×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Investigation: Apple Failing To Protect Chinese Factory Workers

thegarbz Re:What about other manufacturers? (114 comments)

but what about contract workers in similar factories who make phones for Samsung, Huawei, Microsoft (that still feels weird to write) and newcomers like OnePlus? I suspect that conditions are worse, simply because there is less external oversight.

It's irrelevant what the conditions on those other products are because the companies haven't shouted from the roof tops how much they are doing to prevent the situation and don't have a wanky, shiny, HTML5 advertisement page linked prominently on their corporate homepage talking about how much awesome their supplier responsibility is than everyone else.

Apple isn't being held to a higher generic standard. They are being held to their own standard.

1 hour ago
top

Google Proposes To Warn People About Non-SSL Web Sites

thegarbz Re:503 (346 comments)

I don't think I've entered either of those things in the last 10 years. Heck they aren't even shown on my URL at the moment.

Being not trustworthy and not necessarily secure from everyone is still a damn site more secure than shouting in a crowded theater.
Then you can consider repeat presentation of the same credentials. Going to the same self-signed website twice and being presented with the same certificate is at least an indication I was talking to the same person as before.
Then you can consider notoriety. If I see the same credentials right now as someone in Germany and someone in China, I can at least be partially sure that my end of the system hasn't been compromised.

Security is not black and white, regardless of how many people treat it as such. Do you also consider having a front door with a door lock any better than just having a hole in the wall open to the road? Or do you suggest we all stick with a simple hole in the wall until we can be bothered to install automated defense turrets outside of a metal dome that we put over our homes?

yesterday
top

Google Proposes To Warn People About Non-SSL Web Sites

thegarbz Re:Stupid (346 comments)

As opposed to white which communicates no information at all?

The point is plain text connections do nothing. The user is quite at ease with this and they shouldn't be. Especially not when there's a text box like this one available for them to type their opinions in to.

yesterday
top

Google Proposes To Warn People About Non-SSL Web Sites

thegarbz Re:Stupid (346 comments)

What you read is enough to get you persecuted by many governments these days.

yesterday
top

Google Proposes To Warn People About Non-SSL Web Sites

thegarbz Re:Bad for small business owners (346 comments)

The IP tells you very little these days. Even right now we are talking to a server with the same IP address. None the less every time we visit the page we will see something different and say something different. Even if the hosted content is the same what you see and what I see are likely still different due to personalized settings.

Much of the internet is like that. URLs are not named www.thediffinitiveguidetobombmaking.com/howtokillthepresident.html It's more likely to be somethingillegible.blogspot.com/randomnumbers/morenumbers/gibberish=?morerandomcrap. Even then using TLS the only thing that is visible is the initial connection to blogspot.

As for renewals, I don't remember any renewals. People remind me. My DNS host sends me an email when it's about to expire, my domain provider does the same, and I'm willing to bet you a Marsbar that an SSL cert provider who likes getting paid will also send you reminders. I do the self-signed thing which is also dead easy to remember since I last signed it on the 1st of July and thus lines up nicely with end of financial year reporting. Being able to remember to do something is a poor excuse. Being too difficult or too expensive however is quite legitimate.

yesterday
top

Google Proposes To Warn People About Non-SSL Web Sites

thegarbz Re:Bad for small business owners (346 comments)

You're assuming https used to serve up static data.

Much of the web is no longer static data. Kind of like Slashdot. Next time I visit here I will get something different. You as WaffleMonster will likely see something different to me as thegarbz right now because of how the system is setup.

My fertilizer page may be 14673 bytes long. But does your fancy ability to type in the same URL tell you if I had 1 bag or 100 bags in my shopping cart when I checked out?

It may seem insignificant, it may be perfectly innocent, but none the less enough to get you put on a three-letter-agency watch list.

yesterday
top

Backblaze's 6 TB Hard Drive Face-Off

thegarbz Re:Meaningless (165 comments)

"NAS with 1 to 5 disks" is not an environmental spec.

The number of discs does not relate to the vibration or heat or any other factors. Those can only be measured directly. Now if WD specified that drives should not be placed in an environment where they will be subjected to x um vibration measured to some ISO standard then I would be right there with you.

How do 1-5 disks compare to a computer with 5 poorly balanced fans?
How do 1-5 disks compare to a single metal enclosure direct mounted, vs disks mounted via rubber grommets?
finally:
How do 1-5 disks placed horizontally next to each other or double stacked compared to drives mounted vertically and held in place with an anti-vibration sleeve such as the one used by Backblaze which they posted gave them a measurable performance improvement?

Even some braindead lawyer could point out the difference between a direct measurable specification and the completely subjective "NAS with 1-5 disks"
And as a side note Backblaze see no reliability differences between their consumer and enterprise grade drives, of which they have several thousand.

yesterday
top

Over 9,000 PCs In Australia Infected By TorrentLocker Ransomware

thegarbz Re:How? (78 comments)

You don't need to hide the .exe extension. People will click on it anyway if they believe they have something to gain or something to lose.

yesterday
top

Google Proposes To Warn People About Non-SSL Web Sites

thegarbz Re:Bad for small business owners (346 comments)

There are many people like me, who put up a web site just for promoting their business. It doesn't make sense to encrypt this info, at all. It doesn't make sense to downgrade ranking for that reason. Very bad move by Google.

Doesn't it make sense? What makes you so sure? Do you run a gardening shop? How do you know your customers aren't being watched for fertilizer references? Maybe you sell some memorabilia or trinkets with a war or political relevance? God forbid you actually sell stuff that can be used to make firearms.

Your problems are problems, there are no doubts about that. However your problems are related to the current implementation of the technology. Personally I found it quite easy to setup SSL on my website. I found it hard to generate a certificate, and I am dismayed at the cost of a real certificate that supports wildcards and the fact that my self signed certificate creates an error for me when I log-in to see the latest and greatest information about nigerian princes and viagra. But these problems are everything to do with implementation of the technology and not to do with what Google is doing.

Anything that drives greater privacy for people who in the current climate should expect their governments to be watching their very moves is a good idea.
The cost of implementation needs to be addressed too, but lets get an interest in first.

yesterday
top

Google Proposes To Warn People About Non-SSL Web Sites

thegarbz Re:Including Slashdot? (346 comments)

This!

I've seen the GP's comments a few times today. Why would you encrypt Slashdot. But really is it up to you to decide what needs to be encrypted for your users? People are being persecuted for opinions and leaks, for anonymous postings, for visiting certain websites; people are having their movements logged for something as simple as which fertilizer they research, or god forbid you access a website which doesn't align politically with someone who has power over you.

It's not up to you to decide what your users are afraid of.

yesterday
top

Google Proposes To Warn People About Non-SSL Web Sites

thegarbz Re:Not a bad idea. (346 comments)

"locked green padlock = good, unlocked yellow/red padlock = how bad do you want your pron?".

And yet that's not how any browser works so users are right to be confused.

yesterday
top

Google Proposes To Warn People About Non-SSL Web Sites

thegarbz Re:The major downside to this.. (346 comments)

Yep, the solution is clearly to use plaintext for everything.

I understand what you mean but we should be risk grading ALL browsing. Not just bringing up warnings for encrypted content which is not perfectly signed by some money grabbing authority.

yesterday
top

Google Proposes To Warn People About Non-SSL Web Sites

thegarbz Re:Stupid (346 comments)

The financial cost of getting a certificate is essentially negligible.

Yep, and their free or cheap certificates don't allow wildcards.

yesterday
top

Google Proposes To Warn People About Non-SSL Web Sites

thegarbz Re:Stupid (346 comments)

Answer: So that when someone browses to your URL they don't get malware injected into their browser by a MITM.

I fully agree. So why isn't every website I browse in plaintext presented with a gigantic red warning page which requires 3 clicks to get through?

I think plaintext websites should have a red warning.
Self-signed websites but encrypted should be orange.
Fully encrypted and verified should be green.

yesterday
top

Google Proposes To Warn People About Non-SSL Web Sites

thegarbz Re:Stupid (346 comments)

But throwing a warning up is going to cause fear, uncertainty and doubt.

People should live with a bit more of all three.

Personally I think the colour scheme is simply wrong. Rather than White for plain, Red for SSL with some minor error (self signed cert), and green for proper encryption, why not go red for unencrypted, orange for encryption with problems, and green for encrypted and verified?

yesterday
top

Google Proposes To Warn People About Non-SSL Web Sites

thegarbz Re:So perhaps /. will finally fix its shit (346 comments)

Really Why? what content on Slashdot justify's the need for encrypted content?

Content coming from Slashdot? Very little. It's a public website that is served in a similar way to everyone. But what about content going to Slashdot?

We are living in a world where the west is increasingly persecuting people for ideas. People are being charged over opinions, leakers of information are being persecuted as enemies of the state, and I'm wondering just how many people are logging what it is I said right here right now.

Delivery of open content shouldn't be encrypted unless it's sensitive. That should be optional to the user as well. What is sensitive? That I am browsing an online gun store in a country where firearms are illegal? That I can't look up information about fertilizer online without ending up on some blacklist?

At the very least we should have an option for SSL on any transaction that involves posting information or using credentials. More so for anonymous postings. The option should be there for private browsing as well.

yesterday
top

Google Proposes To Warn People About Non-SSL Web Sites

thegarbz Re:503 (346 comments)

Not overreacting, but not thinking rationally here either. Google may be going too far alone, but they are definitely not going too fast.

It has bugged me for years that unencrypted plain text data is given a pass, but a self-signed certificate with encryption brings up a warning that requires multiple clicks and in some cases even importing a certificate to get through.

Google have been quite pushy, but with interesting result. The world hasn't blindly bowed down to them but rather increased the speed at which they have solved other long standing problems which were getting no interest. I'm hoping the same thing will happen here, that one company doing something different may spur people into fixing what I believe is a horrendously broken approach to security.

yesterday
top

Backblaze's 6 TB Hard Drive Face-Off

thegarbz Re:Man, am I old ... (165 comments)

Taking that many pictures of "life" events, unless you're a photographer professionally, is completely void of meaning. The problem is, if your too busy taking pictures, you are NOT participating. Personally, I take a few pictures, to remind me, and then participate, which provides me with way more satisfaction than if I were sitting on the sidelines snapping hundreds of photos.

As is drawing conclusions based on no actual use data. Do you climb into the cage with the lions and participate? Or take photos of them? Do you take photos of a sleeping baby, or go and poke it awake so it can cry in your face?

Participation has it's place. Many of the places I take my camera do not require, warrant, or even allow participation.

yesterday
top

Backblaze's 6 TB Hard Drive Face-Off

thegarbz Re:Meaningless (165 comments)

I would personally like to see Western Digital sue Backblaze claiming that the WD Red drives specifically designed for NAS are not being used in their intended environment.

As for the criticism, I don't think there's such a thing as an intended environment for a HDD other than ruggedly mobile or stationary. I'm typing this from a laptop right now. Who is a harddrive vendor to say the level of vibration, temperature or movement my laptop experiences? At the same time I want those vendors to come out and tell me how their harddrives are not sitting in their "intended environment" when they are in a fixed rack serving up data, being kept in stable environmental conditions.

Personally I think the criticism is bullshit.

yesterday
top

Backblaze's 6 TB Hard Drive Face-Off

thegarbz Re:Meaningless? (165 comments)

As much as I like to bash Seagate due to their crappy reliability in my personal experience, TFA states that there were no issues identified in the SMART data between the 6TB drives. One of the metrics they use to determine reliability is SMART 5 Reallocated Sector Count.

Either Seagate's stats are lying or the drive isn't having a problem with failed writes.

But I'm overthinking this. Maybe they are slow because they are just crap.

yesterday

Submissions

thegarbz hasn't submitted any stories.

Journals

thegarbz has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?