Become a fan of Slashdot on Facebook


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:Compiled languages (Score 2) 157

Perl 6 aims to be a compiled language and in large part already is -- just, the compiler needs a lot of work to catch up to more established languages. There is still the ability to compile Perl 6 code from a Perl 6 program which could be interpreted as interpretation, but most people won't be doing that.

The compiler already does a fair amount of compile-time bug detection. Best way to know more is to play with it.

Comment Re:Perl 6 is a thing? (Score 2) 157

A "release" was made, by which it is meant that there is a contract between the
developers and the users: the developers will not break things that are tested
for and currently pass in the test suite until the next version, and for the most part
any changes to the test suite (and thus, behavior) in that next version have to
be well justified, documented in release notes, etc.

Also, a lot of features work and as a whole the language is very usable.

If you'd been playing with Perl 6 before this, there was a *lot* of very frequent
and sometimes drastic churn which would require tweaks to scripts or modules
you'd written. This required a lot of patience by those working in that environment,
so it was not suitable to declare Perl 6 open for business at that time.

Now, if you're really worried about not having to edit something after an
upgrade, you can check to see if the behaviors used are bound by that
contract by finding examples of their use in the test suite.

Comment Re:no end-to-end no streaming media (Score 4, Informative) 282

YMMV. It depends on the application and the implementation.

Modern Apple and Microsoft dot1x supplicants do pin on first use, but the only consequence of that is if someone spoofs a cert, the user gets a popup, and how they react to that depends on their training.

Android dot1x supplicants won't, and won't even allow you to pin a particular CA to limit exposure when using a public CA, nor even check the DN, so you are vulnerable to any old stolen key/certificate pair signed by a CA in the base OS trusted list.

If you set it up by hand, wpa-supplicant for Linux has the ability to pin either a particular cert or a CA/DN. Various GUI config tools may or may not support setting these options.

For IPSEC VPN, Windows supplicants cannot pin a CA/DN unless you use EAP-PEAP-MSCHAPv2 either for L2TP/IKEv1 or as the auth protocol in IKEv2, and it must be pinned manually or through a setup/install script. If you use EAP-MSCHAPv2/IKEv2 there is a check that DNS matches the DN, but that's not much extra security if your OS store includes a compromised CA, and Windows also cannot support DH groups higher than modp2048 in a RAS dialer, only in the decidedly user-unfriendly firewall policy feature set. Some 3rd-party VPN clients improve things slightly but often still play it loose with the store/validation. If installed through a mobileconfig, OSX and IOS do support locking things down, I think... that's next on my list of things to kick the tires on. Strongswan on linux pretty much kicks ass, once you've patched it up past the oopsie they had with the EAP state machine, but again, not an end-user-friendly animal so you are at the mercy of GUI tools to not be setting things up wrong.

The whole crypto landscape is a bit of a mess on the client side... the above doesn't really scratch the surface.

Comment Re:no end-to-end no streaming media (Score 1) 282

There's no reason to use a CA

Er, Verisign and a lot of other big "private" certificate authorities have been hacked years ago.

What part of "no reason to use a CA" was hard to understand?

CAs are only there for convenience. Anyone willing to go through the proper steps do not need a CA to set up crypto, just either an offline way to exchange seed material, or some communication channel that they know cannot be interfered with by snoopers plus a secure key exchange protocol. Note, that is "interfered" as in you'd need write access to attack it. It does not matter if the channel can be eavesdropped.

Comment Re:It is on the public (Score 1) 259

Being able to mislead is a skill which is sometimes needed in some of the roles politicians play. Doing it all the time, for the wrong reasons, or to great detriment to the public is of course undesirable, but being either bad at it, or too honest, is something that will turn off voters that actually want you to trick the villainous, so some politicians will try to show off this talent. The more perfect world where the public does not want or need this in a politician is a while away (and if you've ever read any Man-Kzin Wars, might be wise to intentionally preserve even in a higher order of civilization.)

Comment Re:truth vs fact (Score 1) 259

Two ways come to mind:

First, when it is not actually a "fact", but is placed in a context where facts normally go. Example:

"After Natalie Portman bathed in hot grits, netcraft confirmed my opponent has never built a Beowolf cluster"

The "my opponent never built a beowolf cluster" is in the "claim" part of that sentence. The "Natlie Portman
bathed in hot grits" is "presented as fact" in a way that less swift people will more often take it as a
given. This is just a matter of the word "fact" having some shades of meaning.

Second, when a true fact is misused to give credence to a lie or promote an idea that
has no reason to be advanced among a group of similar ideas. Example:

"It's possible 1337 is the combination to someone's luggage, you insensitive clod!"

That it is possible that 1337 is the combination to someone's luggage is a fact, but there is no
reason to have singled out 1337, but the brain remembers it was singled out, and that can
sometimes rattle around unconsciously causing bias.

Comment Re:Easy solution. (Score 1) 726

If you care about either of those things... personally I don't consider a game who's online play fizzled in 4 years to have had a worthwhile online experience in the first place, and if the company shut it down and didn''t turn it over to the community, you should probably not weigh online play as a part of any game that company produces.

Comment Easy solution. (Score 1) 726

Stop playing the latest video games. Only play 4 year old stuff. Then any crummy whitebox you buy will be able to run them just fine, and all the games and drivers will have reached their final patch levels by the time you bother with them.

Comment Re:This is... safe? (Score 1) 168

If you try to do something about it and fail, does that increase or decrease your liability as compared to throwing up your hands and claiming that you can't possibly solve such a problem?

Yeah, from a pure "stockholder's interest" approach, the funds to do that might be better directed towards lobbying a legislator to sneak something into a farm bill that makes you immune from prosecution for it.

Slashdot Top Deals

The computer can't tell you the emotional story. It can give you the exact mathematical design, but what's missing is the eyebrows. - Frank Zappa