Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Comment Re:Wny did they need the certificates? (Score 1) 95

Issuing for .test and .local are strictly prohibited by the CABForum EV requirements. They will soon be outlawed for DV under the basic requirements.

What seems to have happened is that instead of issuing all test certs for test.verisign.com as the procedure manual required, they had to modify the procedure when Symantec took over and they no longer had verisign.com.

So instead of doing what they should have done and using test.symantec.com or a test domain bought for the purpose, they typed the first name that entered their head.

Comment Re:Self Signed (Score 1) 95

Actually it doesn't. DANE certificates are not self-signed for a start, they are signed by the DNSSEC key for the zone.

The problem with DANE is that you swap the choice of multiple CAs for a monopoly run by ICANN, a shadowy corporation that charges a quarter million bucks for a TLD because that is what the market will bear. What do you think the price of DANE certification will rise to if it takes off?

ICANN is the Internet version of the NFL only with greater opportunities for peculation and enrichment.

Comment Re:Wny did they need the certificates? (Score 1) 95

Damn right they should. The CPS has a long section on the use of test hardware.

The problem is that all the original team that built VeriSign have been gone for years. A lot of us left before the sale of the PKI business to Symantec. The PKI/DNS merger was not a happy or successful partnership. The original point of the merger was to deploy DNSSEC. that effort was then sabotaged by folk in IETF and ICANN which has delayed the project by at least 10 and possibly 20 years. ATLAS was originally designed to support DNSSEC.

Unfortunately, in PKI terms what VeriSign was to IBM, Symantec is to Lenovo.

They apparently remember the ceremonies we designed but not the purpose. So they are going through the motions but not the substance.

One of the main criticisms I have heard is that we built the system too well. From 1995 up to 2010 it worked almost without any issues. So people decided that they didn't need things like proper revocation infrastructure. The only recent issue the 1995 design could not have coped with was DigiNotar which was a complete CA breach.

There are some developments on the horizon in the PKI world that will help add controls to mitigate some of the issues arising since. But those depend on cryptographic techniques that won't be practical for mass adoption till we get our next generation ECC crypto fully specified.

Comment Re:What is a pre-certificate? (Score 3, Informative) 95

A pre-certificate is created for use in the Certificate Transparency system. Introducing pre-certificates allows the CT log proof to be included in the certificate presented to an SSL/TLS server.

The CT system generates a proof that a pre-certificate has been enrolled in it. The proof is then added to the pre-certificate as an extension and the whole thing signed with the production key to make the actual certificate.

If the CT system logged the actual certificate, the proof of enrollment would only be available after the certificate had been created.

Comment Re: Not quite true (Score 1) 307

Whether the term is enforceable or not is debatable and almost certain to be rendered moot. Unlike US Republicans, UK Conservatives do actually believe in the rule of law and honest business practices (sort of). There isn't any party who believes that screwing the consumer is a constitutional right. There will be a bill passed.

A rather more direct question is whether the hotelier was entitled to collect the charge under the credit card agreement. And that is unambiguous, he isn't. A credit card merchant cannot use a charge card to recover a disputed charge. It does not matter what the purported contract term was or if it is enforceable. The credit card agreements are designed to prevent cardholders from dishonest merchants. So the consumer will get their refund and the hotelier will find themselves facing a 30 quid chargeback fee.

The only option for the hotelier to recover would be to take the matter to court. The most he could win is the hundred pounds, if he lost he would likely be out the legal costs which could be a couple of thousand. Small claims courts don't usually award costs but they might well do so in this case. Judges tend to detest bullies.

Comment Re: Ask the credit card for a refund (Score 1) 307

Its more than that, without regulation you end up with a lemon-law market.

Lots of times the difference between an honest product and a dishonest one only becomes apparent years later. If the product is safety equipment you only find out if the hard hat works when someone drops the brick on your head.

The libertarian theory that self interest will drive people to make honest products has turned out to be utterly false. In fact it turns out to be quite difficult for a company that intends to do the right thing to do so. I once had to get a guy fired after I found he had goosed his response rates for customer support calls by deliberately setting the phone tree up as a maze.

People do all sorts of idiotic short sighted stuff. This hotelier for example got his pants in a twist over a bad review and now he has probably sunk his business completely.

Rational choice is not an empirical fact of human behavior. It is a modelling assumption that tends to give good results in certain cases. But it does not hold for corporations because the interests of the corporation are not identical to those of the employees. All those banks who go belly up because the traders get big rewards for raking in profits and face no consequences for a loss. I don't gamble with my own money but if you want to give me $100,000 to gamble with I am happy to take it to Vegas, find a roulette wheel and let you take 100% of any losses and 90% of any gains.

Comment Re:Build refineries in ND (Score 1) 206

There is plenty of capacity in St Louis and room to build more.

The cost of the pipeline is much more than the cost of a refinery. The 'surplus capacity' claim is total nonsense. The tar sludge isn't anything like the crude that the existing refineries process. There would have to be major upgrades in any case. And building a two thousand mile pipeline costs a heck of a lot more than any refinery would.

Comment Re:after november... (Score 1) 206

The decision was made years ago: No pipeline.

Not announcing the decision stops the Koch bros and the Keystone corp from starting their appeal. Its like an administrative filibuster.

There is already a pipeline that runs to St Louis, the only reason to build the second pipeline is to sell the sludge to China. Having that option available will allow the price to be jacked up when the sludge is sold to the US market as it will fetch the international price which is a lot higher than the refiners currently pay in St Louis.

There is absolutely no reason for the US to OK a pipeline that will increase the cost of supply to the US market. The only reason the GOP backs the pipeline is that the Koch bros stand to make $100 billion from the increase in the value of their shale tar sands.

It is a purely tactical decision because nobody outside the GOP wants the pipeline built. Everyone who wants the pipeline will vote GOP in November whatever the decision. Obama could make a short term political gain by announcing that there will be no pipeline but that would allow the appeals to start. Better for the country to wait until there have been some GOP deaths on the SCOTUS.

Comment Re:Control vs. Prosperity (Score 2) 119

What I find problematic with that mode of argument is that it tends to turn McCarthyite very quickly. Castro attempted to cut a deal with the US before going to the Soviets, he is rather less committed to communism than either his supporters or his opponents believe. He also gave the CIA the location of Che Guavera when he decided he was a liability. So there has been a basis for cooperation for a long time.

The list of crimes committed by US Presidents panicking about communism is very long. Snuffing out a democracy in Iran to replace it with a bloodthirsty dictator, supporting the Khumer Rouge after Vietnam ejected them, installing Pinochet, a mass murderer in Chile. George W Bush just managed to cause the deaths of a half million Iraqis and wonders why he isn't being praised for his efforts.

The problem isn't capitalism of communism, the problem is authoritarianism and elites who believe that brute force is the solution to every problem. Castro is a thug and a murderer but its the US who set up a torture chamber in Cuba.

Since the US government has been spending a large amount of money to get the Internet into Cuba, giving them a pipe and letting them rip with it seems like the best way forward. They will try to control it but everyone knows that Cuba is going to liberalize in the near future.

The logical way forward would be for the US to lift the blockade and let the commerce flood in. The communist system would collapse pretty quickly when there was money to be made. But the problem is that there is a faction that is less interested in bringing democracy to cuba as returning their assets that were nationalized. Since they stole the assets under the corrupt Batista regime, there aren't going to be many interested in that happening.

Comment Re:Tor (Score 1) 83

The Dutch government is very clear about not being a haven for drug dealers shipping to other countries. Unlike the US police, they don't spend time going after domestic pushers or users. But anyone who is shipping through the Netherlands to another country is in for serious grief.

>Hmm... perhaps their mistake was even dumber than simply believing tor is magic.

Magical thinking is very common in security. Lots of people think BitCoin is anonymous despite the fact the transaction log is public.

Call Tor services 'hidden' and some people think that means the NSA and GCHQ can't find them. Call them the 'dark Web' and they think its protected by Professor Dumbledore himself.

Comment Re:The Surprised Dutch Prosecutor (Score 1) 83

No, Tor is not compromised. Tor isn't really designed to protect the privacy of Web Sites. Tor is designed to protect the privacy of Web Site users.

If you have a server that is visible to any client on the Tor network then either the server IP itself must be visible to an exit node put up by Law Enforcement or an intermediary node that is directly conspiring with the server has to be visible to law enforcement.

That is just a basic limitation of onion routing. A client can hide because it gets to choose the entry node. A server can't hide because anyone can set up an exit node.

This illustrates one of the big problems with computer security, people want to believe that security claims are true so they tend to be very gullible. They often rely on claims being made about a product by people talking about it on Web sites rather than the people who built it. And note I said 'rely'. Taking note of someone saying 'steer clear, this is why' on a Web site is very different to following the advice of people playing the pied piper.

There are lots of people who are convinced that Bitcoin is anonymous. This despite the fact that every transaction is public and every wallet tracks every one of them. The BitCoin people don't like hearing that their scheme might not be the future of currency or that it really isn't very different from e-Gold or GoldAge or Liberty Reserve which the FBI had no trouble rolling up. Take a look at the comments on my Bitcoin podcast, not a single substantive comment from a BitCoin supporter. Just a regurgitation of the ideology as fact:


I think this is coming close to the endgame for BitCoin. The FBI might be nervous about the influence that the Winkelvoss twins and other rich supporters of BitCoin might be able to buy (but Senators probably don't take bribes/campaign contributions in Bitcoin). So the logical tactic to make them radioactive would be to arrest them too.

Funny how an ideology that holds the government is an oppressive freedom destroying force can be self-fulfilling. But Bitcoin can't possibly survive when LE believes that the vast majority of Bitcoin transactions involve drugs or kiddie porn or gambling. And I see no evidence to the contrary.

Comment Re:Windows keys? (Score 2) 459

Symbolics machines had the key well before Microsoft even talked about ripping off DOS

The serviceable 16 bit CP/M clone was the Holy Grail for every geek in his garage who saw the potential of the 8086. What the geek didn't have was a full suite of programming languages ready to port and the resources to build on the launch of the new IBM micro,

Except Gary Kildal who famously refused to sign the IBM NDA on the advice of his wife going surfing instead. Microsoft then bought MSDOS 1.0 from one of said garage geeks. But all they needed it for was to be undetected long enough to be able to sell MSBasic while they worked on a clone.

The Windows key was appearing on DEC keyboards before it was a Windows thing. And that is from Symbolics as many of the DEC engineers were Symbolics graduates. And when DEC crashed, Microsoft bought up most of the talent. Given the state of Apple at the time, it was pretty much the only option if you hated UNIX.

I am surprised that nobody has brought up a pathetic piece of bought-by-lobbyists research 'the fable of the keys' written by a couple of K-street hacks for an organization calling itself 'the independent institute'. This tried to claim that path dependence and network effects don't exist. Microsoft funded the 'study' while they were fending off the anti-trust suit.

One of the examples that the authors tried to expose as 'myth' is that Dvorak was more efficient. And they do actually have some evidence to suggest that the studies on efficiency are unreliable. But that does not prove their case. All it actually shows is that the Navy realized that there was no point in performing further tests because they were not going to switch from Qwerty regardless of what the result was. A 10% improvement in typist productivity was not worth the cost of retraining. Many typists would refuse to be retrained. Nobody would want to learn a keyboard that was only used in the Navy under a program that might be cancelled at any moment.

The same goes for their effort to 'prove' that VHS was better than Betamax. Like the idiots trying to disprove evolution, they don't make their case and all they do is to show that things are a little more complex than the naive version of the theory they are attacking suggests. The point of VHS and Betamax is that what made a VCR better than a competitor was not picture quality, it was how many movies you could buy and watch on it.

Comment Re:Fuck religion. (Score 1) 903

The "separation of church state" works both ways.

You don't like religions dictating how your government is run? The price to be paid for this is not having your government dictating how religions operate.


Since the Catholic church under Benedict threatened to excommunicate Kerry for supporting abortion, they are clearly not holding up their end of any bargain.

It is completely consistent to insist that no law be made based on or requiring religious observances and that what religion is permitted be regulated by the state. The price religion has always paid to be allowed to operate is to obey the laws of the land and support the government order.

Mommy, what happens to your files when you die?