Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Alternate realities (Score 2) 75 75

Internet connected toasters was supposed to be a joke highlighting the futility of perusing technological solutions to problems that don't exist.

Now we have assistant professors at Stanford acting like politicians who quote the Onion to defend their policy positions.

Comment: Re:Agreed, but at least one point is alarmist... (Score 1) 53 53

HMAC is not just used in SSL. It's a commonly employed in a lot of protocols. It's an additional level of complexity beyond a 'broken' hash to compromise HMAC.

Exactly, just because a hash algorithm is broke for one purpose does not make it broke for all purposes. There are no publically known issues with even HMAC-MD5.

Should also mention the PRF construction of SSLv3 is exactly the same as TLSv1. Only TLSv1.1+ cipher suites have different PRF algorithm. Statement in section 4.3 is flat wrong.

Comment: Re:RFCs are not laws (Score 2) 53 53

The market loves when we have formal documents laid down by the Formal Documents People confirming what we've been telling our bosses for years. I would bet large sums of money that some tech, somewhere, just walked out of a meeting happy because he finally has permission to deprecate a long-broken system.

I was afraid people would push back with these arguments.

They would have had to miss section 3.1.1 of RFC7525 "Implementations MUST NOT negotiate SSL version 3.".. RFC7525 by the way is a BCP which is where this shit belongs.

My point was subtle. You can provide reasons why you shouldn't use this or that which can be used for the same reasons you enumerated all without the baseless assertions and demands.

BCPs are the appropriate venue for this not this largely redundant standards track RFC which happens to get noticed by Slashdot.

Comment: Re:Nope (Score 5, Insightful) 512 512

1. Your operating system is very old at nearly 7 years. Time flies bye and I laugh at the companies who are angry at the prospect of starting a WIndows 10 migration acting somehow that 7 just came out last year and is all so new etc.

You know what I find even funnier? The answers I get when I ask what the value prop of windows 10 is over windows 7.

Comment: No I don't think so. (Score 1) 512 512

On NT based versions of Windows I don't recall ever having problems with windows getting slower over time.

Sometimes DDE freaks out which can cause lag even entering text into the command line or number of programs open causes weird/slow redraw artifacts or a program/browser goes haywire and gobbles up all the GDI objects or something gets locked up in kernel space that causes zombies until reboot... but this is about the closest I've seen.

Known a number of people who have had problems with windows slowing over time. This behavior was always attributable to accumulation of malware and assorted crap... usually the accumulation just runs the system out of limited memory it had and starts swapping like crazy.

I expect any general purpose operating system if loaded under same conditions would exhibit similar properties.

Comment: Re:So where is the line? (Score 3, Insightful) 96 96

Taking down games or apps which are clearly intended to be hateful, I'm not sure I even have an example probably because I've never gone looking for them... a confederate flag app that drops the n-bomb when you rub the stars the right way? dunno what an example would be. But OK, I can see that.

Sticks and stones. Freedom isn't about agreeing with nice people.

Comment: Re:Google is Big Brother . . . (Score 4, Insightful) 96 96

Are you kidding? You aren't forced to have anything to do with Google. It is their company, they can restrict whatever they want.

Do mobile app developers get to chose where their customers come from? Between the Apple store and Google you can say it is all free will and App store vendors can do what they want with their own software and infrastructure yet they have effectively become gatekeepers of execution and if they don't like what your doing you can expect an audience of crickets.

All I will say is enjoy your kings and monopolies people. If your not willing to defend the right of assholes to be themselves without censorship then don't be surprised when one day you too get fucked over by the same system.

Comment: Re:I do want a HTTPS web (Score 1) 35 35

This only works if the website gives the ISP their private key. When the relationship between the website and the ISP is short, the website would probably be reluctant to do that.

It doesn't have to be private key to their primary domain it could be a subdomain created specifically for this purpose.

But at least nobody else can get this information.
For example when it's unencrypted any passive attacker could see the extra header that was added.

Gremlins in the tubes are mostly red herrings. They exist and there is value in avoiding them yet most damage is inflicted by other means.

Comment: A statistical reason to support regulation? (Score 1) 175 175

There is always a perfectly reasonable sounding justification people can dream up to justify a ban on just about anything.

Example: Cars kill tens of thousands a year. Car deaths are bad so ban Cars. While being completely one-sided at least this example provides an objective cost in lives lost due to vehicles.

The only thing worse than one-sided arguments is parading specific cases as "perfect examples" to justify a course of action regardless of relationship those cases have to larger reality... and of course all the while not considering the *cost* of action.

Every time there is an incident people are quick to "learn lessons" from individual incidents and push for legislation while interests of all are likely to be much better served if lawmakers made decisions based on rational objective criteria rather than legislation being the only answer to all knee jerk reactions to individual incidents.

Drones are politically easy to ban because they represent a niche hobby and many more people are afraid or annoyed of them. The people who have the most to lose have little voice and everyone else is indifferent.

Smoking causes far more fires and far more deaths than any possible swarm of consumer drones but outlawing smoking isn't going to happen because too many want to smoke.

Comment: Re:I do want a HTTPS web (Score 1) 35 35

See, this is exactly why I want a HTTPS web.

Lets think about this critically for a moment.

The mobile provider has a "relationship" with certain websites. When there is such collusion what is the basis for assuming SSL is at all helpful in this scenario?

They are already operating a MITM proxy to inject the headers. Is any of the following at all unreasonable or impractical?

1. Provider sees your going to a commercial relationship site by destination IP.

2. Commercial relationship site has already provided ISP with certificates to MITM itself since ah they have a "commercial relationship".

3. ISP injects the headers anyway behind your back by MITMing the SSL connection which you assumed was "secure" and private. Furthermore the presence of encryption makes it more difficult for anyone to figure out what is going on.

Comment: Re:No joke (Score 1) 175 175

To be fair I'm also no fan of what is traditionally considered "LAMP". I personally believe PHP is more dangerous than it needs to be, MySQL is a poor choice relative to alternatives and harbor little regard even for Apache.

MongoDB is built for the cloud

No. Application design limits scalability of non-trivial systems not the data store.

MySQL's structure is confining (and overrated)

The only thing that sucks worse than a good relational schema design is everything else.

Disk space is cheap

JOINS JOINS JOINS... The reason for JOINs is saving disk space... mind blown.

Node.js simplifies the server layer
MEAN makes code isomorphic

General purpose languages are a dead end. The money you save not having to train people to use appropriate DSLs for the task at hand will be more than offset by increased cost of managing product lifecycle.

Node.js is superfast

ab is the most worthless (slow, single threaded, client CPU limited) tool for benchmarking web servers you can pick. Almost as worthless as benchmarking hello world applications bearing no resemblance to real world usage.

Depth matters

How does admitting to being behind other solutions translate into a reason for your approach?

I'm disappointed all around.. both with this article and what is allowed to pass for forward progress in the web stack space.

Comment: IMAX is a brand? (Score 1) 190 190

That's weird I always assumed IMAX was just a generic term for theatre with a big ass screen?

Let me put this another way... ask anyone what do you call a movie theatre with a big ass multi-story curved screen? ... and before they answer say ...but you can't use the word "IMAX".

In various contexts people talk about IMAX cameras and film formats even NASA folks talking about the imax camera for curiosity ... I seriously always assumed it was just a generic specification.

Who knows that IMAX is a brand? Perhaps they have already suffered severe dilution and currently deserve no trademark/brand projection of any kind.

As of next Thursday, UNIX will be flushed in favor of TOPS-10. Please update your programs.