Slashdot Mirror


User: tepples

tepples's activity in the archive.

Stories
0
Comments
68,260
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 68,260

  1. If you want Xubuntu, you know where to find it. on Canonical Needs Your Help Transitioning Ubuntu Linux From Unity To GNOME (ubuntu.com) · · Score: 2

    If they wanted to 'make a good, more Open release' like you're claiming, then they'd be switching to Xfce or Kde instead of Gnome 3.

    Which is why Kubuntu and Xubuntu exist. I personally run Xubuntu on my PC at work. If you want Xubuntu or Kubuntu to gain momentum, then go ahead and contribute to that project. This project is for people who prefer GNOME.

  2. Any problems with GNOME in Debian? on Canonical Needs Your Help Transitioning Ubuntu Linux From Unity To GNOME (ubuntu.com) · · Score: 1

    Try Debian

    To people who have used GNOME 3.14 in Debian 8 "Jessie" or 3.22 in Debian 9 "Stretch": What serious problems have you run into?

  3. Re:Mandatory hours of supervised driving on Uber and Lyft May Cause Lower Car Ownership In Big Cities, Says Report (slashgear.com) · · Score: 1

    When I took health class in high school, driver's ed was not on the curriculum. Students wanting to learn to drive were expected to attend a private driving school for $350. I completed the classroom portion of it after I graduated from high school, but I had to leave for college before the behind-the-wheel portion could begin. And even then, the behind-the-wheel portion provides only 6 hours of supervised driving on a learner's permit, leaving it up to the parent to arrange the other 44 (or more depending on the state).

  4. Re:Mandatory hours of supervised driving on Uber and Lyft May Cause Lower Car Ownership In Big Cities, Says Report (slashgear.com) · · Score: 1

    the parent is also a non-driver

    It's laziness and apathy on the part of the family, who should supervise their driving for them so that they don't have to pay for the privilege.

    If you mean the parent should learn to drive in order to supervise the child's driving, then who supervises the parent's driving?

  5. Mandatory hours of supervised driving on Uber and Lyft May Cause Lower Car Ownership In Big Cities, Says Report (slashgear.com) · · Score: 1

    I see no reason for not getting one other than laziness, apathy, or fear.

    I waited until 25 to get my license because car insurers overcharge policyholders if a driver under 25 is on the policy. Another family may not have thousands of dollars to pay a driving instructor for the 50 to 120 hours of supervised driving that the state requires of new drivers, especially if the parent is also a non-driver. In what way do these excuses fall into the categories of "laziness, apathy, or fear"?

  6. Merge conflicts; keyfiles on mobile on Password Power Rankings: a Look At the Practices of 40+ Popular Websites (helpnetsecurity.com) · · Score: 1

    using a sync solution like Dropbox shouldn't be a problem

    What I fear is that I would add two passwords on separate machines, and then the ownCloud or Dropbox client gets a merge conflict when it sees that both versions of the password vault file have changed.

    Especially if there's a separate keyfile that you don't include on shared storage and instead copy to every client device manually.

    How is that done on mobile, especially when iOS didn't have a user-accessible file system last I checked?

  7. Computing emtropy "properly" on Password Power Rankings: a Look At the Practices of 40+ Popular Websites (helpnetsecurity.com) · · Score: 1

    And if you estimate entropy PROPERLY

    What's "properly"? Kolmogorov complexity isn't tractable to compute.

  8. Usernames aren't supposed to be secret on Password Power Rankings: a Look At the Practices of 40+ Popular Websites (helpnetsecurity.com) · · Score: 1

    That'd be difficult on sites that use a username as part of a user's public identity. For example, someone who reads the comments of all stories on the front page of Slashdot can see the usernames of all logged-in users who have commented on those stories.

  9. whitelist real IPs from logs or when they call in to complain.

    That's still a DoS against the department that responds to "call in to complain."

  10. Re:Usernames and e-mail adresses. on Password Power Rankings: a Look At the Practices of 40+ Popular Websites (helpnetsecurity.com) · · Score: 1

    How about websites adjust their software such that e-mail addresses are not required for registration nor use!

    Are you recommending use of a mobile phone number capable of receiving SMS as a substitute for an e-mail address? If not, then through what other mechanism would a user recover a forgotten password?

  11. Don't make Netflix mess with my pants on Password Power Rankings: a Look At the Practices of 40+ Popular Websites (helpnetsecurity.com) · · Score: 1

    Sure, the data has to be breeched first

    Why does the data need to start wearing pants?

  12. Now I'm wondering why Github didn't offer 2FA when I created my account.

    Probably because you still need to generate a password in order to push.

  13. Traditional Complexity rules ARE bad.

    Would it be bad to retain the "must contain a letter" rule if the password is long enough? This RC car shop has these rules: 8-15 characters with at least 1 letter and 1 digit, or 16+ characters with at least 1 letter.

  14. Twitter's 2FA is expensive on Password Power Rankings: a Look At the Practices of 40+ Popular Websites (helpnetsecurity.com) · · Score: 1

    Hint: Two-factor authentication is so dramatically more secure that you're far better off implementing it

    Unless it's Twitter, which allows only the login method that's most expensive per use for many U.S. users.

    • YubiKey and other FIDO U2F devices: Not supported
    • Google Authenticator and other TOTP apps: Not supported
    • One-time random number through voice call: Not supported. This leaves out users of landlines or wireless home phone service.
    • One-time random number through SMS: Supported, but standard messaging and data rates apply. Cellular carriers in the United States tend to charge pay-as-you-go subscribers 10 cents per sent message and 10 cents per received message.
  15. There are two kinds of web-based random string generators: those that generate the password on the server and therefore allow the operator of the site to see every string that is generated, and those that generate the password on the client and therefore require the user to add the site to the browser's whitelist for running JavaScript.

  16. so every time I visited my password was expired and needed to be reset.

    Some sites are in fact using passwordless login, which is equivalent to resetting the password on every login.

  17. A password stored in a password manager's file is only as strong as the file's master password. And don't password managers that synchronize new or changed passwords between machines cost money?

  18. If it isn't stored with the password then you are using 1 common salt for all passwords.

    Or the salt and hash are stored in separate tables on physically separate machines.

  19. ATM fees, postage, and money order fees on Password Power Rankings: a Look At the Practices of 40+ Popular Websites (helpnetsecurity.com) · · Score: 2

    Have you considered changing banks?

    Yes. But when only one bank has ATMs within cycling distance, that makes every other bank much more expensive: withdrawing cash costs ATM fees, depositing checks costs postage, and depositing cash costs postage plus money order fees. In the city where and years when I attended college, there was only one bank.

  20. brute force is mitigated by account lockout.

    What mitigates the denial of service caused by account lockout?

  21. Which ISP refuses home business Internet? on Maybe Americans Don't Need Fast Home Internet Service, FCC Suggests (arstechnica.com) · · Score: 1

    How are you paying for said "photographic printing service" and "video publishing service"? If it resembles revenue from subscribers, clients, or advertisers, then you are running a home business, and you can consider subscribing to business Internet at your home. If your ISP won't offer business Internet to homes, then please name and shame the ISP that shows disrespect for the environment by banning telecommuting.

  22. It makes a 4K TV's price look like not a truckload on Maybe Americans Don't Need Fast Home Internet Service, FCC Suggests (arstechnica.com) · · Score: 1

    Context please:

    ^^^ spends a truckload of cash on a 4K TV, wont foot the bill for the internet connection to drive it.

    I have the fastest Internet available in my [residential] area.

    Best internet that he's willing to pay for.

    The price of "the internet connection to drive it" exceeds the price of "a 4K TV" by at least an order of magnitude. Therefore, the price of "a 4K TV" is not "a truckload" by comparison.

    I bet if you tried harder you could find someone to sell it to you, too.

    If you were in that situation, and the reply were "$1000 per month" or "we offer service to businesses, not homes" or "sure, but you're responsible for obtaining all right-of-way permits from the city and paying to bury the fiber", what would be your next step?

  23. Let me guess how that would be rephrased: Best Internet access available at his residential address.

  24. PCs from 2000 were fast enough for SWF on Firefox 55 Arrives With WebVR on Windows, Performance Panel, and Click-to-Play Flash (venturebeat.com) · · Score: 1

    PCs from the dial-up era were fast enough to play SWF animations from the dial-up era, and Flash Player let the user dial the FSAA up or down. Nowadays, CPUs are faster, and GPU acceleration is more common. Adobe is the limiting factor in making Flash Player not suck, and I concede that the company has recently punted on that.

  25. Re:VR? More crap no-one asked for on Firefox 55 Arrives With WebVR on Windows, Performance Panel, and Click-to-Play Flash (venturebeat.com) · · Score: 1

    Considering the hardware requirements to run it at an acceptable framerate? Yeah, I would prefer it not run in an interpreted language.

    JavaScript used to be interpreted a decade ago. Now it's JIT compiled. WebAssembly is even more explicitly JIT compiled, a replacement for the Java platform that doesn't involve Oracle's legal department. Besides, the DOM runs in retained mode, which allows the compositor to run asynchronously of the script execution engine.

    Most PCs don't qualify as "available for your platform" when it comes to VR.

    Yet VR is available for both Windows and GNU/Linux. Will VR apps compiled for GNU/Linux run unchanged in WSL? Or will VR apps compiled for Windows run unchanged in Wine?

    It's bad enough that the drivers are spying on your eyeballs, we don't need XSS, SuperCookies, and Browser Fingerprinting added to the mix

    Yet native applications have even greater privileges by default than web applications.

    Seriously, a web browser may as well be called a "Userland untrusted / unvetted code retrieval and execution tool."

    So is anything else that can download an executable. Do we ban Wget now?

    Also nevermind that creating a web browser is made more difficult by yet another moving of the goalposts, and increase in scope.

    In theory, not all web browsers for a given PC operating operating system need to support WebVR. One can switch to one that does.

    SecondLife would like a word with you.

    Second Life is still in operation.

    Until they solve the whole "need as much free physical space as the total size of the virtual environment to avoid teleporting" thing (A.K.A. "I have no control over my virtual legs")

    Is it necessarily a bad thing to simulate a power chair and add the ability to move sideways? Because that's the paradigm seen in first-person shooters for both consoles and PCs.

    You'll need 3D modeling software to make anything unique

    Microsoft maintains a popular proprietary 3D voxel modeling application called Minecraft, and Blender Foundation (formerly NaN) maintains a popular free 3D surface modeling application called Blender. I am aware of the limits of Minecraft and the unfamiliarity of Blender and concede that we're still in an experimental era of bringing sculpting capability to the masses.

    It's a "because we can, not because we should" inclusion that does practically nothing for 5% market share it has.

    The World Wide Web itself used to be the same way.