×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Google Explains Why WebView Vulnerability Will Go Unpatched On Android 4.3

devman Re:The solution is obvious (579 comments)

It doesn't matter anyway as WebView in 4.3 and earlier is part of the system that is non-upgradable with out a new system image. Fixing the problem would require OEMs to update, they may as well just take 4.4. Note that WebView equivalent in 4.4 updates when Chrome updates via Play Store, so this won't be a problem in the future. It would be a lot of work for Google to backport the patch only to have OEMs ignore it anyway.

about a week ago
top

OpenSSL 1.0.2 Released

devman Re:Obligatory reminder that an alternative exists (97 comments)

They are not hardcoded. You can remove all the default trust anchors if you want to, then add only certs that you feel you can trust. Deciding who to trust is not part of SSL/TLS.

about a week ago
top

OpenSSL 1.0.2 Released

devman Re:Obligatory reminder that an alternative exists (97 comments)

SSL/TLS has nothing to do with what certificates the client and server trust. You can bootstrap a TLS stream using a pre-shared key if you want, or with DANE, or with explicitly selected certificates. The fact that most clients use CAs for trust anchors is not a failure of SSL/TLS.

about a week ago
top

The Cost of the "S" In HTTPS

devman Re: No Caching? (238 comments)

Well yes, in the same sense people who use hosting providers for their websites have to trust that their hosting provider doesn't mess with their files (a CDN is just a type of hosting provider after all). There is no break in the TLS trust model though, the client will authenticate both the original host and the CDN.

about 2 months ago
top

The Cost of the "S" In HTTPS

devman Re: No Caching? (238 comments)

CDN hosted content will be linked to by the page served to the client just like it is now. Example: you connect to https://examplebank.com/ the page served back to you links to content (images, scripts, we) hosted on https://examplecdn.com/ Both links establish properly and TLS security model isn't broken.

about 2 months ago
top

Gangnam Style Surpasses YouTube's 32-bit View Counter

devman Re:Why signed? (164 comments)

Though youtubes design decision probably predates this. Google's own style guide states that unsigned integers should not be used simply to indicate a number will never be negative and instead to use assertions for that. Basically it emphasizes not to use unsigned integers unless there is a really good reason to do so.

about 2 months ago
top

Launching 2015: a New Certificate Authority To Encrypt the Entire Web

devman Re:No thanks... (212 comments)

IMO, DANE is the best alternative. It requires trusting DNSSEC, but if combined with key pinning it could be much more effective than the security model in place today.

about 2 months ago
top

Launching 2015: a New Certificate Authority To Encrypt the Entire Web

devman Re:quick question (212 comments)

HTTP STS is supposed to help mitigate Wifi pharming attacks and has already been deployed by a few major sites, the real long term solution for this is DANE though.

about 2 months ago
top

Ask Slashdot: Is Non-USB Flash Direct From China Safe?

devman Re:don't worry about it (178 comments)

Any reason why a random single-pass 'badblocks' run wouldn't work for this purpose?

about 3 months ago
top

Internet Sales Tax Bill Dead In Congress

devman Re:Why not get rid of states as taxing entities? (257 comments)

The gay marraige issue isn't a States rights issue no matter how much supporters wish it was. The federal government doesn't issue or dissolve marriage licenses it is completely the domain of the States. All the Federal courts have said is that if the states wish to have a legal institution of marriage that it must be compatible with the 14th amendment, and States which do not allow gays to marry do not meet that requirement.

The federal courts are not infringing on states rights, they are protecting individual rights granted by the U.S. Constitution from infringement by the States.

about 3 months ago
top

Microsoft To Open Source .NET and Take It Cross-Platform

devman Re:Illegal to distribute a WIP JVM implementation (525 comments)

Android didn't fork Oracle's Java code, they created it from scratch (they borrowed from Harmony which was from scratch, details, details) with the same API. It is a different set of legal issues entirely. If Google had forked OpenJDK instead, they'd be completely in the clear, but Android would have been GPL licensed instead of Apache2 licensed.

about 3 months ago
top

Microsoft To Open Source .NET and Take It Cross-Platform

devman Re:Illegal to distribute a WIP JVM implementation (525 comments)

I believe that is only required if you want to call it a "Java" VM. If you want to call it Java it has to pass the tests, which is a reasonable requirement. The JVM code itself is GPL though, and you can use it for whatever you just can't call it Java.

about 3 months ago
top

New Website Offers Provably Fair Solutions To Everyday Problems

devman Re:Rubbish (167 comments)

Easy, the lactose intolerant party takes the 16 cakes, trades 6 of them with cream to the other party for the 6 he has without cream and throws the remaining 5 cakes with cream in the garbage. Even if the other party doesn't trade the picker gets to eat 5 and the divider gets to eat 6, but none of them with cream.

Rigging piles always works to the advantage of the picker not the divider, that's why the system is fair.

about 3 months ago
top

New Website Offers Provably Fair Solutions To Everyday Problems

devman Re:it's not so hard (167 comments)

If the well off person values the better room at more than "fair" price (fair being defined here as what the other roommate valued it at) that means the other roommate gets the other room cheaper than he would have valued it. That's win-win is it not?

about 3 months ago
top

New Website Offers Provably Fair Solutions To Everyday Problems

devman Re:sibling fairness (167 comments)

If the divider rigs the piles, you just take the pile you know they want and then barter with them afterwards. By dividing it that way the divider loses leverage it actually works out in favor of the picker.

about 3 months ago
top

Google To Disable Fallback To SSL 3.0 In Chrome 39 and Remove In Chrome 40

devman Re:Pros and Cons (70 comments)

Firefox is also disabling SSL 3.0. Also, according to stats cited by Wikipedia, 99.3% of web servers support TLS 1.0

about 3 months ago
top

What Will It Take To Make Automated Vehicles Legal In the US?

devman Re:*nothing* (320 comments)

Driverless cards will have all kinds of sensors and likely have blackboxes as well. If one gets in to an accident data from those senser coudl be used to reconstruct the cause of that accident and assign blame. Insurance companies will love it assuming driverless cars are safer and turn out to be the victim of accidents more than the cause of accidents. Liability can be covered similar to the way it is handled now. Operator indemnifies manufacturer and carries an insurance policy to cover the assumed risk, those premiums will reflect the risk of driverless car being at fault in an accident.

about 3 months ago
top

Debian Talks About Systemd Once Again

devman Re:Remove It (522 comments)

You can use a journalctl (see the --root or --file options) from a rescue disk or simply lift the logs and move them to another system. I'm not sure why people think that binary logs can only be read by the system that generated them.

about 3 months ago
top

Debian Talks About Systemd Once Again

devman Re:Some Sense Restored? (522 comments)

Its actually one of the big reasons systemd is popular with distros/package maintainers. Unit-files are maintained by the upstream and not customizing initscripts with lots of boilerplate saves package maintainers time. Daemon configuration being declarative has been a long time coming.

about 3 months ago

Submissions

devman hasn't submitted any stories.

Journals

devman has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?