×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Private Keys Stolen Within Hours From Heartbleed OpenSSL Site

asdf7890 Re:https is dead (151 comments)

Your bank can send you their public key.

That is the key problem with schemes that don't involve a CA. A bank will be sending me bits of paper anyway when I open a new account, the better ones will be sending me a fob for two-factor auth too in fact, so sending an extra bit of paper with "this is the fingerprint of our signing key, when your browser asks you to confirm a certificate make sure the signer finger-print matches this one" is no hardship. But what about sites that don't have any other comms channel with their users? How do they prove that they are who they say they are?

There is also the problem of people simply clicking "OK" instead of checking the fingerprint which is what usually happens with SSH. If this is the case all you have assurance of is that the keys have not changed, not that the keys indicate you are definitely talking to the right server directly.

3 days ago
top

Internet Commenting Growing Away From Anonymity

asdf7890 Re:Non-anonymous comments are worse (384 comments)

(sorry, forgot we are in HTML-land for a moment there, I frequent markdown-ville more these days: in the above " commented on " should have been "<friend> commented on <thing>")

about 4 months ago
top

Internet Commenting Growing Away From Anonymity

asdf7890 Re:Non-anonymous comments are worse (384 comments)

To top it off when someone posts such a comment via facebook their contacts (who might be similarly minded) sometimes get a " commented on " notification which might pique their interest and bring them in to spout more of the same vitriol in defense of their friend (or just a show of solidarity).

about 4 months ago
top

Internet Commenting Growing Away From Anonymity

asdf7890 Re:Non-anonymous comments are worse (384 comments)

Ern, is there any particular reason you brought those thoughs up? The thread you;ve joined is talking about the reviews people leave on sports articles.

about 4 months ago
top

Internet Commenting Growing Away From Anonymity

asdf7890 Re:Create a fake Facebook account (384 comments)

That's a criminal offense in some jurisdictions.

So is spouting hate or other language people find offensive. Making something illegal does not automatically stop people from doing it, especially without enforcement. What are facebook gonig to do? Ban the acconut? Too late, the posts have already been made. Call the authorities? They likely don't have sufficient evidence and even if they did I doubt any enforcement personage is going to consider it really worth their time. Sue? Certainly not worth the cost of their lawyer's time.

about 4 months ago
top

Internet Commenting Growing Away From Anonymity

asdf7890 Re:Yes, because moderation is oh so hard to do (384 comments)

/. is a for-profit business.

Not in the same sense as the examples given by the posts above, from the point of view of the man on the street. /. manages to maintain a certain amount of its "community spirit" so people are willing to put that little bit of effort in, but having navigated through the LA Times paywal people are not going to want to give even that much extra ("I'm paying for this, someone else should be making sure it is worth me paying for" would be a common thought on the matter).

Then again epopel spend time making reviews on Amazon and the like (the good reviews that is: the bad ones are peope with an axe to grind so that isn't quite the same) so perhaps it could work, though they'd still have the problem of the moderation being "off message" and to avoid that they'd be back to paying someone (thsi time paying them to moderate the moderators).

about 4 months ago
top

GTA Online Runs Into an Online Roadblock

asdf7890 Re:Newsworthy? (102 comments)

That works for many thing, but not games with online interaction or access to other online resource. While some will ignore Steam once lanuched and implement their own communication to the outside worlds, some will expect you to reconnect your Steam account before enabling online features (or running at all).

about 6 months ago
top

Firefox 23 Arrives With New Logo, Mixed Content Blocker, and Network Monitor

asdf7890 Re:I hope there's an easy social integration disab (365 comments)

I don't see a problem here?

If the company has a policy of not permitting social media sites like facebook to be used on-site (because they have geniune security concerns that mean they want strong control on communication from withing the company, or they are just grumpy old fuddy duddies that don't want anyone else to have a good time) then this appearing will be a red flag - it may be decided that the update can not go in until the change has been reviewed by a security team to make sure it does not circumvent their blocks in any way (intentionally or otherwise), that review could be delayed behind a pile of higher priorities, and older versions of firefox pulled from desktops due to not being the latest and therefore possibly not contained all the latest security updates.

Do you know how hard it is, to this very day, to get some companies to take of the blinkers long enough to take half a look at considering anything other than Internet Explorer onto their machines? This could change their minds back.

(yes, I know IE10 is actually said to be pretty decent, many people have already told me, but I'm so bitter about the years of stagnation caused by "classic" IE that I'll not be using it by choice any time soon)

about 8 months ago
top

HP Keeps Installing Secret Backdoors In Enterprise Storage

asdf7890 Re:Eh? (193 comments)

Those provisions don't neccesarly defend against a bad actor in the DC, so in some high security situations allowing this to exist is a breach of security clauses in service provision contracts. Securioty in dpeth and all that.

about 9 months ago
top

HP Keeps Installing Secret Backdoors In Enterprise Storage

asdf7890 Re:Eh? (193 comments)

I grok this to mean that a backdoor exists for customer service ...

If the backdoor existed for customer service reasons, the customer would be told about it rather than HP having to admit it exists only after someone spotted it and went public.

This could mean we can't consider purchasing HP equipment and have to get rid of any we already have - our contracts with some of our clients (banks, a police force or two, and so forth) demand that every one working for our company and any third party that has access to our equipment in any way is fully background checked. If there are accounts on there for which we don't control the credentials then we can not give them assurances that such due diligence clauses are satisfied. While needing network access is a mitigating factor limiting opportunities to abuse this hole, may not satisfy such contract clauses as we need to account for breaks in security elsewhere in our provisions (theft of equipment, unexpectedly clueless or gruntle-less individuals in the DC, ...).

... which can be activated by a customer

TFS doesn't say the user has to activate it, just they they intend to gain permission before using it. This might be by means of it being disabled until the user takes action to allow access, but the wording does not explicitly say that and if it is open aside from proper firewalling and other provisions it might be exploitable by a bad actor with your DC.

Indeed, whatever the case: Please post a not-purposefully-scary summary of the actual problem below, because right now it sounds a whole lot like the not-backdoor that Remote Assistance is under Windows.

The key concern from my PoV is more that it exists but was "hidden", rather than what it actually does. It causes the appropriately paranoid to ask "what else is in there that we do not know about?". While there is an assurance that it does not allow access to data they confirm it allows enough access to be used for DoS purposes and as the feature was not previously documented at all (hidden, to take a more negative spin on "not documented") I would prefer some 3rd party confirmation before taking that statement as any sort of assurance.

about 9 months ago
top

AMD/ATI Drops Windows XP Support

asdf7890 Probably a non-issue (251 comments)

There are a few reasons more likely than the simply no longer supporting XP at all:

* Perhaps this release changes nothing that is relevant to XP. Perhaps all the changes are in codepaths only touched under DX10 or later which is irrelevant to XP.

* Perhaps the early testing was done on limited systems. OK so it is odd for a platform to be ignored in beta tests, but I perhaps if the expected impact on XP is low or zero (see above) they didn't publically release the alpha for XP and someone forgot to update the release details for the beta.

... to state two.


While XP's market share is dropping rapidly now, there are still plenty of home installs out there - plenty enough that ATI/AMD aren't going to risk creating uproar by not supporting them until the official death date from MS (April next year).

about 10 months ago
top

EA Takes Over Scrabble App, Wipes Player Histories and Switches Dictionary

asdf7890 Re:Pizza (197 comments)

But who truthfully stays away from the porn?!

Though I'm with you on the 'king memes.

about 10 months ago
top

Flying Bicycle Is Real, Takes First Flight

asdf7890 Re:Rather heavy (123 comments)

I presume the assumption is that you'd use it as an inconvenient cycle when the battery power got low, or for parts of your journey where being off the ground would be even less safe (built up areas with many over-head communication and power lines, for instance).

about 10 months ago
top

Flying Bicycle Is Real, Takes First Flight

asdf7890 For the journet to work, or the grave. (123 comments)

First though: I need one of them.

Second thoughts: I wonder how many minutes it would take before I killed myself with it, and how many innocent lives I'd take with me?

about 10 months ago
top

Schneier: Security Awareness Training 'a Waste of Time'

asdf7890 Yes, and no. (284 comments)

systems that don't care what links a user clicks on

Definitely. As far as is possible we should stop users accidentally doing something stupid by making sure that they can only do the right things. This is not always practical though as for a start there are factors outside our control (for the password example we can't control how the user might store and potentially distribute their credentials in other services (password managers) or in the real works (bits of paper)).

systems that won't let users choose lousy passwords

I can't see a way that could be implemented which is not essentially an attempt to enumerate the bad, which is never a good idea. Even if it was for the most part, some of the things that make lousy passwords are again well out of our control: there is no way in software "don't use the same credentials for everything" can be enforced.

Security awareness is a lot more than just properly managing passwords and such - there are real world interactions that users need to be aware of so some training is definitely needed no matter how close to perfect the security in your applications is.

1 year,28 days
top

Seattle Bar Owner Bans Google Glass, In Advance

asdf7890 Re:Meh (471 comments)

Attempting to stop technology by legislative means are futile.

Definitely though this isn't legislation (i.e. governement dictated and legally enforced), it is a much more localised preference about what goes on in a particulat home/business/whatever. It is more akin to banning someone playing loud music in the corner of the pub or not letting someone back in your garden unless they promise not to urinate on the rabbit like they did last time.

It's funny how people criticize MAFIAA for legislating its business model and trying to stop the technological progress, but at the same time cry foul when new technology invades their privacy.

Perfectly normal human hypocrasy I think. For what it is worth I have no problem with them protecting their business model by legal and moral means, my problem is that when those means fail they pervert the legal system in a morally questionable way - they are hypocrits too in that they are quite happy to stoop very very low in order to defend their relatively unchangfing view of the world that is changing (changes that some low people, mentioning no myselfs in particular, might sometimes use to borrow some bits).

The next battle is for total openness - if state and corporations can watch over us, then we should have power to watch over them.

I for one have no problem with monitoring with CCTV and such, especially in places where problems are known to happen (pubs full of people some of which have had a bit too much, alley ways, carparks, ...), though I wounldn't want uncrontrolled individuals monitoring me as quite franky I don't really trust the average member of the general public. Of course the people monitoring that CCTV and it's stored output can also be questionable but you have to trust (and sometimes test) that relevant precautions/checks/balances exist and are working to prevent bad apples upsetting the cart as much as practically possible.

And about that 'but imagine that your employer sees your drunken pictures' argument, it's high time for everyone to recognize that nobody is perfect and learn to ignore such things.

Definitely. I'm lucky that my employer is happy with me being a human with a few flaws one of which being a rather strong liking for social gatherings involving alcohol (heck, my manager is often there, as we are a company that tries to get along socially as well as professionally where possible and he is entertaining company). As long as what you do in your personal life does not affect your performance at your job or result in you otherwise somehow damaging your company or its reputation it should be no concern of your employer or potential employer (there are some professions where your private behaviour can legitimately be considered though, such as thoughs were you are a part of the company's public image or jobs like being a police officer (who, in the UK at least, are never officially off duty as they are warrented to take action on behalf of the law at any time rather than their arrest rights being contracted to specific hours)). Unfortunately we live in an imperfect world full of imperfect people who will make judgements based on infomation recorded in this manner and distributed accidentally or with the intention of doing harm - it isn't practical to expect legislation (or common sense) to fix that any more than it can fix the privacy issues in the first place. I'm not sure how we can, as a society, fix that.

about a year ago
top

Seattle Bar Owner Bans Google Glass, In Advance

asdf7890 Re:Meh (471 comments)

Cellphones don't record & upload constantly

Mine does.

No, your's can if you actively chose to make it do so in the same way that this chair can smack you squarely over the back of the head if someone actively choses to make it do so.

You seem to be arguing for the right to do something simply because it is possible. Do you really want to live in a world that works that way? Think about it for just a minute (actually, to an extent the world does work that way for some people, but that doesn't make it right...).

about a year ago
top

Seattle Bar Owner Bans Google Glass, In Advance

asdf7890 Re:Meh (471 comments)

I have absolutely no obligation to stop capturing photons because it makes you squeamish.

And I have absolutely no obligation to allow you, someone who is deliberately chosing to do something that makes my other patrons squeamish, to enter my establishment.

The bar owner isn't banning you from recording everywhere. He simply setting rules of conduct that may preclude you (should you break, or give indication that you intend to break, those rules) from entering his bar.

What people areguing against the bar owner here are aguing for a society where you can do what you want because the technology allows you to do what you want. Do they really want to live in a society that works that way?

about a year ago
top

Seattle Bar Owner Bans Google Glass, In Advance

asdf7890 Re:That's his right (471 comments)

I have the absolute natural right to videotape anything my eye can behold

Can we assume that you'll take the same attetude when someone happens to walk by when your wife/dughter/girl-friend/mother/sister/what-ever accidentally leave a curtain part open while changing?

You don't have that "absolute right" any more than I have an aboslute right to privacy, but you can bet your arse I'll struggle to maintain my chosen right-that-isn't-quite rather strongly, as will many others, so if you want to take that attetude you go ahead and we'll see which side wins out in our lifetimes.

The bar owner also has rights you know, and chosing to eject people who choose to make his other customers feel unconfortable is one of them. He can't ban you for something that is not a choice (colour, gender, sexual preference, ...) as that would be unfair descrimination, but your use of recording tech is no less a personal choice than the little dick in the corner swearing at everyone else & throwing peanuts (or for a less exagerated exampole: someone who chose to wear trainers that night to a club that has a dress code disallowing them). And to argue that you should be able to because one day they won't be able to stop you is simply bullying: give us your lunch money or we'll come back with more mates and you'll have to give it to us then.

The prosthetic eyeball isn't a valid argument with regard to descrimination, which I think is where you were going with that. We couldn't ban them any more than we could ban pacemakers, but they don't have to be made with recording features - if you chose to have a device with recording features instead of one that doesn't you need to accept that you won't be able to take it everywhere just like there are places I have to use an old non-smart phone (or non at all) instead of the fancier device I generally chose to rely on. Maybe others can't detect that you can record, but they'll know if you publish (intentionally, accidentally, or indirectly through having yoiur data store hacked) and you can expect your face on many a "don't let this prick enter" notices at that point.

about a year ago
top

Apple's Lightning-to-HDMI Dongle Secretly Packed With ARM, Airplay

asdf7890 Re:Wireless wire? (392 comments)

If the connector became the limitation then Apple's engineers have failed. There's several phones that are thinner than the iPhone 5 on the market not only currently but also dating back to 2011 (Motorola RAZOR Droid which was a shit phone for other reasons), all of them had microUSB connectors.

Micro USB was not the problem though - it was their existing proprietory dock connector that was too big. They didn't replace mUSB with lightning, they chose lightining over mUSB as the replacement for the old connection method.

They give size as one of the reasons for the change but it is not the only difference, there are apperently both electrical and physical advnatages over mUSB (note: I've not looked into this so it could be astro-turfed marketting tripe for all I know) so I wouldn't jump to criticising the engineers purely on the size thing.

Of course the key reason to my cynical mind is simply because, any real advantages aside, it is different. They want to keep a certain degree of market serperation, however artificial. There are iPods and other music players, there are iPhones and other smart-phones, there are iPads and other tablets. The fact that many peripherals are marketted explicitly as iSomethingOrOther compatible is free advertising for their product range and helps cement the view in their target market's mind that their products are different (and right now that works in their favour: many people see the incompatability as Apple trying to do something better, rather than as a deliberate inconvenience intended to lock them in to an extent other manufacturers would not try right now).

about a year ago

Submissions

asdf7890 hasn't submitted any stories.

Journals

asdf7890 has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...