when I need smth quick ;-) (and I use Chrome for Chrome apps mainly)

So yeah, Edge is, in fact, a great browser IMO - and if it wasn't Microsoft behind it I guess me and others would migrate to it. Shows that both performance and reputation go a long way, in particular, performance matters more than it seems.

Comment Re:Numbing Culture (Score 3, Interesting) 201

You know, school was initially "invented" for this purpose: being obedient slaves - though that is a bit of a misnomer. Really the goal was the unify the population by ensuring the new generation would think and behave in a more controlled and similar way. And as horrible as it might sound, it worked great.
Boosted the economy, science, reduced crime, boosted happiness, etc.

Now then again and as per usual there's a balance to how much rules and stupid stuff one can abide to, and we crossed that line long ago. You can see it when most students hate school just because of what's being forced onto them. This one rule just adds to the pile.

Humans are terrible at balance.

Comment Re:One ring to rule them all and in the darkness b (Score 1) 47

Do you think other companies are that different?
For instance, have you tried Okta? Because it's the exact same bunch of issues.
Have you tried auth0? Heck I'd say it's better, but they also have their bunch of issues, plus you can see them more easily as most of their stuff is open source.
People will only panic if these issues are exploited and publicly exposed, otherwise believe it's safe and stuff. Just like you do.

I think it's narrow sighted to believe that every company that gets pwned is a snow flake. Keep in mind that most companies that do NEVER disclose it.
They only do if they have absolutely NO choice.

TLDR Convenience wins almost every time. "OneLogin used shitty cards (like everyone else)"

Comment Re:One ring to rule them all and in the darkness b (Score 2) 47

It's a game nowadays. Well arguably, it might always have been a game.
OneLogin played it, used shitty cards (like everyone else) and got unlucky and lost.

For CISOs it's all about being lucky while trying to dance on the edge.
At the end of the day this means, you'd better spend your energy where it really matters, because the rest of the company certainly won't and you certainly won't have the authority or manpower.

So by order of importance...

0) pray you're lucky
1) have a kick-ass IR team that has procedures and forensics
2) try to break stuff with red teaming, that includes actually breaking stuff, not showing it's going to break (because nobody cares for that)
3) attempt a few wins here and there in the design of the products to wipe out entire classes of risks (that the best you'll do - for ex, 2FA would've saved OneLogin maybe)
4) try to educate users/engineers via training, phishing, super simple risk analysis

The rest is CYA docs and stuff, but not *actually* useful since nobody follows it.

Slashdot Top Deals

What sin has not been committed in the name of efficiency?

Working...