Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

Comment: Re:Secret Ballot? (Score 0) 480

by Lennie (#48800881) Attached to: How Bitcoin Could Be Key To Online Voting

Yes, it's a really hard.

Lots of people have tried, for years now, they've all failed:

http://media.ccc.de/browse/con...

Things that might look good in theory still turn out to be a big fail in practise. Even just getting the implementations right is really, really hard.

Using a blockchain will probably fail too.

Remember if we knew how to make Bitcoin or Darkcoin/Darkwallet/Darksend/Coinjoin/etc. really, really good anonymous, we would have already done it.

Comment: Re:Shrug (Score 1) 161

by Lennie (#48778557) Attached to: HTTP/2 - the IETF Is Phoning It In

Let's see how many new and existing APIs use JSON in comparison to XML:

http://www.programmableweb.com...
http://www.programmableweb.com...

Seems like a pretty clear trend to me XML is on the way out.

SOAP or WSDL you say ?:

Well, usually you use JSON with REST.

At the last technology conference where they all immplement 'micro services'. I asked several people does REST/JSON need a WSDL-like solution:
They all answered: no

If you want to describe your REST/JSON API, there are solutions though:

https://helloreverb.com/develo...
http://raml.org/

Comment: Re:Achilles heel of the cloud apps.... (Score 1) 72

by Lennie (#48777049) Attached to: Study: 15 Per Cent of Business Cloud Users Have Been Hacked

Sorry, my mistake. You are closer to the prerequisites than I was.

You need a signed assertion:

https://www.youtube.com/watch?...

But getting a signed assertion is pretty easy, if it's a cloud service.

Just sign up.

Anyway, most implementations have been fixed. I hope. ;-)

Unless they upgrade or downgrade the XML-parser and break it by accident.

Comment: Re:Encrypted computing is possible, if limited (Score 1) 72

by Lennie (#48774525) Attached to: Study: 15 Per Cent of Business Cloud Users Have Been Hacked

There are so many definitions of cloud.

The above mentioned solution could be based on open source software (the research project is open source).

In a similar fashion to how Wordpress is currently hosted, your get updates from the vendor (WordPress) not from the hoster, but in the case above with encrypted data.

Yes, SaaS providers will pretty much never go for it, because dealing with encryption means extra work for them.

I was just pointing out it isn't completely impossible. Because that is what most people assume.

Comment: Re:Achilles heel of the cloud apps.... (Score 2) 72

by Lennie (#48774495) Attached to: Study: 15 Per Cent of Business Cloud Users Have Been Hacked

You might not be aware of what the attack is.

The attack is about sending specially crafted XML requests/responses to circumvent the checks of the authentication system. Which allow you to login as a user of your choice.

This has nothing to do with breaking TLS, what you do need is: the username and to know which application (URL) they are allowed to login into.

Comment: Re:Shrug (Score 1) 161

by Lennie (#48774351) Attached to: HTTP/2 - the IETF Is Phoning It In

Let's not kid ourselfs.

We all make mistakes.

Especially when we start to generate HTML based on different sources.

One mistake meant: the visitor on the webpage got to see an error instead of most of the page when you are not using XHTML.

XHTML was just to complicated, not flexible enough and strict.

Could it be that is also the reason JSON is now much more popular than XML ?

Comment: Proposals and running code (Score 3, Interesting) 161

by Lennie (#48774253) Attached to: HTTP/2 - the IETF Is Phoning It In

The Tao of IETF still mentions:
"We reject kings, presidents and voting. We believe in rough consensus and running code"
http://www.ietf.org/tao.html

Maybe it's just me, but might it apply here ?

Before the httpbis working group started looking at proposals for HTTP/2.0 SPDY was already implemented and deployed in the field by mutliple browser vendors, library builders for servers and several large websites. A bunch of research documents was written. And a protocol specification document draft existed. SPDY wasn't created in the open perse, but it was iterated with the help the community.

So the IETF WG let people suggest proposals:
http://trac.tools.ietf.org/wg/...

And then they voted.

SPDY got selected.

Also the SPDY draft was used as a basis for writing the new HTTP/2.0 draft.

Is anyone surprised ?

There might fundamental parts of the protocol which might have turned out differently if they would have gone through a open collaborative process.

But at first glace it doesn't look that bad.

I can see the appeal of rubberstamping what already exists.

Comment: Re:Achilles heel of the cloud apps.... (Score 2) 72

by Lennie (#48773669) Attached to: Study: 15 Per Cent of Business Cloud Users Have Been Hacked

SAML ? Don't make me laugh:

"In this paper we describe an in-depth analysis of 14 major SAML frameworks and show that 11 of them ... have critical XML Signature wrapping (XSW) vulnerabilities"

" In order to protect integrity and authenticity of the exchanged SAML assertions, the XML Signature standard is applied. However, the signature verification algorithm is much more complex than in traditional signature formats like PKCS#7. The integrity protection can thus be successfully circumvented by application of different XML Signature specific attacks, under a weak adversarial model."

https://www.usenix.org/confere...

Comment: Encrypted computing is possible, if limited (Score 2) 72

by Lennie (#48773625) Attached to: Study: 15 Per Cent of Business Cloud Users Have Been Hacked

You can do some computational things on encrypted data, like create a database, which obviously adds some overhead. For example cryptdb:
http://css.csail.mit.edu/crypt...

And built an application which then decrypts the data on the client when the user needs access to it, for example there is Mylar from the same research group as the database above:
https://css.csail.mit.edu/myla...

Comment: Re:As much as could be expected (Score 4, Informative) 189

by Lennie (#48763937) Attached to: White House Responds To Petition To Fire Aaron Swartz's Prosecutor

There was a law (amendment) proposed, it got shot down:

https://en.wikipedia.org/wiki/...

Also notice the last line on Wikipedia says:
"As of May 2014, Aaron's Law was stalled in committee, reportedly due to tech company Oracle's financial interests.[42]"

Comment: Windows (Score 5, Informative) 203

by Lennie (#48725661) Attached to: Why Aren't We Using SSH For Everything?

If anything is missing, it's probably only missing on Windows.

Support on Linux and Mac is jut fine, I think.

Windows:
- client support is kind of OK
- virtual filesytem support is kind of OK

The biggest missing solution:
- Windows server support. There are some expensive solutions, not sure how well they work.

Life is a game. Money is how we keep score. -- Ted Turner

Working...