Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment: Re:Stupid (Score 1) 394

by ArsenneLupin (#48634549) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

Huh. I didn't know that, as I only have ever done the individual verification. It's not uncommon for someone to wear many hats (i.e., to be affiliated with several organizations). It'd certainly be nice if their system allowed for a single individual account to switch between different "identities", so that one could issue certs for themselves or any number of organizations with which they're affiliated and which they've validated with StartSSL.

Indeed...

Have you suggested such an improvement to them?

Yes, of course. They wouldn't budge. Their suggestion: just use the "free" plan instead, there you can wear as many hats as you like (which I did... after this incident they never saw another cent from me). Weird way of promoting your business...

And that's another issue: they don't take any suggestions! For example: some (all?) of their automated mails are formatted as a single long line. I suggested to them that general usage is to stay below 78 characters per line. Should be easy to fix, as they probably use some kind of .txt template, where they could just insert a couple of breaks. Answer: well, at least our mails don't contain a virus (or something equally silly). Hey that's great! But it would be even nicer if the lines were shorter as well. A year afterwards, the issue was still not fixed.

Technically, yes, but policy-wise, no: Class 1 certs are not intended for commercial use.

Well, it's not commercial use, it's for several non-profits and one political party.

As you suspected, the $9 offering from PositiveSSL is for a single, non-wildcard, non-SAN certificate.

Yeah, that's the kind of certificate that you can for free from StartSSL (class 1)

NameCheap also sells Comodo PositiveSSL multi-domain certs [namecheap.com] for $30/year for up to 100 domains, which is quite a reasonable price.

Yeah, that would be reasonable. Can these domains be wildcard, or does each domain only have a single host?

Wildcard certs are also available [namecheap.com], with Comodo wildcards costing $94/year.

Interesting...

Comment: Re:Home of the brave? (Score 1) 586

by ArsenneLupin (#48623959) Attached to: Top Five Theaters Won't Show "The Interview" Sony Cancels Release
... or maybe the theater owners (and Sony) do not actually believe the threats, but instead fear that many spectators might believe those threats, and performance on opening might be very lackluster... Better cancel it all along, and do it 2 weeks later when there are (hopefully...) no new threats.

Comment: Re:Malware (Score 1) 394

by ArsenneLupin (#48623889) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

I see the value of the proposal: it is easy to inject malware inside a HTTP stream.

Only when the attacker is sitting on the path from the browser to the server. Not when listening in on the side-lines.

... and sitting on the path is the exact definition of man-in-the-middle, which allows to take advantage of poor certificates. And how many people properly understand certificates?

However, with only 33% of the sites that are SSL enabled, they are just going to show warnings everywhere, and users will quickly learn to ignore them.

Exactly. And once users are trained to ignore warnings, they will ignore them too if they are about bad certificates, so nothing is gained (see above).

Comment: Re:Stupid (Score 1) 394

by ArsenneLupin (#48623873) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

StartSSL offers completely free-of-cost certificates that are widely recognized by browsers to individuals and non-commercial sites. $60/year gets you an ID-verified account and the ability to offer unlimited certificates (they only charge for the validation, certificates are free). A second $60 ($120 total) gets your organization verified, again with the ability to issue unlimited certs.

And if you do pay the $60, you can only manage a single legal entity. Which means, if you are the certificate manager of some organization, you can either get certificates in the name of that organizationation (after completing the paperwork and paying the additional $60), or for your own private sites, but not for both at once. Yes, after completing the paperwork for getting certificates for your organization, you lose the right to get certificates for yourself. Crazy, but true!

Oddly enough, if you don't pay anything at all ("class 1 certificates"), you can get certificates for several associations and yourself at once. Of course, then you can't get wildcards or SAN certificates, so you are forced to use SNI (more hassle to set up, and might not work with exotic browsers).

If, for some reason, that's not satisfactory, Comodo resellers like NameCheap offer PositiveSSL certs for less than $9/year. That's less than a beer at the local bar.

Wow, a place where beer is even more expensive than here in Luxembourg! But seriously, I guess the $9/year is for plain certificates, no wildcard and non SAN? In that case it would compete with StartSSL's free offering, rather than their $60 plan. If it actually does include wildcard certificates, I would be interested in details.

Comment: Re:Dear Sony, I am delighted! (Score 1) 155

by ArsenneLupin (#48458553) Attached to: Sony Pictures Computer Sytems Shut Down After Ransomware Hack

every officer of the company needs to do the honorable thing and leave the company, leave the industry, and get a job more suited to their ethical and strategic skill set. Like flipping burgers, or arranging the sushi on the platter.

Are you sure these are appropriate jobs for Sonyscum? Personally, I wouldn't want to eat burgers laced with exlax, or sushi caught from the waters next to Fukushima...

Comment: Re:Fix a thumbdrive virus by doing WHAT??? (Score 1) 561

by ArsenneLupin (#48428021) Attached to: "Barbie: I Can Be a Computer Engineer" Pulled From Amazon

The suggestion in the book that it would be appropriate to plug a known-virus-infected USB thumbdrive into another computer in order to fix it seems totally crazy to me. Even if the second computer does have better security there's no guarantee the virus isn't a new one that hasn't made it into virus checker recognition databases yet...

Yeah, but you forgot an important detail... The suggestion was not just to plug it in to another computer, but to plug it into another computer that isn't yours. In case it does becomes infected, you just sneak away, and pretend that nothing happened...

But only if you're a boy. If you're a girl, you just keep sitting next to it and weep...

Comment: Re:They WILL FIght Back (Score 1) 516

by ArsenneLupin (#48418763) Attached to: Rooftop Solar Could Reach Price Parity In the US By 2016

Everybody knows wind turbines are eye sores.

They obscure all the lovely smoke stacks.

A couple of years back, the French complained that a new wind turbine field in Germany was spoiling the nice scenic view of the Chateau de Malbrouck (located just opposite the German-French border from that infamous field).

Unfortunately, they conveniently completely forgot what the Germans see when they look at the Chateau de Malbrouck

Comment: Re:What the hell (Score 1) 168

by ArsenneLupin (#48316585) Attached to: Ask Slashdot: Single Sign-On To Link Google Apps and Active Directory?

If you are turning north from I-10 onto I-65, or if you are on I-65 and turning east or west onto I=10, you have already failed at taking the quickest was from anywhere to anywhere else.

Just looking at a map, while coming from North I-65 and going east on I-10 looks kinda nonsensical, going west doesn't look so bizarre. You'd use that connection when going from Montgomery to New Orleans, wouldn't you?

Or is that just a general comment that those roads tend to be congested, and are never the quickest way (no matter which way you turn?)

The biggest difference between time and space is that you can't reuse time. -- Merrick Furst

Working...