Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: This is creepy! (Score 3, Interesting) 100

by Aethedor (#49118445) Attached to: Police Use DNA To Generate a Suspect's Face

Why is privacy so important? Because you don't know what creepy things governments will do with it in the future. All the condition under which you gave away some of your personal information might not apply in the future. And getting your information back at that time will very likely be no option.

What if your face ends up with this new creepy technology. How can you even possibly defend your self against it? Some, for normal people, impossible to comprehent scientific research apoints you as a suspect. What can you do? This is creepy and scary and not something we should want.

Comment: Not really happy (Score 5, Interesting) 171

by Aethedor (#49079405) Attached to: HTTP/2 Finalized

As the author of an open source webserver, I must say that I'm not really happy with HTTP/2. It adds a lot of extra complexity to the server side of the protocol. And all sorts of ugly and nasty things in HTTP/1 (too much work to go into that right now) have not been fixed.

What I have experienced is that SPDY (and therefor also HTTP/2) will only offer more speed if you are Google or are like Google. Multiplexing doesn't offer that much speed increase as some people would like you to believe. Often, the content of a website is located on multiple systems (pictures, advertisements, etc), which still requires that the browser uses more than one connection, even with HTTP/2. Also, HTTP/1 already allows a browser to send multiple requests without waiting for the response of the previous request. This is called request pipelining, but is turned off by default in most browsers. What I also often see is that a browser makes a first request (often for a CGI script) and the following requests (for the images, JS, CSS, etc) are never made due to browser caching. So, to me HTTP/2 adds a lot of complexity with almost no benefits in return.

Then why do we have HTTP/2? Well, because it's good for Google. They have all the content for their websites on their own servers. Because IETF failed to come up with a HTTP/2 proposal, a commercial company (Google in this case) used that to take control. HTTP/2 is in fact a protocol by Google, for Google.

In my experience, you are far better off with smart caching. With that, you will be able to get far better speed-increase results than HTTP/2 will ever offer. Specially if you use a framework that communicates directly with the webserver about this (like I did with my PHP framework). You will be able to get hundreds to thousands requests per second for a CGI script instead of a few tens of requests. This is a speed increase that HTTP/2 will never offer.

I think this is a failed change to do it right. HTTP is just like SMTP and FTP one of those ancient protocols. In the last 20 years, a lot has changed. HTTP/1 worked fine for those years. But for where the internet is headed, we need something new. Something completely new and not a HTTP/1 patch.

Comment: Re:Obligatory reminder that an alternative exists (Score 1) 97

by Aethedor (#48900613) Attached to: OpenSSL 1.0.2 Released
I've done some statistics analysis on the output of PolarSSL's random generator. Looks good to me. Some while ago, they improved the random generator (now using AES). How long ago did you have problems with PolarSSL's random generator? If it was a long time ago, perhaps look at its current generator. Maybe your issue has been solved.

Comment: Fear (Score 1) 174

And that's how politicians work. Doing everything to avoid being held responsible when a terrorist strikes. And apparently, judges work the same way. Someone I know works very closely with several Dutch ministers and he confirms that decisions are often based on emotion, not on logic and common sense. It is exactly THIS what makes terrorist strikes so dangerous.

Comment: Re:Not the same use cases (Score 1) 245

by Aethedor (#48801409) Attached to: PHP vs. Node.js: the Battle For Developer Mind Share

Symfony, Drupal, Wordpress, nah. They all forgot to include the most important thing in the base: security. Specially Wordpress, look at its spaghetti code and than look at the Banshee PHP framework. If you understand what that framework does for security, you'll never dare to run Wordpress or the other junk frameworks again.

Comment: By Google, for Google (Score 1) 161

by Aethedor (#48774217) Attached to: HTTP/2 - the IETF Is Phoning It In

SPDY is a protocol by Google, for Google. Unless you are doing more or less the same as Google does, SPDY is not very relevant for you. Having multiple HTTP requests via a single connection via multiplexing is only relevant if all website content is located at one and the same server. This is not the case for many websites on the internet. Images, specially for advertisements, are often located at a different webserver. I've read about real live scenario's where SPDY only gave up to 4% speed increase. And for rich websites we already got something called websockets. I've done a lot of experimenting with smart caching, both static and CGI content. Specially with caching CGI output, you can reach a speed increase that no new protocol can ever achieve.

IETF only took SPDY as a base for HTTP/2.0 because they failed to do the job themselves. I personally don't have much faith in HTTP/2.0. Not that I think it will cripple the internet, but it will not bring an improvement to the internet that will be worth all the effort of implementing this new protocol.

Comment: Re:Real terrorist threat level (Score 1) 91

by Aethedor (#48651489) Attached to: Major Security Vulnerabilities Uncovered At Frankfurt Airport

Bingo! Image you were a terrorist, angry and filled with hate. What would you do? Hijack an airplane, place a bomb in a crowded train station or empty a gun in a supermarket? I'm sure it won't be the airplane hijacking, because that's just too much trouble. To see what threat level a country really has, don't look at the typical place the government is focusing on. Be creative, think like a terrorist and look for the weak spots. You'll find that from a technical point of few, it's very easy to commit a terrorist attack.

What makes it hard to do: find an idiot willing to sacrifice their own life for it. Yes, the middle east seems to be full of them. But you should know most people in terrorist organisations only joined them because them wanted to belong somewhere. No one wants to be alone. When family members joined the group, telling you all sorts of (false) stories about how great it is and how bad the other side is, it's hard not to go along. But that doesn't automatically make them people we should fear. Going with the flow is easier than doing something on your own. Fighting along side your fellows is easier than going to a foreign country on your own to commit a terrorist attack. Because that means you have to make decisions of your own, making up your own mind about it all instead of blindly following some leader.

Yes, I'm sure there will still be a few people actually traveling to another country and actually commit a terrorist attack. But how much damage can one person do? If he's successful he'll maybe kill ten people. How much of a threat is that? In the days after, more people are killed but other means but we don't speak of them. We're all used to those threats, they're part of our life. What makes a terrorist attack threatening, is that it's new to most people and we allow the media to blow it up to huge proportions. We believe every bit of fear the media spreads and we want them to spread fear, because that feels like the most natural response.

The best way to deal with the terrorist threat is to realize that it's very small and to accept that it's there. For most people count, you'll never ever see a terrorist in your whole life and they certainly won't get you killed. And for those few unlucky people who get killed by a terrorist, be lucky that you weren't killed by something as stupid as crashing your own car into a tree.

Comment: Re:You'd think they'd have learned (Score 5, Insightful) 91

by Aethedor (#48651059) Attached to: Major Security Vulnerabilities Uncovered At Frankfurt Airport
Yes, they did. They learned that that was just an incident, that it is impossible to guarantee 100% security, that even if 100% security was possible it would make flying very unpleasant, that you should not give in to terrorist threats and that driving a car is far more dangerous than flying and everybody accepts the risk of traveling by car. The last 25 years proof that they are right.

Comment: Real terrorist threat level (Score 3, Insightful) 91

by Aethedor (#48651043) Attached to: Major Security Vulnerabilities Uncovered At Frankfurt Airport

Given the fact that security at airports is not very good and nothing really bad has happened in the last decade, what does this tell us about the real terrorist threat level in Europe?

Don't let yourself get scared by politicians who rule by using fear. Learn from the hard facts!

Comment: Re:Yes (Score 4, Informative) 238

by Aethedor (#48522979) Attached to: The Cost of the "S" In HTTPS
Caching: You can cache Facebook's images, stylesheets and Javascripts just fine.
Proxying: Not just fine. You need a man-in-the-middle proxy for that and its root certificate installed on every client. Otherwise, it's just routing, not proxying.
Firewalling: Firewalling based on hostname / port, yes. Firewalling based on bad content (malware), no.
Parental control: Same as firewalling. And blocking this kind of content is not only done by IP address, but often also by words in the hostname. This cannot be done when you can't read the hostname in the HTTP request.

"Most of us, when all is said and done, like what we like and make up reasons for it afterwards." -- Soren F. Petersen