Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Father of SSL Talks Serious Security Turkey

praseodym Pledging for automatic updates? (74 comments)

The guy is pledging for automatic updates:

We have to build a mechanism to automatically update things. We did not do that. The right way to design, if we were to update things an updating protocol that automatically updates itself so when the next version comes up it knows where to find the next version rather than having to wait for a Windows update or whatever.

Actually, newer windows versions (Vista and later) use Microsoft's online Certificate Trusts Lists which allows exactly this. Microsoft revoked the DigiNotar certificate without issuing a real Windows update:

On August 29, 2011, Microsoft removed the trust from one DigiNotar root certificate by updating the Microsoft CTL. Why is Microsoft releasing an update? Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certification authority. Windows XP and Windows Server 2003 do not use the Microsoft Certificate Trust List to validate the trust of a certification authority. As a result, an update is needed for all editions of Windows XP and Windows Server 2003 to protect customers.

(http://technet.microsoft.com/en-us/security/advisory/2607712)

more than 2 years ago
top

Microsoft Says Upgrade To IE8, Even Though It's Vulnerable

praseodym Re:IE8 has the flaw but is immune... (279 comments)

So what about when DEP is not even available? Many older computers don't have CPUs with NX-bit support. AMD has only had them since AMD64 and Intel since later Pentium 4 iterations. There are enough boxes with those CPUs still running fine.

more than 4 years ago
top

Monty Wants To Save MySQL

praseodym InnoDB is Oracle already.. (371 comments)

Since InnoDB (the only proper storage engine in the default MySQL distribution) is owned by Oracle already, why bother?

more than 4 years ago
top

Major IE8 Flaw Makes "Safe" Sites Unsafe

praseodym Re:IE8 is *not* vulnerable (83 comments)

That doesn't make sense:
1. Google serves all ads within Google.com from that same domain. No cross-site scripting anywhere, so nothing for the XSS filter to block.
2. For external sites (AdSense), disabling the XSS filter on Google.com won't help either: the external site would have to disable it. Otherwise anyone could just disable the XSS filter on their own domain and hack away on other sites.

more than 4 years ago
top

Major IE8 Flaw Makes "Safe" Sites Unsafe

praseodym Re:IE8 is *not* vulnerable (83 comments)

That doesn't really make sense; if XSS is screws up their system, why disable IE's protection for it? The only reason must be that the XSS protection is flawed.

more than 4 years ago
top

Major IE8 Flaw Makes "Safe" Sites Unsafe

praseodym Re:IE8 is *not* vulnerable (83 comments)

Except, that was the FIRST security flaw linked in the article. The SECOND one (at The Register) is about a different security flaw, in the XSS filter. The XSS filter is new in IE8.

And, BTW, Google does indeed disable it so that they are not vulnerable to the flaw: their servers send a "X-XSS-Protection: 0" header.

more than 4 years ago
top

Microsoft's Lack of Nightly Builds For IE

praseodym Re:Er, no (154 comments)

There have been several beta releases for Internet Explorer 7 and 8. Still no need for nightly builds: if it's not release quality, why publish it at all?

In open source projects, nightly builds are mostly a service for developers/testers as well. And since everybody can help improve the code, having more people test can certainly be beneficial.

more than 4 years ago
top

Microsoft's Lack of Nightly Builds For IE

praseodym Re:Obvious... (154 comments)

In recent interviews, the IE team explained that they run many testsets (W3C sets, Acid3, CSS3.info) themselves anyway. They have also contributed a lot of new tests to W3C (e.g. http://blogs.msdn.com/ie/archive/2009/01/27/microsoft-submits-thousands-more-css-2-1-tests-to-the-w3c.aspx). They ask for feedback about their tests. The only thing we can do to improve IE is to make sure there's enough test coverage.

more than 4 years ago
top

Microsoft's Lack of Nightly Builds For IE

praseodym Re:Obvious... (154 comments)

What if they'd just release their rendering engine, with a very simple UI which only lets testers enter a URL? After all, most of the problems are in IE's rendering engine, not in its UI. That would solve the problem of journalists etc. looking at it as a real product.

Now, I do doubt the usefulness. We can't improve the code like we can with open source projects. Giving feedback about the rendering engine isn't all too useful either, because the IE team cares about standards nowadays and uses many tests themselves (W3C testsets, Acid3, CSS3.info). They already know the bugs, so the only thing we could conclude with a nightly is how far along they are.

more than 4 years ago
top

Ubuntu 9.10 Officially Released

praseodym BitTorrent links (744 comments)

Since the Ubuntu BitTorrent-page is not yet updated, here are the links to the official torrents:

http://releases.ubuntu.com/9.10/ubuntu-9.10-desktop-i386.iso.torrent
http://releases.ubuntu.com/9.10/ubuntu-9.10-desktop-amd64.iso.torrent

http://releases.ubuntu.com/9.10/ubuntu-9.10-netbook-remix-i386.iso.torrent

http://releases.ubuntu.com/9.10/ubuntu-9.10-server-i386.iso.torrent
http://releases.ubuntu.com/9.10/ubuntu-9.10-server-amd64.iso.torrent

http://releases.ubuntu.com/9.10/ubuntu-9.10-alternate-i386.iso.torrent
http://releases.ubuntu.com/9.10/ubuntu-9.10-alternate-amd64.iso.torrent

more than 4 years ago
top

SUSE Studio 1.0 Released

praseodym Nice except.... (121 comments)

"SUSE Studio is currently available to invited users only. Request an invitation on our user sign in page, and we'll send you an email soon!"

more than 5 years ago
top

Microsoft Drops Windows 7 E Editions

praseodym How will it work? (423 comments)

How will the ballot screen work? Will it redirect to the chosen browser maker's website, will it download an installer? If so, that'd be way too much work for 'simple' users and they'll just close the ballot screen leaving IE as the default browser.

Also, I can't help thinking that there must be a prettier way to make this ballot screen (outside of IE, preferably!).

more than 5 years ago
top

iPhone Vulnerability Yields Root Access Via SMS

praseodym Re:Depends how you define characters (186 comments)

You're correct. And to complete it:

"Larger content (Concatenated SMS, multipart or segmented SMS or "long sms") can be sent using multiple messages, in which case each message will start with a user data header (UDH) containing segmentation information. Since UDH is inside the payload, the number of characters per segment is lower: 153 for 7-bit encoding, 134 for 8-bit encoding and 67 for 16-bit encoding." -- from Wikipedia

So, in this case it's 134 bytes and not 140 since the payload probably doesn't fit in a single 140 bytes.

more than 5 years ago
top

iPhone Vulnerability Yields Root Access Via SMS

praseodym SMS limit isn't 140 characters (186 comments)

SMS has a limit of 160 characters, not 140. Twitter has a 140-character limit because of its SMS-interface which leaves 20 characters for commands etc. in addition to the message.

more than 5 years ago
top

Google Over IPv6 Coming Soon

praseodym Re:Why not respond to all AAAA DNS requests? (264 comments)

Well, I think Google would rather not lose that 1% market share because users that can't figure out how to fix their network. Try explaining your grandmother that because of her IPv6 connectivity Google isn't working while she can go to CNN's site perfectly.

more than 5 years ago
top

Google Over IPv6 Coming Soon

praseodym Re:Why not respond to all AAAA DNS requests? (264 comments)

No; your DNS server resolves the domain names at Google, so technically they're correct (although it may be a bit confusing). The idea is that ISPs with proper IPv6 can register their DNS servers so that Google will give out AAAA records to those DNS servers. Google can't help a single user since there's no way for them to influence the DNS query.

I still think that it'd be great if maybe OpenDNS or a similar service would provide an option to get AAAA records for Google.

more than 5 years ago
top

Google Over IPv6 Coming Soon

praseodym Re:Why not respond to all AAAA DNS requests? (264 comments)

From Google:

To qualify for Google over IPv6, your network must have good IPv6 connectivity to Google. Multiple direct interconnections are preferred, but a direct peering with multiple backup routes through transit or multiple reliable transit connections may be acceptable. Your network must provide and support production-quality IPv6 networking and provide access to a substantial number of IPv6 users. Additionally, because IPv6 problems with users' connections can cause users to become unable to access Google if Google over IPv6 is enabled, we expect you to troubleshoot any IPv6 connection problems that arise in your or your users' networks.

Simply said, some networks may have borked IPv6 which would mean that users will be unable to access Google. I can understand that they're doing this before rolling it out to everyone. Maybe there could be something like OpenDNS for IPv6 so that more advanced users have a choice?

more than 5 years ago
top

Net Shoppers Bullied Into "Verified By Visa" Program

praseodym Re:Utter mess (302 comments)

Paying bills is usually done by wiring money using the bank's online banking interface (or paper) or by automatic billing through the bank account. Credit cards aren't used to pay bills; paying in stores is usually done with debit cards (Maestro) or credit cards (but people rarely use them). The online system is used only to purchase over the web; it's way more popular than credit cards (everybody has a bank account and fees are low). The API system works a bit like PayPal.

more than 6 years ago

Submissions

praseodym hasn't submitted any stories.

Journals

praseodym has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?