Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Why does nobody get second factor right? (Score 2) 37

SMS and soft-tokens (such as the Google Authenticator cellphone app) are better than nothing. But they don't provide for particularly secure second factors, especially if the web site is a valuable target.

I don't understand why so few sites (pretty much just Google and Github) use FIDO U2F hardware tokens. They are much more secure as the browser can cryptographically verify that there is no phishing attempt happening -- something that most users have trouble noticing. You only need a single token for an arbitrary number of sites. In many cases, you can leave the token permanently installed in your computer without compromising its security guarantees. The token is dead-simple to use. All you have to do is push a single button, when the site asks for the second factor. You can have multiple tokens, if you want a backup token for account recovery or if you own multiple computers. Any user can buy their own token from a vendor of their choice.

And if site (e.g. your financial institution or SSA) wants to provide tokens for its clients, cheap entry-level tokens cost less than $10. In fact, I suspect you could buy them for around $1 a piece, if you placed an order on the scale of what the SSA needs.

FIDO U2F is of course not perfect. But that can be said about all security products. There is no such thing as perfect security. But these tokens are much more secure than pretty much all alternatives, they are super easy to use, and they are dirt cheap.

Comment Re:Easy solution PIV (Score 5, Interesting) 104

There are plenty of great second factor solutions. The better ones are really easy to use and provide a lot more security. But providers don't want roll out fancy new technology, and users are blissfully unaware of how security works, so they want the same thing that they have had for the last couple of decades.

The upshot is that even when second factors are rolled out, we essentially end up with something no more secure than password and pin, whereas there are beautiful solutions such as FIDO U2F that are ignored.

Comment Re:Why do we need support and updates??? (Score 1) 130

You should never run a browser that isn't updated on a regular basis. You shouldn't even run a browser that is updated, but that has an understaffed security team.

Chrome has some of the best security out there. But even with its pretty impressive track record, it does occasionally get hacked. Off the top of my head, I am not aware of an exploit that ever worked against an up-to-date Chromebook. But I might very well be wrong -- in fact, I strongly suspect I am. And you are certainly vulnerable, if you get tricked into installing a shady browser extension.

It's the wild West out there. The internet is a dangerous place. ChromeOS is some of the safest way to access the internet. But it only is safe as long as you always make sure all security bugs are closed immediately. While your Chromebook is supported, this automatically happens in the background all the time. You probably don't even notice it. If it no longer is supported, things go bad pretty quickly.

Comment Re:End of life support (Score 2) 130

It's all Open Source and under a very liberal license at that. Also, the hardware can be unlocked super easily. That's officially supported by Google. So, nothing else is really needed for somebody else to take over, if they so choose.

On the other hand, it's five year old hardware. You can pick up a replacement for less than $200. And that will be a better device. So, I don't see a particularly big and active community around supporting the old devices.

Comment Re:2016 is the year of Lynx on the desktop (Score 1) 348

Just save the contents and put them back if the user presses forward. I thought only Firefox devs were a waste of oxygen, but it seems they were merely copying Chrome devs.

There are two problems with this.

  1. 1) The Chrome team has actually studied how many people use backspace to navigate; and it's a really small number of users. So, for the vast majority of users, the old behavior is 100% unexpected, and requiring navigation "forward" is at best irritating, at worst something that they don't know how to do (e.g. my parents don't even realize there is a "forward" action). Why make something needlessly surprising, confusing, and frustrating for the majority of your users, when you can fix it by disabling navigation on backspace?
  2. 2) Saving the entire state of a web page is suprisingly challenging these days. Web pages literally have hundreds of mega bytes of state, they have worker threads that need to be snapshot'd, and they change server-side state, when navigation happens. For basic web sites, saving state might be possible. For modern complex web sites it just isn't technically feasible -- even if unlimited amounts of memory were available. This gets even worse, if you want to deal with a sequence of multiple backspace keys.

Ultimately, there are several other keyboard shortcuts for backwards navigation. It's not ideal that a small number of users will have to learn that instead of backspace they now have to press ALT-LEFT, but they'll learn. Just as they learned that CTRL-Q doesn't work, but SHIFT-CTRL-Q does. I bet, after a week, most people won't even notice any more.

Comment Re:Oh well (Score 2) 361

At this point, it might be cheaper to just get a supported scanner instead. It's not as if scanners are really that expensive any more.

Having said that, we are in a similar situation and our household still has a single Windows 8 machine. The rest is Linux, ChromeOS and a Macbook that for all practical purposes might as well be a Chromebook; it's not as if it ever does anything other than Chrome.

The Windows machine is needed for Photoshop. If there was a viable Photoshop clone for Linux, we would not have any need for Windows. As such, Windows 10 has absolutely zero appeal to us; if anything, it only has downsides compared to Windows 8. We'll continue using Windows 8 as long as it is supported, and then probably just disconnect it from the internet and keep using it for as long as we still need Photoshop.

Comment Re:WOWWWW!!!! $800 LESS! (Score 1) 211

If you legitimately need Photoshop, then no, a Chromebook is not for you.

But realistically, very few people need Photoshop, nor can they afford it; and if they did, they wouldn't use it on a laptop, but have a properly calibrated monitor in a room with properly controlled lighting.

For everybody else, times have moved on, and web based photo services have gotten surprisingly powerful. For better or for worse, a consumer or even prosumer is often better off using those services, then shelling out mega-bucks to Adobe -- and that's speaking as a user who has bought the Adobe suit, not just once but multiple versions in the last 10 years.

For the last couple of years, I have been taking my Chromebook with me any time I travel; and honestly, it's the better mobile device. We have a couple of powerful laptops at home, a few powerful stationary workstations, and even some server space; but none of those ever leave the house. For that matter, my wife bought a fancy Macbook a while ago, and after having used it for about two years, she admits that she would have been just as happy if not happier with a Chromebook.

And on top of that, Chromebooks are cheaper; they also are zero maintenance. And they are fully disposable. If a Chromebook breaks or is stolen on a trip, I can have Amazon mail me a new one same day, and once I turn it on, I am back to where I left off working with the stolen device. No wonder businesses love Chromebooks.

Comment Re:USB-C port (Score 3, Informative) 211

I believe, with the exception of the printer, the answer is yes to all of your questions.

And if your printer was built in the last couple of years, there is a good chance it supports Google Cloudprint, allowing you to print to it any time your Chromebook is connected to the network. No need for any wires.

If you have an older printer, you'll need a helper application to run on another computer though. So, yes, that's a little awkward but it is a problem that will go away over time, as hardware gets updated.

Comment Re:that is not always true (Score 3, Interesting) 228

Miele Vacuums in Germany are power hogs and need 2200W. That's fine, as German power outlets are 240V at 13A. You can draw more than 3000W before tripping the breaker. Try doing that on a 110V/15A outlet and the results won't be so pretty.

It's easy to be powerful, if you don't mind wasting a lot of power. But just watch what's happening right now; the EU smartened up to this game and passed new regulations, limiting vacuums to 1600W. All of a sudden, Miele vacuums don't look all that great any more. But Dyson's are awesome, as they have many years of experience maximizing suction power with much lower electrical power needs.

Comment Re:Dyson = solving created problems (Score 1) 228

Most of their vacuums are pretty good. In fact, a huge step up from the non-Dyson models that we used to own. We now have two Dyson vacuums, a bigger conventional model, and the small battery-powered one. The latter gets used several times a day. Quite happy with that; I never before had even seen a battery powered vacuum that wasn't just a bad joke.

As for the hand dryer. Yeah, I agree with you. It's a solution in search of a problem. It just slings bacteria all over the place and doesn't even work all that much better than other commercial hand dryers. I much prefer paper towels. So much more sanitary and easier to use.

Fancy new hair dryer? Hmm, I'll wait until it sells at Costco for a discount and then ask around what other reviewers think. As you said, it's a commodity item.

Comment Re:That's nice. (Score 1, Interesting) 152

I feel, this is probably one movie I don't need to watch. As you said, the story is likely to take a back seat to the visual effects.

And maybe, it's just me but seeing the previews, it felt extremely jarring. The visual effects are so much on the wrong side of the uncanny valley. It is glaringly obvious that all the animals and a lot of the background is CGI rather than real objects. And to me it feels very disturbing and distracting. Of course, if there is no story to distract from, then maybe that doesn't matter as much...

Comment Not sure why this is competition to AirBNB (Score 5, Insightful) 123

I am all for more options. And I definitely can see how a small and affordable hotel room fills a particular niche. But I don't see how this would be direct competition with AirBNB.

When I travel, I book AirBNB because I want an apartment rather than a hotel room. I don't necessarily need the amenities that traditional hotels offer (i.e. front-desk, swimming pool and on-site restaurant), but I do want a multi-room apartment; the ability to use the kitchen; convenient location downtown and close to public transportation; in-unit washer/dryer; included WiFi networking; affordable long-term rental; ...

I can find some of these conveniences in hotels, but only after searching a lot and usually for quite a high premium. AirBNB (or its various copy-cats) really don't have much competition from traditional hotels.

Comment Re:Punishes users and good advertisers (Score 2) 707

I have had an ad blocker in my browser for years. I cancelled cable and only subscribe to streaming services that don't have ads (e.g. Netflix, Amazon) or I buy DVDs outright (for the cost that I save in cable fees, I can buy at least one disk a week and still come out ahead). I haven't read a printed magazine in decades. I literally are pretty much unaware of all current ads.

Having said that, whenever my ad blocker is misconfigured and blocks the text ads from Google searches, I quickly notice and fix things. I only ever get these ads, when I am actively looking to buy something. And that's exactly when I actually appreciate seeing ads.

I find, the "push" model or marketing is highly annoying and not something I'll tolerate; but the "pull" model, where I actively seek out advertisements is very different. This is good news for Google, as I'll still see their ads and even actively click through them; it's not really good news for anybody else, as random display ads on unrelated websites just don't work with this model.

I am not sure what other monetization concept is available for random websites though; they just don't contribute enough to be worth paying, not even in eye balls.

Slashdot Top Deals

You're not Dave. Who are you?