Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Password Security: Why the Horse Battery Staple Is Not Correct

Aethedor Strong passwords are irrelevant (546 comments)

Having a strong password is not really relevant. If it complies to the basic rules of password strength, it's good enough. Because cybercriminals will not try to guess or crack your password. They'll hack the server or your computer, probably via malware or an exploit. What's more important is: did the website developer stored the password in a secure way and did you use a different password for every website?

about a week ago
top

Security Collapse In the HTTPS Market

Aethedor Re:HTTPS is not flawed (185 comments)

First, know that it's not that I think all CAs are bad and evil. It's just that I don't know them and I don't know their procedures. Every CA that I 'trust' but has issued certificates only to websites that I never visit is a potential threat. Because that trust can be broken but I don't suffer from removing them from my list.

If you want to do this right, request a list of issued certificates from every CA and check if you ever need a secure connection with any of those websites. If you do, keep the CA. If not, remote it. Because this is quite some work, the best thing to do is remove the obvious ones, like CAs from China, Turkey, Taiwan and other countries from which you don't visit websites, keep the ones you clearly need (likely CAs from your own country) and make your own choice about the rest.

about three weeks ago
top

Security Collapse In the HTTPS Market

Aethedor Re:HTTPS is not flawed (185 comments)

I encourage you to try PolarSSL. It's really good and easy to learn. I replaced OpenSSL with PolarSSL in my own open source project within a few days and the only thing I regret is not doing it earlier.

about three weeks ago
top

Security Collapse In the HTTPS Market

Aethedor HTTPS is not flawed (185 comments)

From a technological point of view, it's a good protocol. It works and when implemented correctly, it's very secure. However, a PKI is not much about technology. It's mostly about organisation. In other words, it's not about PK, but all about I.

And that's were most things go wrong. Yes, Heartbeat was about technology, but people who paid attention moved away from OpenSSL a long time ago. There are more than enough alternatives. GnuTLS and PolarSSL for example. Apple's gotofail was also about technology, but name me one piece of software that is 100% bug free.

The real problem with HTTPS is how it's organized. When I install a browser (or get one via the OS), I also get a shit load of CA's which I'm supposed to trust. CA's from China, Turkey, Taiwan and other countries from which I don't even speak the language. I will never need a certificate from one of those CA's, because I will never need a secure connection with any website protected by their certificates. If the people from Iran were wise enough to realize that they don't need Diginotar because they don't speak Dutch, they would never be at risk because of Diginotar's epic failure. The first thing I do when installing a web browser is get rid of all the irrelevant CA's. Just to be sure, just to be safe.

And that's what's wrong with HTTPS. That's what needs to be fixed. Trust shouldn't be imposed by a browser maker. Trust should be earned.

about three weeks ago
top

Remote Exploit Vulnerability Found In Bash

Aethedor Re:Not vulnerable (399 comments)

Never mind my previous post. The weblog article has been changed, so the claim of not being vulnerable seems to be false.

about a month ago
top

Remote Exploit Vulnerability Found In Bash

Aethedor Not vulnerable (399 comments)

It seems that the Hiawatha webserver is not vulnerable for this exploit, because it doesn't URL decode environment variables. Wise decision (CGI's seem to work fine without it) or just luck? Is there a standard which says that CGI environment variables should be URL decoded?

about a month ago
top

Tox, a Skype Replacement Built On 'Privacy First'

Aethedor Re:The public key... (174 comments)

Oh, wait. Elliptic curve cryptography, never mind my previous post.

about a month and a half ago
top

Tox, a Skype Replacement Built On 'Privacy First'

Aethedor The public key... (174 comments)

... consists of 64 hex characters. This gives a 256 bit public key. Not very strong or am I missing something?

about a month and a half ago
top

PHP 5.6.0 Released

Aethedor Re: It's not the knife... (118 comments)

Choosing a programming language that best suites the needs of your company it totally different from pointless bashing a programming language you don't even use. In that case, those opinions are irrelevant to everybody.

about 2 months ago
top

PHP 5.6.0 Released

Aethedor Re:It's not the knife... (118 comments)

That's good for you, but it's still an opinion. I don't think that PHP works against the programmer. Talking about Django, I don't like it. I've takens a look at it, but I think it's too much hustle to get a simple website running. I've created my own framework, the Banshee PHP framework. It's fast, secure and easy to use. The websites you can make with Banshee are just as good as the one you can make with Django.

about 2 months ago
top

PHP 5.6.0 Released

Aethedor Re: It's not the knife... (118 comments)

You're missing my point. I'm only saying: if you don't like it, don't use it. But don't bug other people with oppinion, because it's irrelevant to the .

about 2 months ago
top

PHP 5.6.0 Released

Aethedor Re:It's not the knife... (118 comments)

It's not a bad knife. It's just that *you* think that it's a bad knife. I think it's a fine knife. I'm not saying perfect, but no knife is. I know its good sides, I know its bad sides, which allows me to handle it well. The things I create with it are really up any challenge.

But tell me, how's your cooking?

about 2 months ago
top

PHP 5.6.0 Released

Aethedor Re:It's not the knife... (118 comments)

Thank you for proving my point.

If you don't like PHP, that's fine. But please, stop wasting other people's time with your whining about it. Really, nobody cares!

about 2 months ago
top

PHP 5.6.0 Released

Aethedor It's not the knife... (118 comments)

it's the cook that prepares the food. It's not the camera, it's the photographer that shoots the picture. It's not the racing car, it's the driver that wins the race. It's not the programming language, it's the programmer that creates the application.

All you whiners can bash PHP like you want. But a PHP website will still beat your Perl website if the PHP programmer is better than you. So, unless your coding skills are 100% perfect, you better start looking at your own flaws instead of wasting time at whining about a programming language that simply isn't your pick of choice. Please, it's time to grow up.

about 2 months ago
top

Russia Prepares For Internet War Over Malaysian Jet

Aethedor Re:Wrong priority! (503 comments)

prick

about 3 months ago
top

Russia Prepares For Internet War Over Malaysian Jet

Aethedor Re:Wrong priority! (503 comments)

You expect and want the US to stick it's nose into every corner of the world?

It already has been doing that for the last decades.

Don't we have a UN? Can't Europe look after itself?

I'm not say that *only* the US president should be doing something. EVERY world leader should be doing something. If you think that this is only a local incident, you don't understand the situation there and what just has happend.

about 3 months ago
top

Russia Prepares For Internet War Over Malaysian Jet

Aethedor Re:It's Putin's fault (503 comments)

In the US, the truth shall set you free,

Omg, how brainwashed one can be. The US is one big lie itself.

about 3 months ago
top

Russia Prepares For Internet War Over Malaysian Jet

Aethedor Wrong priority! (503 comments)

... the priority is investigating whether U.S. citizens were involved.

Seriously, is that really what matters now? What an arrogant *****. What really matters is who did it and why. What's the risk for other planes. If it were the rebels, how did they get their hands on such advanced weaponry. 298 people died. Who they were is something to find out by the airliner company. A president, and specially one from the USA, should really have other things to worry about.

about 3 months ago
top

Ask Slashdot: Choosing a Web Language That's Long-Lived, and Not Too Buzzy?

Aethedor Re:PHP with Banshee framework (536 comments)

Don't focus on a language only. Also look at a good framework. My advice is the Banshee PHP framework. It mainly focuses on security, which is the only important thing these days. I know this will be seen as spam, but do yourself a favor and just take a look at it for 15 minutes.

about 4 months ago

Submissions

Aethedor hasn't submitted any stories.

Journals

Aethedor has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?