×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Longtime Debian Developer Tollef Fog Heen Resigns From Systemd Maintainer Team

Aethedor Re:Not resigning from Debian (550 comments)

RemainAfterExit=yes

about two weeks ago
top

European Parliament Considers Sharing Passenger Information By Default

Aethedor Re:Fear (58 comments)

I agree with most of what you've said. However, I don't think it's lust for power, it's lust for money. Yes, the weapons industry was threatened by the Cold War ending and America needed a new enemy to keep that industry running. The terrorists became that new enemy. However, it's a relative small amount of people to whom this cause applies. The rest of us simply repeat and believe their call: fear the terrorists!

about two weeks ago
top

European Parliament Considers Sharing Passenger Information By Default

Aethedor Re:Fear (58 comments)

Personally, I believe mainstream media are partly to blame with their 24/7 "breaking now" mentality.

Of course, people started to become numb for that. Remember, the media's job is not to bring the news, but to sell the news. Keep that in mind when reading / listening to the news.

about two weeks ago
top

European Parliament Considers Sharing Passenger Information By Default

Aethedor Re:Fear (58 comments)

Politics is mostly to blame for that. Even here in the Netherlands we have awareness campaigns like 'Netherlands against Terrorism'. We don't have any significant terrorist threat in the Netherlands. None of us has ever seen a terrorist and will most likely never do. So, the only thing that campaign does is put fear in our minds.

about two weeks ago
top

European Parliament Considers Sharing Passenger Information By Default

Aethedor Re:Fear (58 comments)

I agree. But I also believe that if someone took the time and specially the courage the tell the people the truth, he/she would get even more votes. But to do so, that person first needs the proper understanding of this matter. And that's where the problem starts.

about two weeks ago
top

European Parliament Considers Sharing Passenger Information By Default

Aethedor Fear (58 comments)

And the reason for this all: fear. Fear for terrorists, fear for being held responsible, fear for the unknown. We live in a world in which we no longer accept any kind of risk. No matter how low that risk. Well, at least risks we are aware of. We fear terrorists, we fear ebola, we fear being robbed in the streets while at the same time we smoke, eat unhealthy food, practice dangerous sports and get in the car. Every day we do things that are more dangerous than the things we fear most.

Yes, terrorists should be stopped, but not at all cost. And there is no way to make 100% sure no terrorist will ever hit us. So, stop pretending we can! Stop wasting our time, money and privacy to give us false security! And if a terrorists hits us and kills 20 people, is say: that's bad but it isn't the end of the world. Life goes on. In the same time more people are killed for other reasons and we don't even hear about them!

Look at Boston. Despite all the anti-terrorist measures in America, it was still possible to do this kind of attack. And what happened to Boston? Nothing, they moved on. And that's how it should be done. Yes, it's easy for me to say because I haven't lost any family or friends in that attack. But that is the right way to look at it for politicians. Respond to it with logic and common sense and not with fear and emotion. Because that only makes it worse!

about two weeks ago
top

OpenBSD 5.6 Released

Aethedor Re:Thank you! (125 comments)

Penguins are simply parasites living on property no one wants anyway.

Than how can a penguin be a parasite?

about three weeks ago
top

Drupal Warns Users of Mass, Automated Attacks On Critical Flaw

Aethedor Re:PHP flame (76 comments)

What a cheap flame. And how not original. And you're wrong. SQL injections can be done with every language. To solve this, all it takes is a programmer who understands what he's doing and knows about a vulnerability that has been known for about 20 years and for which there is NO excuse for not knowing it.

It's not really hard do to it right, even in PHP. And there is a simple proof for that.

about a month ago
top

Drupal Fixes Highly Critical SQL Injection Flaw

Aethedor Re: It's not that hard to do it right (54 comments)

You might want to take a look how the Banshee PHP framework deals with SQL. With its SQL driver and the security_audit script, it's really hard to have an SQL injection error in your code.

about a month ago
top

Password Security: Why the Horse Battery Staple Is Not Correct

Aethedor Strong passwords are irrelevant (549 comments)

Having a strong password is not really relevant. If it complies to the basic rules of password strength, it's good enough. Because cybercriminals will not try to guess or crack your password. They'll hack the server or your computer, probably via malware or an exploit. What's more important is: did the website developer stored the password in a secure way and did you use a different password for every website?

about a month and a half ago
top

Security Collapse In the HTTPS Market

Aethedor Re:HTTPS is not flawed (185 comments)

First, know that it's not that I think all CAs are bad and evil. It's just that I don't know them and I don't know their procedures. Every CA that I 'trust' but has issued certificates only to websites that I never visit is a potential threat. Because that trust can be broken but I don't suffer from removing them from my list.

If you want to do this right, request a list of issued certificates from every CA and check if you ever need a secure connection with any of those websites. If you do, keep the CA. If not, remote it. Because this is quite some work, the best thing to do is remove the obvious ones, like CAs from China, Turkey, Taiwan and other countries from which you don't visit websites, keep the ones you clearly need (likely CAs from your own country) and make your own choice about the rest.

about 2 months ago
top

Security Collapse In the HTTPS Market

Aethedor Re:HTTPS is not flawed (185 comments)

I encourage you to try PolarSSL. It's really good and easy to learn. I replaced OpenSSL with PolarSSL in my own open source project within a few days and the only thing I regret is not doing it earlier.

about 2 months ago
top

Security Collapse In the HTTPS Market

Aethedor HTTPS is not flawed (185 comments)

From a technological point of view, it's a good protocol. It works and when implemented correctly, it's very secure. However, a PKI is not much about technology. It's mostly about organisation. In other words, it's not about PK, but all about I.

And that's were most things go wrong. Yes, Heartbeat was about technology, but people who paid attention moved away from OpenSSL a long time ago. There are more than enough alternatives. GnuTLS and PolarSSL for example. Apple's gotofail was also about technology, but name me one piece of software that is 100% bug free.

The real problem with HTTPS is how it's organized. When I install a browser (or get one via the OS), I also get a shit load of CA's which I'm supposed to trust. CA's from China, Turkey, Taiwan and other countries from which I don't even speak the language. I will never need a certificate from one of those CA's, because I will never need a secure connection with any website protected by their certificates. If the people from Iran were wise enough to realize that they don't need Diginotar because they don't speak Dutch, they would never be at risk because of Diginotar's epic failure. The first thing I do when installing a web browser is get rid of all the irrelevant CA's. Just to be sure, just to be safe.

And that's what's wrong with HTTPS. That's what needs to be fixed. Trust shouldn't be imposed by a browser maker. Trust should be earned.

about 2 months ago
top

Remote Exploit Vulnerability Found In Bash

Aethedor Re:Not vulnerable (399 comments)

Never mind my previous post. The weblog article has been changed, so the claim of not being vulnerable seems to be false.

about 2 months ago
top

Remote Exploit Vulnerability Found In Bash

Aethedor Not vulnerable (399 comments)

It seems that the Hiawatha webserver is not vulnerable for this exploit, because it doesn't URL decode environment variables. Wise decision (CGI's seem to work fine without it) or just luck? Is there a standard which says that CGI environment variables should be URL decoded?

about 2 months ago
top

Tox, a Skype Replacement Built On 'Privacy First'

Aethedor Re:The public key... (174 comments)

Oh, wait. Elliptic curve cryptography, never mind my previous post.

about 3 months ago
top

Tox, a Skype Replacement Built On 'Privacy First'

Aethedor The public key... (174 comments)

... consists of 64 hex characters. This gives a 256 bit public key. Not very strong or am I missing something?

about 3 months ago
top

PHP 5.6.0 Released

Aethedor Re: It's not the knife... (118 comments)

Choosing a programming language that best suites the needs of your company it totally different from pointless bashing a programming language you don't even use. In that case, those opinions are irrelevant to everybody.

about 3 months ago
top

PHP 5.6.0 Released

Aethedor Re:It's not the knife... (118 comments)

That's good for you, but it's still an opinion. I don't think that PHP works against the programmer. Talking about Django, I don't like it. I've takens a look at it, but I think it's too much hustle to get a simple website running. I've created my own framework, the Banshee PHP framework. It's fast, secure and easy to use. The websites you can make with Banshee are just as good as the one you can make with Django.

about 3 months ago

Submissions

Aethedor hasn't submitted any stories.

Journals

Aethedor has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?