Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.


Forgot your password?

Comment: nirvana fallacy (Score 4, Insightful) 53

by aepervius (#48628021) Attached to: India Successfully Test Fires Its Heaviest Rocket
Or whatever it is alled : expecting all basic ills to be solved before technological progress is considered. It is impracticable in the modern world and asking for it as you seem to do , shows a distinct problem at understanding how the world work. In practice you do not portion your whole finance to some problem as food or sanitation, otherwise you reach only stagnation. You have to dedicate some to technology advance.

And India is showing you why : they make a lot of progress, and in fact if their rocket is good enough (not many failure) they might get a good size of the satellite launching market, thus bringing in money and being able to concentrate on their other problem better, more so than as if they had instead investing that money in just food or basic sanitation.

Comment: Re:Company I work for got hit... (Score 1) 78

by DigiShaman (#48626603) Attached to: Over 9,000 PCs In Australia Infected By TorrentLocker Ransomware

SonicWALL baby! I block all P2P and TOR traffic at the WAN zone. Also use Content Filtering to block known sources of malware and shit. You can also block certain websites too. Effectively putting the kibosh on the most casual of end-users activity at getting infected. If they're actively trying to work around the protection in place, it's malicious activity that should render the employee frogmarched out of the office with security!. The 3rd line of defense (the 1st one being end user situationally are of such threats in the first place ( Art of Deception and all that) involves anti-malware software installed on all managed end-user machines.

Comment: Re:Backups solve much of the problem: (Score 1) 78

by DigiShaman (#48626531) Attached to: Over 9,000 PCs In Australia Infected By TorrentLocker Ransomware

I've ran into CryptoWall. Before it rears its ugly head to the end-user, its programmed to first encrypt data both local and via mapped shares. Next, it purges all local shadow copies of whatever local volumes are enumerated to the local host (so as to prevent quick restoration of corrupted data). I can't imagine any of the servers OS getting infected as that would require a user directly executing the malware from console, but in theory yeah, locally attached backup drives could get whacked as well. It's nasty. REAL NASTY!

Comment: I am wondering too (Score 3, Insightful) 510

by aepervius (#48625903) Attached to: Reaction To the Sony Hack Is 'Beyond the Realm of Stupid'
I have posted that yesterday : the feedback I read from people having watched the film in preview told that it was horribly bad. Now they have made sure that for the next days or maybe even week they made the film "unforgettable". Maybe I am paranoid but I would bet that it is a PR coup on Sony side.

Comment: Nope. That's not what happened here... (Score 4, Insightful) 146

by Schezar (#48625679) Attached to: To Fight Currency Mismatches, Steam Adding Region Locking to PC Games

And, none of those reasons are why region locking was added to Steam.

Further, it's not region locking like you described and railed against. All Steam did is wall off a handful of regions where the local currencies are extremely volatile, and even then ONLY for accounts gifting games to one another between the rest of the world and these tiny regions.

Your butthurt is misguided here. Let the strawman go.

Comment: Re:Ugh, WordPress (Score 1) 30

I recently moved from hand-written HTML for my personal site to Jekyll, which is the engine that powers GitHub pages. It does exactly what I want from a CMS:
  • Cleanly separate content and presentation.
  • Provide easy-to-edit templates.
  • Allows all of the content to be stored in a VCS.
  • Generates entirely static content, so none of its code is in the TCB for the site.

The one thing that it doesn't provide is a comment system, but I'd be quite happy for that to be provided by a separate package if I need one. In particular, it means that even if the comment system is hacked, it won't have access to the source for the site so it's easy to restore.

Comment: Re:Validating a self-signed cert (Score 1) 354

by TheRaven64 (#48623991) Attached to: Google Proposes To Warn People About Non-SSL Web Sites
That's the best way of securing a connection, but it doesn't scale. You need some out-of-band mechanism for distributing the certificate hash. It's trivial for your own site if you're the only user (but even then, the right thing for the browser to do is warn the first time it sees the cert), but it's much harder if you have even a dozen or so clients.

Comment: Re:The web is shrinking (Score 1) 354

by TheRaven64 (#48623981) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

The 'brought to you by' box on that site lists Mozilla, Akamai, Cisco, EFF, and IdenTrust. I don't see Google pushing it. They're not listed as a sponsor.

That said, it is pushing Certificate Transparency, which is something that is largely led by Ben Laurie at Google and is a very good idea (it aims to use a distributed Merkel Tree to let you track what certificates other people are seeing for a site and what certs are offered for a site, so that servers can tell if someone is issuing bad certs and clients can see if they're the only one getting a different cert).

Comment: Re:This again? (Score 1) 354

by TheRaven64 (#48623971) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

It depends on your adversary model. Encryption without authentication is good protection against passive adversaries, no protection against active adversaries. If someone can get traffic logs, or sits on the same network as you and gets your packets broadcast, then encryption protects you. If they're in control of one of your routers and are willing to modify traffic, then it doesn't.

The thing that's changed recently is that the global passive adversary has been shown to really exist. Various intelligence agencies really are scooping up all traffic and scanning it. Even a self-signed cert makes this hard, because the overhead of sitting in the middle of every SSL negotiation and doing a separate negotiation with the client and server is huge, especially as you can't tell which clients are using certificate pinning and so will spot it.

Comment: Re:So perhaps /. will finally fix its shit (Score 2) 354

by TheRaven64 (#48623949) Attached to: Google Proposes To Warn People About Non-SSL Web Sites
Every HTTP request I send to Slashdot contains my cookie, which contains my login credentials. When I do this over a public WiFi network, it's trivial for any passive member of the network to sniff it, as it is for any intermediary. Worse, because it uses AJAX stuff in the background, if I briefly connect to a malicious access point by accident, there's a good chance that it will immediately send that AP's proxy my credentials. I've been using this account for a decade or so. I don't want some random person to be able to hijack it so trivially.