Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:SHA-3 (Score 1) 108

by Nick Lowe (#47859615) Attached to: Why Google Is Pushing For a Web Free of SHA-1
With large sites like Twitter having already gone to SHA-2 (SHA-256) based certificates and CAs soon being in the position where they must refuse to issue SHA-1 based certificates going forward, this will be mandated on everybody soon. People will simply have to update to continue to use much of the modern Web. The issue regarding XP SP2 also affects Google's Chrome with only Firefox operating independently of the operating system here. The biggest roadblock will be getting those still using it to install SP3 or to move to Firefox. I expect that Chrome will soon stop installing or updating under SP2 largely because of the lack of support for SHA-2. They have already dropped support for processors that lack SSE2 intrinsics.

Comment: Re:Deprecation shouldn't start at the browser (Score 4, Informative) 108

by Nick Lowe (#47859539) Attached to: Why Google Is Pushing For a Web Free of SHA-1
This clearly does not work though... Quoting Google's Adam Langley: "Unfortunately, many CAs decided to ignore it, presumably on the assumption that Microsoft would be forced to back down. We've done this dance with MD5 and 1024-bit certificates and we know how it goes. Here's a quick list of CAs that issued more than 2000 certificates extending into 2017 with SHA-1: GlobalSign nv-sa: 75,312 GoDaddy: 41,606 GeoTrust: 40,429 Comodo: 37,789 Verisign: 34,927 Terena: 9,444 Thawte: 8,735 Internet2: 8,637 Network Solutions: 8,077 Entrust: 5,542 AlphaSSL: 3,458 We would all have liked CAs to have acted either when the Baseline was updated (2011) or when Microsoft laid down dates (Nov 2013) or when Chrome talked about doing this at the CA/B Forum meeting earlier this year. It is unfortunate that that 2016/2017 dates are being ignored. If you run a site and want to be insulated from this sort you might want to consider getting one year certificates. CAs like to sell multiple years of course but doing renewal once every three (or more) years means that you have a significant risk of loosing the institutional knowledge of how to do it. (E.g. the renewal remainder email goes to someone who left last year and you then have a panic when it expires). Additionally, very long lived certificates are not insulated from from these sorts of changes and you may need to replace them during their lifetime anyway."

Comment: The real reason for no wireless is legacy issues. (Score 1) 147

by Nick Lowe (#45340277) Attached to: Nintendo Announces $99 Wii Mini For US Release
I suspect that the real reason that they have dropped wireless networking support is that Nintendo screwed up, royally, with the original design. The present Wii has an 802.11b/g wireless adapter built-in. Due to flaws in its software implementation, however, it is only capable of working when the 802.11 (legacy mode) basic rates of 1 Mb/s and 2 Mb/s are advertised by an access point. This means that 802.11b support, an additive amendment to the 802.11 standard, must be enabled on an access point for a Wii to be able to connect to it. As a cost cutting measure, the drivers were embedded in to the games themselves making this largely unfixable without some incredibly ugly engineering hacks. They have obviously decided not to bother. See:

Force needed to accelerate 2.2lbs of cookies = 1 Fig-newton to 1 meter per second