Forgot your password?
typodupeerror

Comment: Re:SSL/TLS may not help if you use Cloudflare (Score 1) 95

by Animats (#48223939) Attached to: Researcher Finds Tor Exit Node Adding Malware To Downloads

This attack on binaries requires a MITM attack. The attacker must be in a position to intercept and modify the data. SSL only prevents that if it's end to end SSL. Using SSL over Cloudflare doesn't eliminate the possibility of an attack on binaries, because Cloudflare is a MITM itself. The exit from Cloudflare is vulnerable in exactly the way the exit from Tor is.

Comment: SSL/TLS may not help if you use Cloudflare (Score 4, Interesting) 95

by Animats (#48223745) Attached to: Researcher Finds Tor Exit Node Adding Malware To Downloads

Cloudflare offers a fake SSL service called "Flexible SSL". Cloudfront gets a cert generated with a long list of domains. Users connect to Cloudfront, Cloudflare sets up a secure connection from the user's browser to Cloudflare, acts as a man-in-the-middle, and makes an unencrypted connection to the destination host.

And, of course, there's an exploit for this.

Even if you buy Cloudflare'ss "most secure" option, and have SSL to your own server using your own certificate, you have to give Clouldflare your SSL cert's private keys. Does Clouldflare take responsiblity for the security of your private keys? No.

So do not use Cloudflare for sites which handle any valuable data, such as credit card numbers.

Comment: Distributed is hard because of the asshole problem (Score 5, Interesting) 253

by Animats (#48214995) Attached to: We Need Distributed Social Networks More Than Ello

Diaspora failed partly because it presents itself in such a confusing way. See Join Diaspora.: "JoinDiaspora.com Registrations are closed But don't worry! There are lots of other pods you can register at. You can also choose to set up your own pod if you'd like. There's no "Join" button, but two "Donate" buttons. Take a look at a few "pods". You can't see anything without signing up, and many sound like they're run by wierdos.

The latter is the real problem. A system where anyone can join anonymously and can have as many identities as they want will be overrun by spammers and jerks. Facebook has some pushback in that area, which helps. Facebook also started by getting people from big-name schools, so they didn't start with a loser-heavy population.

A social network needs some cost to creating an identity. The cost can be money, or reputation, or even a proof of work, like Bitcoin. Otherwise, the network is overrun with fake accounts. A distributed social network needs good anti-forgery mechanisms, to prevent one node from spoofing another. That's hard without central control.

Comment: Why not just use cameras? (Score 1) 165

by Animats (#48214609) Attached to: Austin Airport Tracks Cell Phones To Measure Security Line Wait

There are probably security cameras watching the line already. Use them to count the people. Software for this is available from several suppliers.

Cameras at intersections already do this, as part of traffic signal control. The best systems report things like "3 cars waiting at signal, then a big gap, then more approaching cars". The controller can then let three cars through, then turn the light for that intersection face red and let the other direction go.

Comment: Modern Democracy: A Prediction (Score 5, Interesting) 239

by Jodka (#48194825) Attached to: Facebook To DEA: Stop Using Phony Profiles To Nab Criminals

There is a fascinating and unexpected inversion here: Corporations are now standing up against government to protect the rights of citizens. Of course, most of us expect that relationship to work the other way around.

It is not just Facebook. The first sentence of this article reads: "The FBI director has slammed Apple and Google for offering their customers encryption technology that protects users’ privacy."

Today, a product which includes protection from the government has added value. A prediction: In the future, corporate protection from government intrusion and persecution will become the product. Smart corporations such as Tesla (see Nevada tax deal) or Apple and Google (see double Irish Dutch sandwich) have special rights or have exempted themselves from government rules by using loopholes. Meanwhile, every day there is news of the federal government becoming increasingly insane. Like today. Increasingly, the government is engaging in unethical, illegal activities such as theft. As demand from protection from the federal government increases with the growing abuses, corporations will meet that demand by sheltering customers under their own umbrellas.

Comment: This one is different (Score 5, Insightful) 549

by Jodka (#48189929) Attached to: Debian's Systemd Adoption Inspires Threat of Fork

from the summary

"They just don't want other parts of the system to be wholly dependent on systemd."

That is really the crux of the issue and what distinguishes the systemd dispute from all the other FOSS food fights. The FOSS community never agrees on anything. That is why we have multiple everything: Multiple Kernels (BSD & Linux Kernels, multiple flavors of each) many distributions of each flavor, a host of programming and scripting languages, multiple package management tools (rpm, portage, dpkg) several GUI toolkits, GNOME and KDE desktop environments etc. Wayland is not enough, we must also have Mir. And the licenses. Egads! How many of those do we need?

Despite all the passion and ego involved, disagreement between adherents of particular designs and implementations has never before risen to the level of open revolt that we see over systemd. Why? Because in all these disputes each person can choose what is best for him/herself. Like Python and despise Perl? Use Python. Vice versa? Use Perl. But the usual rule of the user getting to pick what he likes best does not apply with systemd. Lennart Poettering is working to restrict choice to only systemd. His tactic is to make systemd a dependency of major software packages. Here he ison the Gnome dev list pushing a Gnome systemd dependency.

Sometimes an unpopular item is replaced on the buffet; Good software wins out and variety shrinks a bit. That can be a good thing. But the fear is that systmd is going to win not because it is a popular choice but because Poettering has gamed the outcome using dependencies. Something is wrong if you are running systemd because you hate it and you love Gnome. Perhaps the fanatical hatred of Poettering is driven by belief that systemd adoption is advanced in part by his cheating, instead of on the merits of systemd alone. The abusers are abusing not because he has written what they judge to be bad software but because he has violated an unspoken ethic of the FOSS community.

Comment: Apple just made a big legal mistake. (Score 4, Interesting) 312

by Animats (#48184285) Attached to: If You're Connected, Apple Collects Your Data

Sending the content of every search request to Apple? Notifying Apple if the user sets up a non-Apple email account? That's a blatant violation of the Computer Fraud and Abuse Act unless Apple properly discloses that up front and gets the user's consent.

Apple didn't do that.

The EULA for MacOS isn't on line on Apple's own site. This matters. It violates the FTC's "clear and conspicuous" rule on disclosures. It's just like bundling spyware, which the FTC and state attorneys general have routinely hammered vendors for trying.

This puts Apple in the uncomfortable position Sony was in when they put a root kit on an audio CD.

Comment: It's a Republican Thing (Score 5, Interesting) 294

by Jodka (#48162563) Attached to: Michigan About To Ban Tesla Sales

According to this map, state bans on Tesla sales are a Republican thing.

The Governor of Michigan, Rick Snyder, is a Republican. The Michigan State Senate has a 26-to-12 Republican majority and in the House a 59-to-50 Republican majority. With control of both the executive and legislative branches of government, it is certainly Republicans who are accountable for revoking the freedom to purchase a Tesla in Michigan.

By the way, it is election season, and I have noticed signs in my neighborhood stating, "For freedom, vote Republican."

Nothing is more admirable than the fortitude with which millionaires tolerate the disadvantages of their wealth. -- Nero Wolfe

Working...