Follow Slashdot stories on Twitter


Forgot your password?

+ - The EU proposes all companies share their encryption keys with the government->

Submitted by Anonymous Coward
An anonymous reader writes "Statewatch published a document revealing that Gilles de Kerchove, the EU counter terrorism coordinator, is advising the EU:

... to explore rules obliging internet and telecommunications companies operating in the EU to provide under certain conditions as set out in the relevant national laws and in full compliance with fundamental rights access of the relevant national authorities to communications (i.e. share encryption keys).


Link to Original Source

+ - Oracle Releases Massive Security Update->

Submitted by wiredmikey
wiredmikey (1824622) writes "Oracle has pushed out a massive security update, including critical fixes for Java SE and the Oracle Sun Systems Products Suite. Overall, the update contains nearly 170 new security vulnerability fixes, including 36 for Oracle Fusion Middleware. Twenty-eight of these may be remotely exploitable without authentication and can possibly be exploited over a network without the need for a username and password."
Link to Original Source

+ - How should email change to stop spam? 2

Submitted by Anonymous Coward
An anonymous reader writes "Email has been on the internet for a long time and so has spam. Although anti-spam techniques are not losing the battle, it is not winning either.

Some background terms: Current smtp/email standars are RFC5321 and RFC5322. To avoid spam most people use DNSBLs and URIBLs for checking IP addresses and URLs. And there are some other content checks being done in spam-filters (e.g. by Spamassassin or non-free). Furthermore there are reputation-based systems such as SenderScore. There are some standards to avoid your domains being abused: SPF and DMARC. The large inbox-providers like and Gmail have additional filtering and throttling based on reputation and engagement (= is someone actually reading/clicking your company email).

And then there are some players in the field: ISPs send email for individuals and very small companies. ESPs (e.g. Constant Contact or MailChimp) send email for larger companies. Anti-spam organisations (such as Spamhaus, Spamcop or Sorbs) use spam information to create blocklists. Spamfilter companies (e.g. Proofpoint, Barracuda and SpamExperts) sell you a spamfilter-service and/or device. Furthermore there are a whole slew of email receivers: Large (such as Apple and type) and smaller (companies and ISP/hosting companies). Then there are law-makers and regulatory bodies (who set and maintain laws) and I will include MAAWG here. And to not forget the spammers: Legitimate companies and criminal organisations (who spam for all sorts of reasons: marketing, selling, phishing, scamming, spear-phishing ...). I would define spam as all email that I would not expect to get (no opt-in, too long ago or inappropriate content given the relationship).

So my question is: Current anti-spam methods are not good enough. What should change in email so spam (of all sorts) is more effectivly countered?"

Comment: Re:Not new (Score 1) 145

by CBravo (#48683251) Attached to: Google and Apple Weaseling Out of "Do Not Track"
There could be a P2P-like-sharing of cookies from those sources. Got to watch out for special cases (login stuff or after viewing private content). You could swap out cookies after every page visit (given certain pages).

I am still wondering why my browser would care for cookies from those domains when being on a whole different site. Or limits their lifetimes better (sure google maps can set a cookie when visiting a website, but after closing the page it should be gone).

Comment: Re:"Unconventional research" is fine (Score 1) 139

by CBravo (#48665851) Attached to: Does Journal Peer Review Miss Best and Brightest?
Scientists are not free to follow hunches if they are, in effect, not payed for. Hunches are a hobby in the NL. The effect is that mindnumb people do science here. I was good at hunches.

Your argument about reliability has a place. One should know how reliable it is. But your conclusion that non-proven stuff has no place in the scientific process is invalid imo. Because the scientific process is limited to journals.

Suppose our science is that 'we want to find a place to shop'. Some scientist went out some day and saw on the outskirts of a city, a shop. He now reports on that in a journal but it get rejected. Because he did not prove you could buy something there. For real people it would be silly. But for scientists with their peer reviewed journals it is fine; I would call this both scientific and requiring more research.

I will admit that it would not be easy to do, practically, with the scientific method (using journals) we are using today.

BTW There is another very good reason why creativity is not very high in science: Because it is not taught. The first 4 years of your education you only teach to reproduce (and get up to current knowledge). In that you follow what others have discovered in the past. But you are not taught how to discover the next book. Creativity is very different from learning standard stuff and can be taught (but it also needs time to get better).

Comment: Re:"Unconventional research" is fine (Score 1) 139

by CBravo (#48658443) Attached to: Does Journal Peer Review Miss Best and Brightest?
I disagree.

Your opinion here, because you did not provide proof, should be taken with a few grains of salt. People do all sorts of things that are perfectly valid without proof. Science is not only the stuff that can be proven without a doubt (philosophy as an extreme). How would science ever have evolved without mediocre proof that were later confirmed with strong proof?

Now don't get me wrong. I like proof because it often gives insight and might reject other plausible explanations, etc. And there should be way to describe to what degree a paper is formally proven (i.e. what the risks are when you follow the reasoning in the paper).

But in the evolving state of a field of science, there are 'well-confined' areas that should use more proof and 'new' areas that are hardly explored. Don't confuse the two (both have value). The later does not have definitions yet, does not have methods of describing a method, ... Do not require writing a book for such new areas.

Your kind of opinion got me out of science. Creativity has no place there at this moment in time.

Comment: Re:There is a reason for this! (Score 1) 317

by CBravo (#48562213) Attached to: Ask Slashdot: Are Any Certifications Worth Going For?
We are a service provider and therefore create our own traffic and it is not extremely timing sensitive. We do monitor download times and they are always in acceptable limits (i.e. fast). The ports of our data centres are also monitored and spew out exactly our traffic numbers.

The load on our routers and the memory use is extremely low. They have been tested to see what happens under certain conditions. Vyatta takes a little memory per connection and we have seen a DDoS killing us because there was no more memory (when we had a low end machine do the work: Dell 1850, 2GB) and we upgraded the machine at that point to rediculous standards. But I will say that there certainly is a place for specialized equipment.

A complex system that works is invariably found to have evolved from a simple system that works.