×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Google Proposes To Warn People About Non-SSL Web Sites

DavidRawling Re:Bad for small business owners (389 comments)

Buddy, you can get a certificate for less than FIVE US dollars per year. Is that too much for you?

Actually yes, frankly it is. Because according to Google's overpaid, brain-dead Chrome developers, I need one for the KVM, one for each of the management cards in the servers, one for each of the appliances I have (from DVRs to firewalls etc), one for each little device with a web server (assuming it even supports writing a certificate to storage, and config for HTTPS), one for each workstation or server with an app or config UI. Quick count for my house alone ... 47 certs excluding the devices that quite literally have NO way to store and use a cert. I simplified too by assuming the devices supporting certs can handle SHA256 (thanks Google for THAT little recent shitfight). And the certs don't support SANs nor do CAs allow local names, so I have to use the correct FQDN all the time now (no more http://dvr/ or typing the IP - now it's https://dvr.private.example.co...). And what have I gained? I've had to spend $230+ and several hours of work to avoid irrelevant anti-sec warnings, on devices no-one can get to except me. It's bulldust.

yesterday
top

Google Proposes To Warn People About Non-SSL Web Sites

DavidRawling Re:So perhaps /. will finally fix its shit (389 comments)

And that adequately reflects the rest of the world how? I have customers with multiple 5Mbps connections (literally the best they can get, there IS NO FIBER) at $400/month. They have dozens of users, 10-100MB files to send and receive, every day, and therefore a local caching proxy is the only way they can get any reasonable web access at all. But go on believing the rest of the world is like your little Utopia.

yesterday
top

Google Proposes To Warn People About Non-SSL Web Sites

DavidRawling Re:Does HTTP/SSL force one IP address per www doma (389 comments)

No - this problem is solved with SNI (Server Name Indication) which is part of all the current browsers, and has been for a while now. The client tells the server which certificate to return (which hostname it's going to ask for) in plaintext. There's probably a module you need for Apache to support this - IIS finally does it natively, so I'm sure it was already there in Apache/nginx.

2 days ago
top

Google Proposes To Warn People About Non-SSL Web Sites

DavidRawling Re:Stupid (389 comments)

And forcing SSL does nothing to prevent your employer setting up an SSL proxy with a wildcard certificate, decrypting everything you request, and tracking you anyway. I've set up MITM proxies for companies before, and it's literally 10 minutes of effort in most cases (because the end-users already trust the corporate CA). And if you think the Government can't MITM you as well you haven't been paying attention for the last 12 months.

2 days ago
top

Google Proposes To Warn People About Non-SSL Web Sites

DavidRawling Re: So perhaps /. will finally fix its shit (389 comments)

OK, Mr AC, care to explain how you plan to cache SSL-encrypted objects? All your caching proxy sees is the "connect me securely to server X" request - after that, it's encrypted and your proxy cannot tell what's being loaded. Worse, since SSL inflates the data sizes of whatever you've requested, your images are up to 50% more data, and your (already compressed with gzip) HTML, CSS, JS etc is the same. So you've added 50% to your traffic for ... potentially nothing.

Seriously, what do you gain (actual, measurable improvements) from switching from http://www.comics.com/garfield... to https://www.comics.com/garfiel...? Nothing but overhead.

And that's leaving aside the fact that SSL no longer guarantees the source server (too many options for MITM server certificate hacks) or security (POODLE etc).

No, make no mistake, this is Google throwing its weight around, screw anybody who doesn't want or need a certificate for their site, or has made a conscious decision NOT to use SSL (not to mention all the corporates with proxies that inspect for malware - now you're mandating SSL MITM by the organisation, or you have a channel for malware into any system).

2 days ago
top

Forbes Blasts Latests Windows 7 Patch as Malware

DavidRawling Short sighted (229 comments)

Ah yes, one bad patch and we should all NEVER PATCH AGAIN BECAUSE THE SKY IS FALLING! Perhaps he will take personal responsibility the next time a patched vulnerability launches a new botnet? Nah, just write inflammatory rubbish, it's easier.

5 days ago
top

Tesla Wants Texas Auto Sales Regulations Loosened

DavidRawling Re:I look forward (137 comments)

Actually, I don't know why they don't "acquiesce" somewhat to the demands - and offer to sell to the dealers at the same price as they sell in other states.

When the dealers refuse on the basis they won't be competitive with out-of-state sales, they should surely be able to use that to force the hand of the legislature (by advertising in Texas, with the tag line "Not available in Texas because none of your dealers will sell our cars" or something). Truthful. Pins the "blame" where it belongs (the dealers).

If, OTOH the dealers accept, the customers will demand to know why Texas is 25% more expensive (and Tesla can truthfully say "We sell at the same price to all comers, dealer or private, so any difference is the dealer's margin because your state gov't won't let us sell direct to you".

I'm very interested, with Tesla apparently coming to Oz next year, to see what happens here.

about two weeks ago
top

What Would Have Happened If Philae Were Nuclear Powered?

DavidRawling Re:Nuclear Power has Dangers (523 comments)

Or you could read the article (psht this is SLASHDOT, what was I thinking?) and the papers it references which indicate the most likely outcome of an explosion of the craft within 1m of takeoff would still result in 0 deaths. Science, not baseless assertions.

about a month ago
top

Apple Releases iMessage Deregistration Utility

DavidRawling Re:No one seems to see the real privacy issue (136 comments)

While it's true that it takes months or years for the number to be re-issued, it takes only an hour for it not to be your number any more after you change providers (or, in the US perhaps even area codes?) In Aus we have number portability between the carriers, which is nice when you pay for it - but sometimes you have to change numbers for reasons outside your own control. I trust (from some of the above comments) that this new tool handles what would seem to be a fairly regular occurrence, though the summary suggests otherwise?

about a month ago
top

Ask Slashdot: How Would You Build a Home Network To Fully Utilize Google Fiber?

DavidRawling Re:5 or 8 port switch at the entertainment center (279 comments)

Sure - I could. But that's extra devices and usually extra power points at those locations (esp if you want any POE - I doubt there will ever be a switch that can be powered by, AND deliver POE at the same time). So it's extra devices to buy and support and manage which is why I decided against it. Having the extra ports doesn't stop me doing it in the future either.

The flip side of course is that a failure in one of the big switches takes a LOT of things offline and it's more expensive to replace. Not the VM cluster or servers - but about half the other devices (e.g. one of the WAPs, half the desktop points etc).

about 2 months ago
top

Accessing One's Own Metadata

DavidRawling Re:Unlisted number baloney :( (94 comments)

OK Telstra has to record the source and destination numbers of all the calls - right? Here's a sample record (not that drawing a table is easy so work with CSV here):

FromID, ToID, TimeStart, TimeEnd
0299999999, 0288888888, 20090617135834, 20090617140711

How would you like to determine whether the number 0299999999, which is not owned or operated by Telstra today, and which was not owned or operated by Telstra in 2009 either, was or was not an unlisted number at the time of the call? Because its state right now is completely irrelevant - the state at the time of the call is the important and relevant piece of data, and it doesn't exist. And the reason it doesn't exist is that this is a record designed for billing and cross-checking, not for customer view (if you're arguing against unlisted numbers in toto, you've never been stalked).

about 2 months ago
top

Ask Slashdot: How Would You Build a Home Network To Fully Utilize Google Fiber?

DavidRawling Re:Man up (279 comments)

I did this when I finally bought a place 15m ago. I went what I considered was pretty "nuts" on the cabling. Cat6A everywhere - 2 in every room except bathrooms, kitchen, laundry and foyer, 6 per room for the entertainment areas. 2 APs at opposite ends of the house, and everything terminates in a 6U cabinet in the garage (26 points total). The sparkie who did the cabling said he's just finished another place with over 50 points, similar approach to mine. So what would I do differently? Most rooms are fine. I find I could use more in one of the entertainment areas, but some of those devices are both wired and wireless (and if push came to shove, I would simply move a device to WiFi). I wish I had thought to put a couple of points near where the solar inverter will be, so I could run a Galileo or similar for monitoring - it'll have to be WiFi. But this gives me at least 1Gb with POE almost everywhere, and I can go to 10Gb if it's ever a requirement.

about 2 months ago
top

Apple Outrages Users By Automatically Installing U2's Album On Their Devices

DavidRawling Re:First world problems. (610 comments)

Look I know it's a tiny thing, and I'm in the "don't like U2 so might have been annoyed" camp. But at least some of the reasoning behind the annoyance is that this has hit a stack of data caps / data plans on mobile devices. "It's only 100MB" you say. But if that's 1/5th your monthly data and you only had 30MB left on the last 2 days of your month - now you have a bill thanks to Apple. And where does it stop? "Here's your free 100MB download" is a possible annoyance or a great thing once. It's a royal PITA for lots of people if it starts being every month or week. Or what if it was a 1GB movie instead? Is that OK because the free 100MB album push was OK, and $producer paid Apple eleventy squillion bucks, and it's free so don't complain? Sorry, there's nuances here you're deliberately ignoring, and it makes your argument look like a baseless whinge.

about 3 months ago
top

Reversible Type-C USB Connector Ready For Production

DavidRawling Re:Big improvement on Micro B (191 comments)

Oh, like you don't find on the Samsung Note 3 and Galaxy S5, you mean? Yeah no chance of seeing it on a phone.

about 4 months ago
top

Ask Slashdot: Open Hardware/Software-Based Security Token?

DavidRawling Re:OATH (113 comments)

Actually, combine the Yubikey with AuthLite, and you have 2FA for Windows AD environments. I just implemented for a customer; they use the OTP for the username and the normal password for the password. This has two benefits: first, you don't hit the arbitrary 48 character password length limit for things like VPNs (yeah - you can have a 128 character UTF16 password, just don't try to connect remotely) and secondly, there's no customisation of apps required. It Just Works.

about 5 months ago
top

Student Records Kids Who Bully Him, Then Gets Threatened With Wiretapping Charge

DavidRawling Re:WTF?? (798 comments)

I've seen comments like this a couple of times now and I have an easy way to demonstrate that bullying was (and is) illegal. I believe Aus and US law are not too far apart on this - either the bully hits the bullied, or does not. If he does, he can be found guilty of battery. If not, he can be found guilty of assault, (if the bullied person feels his safety is at risk that's technically enough).

about 8 months ago
top

ICANN Considers Using '127.0.53.53' To Tackle DNS Namespace Collisions

DavidRawling Re:IPv6 should have been entrenched before TLD pro (164 comments)

Sure they do - all the major web servers and hosting platforms can use and define vhosts (it's just that the mechanism for creating them differs on each platform). IIS for example, if you create a new site, using "All IP Addresses" port 80, will require that you designate a host header so that the HTTP engine can route the request to the right Web Site (and corresponding content). All IP Addresses port 80 with an empty Host Header acts as a "catch-all" and is assigned to the Default Web Site. Which you generally disable, and create your own config for, if you know what you're doing. Apache, on the other hand, configures those vhosts in text files (nowadays under sites-enabled, as I recall). But the functionality is all there on pretty much all major platforms.

Now if you're arguing that the administrators of IIS servers are exponentially less likely to have a clue about host headers, when compared to their Apache/nginx counterparts - well then from my experience you're absolutely right (my history is MS consulting, and the number of IIS admins who want 20 IP addresses for 20 sites because they don't get how to do host headers, DNS resolution etc, cannot be counted - the reverse can be counted on both hands over 20 years of doing this stuff).

about 10 months ago
top

Is Verizon Already Slowing Netflix Down?

DavidRawling Shades of grey, not black and white (298 comments)

No, it means anecdotal evidence is to be taken as better than no evidence whatsoever. Not everything is black and white, one side of the fence or t'other.

Consider this as a scale - Peer reviewed, multiple-source reproducible trumps anecdotal evidence, but anecdotal evidence is still better than the absence of any evidence on either side.

about 10 months ago
top

Ford Exec: 'We Know Everyone Who Breaks the Law' Thanks To Our GPS In Your Car

DavidRawling Re:They will use the data in court (599 comments)

Cop 1: "He looked like he was hiding something, yer onner". When we stopped him he kept looking around and acting strangely."

Cop 2: "Yeah, yeah, wot he said."

You: "I did no such thing, your honour."

Judge: Both cops say you did, 2 trusted public officials with no reason to lie against 1 obvious reprobate, probable cause, case dismissed with prejudice.

about a year ago
top

Ford Exec: 'We Know Everyone Who Breaks the Law' Thanks To Our GPS In Your Car

DavidRawling Re:If I ever own a Ford.... (599 comments)

Do you really think the telcos would be able to charge full monthly fees for each car despite it sending a few dozen kB a month? Most likely something like the kindle model - where I'm guessing Amazon pay the telcos 20c a month or something, because while the total data amount is huge, the amount of data per device is so small and only the aggregate so large. Same with FROD. 50M extra data streams, once a day spread country-wide? Noise to the telco's existing data streams. Frod and all the others will negotiate the rates down to SFA, they get the data, the telcos get more revenue/profit and the only loser is you, the consumer.

about a year ago

Submissions

top

Web Censorship Sneaking into US

DavidRawling DavidRawling writes  |  more than 4 years ago

DavidRawling writes "According to Demand Progress, while we've all been concentrating on censorship moves in Australia, Iran and China (just to name a few), the US Senate has proposed censorship for the Internet within the USA.

Just the other day, President Obama urged other countries to stop censoring the Internet. But now the United States Congress is trying to censor the Internet here at home. A new bill being debated this week would have the Attorney General create an Internet blacklist of sites that US Internet providers would be required to block.

This is the kind of heavy-handed censorship you'd expect from a dictatorship, where one man can decide what web sites you're not allowed to visit. But the Senate Judiciary Committee is expected to pass the bill this week — and Senators say they haven't heard much in the way of objections! That's why we need you to sign our urgent petition to Congress demanding they oppose the Internet blacklist.

The stench of the hypocrisy is astonishing."
Link to Original Source

top

DavidRawling DavidRawling writes  |  more than 8 years ago

David Rawling (864446) writes "Looks like Spamhaus are not out of the woods yet. e360 have published a new docket from the Illinois court suggesting that Spamhaus has lost all 3 of its recent motions.

From the docket:
Motion hearing held on 10/31/2006. As discussed in open court, defendant's motion [43] to vacate default judgment is denied. Defendant's motion [45] for a stay of enforcement of judgment pending appeal is denied. Defendant's motion [41] to quash citation to discover assets is denied. Defendant is ordered to comply with the citation to discover assets.
This comes just a few days after the court rejected a request to take Spamhaus' domain offline."

Journals

DavidRawling has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?