Clicking on one icon to switch to "metro" and then clicking on another to switch to "desktop" doesn't seem terribly cumbersome.
Installing Window Blinds and Start8 as a one-off doesn't seem terribly cumbersome, and then you have the UI that Microsoft should have given you in the first place (best ever response to this was taking my laptop in to Microsoft and having a MS person staring over my shoulder and eventually asking "what is that and where can I get it too").
Couldn't the first step be libreSSL? They cleaned out a ton of junk and applied some uniform coding standards. That would be much easier to audit, and a much sounder base.
Flag as Inappropriate
Exactly (no mod points left, sorry). Auditing OpenSSL makes about as much sense as auditing Windows 95, we already know it's broken beyond repair, and any further effort expended on it is just throwing good money after bad. Focus on something that's worth going with, like LibreSSL, or something that was never OpenSSL to begin with.
For me, Swiss watches represent the pinnacle of hand crafted micro engineering. I also own a quartz watch that keeps better time and runs for years on a single battery for a micro-fraction of the cost (and requires no expensive servicing). So what? I find it refreshing to use an entirely mechanical device with amazing latent complexity. It serves a single purpose simply and elegantly yet almost perfectly.
Same here. I have an Atmos clock, which is entirely mechanical. You're supposed to get it serviced every 30 years (mine has just gone in for its second service, the first in the time I've owned it). The standard models are meant to run for about 400 years, the fancier ones like the du Millenaire are calibrated out to 3000 AD, although I'm not sure whether civilisation will still be around then if something goes wrong.
I'll bet the $10,000 Apple watch will be a piece of expensive inanimate jewellery long before my clock goes in for its third servicing.
Had an interesting discussion about this with some fellow geeks over steak recently, one of them proposed firing the bottom 80% of all your developers. Reason: Not only are they not contributing much that's useful, they are in fact a negative input on productivity since the other 20% who are useful have to go round cleaning up the mess they make.
I'm not sure if it's 80% (I'd say maybe 50%), but I know too many situations like this, where the clueless/incompetent are not only not doing anything useful but actively preventing the competent from getting their work done.
(The problem, which was pointed out at the time, is identifying who the incompetent 50% are. Many of them are where they are today because they know how to manipulate the system, rather than because they're any good at what they do).
"The prescribed global standard doesn't work so we're just going to roll our own. Twice."
Great. Thanks for that. Not "we will penalise sites that don't allow OSCP pinning because we think it's necessary" but "bugger this, we'll apply our own definition of what can be trusted or not to every user"
The reason for using this alternative to the alternative is because any kind of blacklist-based security doesn't work. It rates #2 in the six dumbest ideas in computer security, with default-allow (which arguably is the problem that blacklists are trying to deal with) at #1. First there were CRLs, which don't work. They were replaced with OCSP, which doesn't work. Now we have cert blacklists, which are fairly recent so they haven't failed often enough for it to be obvious to everyone that they don't work, but give it time...
Once they fail, the browser vendors will come back with version 4 of the dumbest idea, then version 5, and then version 6, and they'll just keep on doing the wrong thing over and over and over until eventually it starts working, dammit!
The brings to mind a profound application that would likely solve this problem, a turing test for robocalls. How long can a computer keep the telemarketers on line, whilst leaving you out of it all.
In any case the Russians have the explanation. From TFA:
For example, you all remember the magnificent shots of the Yamal crater in winter, made during the latest expedition in Novomber 2014. But do you know that Vladimir Putin, Emperor and Autocrat of All the Russias, was the first man in the world who went down the crater of gas emission riding on a bear? More than this, it was very risky, because no one could guarantee there would not be Ukrainian Kike-Banderites hiding down there.'
There are already programs in place. One example, NIST certifies private security testing laboratories to test according to FIPS standards. It just nobody asking for certified products outside of the government procurement.
FIPS 140 certification, which I assume is what you're referring to, is almost worthless in terms of determining how resistant to real-world attack a product really is. It would have done nothing to prevent the problem discussed here. Its main use is as a measure of how desperate a vendor is to get government contracts, which is also why no-one asks for it outside government procurement.
Re:IE once again kills innovation
on
HTTP/2 Finalized
·
· Score: 1
Webservers are going to have to support both for years.
Applications are going to have to support both for years, possibly eternity. The whole HTTP 2.0 process was driven mostly by Google, who wanted HTTP changed to reduce the load on their servers (heaven knows what sort of uproar would have resulted if Microsoft had tried this sort of thing). Unfortunately the resulting design, while it may make Google's job easier, is incredibly difficult to implement for things like embedded devices. The HTTP 2.0 WG's response when this was pointed out, repeatedly, was "let them eat HTTP 1.1".
In other words there will be two HTTP's, 2.0 for Google and in general content providers and whatnot, and HTTP 1.1 for everything else.
A lot of these addons have millions of downloads. Perhaps browser makers need to get the message and include popular functionality that people want.
Sadly, things look like they're heading in the opposite direction. The first thing I do with a new install of Chromefox is download a pile of extensions to turn it back into Firefox, but it seems like every new release requires even more extensions to undo the Chromefox braindamage. So at least for that browser, the developers are making changes that force you to download more extensions, not less.
Have we slipped so far down the performance-orientated slide that we are impressed by *how well a dungeon generator runs on an i7 with 16GB of RAM.
Ah yes, but it's running VMWare running FreeBSD emulating Linux running Qemu running Windows XP running AppleWin running the dungeon generator written in Applesoft Basic for a 1MHz 6502 in 1979, and that's worthy of the front page of Slashspot.
With Windows Phone failing to make a dent on the smartphone market
It may have failed to make a dent on the smartphone market, but it's made a considerable dent (more like a smoking crater) in the desktop PC market. MS claims that they'll fix some of that in Windows 10 (Windows Phone, aka. 8, being so had that they skipped an entire version number to get away from it), but I'm taking a wait-and-see approach.
Extensions are what got me to switch away from IE way back in the day. There's a core half dozen of them that are invaluable.
Unfortunately in recent years the core half-dozen critical extensions are the ones you need to undo all the crap that's been done with Chromefox and get it back to being Firefox. Only after you've applied those can you start enhancing its functionality.
Still, without those you'd be stuck with using Chromefox, at which point you may as well just switch to Chrome anyway.
We live underground. We speak with our hands. We wear the earplugs all our lives.
PLEASE! You must listen! We cannot maintain the link for long... I will type as fast as I can.
DO NOT USE THE CABLES!
We were fools, fools to develop such a thing! Sound was never meant to be this clear, this pure, this... accurate. For a few short days, we marveled. Then the... whispers... began.
Were they Aramaic? Hyperborean? Some even more ancient tongue, first spoken by elder races under the red light of dying suns far from here? We do not know, but somehow, slowly... we began to UNDERSTAND.
No, no, please! I don't want to remember! YOU WILL NOT MAKE ME REMEMBER! I saw brave men claw their own eyes out... oh, god, the screaming... the mobs of feral children feasting on corpses, the shadows MOVING, the fires burning in the air! The CHANTING!
WHY CAN'T I FORGET THE WORDS???
We live underground. We speak with our hands. We wear the earplugs all our lives.
Thanks to the fact that the Moon is tidally locked, we can only see 50% of it's surface on any given night.
"No one quite knows where the moon came from, but it's as old as the Earth, or very nearly. And it's survived this long because it has the most perfect defence system ever evolved. It's Tidally Locked. It doesn't exist when it's being observed. The moment it's seen by any other living creature it freezes into rock. In the sight of any living thing, it literally turns into stone. And you can't kill a stone. Of course, a stone can't kill you either, but then you turn your head away. Then you blink. Then, oh yes, it can. And I'm sorry. I am very, very sorry. It's up to you now. Don't blink. Don't even blink. Blink and you're dead. It's fast. Faster than you can believe. Don't turn your back, don't look away, and DON'T blink. Good luck".
I run Firefox on my phone. I don't notice any less of an experience compared to any of the other "big names."
That sounds like you're comparing mobile Firefox to mobile other-browsers, not desktop Firefox. Sure, mobile Firefox sucks about as much as other mobile browsers, it's nothing like desktop Firefox, in which case why bother? I've been using desktop Firefox since it was Phoenix 0.3 and it's a decent browser (modulo its more recent Chromefox incarnations), but if I want a shitty mobile browsing experience I'll use the Android built-in browser, not install Firefox.
That would be the Leica-as-Panasonic then? Same glass, but you pay Panasonic prices.
The main manufacturers don't want to cut into their DSLR revenue so they hobble their compacts so much they are basically useless.
Speaking of Panasonic, that's what's pissed me off about their strategy with bridge cameras, after the FZ30 it took them ten years to produce a successor, the FZ1000, because they didn't want to undercut their GH line, and even then they only came out with the '1000 because of Sony's RX10. This did however introduce me to a completely novel experience, that of being glad Sony exists.
Smartphones are killing the DSLR's recent expansion into the (non-traditional) low-end market.
So, basically, things are getting back to normal for the DSLR.
Beat me to it. Outside of the photographer community, the most common use I've seen for expensive DSLRs is as $1,000 point-and-shoots. It makes me want to cry when I see someone pull out a 60D and take a few shitty, badly-composed snaps of their three-year old with the top of the head cut off, then throw it onto the grass so they're free to wiggle their fingers at them. In my day we had to make do with salt prints produced from calotype negatives using salt we licked off our backs after working 26 hours a day down at mill, and we were lucky,
Camera phones have taken over the role of the $1,000 point-and-shoot and, as you point out, this is just things going back to normal.
Simple solution: name names and vote with your feet.
It's actually pretty simple to figure out, and is based on what the headline should have read, which is Why Gmail Has Better Security Than US Banks. I'm not aware of any European or Australasian bank that hasn't had 2FA for years (with the exception of UK banks, which are almost as bad as US ones).
Having said that, as a non-US IT person who occasionally has to deal with banks I think it's great, as long as US banks are running around with "please rob me" signs taped to their backs the cybercriminals leave our banks alone. Somebody has to be the easy-picking low-hanging fruit, and in this case it's the US.
(Sorry if this sounds like gratuitous US-bashing, but sheesh, how do your banks continue to get away with this? There are as yet undiscovered tribes in the jungles of Borneo who use Chip&PIN and 2FA, but the US doesn't...).
Slashdot Mirror
Clicking on one icon to switch to "metro" and then clicking on another to switch to "desktop" doesn't seem terribly cumbersome.
Installing Window Blinds and Start8 as a one-off doesn't seem terribly cumbersome, and then you have the UI that Microsoft should have given you in the first place (best ever response to this was taking my laptop in to Microsoft and having a MS person staring over my shoulder and eventually asking "what is that and where can I get it too").
Couldn't the first step be libreSSL? They cleaned out a ton of junk and applied some uniform coding standards. That would be much easier to audit, and a much sounder base. Flag as Inappropriate
Exactly (no mod points left, sorry). Auditing OpenSSL makes about as much sense as auditing Windows 95, we already know it's broken beyond repair, and any further effort expended on it is just throwing good money after bad. Focus on something that's worth going with, like LibreSSL, or something that was never OpenSSL to begin with.
For me, Swiss watches represent the pinnacle of hand crafted micro engineering. I also own a quartz watch that keeps better time and runs for years on a single battery for a micro-fraction of the cost (and requires no expensive servicing). So what? I find it refreshing to use an entirely mechanical device with amazing latent complexity. It serves a single purpose simply and elegantly yet almost perfectly.
Same here. I have an Atmos clock, which is entirely mechanical. You're supposed to get it serviced every 30 years (mine has just gone in for its second service, the first in the time I've owned it). The standard models are meant to run for about 400 years, the fancier ones like the du Millenaire are calibrated out to 3000 AD, although I'm not sure whether civilisation will still be around then if something goes wrong.
I'll bet the $10,000 Apple watch will be a piece of expensive inanimate jewellery long before my clock goes in for its third servicing.
Had an interesting discussion about this with some fellow geeks over steak recently, one of them proposed firing the bottom 80% of all your developers. Reason: Not only are they not contributing much that's useful, they are in fact a negative input on productivity since the other 20% who are useful have to go round cleaning up the mess they make.
I'm not sure if it's 80% (I'd say maybe 50%), but I know too many situations like this, where the clueless/incompetent are not only not doing anything useful but actively preventing the competent from getting their work done.
(The problem, which was pointed out at the time, is identifying who the incompetent 50% are. Many of them are where they are today because they know how to manipulate the system, rather than because they're any good at what they do).
"The prescribed global standard doesn't work so we're just going to roll our own. Twice."
Great. Thanks for that. Not "we will penalise sites that don't allow OSCP pinning because we think it's necessary" but "bugger this, we'll apply our own definition of what can be trusted or not to every user"
The reason for using this alternative to the alternative is because any kind of blacklist-based security doesn't work. It rates #2 in the six dumbest ideas in computer security, with default-allow (which arguably is the problem that blacklists are trying to deal with) at #1. First there were CRLs, which don't work. They were replaced with OCSP, which doesn't work. Now we have cert blacklists, which are fairly recent so they haven't failed often enough for it to be obvious to everyone that they don't work, but give it time...
Once they fail, the browser vendors will come back with version 4 of the dumbest idea, then version 5, and then version 6, and they'll just keep on doing the wrong thing over and over and over until eventually it starts working, dammit!
Seems like this is a half ass solution. I'm starting to think the whole system is flawed.
Starting? What would it take for you to realise that the whole browser PKI mess is the steaming pile of dung that it actually is?
The brings to mind a profound application that would likely solve this problem, a turing test for robocalls. How long can a computer keep the telemarketers on line, whilst leaving you out of it all.
Already exists, Google "telecrapper 2000".
For example, you all remember the magnificent shots of the Yamal crater in winter, made during the latest expedition in Novomber 2014. But do you know that Vladimir Putin, Emperor and Autocrat of All the Russias, was the first man in the world who went down the crater of gas emission riding on a bear? More than this, it was very risky, because no one could guarantee there would not be Ukrainian Kike-Banderites hiding down there.'
... that dress...
What dress?
There are already programs in place. One example, NIST certifies private security testing laboratories to test according to FIPS standards. It just nobody asking for certified products outside of the government procurement.
FIPS 140 certification, which I assume is what you're referring to, is almost worthless in terms of determining how resistant to real-world attack a product really is. It would have done nothing to prevent the problem discussed here. Its main use is as a measure of how desperate a vendor is to get government contracts, which is also why no-one asks for it outside government procurement.
Webservers are going to have to support both for years.
Applications are going to have to support both for years, possibly eternity. The whole HTTP 2.0 process was driven mostly by Google, who wanted HTTP changed to reduce the load on their servers (heaven knows what sort of uproar would have resulted if Microsoft had tried this sort of thing). Unfortunately the resulting design, while it may make Google's job easier, is incredibly difficult to implement for things like embedded devices. The HTTP 2.0 WG's response when this was pointed out, repeatedly, was "let them eat HTTP 1.1".
In other words there will be two HTTP's, 2.0 for Google and in general content providers and whatnot, and HTTP 1.1 for everything else.
A lot of these addons have millions of downloads. Perhaps browser makers need to get the message and include popular functionality that people want.
Sadly, things look like they're heading in the opposite direction. The first thing I do with a new install of Chromefox is download a pile of extensions to turn it back into Firefox, but it seems like every new release requires even more extensions to undo the Chromefox braindamage. So at least for that browser, the developers are making changes that force you to download more extensions, not less.
Have we slipped so far down the performance-orientated slide that we are impressed by *how well a dungeon generator runs on an i7 with 16GB of RAM.
Ah yes, but it's running VMWare running FreeBSD emulating Linux running Qemu running Windows XP running AppleWin running the dungeon generator written in Applesoft Basic for a 1MHz 6502 in 1979, and that's worthy of the front page of Slashspot.
(Oh year, "Apple II forever!").
With Windows Phone failing to make a dent on the smartphone market
It may have failed to make a dent on the smartphone market, but it's made a considerable dent (more like a smoking crater) in the desktop PC market. MS claims that they'll fix some of that in Windows 10 (Windows Phone, aka. 8, being so had that they skipped an entire version number to get away from it), but I'm taking a wait-and-see approach.
Extensions are what got me to switch away from IE way back in the day. There's a core half dozen of them that are invaluable.
Unfortunately in recent years the core half-dozen critical extensions are the ones you need to undo all the crap that's been done with Chromefox and get it back to being Firefox. Only after you've applied those can you start enhancing its functionality.
Still, without those you'd be stuck with using Chromefox, at which point you may as well just switch to Chrome anyway.
(Body added because Slashspot won't let me post a subject-only post, which has now ruined some of its effectiveness).
We live underground. We speak with our hands. We wear the earplugs all our lives.
PLEASE! You must listen! We cannot maintain the link for long... I will type as fast as I can.
DO NOT USE THE CABLES!
We were fools, fools to develop such a thing! Sound was never meant to be this clear, this pure, this... accurate. For a few short days, we marveled. Then the... whispers... began.
Were they Aramaic? Hyperborean? Some even more ancient tongue, first spoken by elder races under the red light of dying suns far from here? We do not know, but somehow, slowly... we began to UNDERSTAND.
No, no, please! I don't want to remember! YOU WILL NOT MAKE ME REMEMBER! I saw brave men claw their own eyes out... oh, god, the screaming... the mobs of feral children feasting on corpses, the shadows MOVING, the fires burning in the air! The CHANTING!
WHY CAN'T I FORGET THE WORDS???
We live underground. We speak with our hands. We wear the earplugs all our lives.
Do not use the cables!
Thanks to the fact that the Moon is tidally locked, we can only see 50% of it's surface on any given night.
"No one quite knows where the moon came from, but it's as old as the Earth, or very nearly. And it's survived this long because it has the most perfect defence system ever evolved. It's Tidally Locked. It doesn't exist when it's being observed. The moment it's seen by any other living creature it freezes into rock. In the sight of any living thing, it literally turns into stone. And you can't kill a stone. Of course, a stone can't kill you either, but then you turn your head away. Then you blink. Then, oh yes, it can. And I'm sorry. I am very, very sorry. It's up to you now. Don't blink. Don't even blink. Blink and you're dead. It's fast. Faster than you can believe. Don't turn your back, don't look away, and DON'T blink. Good luck".
1) One of my CCs was just switched to Chip & PIN.
AFAIK the US banks' implementation of Chip & PIN is just "Chip". They haven't quite figured out the "& PIN" bit yet.
I run Firefox on my phone. I don't notice any less of an experience compared to any of the other "big names."
That sounds like you're comparing mobile Firefox to mobile other-browsers, not desktop Firefox. Sure, mobile Firefox sucks about as much as other mobile browsers, it's nothing like desktop Firefox, in which case why bother? I've been using desktop Firefox since it was Phoenix 0.3 and it's a decent browser (modulo its more recent Chromefox incarnations), but if I want a shitty mobile browsing experience I'll use the Android built-in browser, not install Firefox.
Try the iPhone 6.
Zooms well, does it?
(Vario-Elmar-T 55-135, mmmmm :-).
What is needed basically is the new Leica.
That would be the Leica-as-Panasonic then? Same glass, but you pay Panasonic prices.
The main manufacturers don't want to cut into their DSLR revenue so they hobble their compacts so much they are basically useless.
Speaking of Panasonic, that's what's pissed me off about their strategy with bridge cameras, after the FZ30 it took them ten years to produce a successor, the FZ1000, because they didn't want to undercut their GH line, and even then they only came out with the '1000 because of Sony's RX10. This did however introduce me to a completely novel experience, that of being glad Sony exists.
I understand what you are saying, yes the quality of pixels matters (Dynamic range etc) however, all else being equal*, I would go for 24mp over 16mp
So you'd take some 1/3.2" cellphone sensor at 24MP over a full-frame 16MP?
Smartphones are killing the DSLR's recent expansion into the (non-traditional) low-end market. So, basically, things are getting back to normal for the DSLR.
Beat me to it. Outside of the photographer community, the most common use I've seen for expensive DSLRs is as $1,000 point-and-shoots. It makes me want to cry when I see someone pull out a 60D and take a few shitty, badly-composed snaps of their three-year old with the top of the head cut off, then throw it onto the grass so they're free to wiggle their fingers at them. In my day we had to make do with salt prints produced from calotype negatives using salt we licked off our backs after working 26 hours a day down at mill, and we were lucky,
Camera phones have taken over the role of the $1,000 point-and-shoot and, as you point out, this is just things going back to normal.
Simple solution: name names and vote with your feet.
It's actually pretty simple to figure out, and is based on what the headline should have read, which is Why Gmail Has Better Security Than US Banks. I'm not aware of any European or Australasian bank that hasn't had 2FA for years (with the exception of UK banks, which are almost as bad as US ones).
Having said that, as a non-US IT person who occasionally has to deal with banks I think it's great, as long as US banks are running around with "please rob me" signs taped to their backs the cybercriminals leave our banks alone. Somebody has to be the easy-picking low-hanging fruit, and in this case it's the US.
(Sorry if this sounds like gratuitous US-bashing, but sheesh, how do your banks continue to get away with this? There are as yet undiscovered tribes in the jungles of Borneo who use Chip&PIN and 2FA, but the US doesn't...).