Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Re:Biggest advantage of Safari (Score 1) 156

Partially wrong. Firefox has containers, where you can have as many containers you like and each one of them is completely isolated (cache, cookies, storage, etc.)

You need to install an extension to expose an UI for this base Firefox feature https://addons.mozilla.org/en-...

Comment Re:Why more than one? (Score 1) 73

When you hire awful subcontractors (like the evidence points in this case), you don't want those people putting files (JavaScript for example) on your own domain and later bat victim of some kind of XSS (or related) vulnerability on your site. It is like using another domain for user generated content, in this case the user generated content is the subcontractor output.

Comment Re:Bad examples not encouraging (Score 1) 91

An one of the reasons (of many) I reverted some of my applications modules written in Scala back to Java is the easy of use of the object singletons. Nearly all Scala libraries use them, making using those libraries in a shared context, for example an EAR lib directory or as app server module/plugin a nightmare. Singletons reused between different applications and the only way to maintain isolation is to ship the same library multiple times on each WAR of a EAR wilth multiple WAR.

So no, I don't like languages that make easy to create global state. At least the Java statics are so ugly that is not common to see libraries crippled by their usage (or are Java developers more aware than Scala that global state is bad, I don't think that is the problem)

Comment Bloat (Score 1) 91

I find it ironic that the people (Android team engineers) that don't want to use Java enums on Android APIs because they add "bloat" are embracing another language that adds more overhead over plain Java (increased application size for example) than enums could add.

Comment Re:Also in the news (Score 1) 238

It is true on the consumer side, they try at least to follow the minimal requirements to be a good Windows application. the business world on the other side is awful. Applications that don't work if you install on Program Files, that you need to add write permissions to the installation directory, or that need read write permissions on server shares. This is too common on small business targeted applications that I have lost count on the ones I have seen.

A lot of Windows developers have no idea what %appdata% and %localappdata% are (and related directories with user write permissions.

Comment Re:How is this better than "phone app" 2FA (Score 3, Informative) 162

First, the app name is Google Authenticator. Second, it works with more that Gmail, I have my DNS provider, my GitHub and GitLab accounts, my Google accounts, my corporate accounts, etc all inside that application. It works on more that one site because they all support TOTP, an open algorithm, that is what the app, and many other alternatives like FreeOTP.

About what is better is the USB device that an application? The keys are stored on the device, and good devices are designed so keys are unreadable outside of it, only the generated code. Applications are vulnerable to malware on the device running it. The device ideally is less vulnerable of malware, it will be able to intercept current generated codes, but not extract the keys and generate codes themselves (unless the firmware is too buggy that it exposes the keys to the host device)

Comment Re:Not a surprise... (Score 1) 293

Newspaper are private companies too but we as the readers expect them to follow some ethical rules about how they publish news and we personally rate them with our trust. That Facebook is a technology company doesn't mean the people can't expect and try to exert pressure on their managers to make them ethical.

Comment Re:J2EE? (Score 4, Informative) 57

The invoker servlet and its default mapping /servlet/* isn't present in old nor current specs. It is not a JEE standard or was. It was a feature many JEE containers copied mainly because Tomcat at that time was the reference implementation (The invoker servlet class was on the tomcat package namespace not on the javax.servet one) , a very bad idea. It is not present in modern containers.

Since 2002 is known that having it enabled was a bad idea. But you know, enterprise software is badly updated.

Slashdot Top Deals

Live within your income, even if you have to borrow to do so. -- Josh Billings

Working...