×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

The Cost of the "S" In HTTPS

devman Re: No Caching? (238 comments)

Well yes, in the same sense people who use hosting providers for their websites have to trust that their hosting provider doesn't mess with their files (a CDN is just a type of hosting provider after all). There is no break in the TLS trust model though, the client will authenticate both the original host and the CDN.

about two weeks ago
top

The Cost of the "S" In HTTPS

devman Re: No Caching? (238 comments)

CDN hosted content will be linked to by the page served to the client just like it is now. Example: you connect to https://examplebank.com/ the page served back to you links to content (images, scripts, we) hosted on https://examplecdn.com/ Both links establish properly and TLS security model isn't broken.

about three weeks ago
top

Gangnam Style Surpasses YouTube's 32-bit View Counter

devman Re:Why signed? (164 comments)

Though youtubes design decision probably predates this. Google's own style guide states that unsigned integers should not be used simply to indicate a number will never be negative and instead to use assertions for that. Basically it emphasizes not to use unsigned integers unless there is a really good reason to do so.

about three weeks ago
top

Launching 2015: a New Certificate Authority To Encrypt the Entire Web

devman Re:No thanks... (212 comments)

IMO, DANE is the best alternative. It requires trusting DNSSEC, but if combined with key pinning it could be much more effective than the security model in place today.

about a month ago
top

Launching 2015: a New Certificate Authority To Encrypt the Entire Web

devman Re:quick question (212 comments)

HTTP STS is supposed to help mitigate Wifi pharming attacks and has already been deployed by a few major sites, the real long term solution for this is DANE though.

about a month ago
top

Ask Slashdot: Is Non-USB Flash Direct From China Safe?

devman Re:don't worry about it (178 comments)

Any reason why a random single-pass 'badblocks' run wouldn't work for this purpose?

about a month ago
top

Internet Sales Tax Bill Dead In Congress

devman Re:Why not get rid of states as taxing entities? (257 comments)

The gay marraige issue isn't a States rights issue no matter how much supporters wish it was. The federal government doesn't issue or dissolve marriage licenses it is completely the domain of the States. All the Federal courts have said is that if the states wish to have a legal institution of marriage that it must be compatible with the 14th amendment, and States which do not allow gays to marry do not meet that requirement.

The federal courts are not infringing on states rights, they are protecting individual rights granted by the U.S. Constitution from infringement by the States.

about a month ago
top

Microsoft To Open Source .NET and Take It Cross-Platform

devman Re:Illegal to distribute a WIP JVM implementation (525 comments)

Android didn't fork Oracle's Java code, they created it from scratch (they borrowed from Harmony which was from scratch, details, details) with the same API. It is a different set of legal issues entirely. If Google had forked OpenJDK instead, they'd be completely in the clear, but Android would have been GPL licensed instead of Apache2 licensed.

about a month ago
top

Microsoft To Open Source .NET and Take It Cross-Platform

devman Re:Illegal to distribute a WIP JVM implementation (525 comments)

I believe that is only required if you want to call it a "Java" VM. If you want to call it Java it has to pass the tests, which is a reasonable requirement. The JVM code itself is GPL though, and you can use it for whatever you just can't call it Java.

about a month ago
top

New Website Offers Provably Fair Solutions To Everyday Problems

devman Re:Rubbish (167 comments)

Easy, the lactose intolerant party takes the 16 cakes, trades 6 of them with cream to the other party for the 6 he has without cream and throws the remaining 5 cakes with cream in the garbage. Even if the other party doesn't trade the picker gets to eat 5 and the divider gets to eat 6, but none of them with cream.

Rigging piles always works to the advantage of the picker not the divider, that's why the system is fair.

about a month and a half ago
top

New Website Offers Provably Fair Solutions To Everyday Problems

devman Re:it's not so hard (167 comments)

If the well off person values the better room at more than "fair" price (fair being defined here as what the other roommate valued it at) that means the other roommate gets the other room cheaper than he would have valued it. That's win-win is it not?

about a month and a half ago
top

New Website Offers Provably Fair Solutions To Everyday Problems

devman Re:sibling fairness (167 comments)

If the divider rigs the piles, you just take the pile you know they want and then barter with them afterwards. By dividing it that way the divider loses leverage it actually works out in favor of the picker.

about a month and a half ago
top

Google To Disable Fallback To SSL 3.0 In Chrome 39 and Remove In Chrome 40

devman Re:Pros and Cons (70 comments)

Firefox is also disabling SSL 3.0. Also, according to stats cited by Wikipedia, 99.3% of web servers support TLS 1.0

about 2 months ago
top

What Will It Take To Make Automated Vehicles Legal In the US?

devman Re:*nothing* (320 comments)

Driverless cards will have all kinds of sensors and likely have blackboxes as well. If one gets in to an accident data from those senser coudl be used to reconstruct the cause of that accident and assign blame. Insurance companies will love it assuming driverless cars are safer and turn out to be the victim of accidents more than the cause of accidents. Liability can be covered similar to the way it is handled now. Operator indemnifies manufacturer and carries an insurance policy to cover the assumed risk, those premiums will reflect the risk of driverless car being at fault in an accident.

about 2 months ago
top

Debian Talks About Systemd Once Again

devman Re:Remove It (522 comments)

You can use a journalctl (see the --root or --file options) from a rescue disk or simply lift the logs and move them to another system. I'm not sure why people think that binary logs can only be read by the system that generated them.

about 2 months ago
top

Debian Talks About Systemd Once Again

devman Re:Some Sense Restored? (522 comments)

Its actually one of the big reasons systemd is popular with distros/package maintainers. Unit-files are maintained by the upstream and not customizing initscripts with lots of boilerplate saves package maintainers time. Daemon configuration being declarative has been a long time coming.

about 2 months ago
top

Ask Slashdot: How Would You Build a Home Network To Fully Utilize Google Fiber?

devman Re:Just do it (279 comments)

The EdgeRouter-Lite is definetley a 'prosumer' device and you will have to tinker with it. It is unconfigured out of the box, so you'll have to setup NAT, Firewall, WAN interface, LAN interface and DHCP just to get started really. Fortunately, they have a wizard for a basic SOHO setup now (if you know what your doing you can skip it and setup your network the way you want it). That being said the ERL is an awesome device for what it costs and if you like tinkering with your network (and have a background in Linux, it runs a fork of Vyatta) you'll love it.

about 2 months ago
top

Security Collapse In the HTTPS Market

devman Re:For internal use? (185 comments)

SSL cert vendors should never have your private key, and I've never seen one that needed it. They only sign you public key when you generate a certificate signing request.

about 3 months ago
top

Emma Watson Leaked Photo Threat Was a Plot To Attack 4chan

devman Re:Emma Watson is full of it (590 comments)

NASA officially calls it "Human Space Program", it is in their writing styleguide and has been for awhile.

http://history.nasa.gov/styleg...

Manned Space Program vs. Human Space Program:

All references referring to the space program should be non-gender specific (e.g. human, piloted, un-piloted, robotic). The exception to the rule is when referring to the Manned Spacecraft Center, the predecessor to the Johnson Space Center in Houston, or any other official program name or title that included "manned" (e.g. Associate Administrator for Manned Spaceflight).

about 3 months ago

Submissions

devman hasn't submitted any stories.

Journals

devman has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?