Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment Not necessarily just for eavesdropping (Score 3, Interesting) 66

A step to making this secure is to generate private keys on the end-clients, verify the code to generate them does not also create an escrow key, and be vigilant from then on to only allow access to that private key with audited code.

But there's a usability problem with this: people suck at not losing things.

Lost your private key and need to check your email? You're out of luck. This is the sign of a good, secure system, but the average office person will at some point lose their key and be very pissed off that their account is impossibly unrecoverable.

So to appease the "careless," they backup/generate keys on a server. This has the unfortunate (or fortunate for them?) side effect of allowing undetectable key escrow. So they might be doing this to solve a legitimate usability problem, it just enables these other, probably bigger, problems.

Comment Doesn't Affect Web Notifications (Score 3, Informative) 116

Note that the chrome rich notification center is different from the standardized Web Notifications API

This story kind of freaked me out at first because I thought it was referring to that Web Notifications API, which I rely on heavily for web based chat and email apps.

Comment Symptom of community development (Score 1) 91

VR is the new sexy thing. Who wouldn't want to contribute the big chunk of VR code to firefox that potential millions of people will be using? The problem is that Firefox has over 40,000 other small, unsexy bugs, including some that are almost 15 years old. There's no corporate management who can say "this stuff is embarrassing, hey you, you gotta fix this before we can even consider a big new feature."

It's not a bad thing necessarily, just different priorities that can potentially result in bloated software. Hopefully "the next big sexy thing" will be streamlining Firefox to make it more efficient, and focus will be directed toward that.

Comment Re:EME is just DRM (Score 1) 371

The difference is that with EME the server wouldn't have to have access to the video; you wouldn't have to trust it because the video is encrypted before the server sees it. There's still other issues making it hard to adopt, like key exchange, but it's a step in the right direction for more convenient end-to-end encryption.

Comment EME is not just Netflix DRM (Score 2) 371

There are some positive aspects to the Encrypted Media Extensions API. It does provide some DRM options for companies like Netflix, which isn't great, but it can also enhance the security of personal media files. It will enable a web app to let you upload an encrypted video, then stream it from their server to your computer without having to download the entire thing and decrypt it -- without any browser plugin.

So if you really don't want anyone being able to see your personal videos (not just Netflix's videos), this thing isn't all bad.

Comment Won't be used very much (Score 1) 199

I wouldn't be too worried. I looked into this for a web app for chat notifications, and the API is kind of a disaster IMO. From what I saw, it's very opinionated on how the data is acquired and passed on through a ServiceWorker to a notification, to the point that applications would likely have to be built from the ground-up with it mind.

Comment After writing a browser extension last year... (Score 1) 45

Partway through writing a small browser extension last year, and realizing how much access they have to everything you look at, I stopped using all but a couple trusted browser extensions. Seriously, it was like 15 lines of code to take a screenshot of whatever page you're looking at and send it to a server every 2 seconds with no indication that anything is happening.

Granted, you have to accept a permissions dialog, but most extensions ask for way too many permissions. That cloud-to-butt extension? It already has all the permissions it needs to send the text on every page to a database somewhere, and unless you carefully audit the source of every extension you install (obviously google isn't), you'd never notice, you're just trusting some extension author.

Comment Re:Amazon Web Services (AWS) (Score 1) 295

To give more info on Amazon Web Services: They recently added domain name registration. It's very barebones, but also really easy to configure. So if all you want is the domain name, you know what you're doing, and all your servers are setup somewhere, you can point the records at them very easily. But if you also want email forwarding or something else or convenient bundled features, you might want another service.

Comment Is it really that bad for privacy? (Score 5, Interesting) 168

I'm no RFID expert, but it's just used for identification, right? It won't be long until face scanning is good enough that you can identify someone from even further away than the range of an RFID chip. The potential for people cloning the chips seems worse than any sort of privacy/tracking worries.

Comment Why would advertisers work with gawker after this? (Score 3, Interesting) 166

What baffles me is how Gawker would think to do this and expect their advertisers not to care. Why would a movie or game company give them any money after they've shown they're willing provide easy links to copyrighted material? Whether or not linking is illegal, advertisers are under no obligation continue supporting them. I sure as hell wouldn't pay to have a banner ad for some peice of media next to a link to a torrent or rapidshare link.

Slashdot Top Deals

% "Every morning, I get up and look through the 'Forbes' list of the richest people in America. If I'm not there, I go to work" -- Robert Orben