Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment osCommerce and its derivatives susceptible to this (Score 2) 372

I run two e-commerce stores based on osCommerce and had this exact issue with a customer whose last name was Null. There is a common function in osCommerce (tep_not_null) trying to see if the argument is empty. One of the things it looks for is the string "null". When I discovered this, I removed that part of the test (which never made sense to me.)

Comment GaN Transistors are the future (Score 4, Informative) 245

Gallium Nitride transistors have a lot of nice characteristics, but low yields and high costs have slowed their introduction. Two tiny laptop chargers, the FinSix Dart and Avogy Zolt, were said to use GaN transistors. The Dart still hasn't shipped, a year past its claimed release date. The Zolt has but is apparently using older Silicon Carbide-substrate transistors instead (Also see here.) (I received my Zolt recently and it is working well.)

It won't be a surprise to anyone following this technology that it can make inverters more efficient - that's what FinSix and Avogy have been claiming/demonstrating for two years at least.

Comment I have one, but teething pains (Score 3, Informative) 85

I have had one of these for a month or so now. The range is fantastic (even with 5GHz) as is the throughput, though the Ethernet bonding feature isn't useful to me.

However, I, like many other X8 users complaining in Netgear's support forum, have an ongoing issue with the WiFi in that devices still show they're connected but no data flows. And if you have a device that tries to connect to the access point, the router rejects it. Rebooting the router fixes it for a while. Netgear support has been very responsive and they've given me beta firmware, but the problem persists. It's especially aggravating for my DVR which goes back to an "unconnected" state each time this happens, meaning I have to go through its configuration again.

Netgear is sending me a replacement router to see if that helps. I hope it does, as otherwise I love this thing. I was able to disconnect a repeater I had running on the other side of the house as I didn't need it anymore.

Comment Re:Media Center (Score 1) 720

It's great that this can be done, and all well and good. But people who criticize Linux for making you figure out how to get things to work should take note. Windows is not necessarily "it just works."

Microsoft removed the whole feature from the product. Enterprising users figured out how to add it back in, and without the need to go pull sources from github and build it yourself.

Comment Re:Media Center (Score 4, Informative) 720

Users have found a way to install Windows Media Center on Win10. I have done this (on my mom's PC) and it works. See http://forums.mydigitallife.in...

I'd love to upgrade to Win10 on my home's primary Win7 PC, but the upgrade keeps failing and never tells me why. I tried to get help from the MS support forums, but just kept getting fed a form response with a scattershot list of things to "try". I have Win10 on several other PCs and I like it.

Comment Email clients are the weakest link (Score 3, Informative) 91

I run an e-commerce store and have to deal with PCI compliance. We don't store credit card details, but the info passes through our server. The June 30, 2016 deadline to drop TLS1.0 was a big headache, made worse by the "Trustwave" PCI checking tool (mandatory from our payment processor) failing us as of July 2015 for not dropping TLS1.0, but I could submit a remediation plan every three months to defer it.

I did a bunch of testing to see what broke if I dropped TLS1.0. On the web browser side, MSIE10 wouldn't like it, but other, reasonably current, browsers were ok. What surprised me, though, was how many email clients simply stopped communicating with our server if I turned off TLS1.0 for SMTP and IMAP. It's been hard to find details on which clients support TLS1.1 - and perhaps there's some aspect here I'm missing - but this to me is the bigger problem than the web service. (Even though we don't use email for sensitive info, if TLS1.0 was enabled on ANY port, we fail.)

I'm glad to see that this deadline was pushed back, as it was giving me heartburn.

Comment Re:This is why you call your bank before tourism (Score 2) 345

Another Chase fan here. Just after I arrived in Ireland for a two-week vacation this past May, I get a notice from Chase that they're canceling my card due to (actual) fraud and sending me a new one. Except that I was depending on the Chase card while I was in Ireland. Their CS was extremely helpful and suggested a setup where they'd authorize card-present transactions while I was in Ireland but block others (unless I explicitly authorized them.) (And then I was embarrassed when my card was declined in Ulster, but that was my fault because I wasn't in Ireland anymore - and they had asked what other countries I would be in.)

American Express has also been good about fraud detection and alerting me instantly, though on a previous European trip I noticed a whole slew of bogus charges to my card using a number that had been canceled two cards ago. Their explanation was that if it came through a processor that had done a valid transaction before (which had been the case), they'd let it go. No big deal to get it taken care of.

Comment Re:Scripts that interact with passwords fields aws (Score 1) 365

n00bs, eh? I've been in the software business for almost 40 years, you young whippersnapper.

I suggest you study texts on encryption, and maybe read the technical details of how a good cloud-based password manager like LastPass actually works. https://lastpass.com/whylastpa... https://lastpass.com/support.p...

Your super-whiz-bang method still requires a password, it seems. Without a password manager, users will still need to remember their password and many will either reuse passwords from other sites or choose simple ones. The image/caption thing you talk about is often used as an anti-phishing technique, but that's not authentication. If you're requiring the user to choose from among multiple pictures or captions, then that's effectively another one or two passwords. Yes, it will make it harder to attack YOUR site through the web interface, but doesn't itself strengthen protection of the users' passwords.

The goal for password managers is not to protect individual sites, it's to protect the users against their own misuse of passwords and reducing the risk when some site (not yours, hopefully) gets hacked and has their password database stolen. (How do you hash the passwords for your sites? Still using MD5?)

Comment Re:Scripts that interact with passwords fields aws (Score 2, Insightful) 365

Obviously you have limited experience or familiarity with password managers. LastPass, among others, keeps your encrypted passwords "in the cloud", so that they are accessible even if your local disk "takes a dump". For LastPass, there's also a local copy of the encrypted database, and yes, I do have backups. (If you don't have backups, you have a lot more problems than losing passwords.)

Image/phrase/password verification is hardly "better" (better than what?). How many of those can you remember? If you can come up with an authentication scheme better than passwords that you can get every online service to use, then please let us know. The reality is that passwords are what we use today and password managers make them easier to use in a more secure fashion, so that one has a different, strong password for every login. Two-factor authentication is also very helpful (and I enable that where supported.)

Currently the biggest weakness of passwords, other than most people using them poorly, is sites that store passwords insecurely. This, combined with the tendency of those NOT using password managers to reuse passwords, is what leads to the majority of account hacking.

Comment Re:Scripts that interact with passwords fields aws (Score 5, Interesting) 365

LastPass is no more proprietary than KeePass. The JavaScript implementation is visible. And while their server was hacked, the thieves got nothing of value since the contents of your "vault" never leave your computer unencrypted and LastPass doesn't have the key.

I agree with the article - blocking password managers lowers security.

Comment Re:The VMS Common Language Environment (Score 1) 484

Free advice is worth every cent, Steve. Wasn't that you?


I should also have mentioned that the common language environment meant that mixed-language applications were far easier than on most other operating systems. How about mixing BASIC, RPG II, Pascal, Fortran and Ada? Easy.

Comment The VMS Common Language Environment (Score 1) 484

I'll admit that I am biased, as a former VMS developer for DEC, but in my opinion VMS did one thing right from the start that I have not seen any other OS duplicate before or since - the Common Language Environment. VMS defined a common calling and exception handling standard that was used by all of the 20+ programming languages supported on VMS. The system services and the common run-time library were usable from all of the languages. Yes, many of the languages needed extensions to support things such as "pass by descriptor", but it was done in a consistent fashion. There was also a naming standard that separated system and user namespaces to avoid namespace collisions. This was all documented in the standard VMS manuals and was designed to be extended as needed.

This also meant that pretty much all of the system library routines were language-independent and there were large collections of these that could be called from most languages. For a long time, Windows had something close to this with the Windows API, but in recent years it's been shifting to C++ class libraries that shut out other languages.

Slashdot Top Deals

Somebody ought to cross ball point pens with coat hangers so that the pens will multiply instead of disappear.