×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Microsoft To Invest In Rogue Android Startup Cyanogen

Lennie Re:Competition is good (276 comments)

My guess would be:

Microsoft is 'helping' Cyanogen to add some kind of cloud service.

Basically, putting you data in the Microsoft cloud.

I assume Cyanogen doesn't mind, because it's optional.

Well, that is my guess.

2 days ago
top

How Bitcoin Could Be Key To Online Voting

Lennie Re:Secret Ballot? (480 comments)

Yes, it's a really hard.

Lots of people have tried, for years now, they've all failed:

http://media.ccc.de/browse/con...

Things that might look good in theory still turn out to be a big fail in practise. Even just getting the implementations right is really, really hard.

Using a blockchain will probably fail too.

Remember if we knew how to make Bitcoin or Darkcoin/Darkwallet/Darksend/Coinjoin/etc. really, really good anonymous, we would have already done it.

about three weeks ago
top

OpenSSL Patches Eight New Vulnerabilities

Lennie Re:Go easy on the OpenSSL guys ! (79 comments)

I think this is a good sign for a differerent reason.

We all know OpenSSL could be a lot better. Supposedly they got more funding.

If they are busy finding and fixing bugs that's could be a good thing.

about three weeks ago
top

HTTP/2 - the IETF Is Phoning It In

Lennie Re:Shrug (161 comments)

Let's see how many new and existing APIs use JSON in comparison to XML:

http://www.programmableweb.com...
http://www.programmableweb.com...

Seems like a pretty clear trend to me XML is on the way out.

SOAP or WSDL you say ?:

Well, usually you use JSON with REST.

At the last technology conference where they all immplement 'micro services'. I asked several people does REST/JSON need a WSDL-like solution:
They all answered: no

If you want to describe your REST/JSON API, there are solutions though:

https://helloreverb.com/develo...
http://raml.org/

about three weeks ago
top

Study: 15 Per Cent of Business Cloud Users Have Been Hacked

Lennie Re:Achilles heel of the cloud apps.... (72 comments)

Sorry, my mistake. You are closer to the prerequisites than I was.

You need a signed assertion:

https://www.youtube.com/watch?...

But getting a signed assertion is pretty easy, if it's a cloud service.

Just sign up.

Anyway, most implementations have been fixed. I hope. ;-)

Unless they upgrade or downgrade the XML-parser and break it by accident.

about three weeks ago
top

Study: 15 Per Cent of Business Cloud Users Have Been Hacked

Lennie Re:Encrypted computing is possible, if limited (72 comments)

There are so many definitions of cloud.

The above mentioned solution could be based on open source software (the research project is open source).

In a similar fashion to how Wordpress is currently hosted, your get updates from the vendor (WordPress) not from the hoster, but in the case above with encrypted data.

Yes, SaaS providers will pretty much never go for it, because dealing with encryption means extra work for them.

I was just pointing out it isn't completely impossible. Because that is what most people assume.

about three weeks ago
top

Study: 15 Per Cent of Business Cloud Users Have Been Hacked

Lennie Re:Achilles heel of the cloud apps.... (72 comments)

You might not be aware of what the attack is.

The attack is about sending specially crafted XML requests/responses to circumvent the checks of the authentication system. Which allow you to login as a user of your choice.

This has nothing to do with breaking TLS, what you do need is: the username and to know which application (URL) they are allowed to login into.

about three weeks ago
top

HTTP/2 - the IETF Is Phoning It In

Lennie Re:Shrug (161 comments)

Let's not kid ourselfs.

We all make mistakes.

Especially when we start to generate HTML based on different sources.

One mistake meant: the visitor on the webpage got to see an error instead of most of the page when you are not using XHTML.

XHTML was just to complicated, not flexible enough and strict.

Could it be that is also the reason JSON is now much more popular than XML ?

about three weeks ago
top

HTTP/2 - the IETF Is Phoning It In

Lennie Proposals and running code (161 comments)

The Tao of IETF still mentions:
"We reject kings, presidents and voting. We believe in rough consensus and running code"
http://www.ietf.org/tao.html

Maybe it's just me, but might it apply here ?

Before the httpbis working group started looking at proposals for HTTP/2.0 SPDY was already implemented and deployed in the field by mutliple browser vendors, library builders for servers and several large websites. A bunch of research documents was written. And a protocol specification document draft existed. SPDY wasn't created in the open perse, but it was iterated with the help the community.

So the IETF WG let people suggest proposals:
http://trac.tools.ietf.org/wg/...

And then they voted.

SPDY got selected.

Also the SPDY draft was used as a basis for writing the new HTTP/2.0 draft.

Is anyone surprised ?

There might fundamental parts of the protocol which might have turned out differently if they would have gone through a open collaborative process.

But at first glace it doesn't look that bad.

I can see the appeal of rubberstamping what already exists.

about three weeks ago
top

Study: 15 Per Cent of Business Cloud Users Have Been Hacked

Lennie Re:Achilles heel of the cloud apps.... (72 comments)

SAML ? Don't make me laugh:

"In this paper we describe an in-depth analysis of 14 major SAML frameworks and show that 11 of them ... have critical XML Signature wrapping (XSW) vulnerabilities"

" In order to protect integrity and authenticity of the exchanged SAML assertions, the XML Signature standard is applied. However, the signature verification algorithm is much more complex than in traditional signature formats like PKCS#7. The integrity protection can thus be successfully circumvented by application of different XML Signature specific attacks, under a weak adversarial model."

https://www.usenix.org/confere...

about three weeks ago
top

Study: 15 Per Cent of Business Cloud Users Have Been Hacked

Lennie Encrypted computing is possible, if limited (72 comments)

You can do some computational things on encrypted data, like create a database, which obviously adds some overhead. For example cryptdb:
http://css.csail.mit.edu/crypt...

And built an application which then decrypts the data on the client when the user needs access to it, for example there is Mylar from the same research group as the database above:
https://css.csail.mit.edu/myla...

about three weeks ago
top

White House Responds To Petition To Fire Aaron Swartz's Prosecutor

Lennie Re:As much as could be expected (189 comments)

There was a law (amendment) proposed, it got shot down:

https://en.wikipedia.org/wiki/...

Also notice the last line on Wikipedia says:
"As of May 2014, Aaron's Law was stalled in committee, reportedly due to tech company Oracle's financial interests.[42]"

about three weeks ago
top

Why Aren't We Using SSH For Everything?

Lennie Windows (203 comments)

If anything is missing, it's probably only missing on Windows.

Support on Linux and Mac is jut fine, I think.

Windows:
- client support is kind of OK
- virtual filesytem support is kind of OK

The biggest missing solution:
- Windows server support. There are some expensive solutions, not sure how well they work.

about a month ago
top

Peter Diamandis: Technology Is Dissolving National Borders

Lennie Re: Who's the prez? (129 comments)

My suspicion is it would be a virtual community.

Like a large minecraft.

How do you bomb that ?

Especially if we create a distributed version of that with no dependence on a single or small number of computers.

about a month ago
top

Why Elon Musk's Batteries Frighten Electric Companies

Lennie Re:Maybe I'm missing something (461 comments)

Something I've been missing in this discussion is a notion of scale.

This is a statistic from 10 years ago from the US:
- the average citizen uses 10 times more energy when going from and to work each day (the use of their car) than all their energy use of the rest of the day combined.

If I'm not mistake, this includes natural gas.

Now this number has shifted in the past 10 years.

But let's say a batterypack for the average home is about quarter the size of what goes into a car.

Also what would happen at homes when electrical cars are driving down the price of batteries ?

What if you life in a country where power from the grid has a different price for night than day ?

Well, that system isn't going to last is it ?

Will it smooth out demand on the grid during the day ?

Lots of changes coming in the future, they could be bad, they could be good. They will be bad for some people, good for others.

I do know one thing Elon Musk will probably make some more money if he can deliver on some of his goals.

about 2 months ago
top

Why Elon Musk's Batteries Frighten Electric Companies

Lennie Re:Maybe I'm missing something (461 comments)

Rooftop solar and battery storage cannot even begin to compete with efficient central generation and distribution.

I would think utilities think 10, 20 maybe 30 years ahead. Because they have to invest in building things. Large things.

In Germany they had a public opinion that renewable energy would be a good thing, so politics created a fund which put money behind it, lots of money.

The result:
http://www.greentechmedia.com/...

Investments by electrical companies have become really hard to do, because they are making less and less money on their investments:
"Wholesale electricity prices in Germany have dropped 60 percent since 2008 as renewable energy, which is heavily subsidized and has priority access to the grid, gets dispatched first due to its much lower short-term marginal production costs than traditional plants, displacing natural gas, coal and nuclear power."
http://instituteforenergyresea...

Their next goal ? Funding energy storage technologies:
http://www.energystorageforum....

So what did the largest utility company do ?:
http://www.theguardian.com/env...

about 2 months ago
top

The EU Has a Plan To Break Up Google

Lennie Re:Good luck with that EU (334 comments)

Here is the brass tacks... The EU sees a big rich american company doing business in the EU and they're not paying EU taxes. So they're going to fuck around with it until they figure out how to get money from it.

Actually, seems to me Google was paying taxes in EU:
http://www.latimes.com/busines...
http://www.businessweek.com/ma...

I don't know where their taxes will be going next.

Or dot you think Ireland is not a EU-country ?:
http://en.wikipedia.org/wiki/M...

about 2 months ago

Submissions

top

Mozilla announces Enterprise User Working Group

Lennie Lennie writes  |  more than 3 years ago

Lennie (16154) writes "On the blog.mozilla.org announced: Recently there has been a lot of discussion about enterprises and rapid releases. Online life is evolving faster than ever and it's imperative that Mozilla deliver improvements to the Web and to Firefox more quickly to reflect this. This has created challenges for IT departments that have to deliver lots of mission-critical applications through Firefox. Mozilla is fundamentally about people and we care about our users wherever they are. To this end, we are re-establishing a Mozilla Enterprise User Working Group as a place for enterprise developers, IT staff and Firefox developers to discuss the challenges, ideas and best practices for deploying Firefox in the enterprise."
Link to Original Source

Journals

Lennie has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?