Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Congress Suggests Moat, Electronic Fence To Protect White House

userw014 Think of the children (a Darwinian Solution) (211 comments)

There's already toddlers squeezing through the fence ... perhaps Rep. Gohmert's intent is "cull the herd" by having a moat.

3 days ago
top

Launching 2015: a New Certificate Authority To Encrypt the Entire Web

userw014 Re:Why do this (free, easy SSL certificates)? (202 comments)

  • (A) Nearly worthless because a lot of the advice given out to "civilians" is that "https" can be trusted, "look for the lock", etc. More subtle advice (like check the URL, don't mistake "1" for "l" or "0" for "O", etc) are advanced techniques (at least for too many civilians.) Charging for SSL certificates - and the turnaround time it takes to issue them, install them, etc. meant that a certain class of quick-and-fast scams weren't practical. Cheap, fast, easy to install SSL certificates make this easier, thereby making the "https" indicator less valuable. (In short, use of "https" to "trust" a site is a gross mistake - but a mistake IT people have been advising civilians to do.)
  • (C) I'm not a security researcher, I know a little about running a CA. A faked up CA isn't going to help someone trying to figure out what an App is trying to send over a SSL session, unless they're somehow able to replace the certificate and key in the App. Of course, a web app isn't going to have a certificate and key - but a smartphone/tablet app might.
  • (i) On this, I think you're arguing that the CA system is even more broken than I am. I won't protest that.
  • (ii) I'm not going to cry - but if there's enough money involved, Congress will do something stupid.
  • (iii) I'm talking about "Extended Validation" certificates - which were an enhancement (via. another X.509 attribute) that suggested that the issuing CA did some due diligence (other than verifying that a credit card accepted a charge.) Whether the CA actually followed the guidelines is another matter. Is there a way for an outsider to audit this 'Extended Validation' for a particular Certificate? Without that, "Extended Validation" is just a way for CAs to charge more money.

Apps

3 days ago
top

Launching 2015: a New Certificate Authority To Encrypt the Entire Web

userw014 Why do this (free, easy SSL certificates)? (202 comments)

Why do this?
So that:

  • (1) App developers get used to designing and testing with https/SSL instead of gluing it in at the last minute AND GETTING IT WRONG
  • (2) to encourage encryption and privacy, and to make the use of https/SSL less likely to distinguish between valuable communication and noise

Why not do this?
Because it:

  • (A) makes the value of the https signifier on a URL / browser bar nearly worthless
  • (B) will encourage App developers to send even more information to poorly secured servers
  • (C) prevent researchers from determining what privacy-violating information an App is sending

What might happen because of this?
It will:

  • (i) break the already weak link between certificates and the organizations they represent.
  • (ii) kill the business model of the certificate authorities
  • (iii) result in another somewhat meaningless revision of the "verified" certificate

Overall, it might work out well - but I doubt that App developers are going to bother so the major good reason will be ignored. App developers will STILL get it wrong, and even if they do set up https, that'll just encourage them to pass even more sensitive information to poorly secured APIs.

4 days ago
top

Launching 2015: a New Certificate Authority To Encrypt the Entire Web

userw014 Re:quick question (202 comments)

...

What might have been better is early on, have Web browsers accept self-signed SSL certs, and show some grey icon for that....

Web Browsers DID used to accept self-signed certificates (and certificates signed without a known CA - or cert-chain.) People just clicked through and accepted them willy-nilly. That was a poor security model. Although the existing security model of having a swamp of independent Root Certificate Authorities (per browser) is not too great either, but at some point you have to establish whom to trust - and for most of us, it's the browser vendor. (Some of us prune the Certificate Authority list and distribute the new list with software imaging technologies....)

4 days ago
top

I'm most interested in robots that will...

userw014 Re:It's the *most* part that gets me... (306 comments)

So, a coffee maker is a robot? A rice cooker is a robot? Your definition would make "robot" synonymous with any kind of automation - or even a non-automated tool like a wheel barrow.

5 days ago
top

Facebook Planning Office Version To Rival LinkedIn, Google

userw014 Who uses LinkedIn? (91 comments)

I've yet to see the usefulness of LinkedIn and I've maintained a profile since 2008. It seems to be a place where people set up a profile when they're looking for a job, but I've yet to notice anyone actually find a job through it. It seems to survive only because it has (somehow) tagged itself as the "business" or "professional" networking site, something that it fails to deliver.

What it does deliver - with some regularity - is compromised services. LinkedIn is the poster-child for why you should NEVER reuse passwords.

5 days ago
top

I'm most interested in robots that will...

userw014 It's the *most* part that gets me... (306 comments)

This was a hard question because I had to think about just what a robot was. I thought to work out by definition by example - for instance, a dish washer (or clothes washer or dryer) wasn't a robot. An elevator wasn't a robot. I'm really not sure if a self-driving car is going to qualify as a robot.

Google didn't help. Most of the robot definitions I could find there were either anthropomorphic (requiring a human-like body shape), or were nebulously described in terms of being "programmable for complex tasks". "complex" seems like a moving target to me.

For now, the idea that a robot is something that can carry out actions in a place unreachable, unsuitable, or unsafe for people seems like my best definition, That covers space probes, sewer & pipe crawlers, and even fighting robots (after all, what human would want to be in the mechanical death-pit with those rolling buzz-saws.) It even covers various industrial robots.

But that still didn't really help me pick an answer, so I decided to choose from the alternatives the one that would be most appealing as click-bait.

about a week ago
top

AT&T To "Pause" Gigabit Internet Rollout Until Net Neutrality Is Settled

userw014 Where's AT&T's competition? (306 comments)

AT&T's competition is Comcast/TWC - which are distracted by a touchy-feelie orgy of merging. The Comcast/TWC merger involves the combined entity throwing off certain customers (like the entire state of Michigan), either to a minor competitor or to a made up placeholder company (Greatland Communications) which will outsource all of it's operations. Comcast/TWC isn't going to be competing with anyone while it's either planning for the orgy, or deeply engrossed in it. It'll probably be two years (or more) before AT&T needs to compete again.

This is just an excuse to lay back and collect rent on grossly substandard service. The ISP equivalent of an absentee landlord for properties in a poverty stricken slum.

about two weeks ago
top

Amazon Goes After Oracle (Again) With New Aurora Database

userw014 Re:What's the Difference? (102 comments)

There's also differences in administrative properties - such as access rights, how different users & schemas might interact, how database backups, replication, fail-over, mirroring, etc. all work. There's also subtle differences in some data types - such as what kind of date or time types are available, whether geographical information system (GIS) data types are available - and how much they might cost, etc. With older versions of MySql (5.1), you can have trouble joining the same table multiple times - unless you create a view on the multiple tables. I'm not sure if that's been fixed in the modern variations of MySql.

Like other's have remarked, if your database needs are modest then you can likely use most any database. It's when you have high reliability, high volume needs that you start designing things that tie you to a particular database system.

SQL is a "standard" much like "romance languages" is a standard...

about two weeks ago
top

US School Installs 'Shooter Detection' System

userw014 $20K to $100K - for when police arrive? (693 comments)

Aren't most (if not all) "active shooter" type incidents of the sort that end long before the police have a time to show up?
Even if there are police officers on site, are there going to be enough officers to go after a shooter?

about two weeks ago
top

Zuckerberg: Most of Facebook Will Be Video Within Five Years

userw014 Re:Video isn't hard now (206 comments)

I wonder what his reasoning could possibly be. Well, he's been right so far, and made millions, betting on people's unbridled narcissism. "Oh, cool, now people don't have to settle just words describing me eating what I had for lunch today, now they can see me doing it!" He probably knows his customers... er... sales leads... better than we do. The fact it runs counter to all of human history in recognizing that summarizing text is more efficient at information-transfer than sitting through the entire event is... oh, information--this is Facebook. Never mind.

Or he's trying to get his competitors to commit to something he knows will fail.

about two weeks ago
top

Zuckerberg: Most of Facebook Will Be Video Within Five Years

userw014 Video Facebook? An opportunity for someone else! (206 comments)

Zuckerberg/Facebook thinks we're going to have "conversations" with video snippets? As it is, I hate most professionally produced instructional videos. In fact, advertising videos have created an enormous hurdle for ANY videos in the internet these days to overcome. (For instance, YouTube used to be fun to explore - but now the advertising on it discourages me from visiting it except for channels I'm already familiar with.)

If Facebook becomes just a way to deliver video, that will exterminate the "social" part of the social network (cue in Dalek's nasal "Exterminate!" cry here.)

It's one thing for the neolithic savages to herd the mastodon herd over the cliff to their deaths. Zuckerberg is offering to run off the edge without being goaded.

about two weeks ago
top

Study: There's a Wi-Fi Hotspot For Every 150 People In the World

userw014 iPass marketing (63 comments)

The BBC took a bit of iPass marketing and is passing it off as news.

More than a decade ago, I worked for an ISP that worked to integrate it's dialup internet service with iPass so that our clients could roam and get better service than the old Sprint/GTE Telnet dialup/dumb terminal service offered. iPass was then in the business of coordinating service providers to share with each other - and it still seems to be in the same business, but with WiFi hotspots instead of modems and phone lines.

about three weeks ago
top

Apple Pay Competitor CurrentC Breached

userw014 Re:Competition (265 comments)

CurrentC is going to cost someone something in order to run. That'll be the "CurrentC tax" then.

It'll have the advantage over credit cards of not needing to distribute physical objects to the sheeple end-users. It might use generic USB web-cams for scanning the codes - and I'm not sure what the security implications of that are. It might be cheaper to run - but I don't think the end-users will ever be customers of CurrentC in the same way we are of credit cards. After all, we DO pay credit card companies interest, etc, but I don't see CurrentC wanting anything like a legally protected customer relationship with end-users. It's expensive!

about three weeks ago
top

Largest Sunspot In a Quarter Century Spews Flares

userw014 Re:Quarter Century (46 comments)

Because it implies a range. A "about a quarter century" is (approximately) 25 years +/- 12.5 years (12.5 years to 37.5 years). Whereas 25 years is (approximately) 300 months +/- 6 months.

Or just because. Poetic license.

Remember not to ever split your infinitives.

about three weeks ago
top

Debate Over Systemd Exposes the Two Factions Tugging At Modern-day Linux

userw014 Re:Are you sure? (863 comments)

While I think FreeBSD's rcorder init script mechanism is a lot better than the classic rc/run-level mechanism, it's STILL different enough. (And there are bugs in the rcorder program that can cause it to crash and may cause it to behave unexpected ordering issues when new services are added or old ones removed.)

about three weeks ago
top

FTDI Removes Driver From Windows Update That Bricked Cloned Chips

userw014 An end-user's advice to hardware developers (572 comments)

As a potential end-user (i.e.: I bought an Arduino to explore a hobby, and own a device with an embedded Ardino), I would point out that FTDI's statement isn't an apology but an excuse for their behavior:

As you are probably aware, the semiconductor industry is increasingly blighted by the issue of counterfeit chips and all semiconductor vendors are taking measures to protect their IP and the investment they make in developing innovative new technology. FTDI will continue to follow an active approach to deterring the counterfeiting of our devices, in order to ensure that our customers receive genuine FTDI product. Though our intentions were honourable, we acknowledge that our recent driver update has caused concern amongst our genuine customer base. I assure you, we value our customers highly and do not in any way wish to cause distress to them.

As such, if you specify FTDI products but your supply chain can't guarantee or hasn't guaranteed genuine FTDI products, or has specified or equivalent products, you're still vulnerable to their drivers suddenly causing your products to fail. You're customers won't love you for that! You still have every reason to evade FTDI at this point as they're still threatening an existing product base.

As an end-user, the issue of counterfeit chips doesn't rise to the level of probably aware.

This perspective is not terribly fair to FTDI's product line being subverted by counterfeits, or the general problem of counterfeit devices. All I can suggest is some form of planned obsolescence implemented by FTDI's drivers (which is just a fig-leaf of protection from irritated end-users.)

about a month ago
top

PETA Is Not Happy That Google Used a Camel To Get a Desert "StreetView"

userw014 No link to PETA, PETA has no article (367 comments)

The original article doesn't link to any kind of article on PETA's web site. In fact, the only reference I can find to this issue is from Mr. Clint Davis of Scripps.

This is clearly troll-bait for people unhappy with PETA, whether PETA is engaging in a coverup of sorts, or Mr. Clint Davis has falsely attributed a quote to Ms. Newkirk.

about a month ago
top

US Says It Can Hack Foreign Servers Without Warrants

userw014 I am REALLY not a lawyer - but ... (335 comments)

Within the US, doesn't a warrant do two things?

  • (1) Satisfy the Constitutional requirement about unreasonable search and seizure, allowing any evidence gained to be used for prosecution.
  • (2) Turn theft or burglary into a legally approved action.

Presumeably, if the FBI has no intent of prosecuting the people involved, (1) is irrelevant. And (2) is only an issue if there are extradition treaties with the foreign country whereby the FBI officers and management involved could be hauled off to some gulag somewhere. Whether the State Department wants to avoid a diplomatic dust-up is another matter.

This assumes that you can put morals and ethics completely aside.

about a month and a half ago

Submissions

userw014 hasn't submitted any stories.

Journals

userw014 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?