Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment: Re:Bad for small business owners (Score 1) 391

by DavidRawling (#48632077) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

Buddy, you can get a certificate for less than FIVE US dollars per year. Is that too much for you?

Actually yes, frankly it is. Because according to Google's overpaid, brain-dead Chrome developers, I need one for the KVM, one for each of the management cards in the servers, one for each of the appliances I have (from DVRs to firewalls etc), one for each little device with a web server (assuming it even supports writing a certificate to storage, and config for HTTPS), one for each workstation or server with an app or config UI. Quick count for my house alone ... 47 certs excluding the devices that quite literally have NO way to store and use a cert. I simplified too by assuming the devices supporting certs can handle SHA256 (thanks Google for THAT little recent shitfight). And the certs don't support SANs nor do CAs allow local names, so I have to use the correct FQDN all the time now (no more http://dvr/ or typing the IP - now it's https://dvr.private.example.co...). And what have I gained? I've had to spend $230+ and several hours of work to avoid irrelevant anti-sec warnings, on devices no-one can get to except me. It's bulldust.

Comment: Re:So perhaps /. will finally fix its shit (Score 1) 391

by DavidRawling (#48632007) Attached to: Google Proposes To Warn People About Non-SSL Web Sites
And that adequately reflects the rest of the world how? I have customers with multiple 5Mbps connections (literally the best they can get, there IS NO FIBER) at $400/month. They have dozens of users, 10-100MB files to send and receive, every day, and therefore a local caching proxy is the only way they can get any reasonable web access at all. But go on believing the rest of the world is like your little Utopia.

Comment: Re:Does HTTP/SSL force one IP address per www doma (Score 1) 391

by DavidRawling (#48624395) Attached to: Google Proposes To Warn People About Non-SSL Web Sites
No - this problem is solved with SNI (Server Name Indication) which is part of all the current browsers, and has been for a while now. The client tells the server which certificate to return (which hostname it's going to ask for) in plaintext. There's probably a module you need for Apache to support this - IIS finally does it natively, so I'm sure it was already there in Apache/nginx.

Comment: Re:Stupid (Score 1) 391

by DavidRawling (#48624317) Attached to: Google Proposes To Warn People About Non-SSL Web Sites
And forcing SSL does nothing to prevent your employer setting up an SSL proxy with a wildcard certificate, decrypting everything you request, and tracking you anyway. I've set up MITM proxies for companies before, and it's literally 10 minutes of effort in most cases (because the end-users already trust the corporate CA). And if you think the Government can't MITM you as well you haven't been paying attention for the last 12 months.

Comment: Re: So perhaps /. will finally fix its shit (Score 1) 391

by DavidRawling (#48622999) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

OK, Mr AC, care to explain how you plan to cache SSL-encrypted objects? All your caching proxy sees is the "connect me securely to server X" request - after that, it's encrypted and your proxy cannot tell what's being loaded. Worse, since SSL inflates the data sizes of whatever you've requested, your images are up to 50% more data, and your (already compressed with gzip) HTML, CSS, JS etc is the same. So you've added 50% to your traffic for ... potentially nothing.

Seriously, what do you gain (actual, measurable improvements) from switching from http://www.comics.com/garfield... to https://www.comics.com/garfiel...? Nothing but overhead.

And that's leaving aside the fact that SSL no longer guarantees the source server (too many options for MITM server certificate hacks) or security (POODLE etc).

No, make no mistake, this is Google throwing its weight around, screw anybody who doesn't want or need a certificate for their site, or has made a conscious decision NOT to use SSL (not to mention all the corporates with proxies that inspect for malware - now you're mandating SSL MITM by the organisation, or you have a channel for malware into any system).

Comment: Re:I look forward (Score 2) 137

by DavidRawling (#48544831) Attached to: Tesla Wants Texas Auto Sales Regulations Loosened

Actually, I don't know why they don't "acquiesce" somewhat to the demands - and offer to sell to the dealers at the same price as they sell in other states.

When the dealers refuse on the basis they won't be competitive with out-of-state sales, they should surely be able to use that to force the hand of the legislature (by advertising in Texas, with the tag line "Not available in Texas because none of your dealers will sell our cars" or something). Truthful. Pins the "blame" where it belongs (the dealers).

If, OTOH the dealers accept, the customers will demand to know why Texas is 25% more expensive (and Tesla can truthfully say "We sell at the same price to all comers, dealer or private, so any difference is the dealer's margin because your state gov't won't let us sell direct to you".

I'm very interested, with Tesla apparently coming to Oz next year, to see what happens here.

Comment: Re:No one seems to see the real privacy issue (Score 1) 136

by DavidRawling (#48356771) Attached to: Apple Releases iMessage Deregistration Utility
While it's true that it takes months or years for the number to be re-issued, it takes only an hour for it not to be your number any more after you change providers (or, in the US perhaps even area codes?) In Aus we have number portability between the carriers, which is nice when you pay for it - but sometimes you have to change numbers for reasons outside your own control. I trust (from some of the above comments) that this new tool handles what would seem to be a fairly regular occurrence, though the summary suggests otherwise?

Comment: Re:Just like "free" housing solved poverty! (Score 1) 262

by NewYorkCountryLawyer (#48265833) Attached to: Power and Free Broadband To the People

You know that you don't have to just add useless and uninteresting words to something that already had substance, right? At least borrow some quotes from Socrates' Dialogues to spice things up: There is admirable truth in that. That is not to be denied. That appears to be true. All this seems to flow necessarily out of our previous admissions. I think that what you say is entirely true. That, replied Cebes, is quite my notion. To that we are quite agreed. By all means. I entirely agree and go along with you in that. I quite understand you. I shall still say that you are the Daedalus who sets arguments in motion; not I, certainly, but you make them move or go round, for they would never have stirred, as far as I am concerned. If you're going to say _nothing_, at least be interesting about it, post anonymously, or risk looking more clueless / foolish. This is why the moderation system is in place, and mods typically don't listen to inanities like "Well said" when deciding on what to spend their points.

1. I'm too busy to sit around thinking up additional words to throw in so I can score "mod" points

2. The people I like on Slashdot are too busy to read a bunch of additional words I only threw in so I can score "mod" points

3. It's not in my nature to waste words, or to waste time

Comment: Re:Great. (Score 1) 262

by NewYorkCountryLawyer (#48265487) Attached to: Power and Free Broadband To the People

If other posts here on Slashdot are any indication, "Mr. Councilman" is just as likely to lose political points by supporting the poor.

Actually this particular councilman represents an extremely high-rent district--Manhattan's upper east side. I doubt there are many wealthier neighborhoods in the world. He's not doing this to 'score points', he's doing it to do the right thing.

Comment: Re:Just like "free" housing solved poverty! (Score 3, Insightful) 262

by NewYorkCountryLawyer (#48264991) Attached to: Power and Free Broadband To the People

It is my opinion that poverty is partially systemic. Our economic system depends on there being a pool of available workers (unemployed and underemployed). So as long as there is capitalism and a functioning free market, there will always be poor people. That being the case, we have a responsibility to make sure the basic needs of everyone are met. Increasingly in order to succeed in school and in life, Internet access isn't really a luxury.

Well said

Comment: Re:Just like "free" housing solved poverty! (Score 1) 262

by NewYorkCountryLawyer (#48264925) Attached to: Power and Free Broadband To the People

shutup. just shut the fuck up. you neither know you are talking about, nor have any valid point to make. its not about solving the digital divide any more than the housing thing is about solving poverty. its been widely and clearly shown that there is an increase in opportunity and outcomes between homes with and home without internet access. you're essentially complaining about improving someones potential opportunities to enrich themselves and make their life better and maybe even get out of that housing you mock. but again, you have no valid point, so therefore theres little sense in talking sense, like pointing out to you that without subsidized housing many of these people would be on street, homeless, increasing both crime rates and homeless and deaths among the impoverished. Theoretically we are a civilized nation. But a civilized nation doesnt advocate intentionally making it harder if not impossible for those most disadvantaged to improve themselves, nor advocate for them to die quickly and get out of the way.

Well spoken, bro

1 Sagan = Billions & Billions

Working...