Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment: Re:and everyone copied microsoft (Score 1) 251

by ags1 (#40791615) Attached to: Google Warned Samsung Galaxy Tab Was "Too Similar"
Personally I think it looks more like a 1993 Apple Newton. In form and function that is, not so much in style. Got to remember it was released in 93, it wasn't possible to make tech as skinny and sleek as an ipad. The 2002 microsoft tablet has a flip screen and keyboard. In form and function it is far closer to a laptop then an ipad.

Comment: Re:public key (Score 2) 164

by ags1 (#40158681) Attached to: All Researchers To Be Allocated Unique IDs
Cross referencing would be done on name and the public key's finger print, not the key itself.

Anyone can generate a public/private key, so we don't need an organization to manage (collect fees) the handing out of numbers. Or deciding who is a scientist and who deserves to get a number.

Attribution would be a nice bonus.

Comment: Re:MS and Linux (Score 2) 396

by ags1 (#39885049) Attached to: Microsoft Using Linux To Optimize Skype Traffic

It just shows that Microsoft doesn't take the hard approach of FOSS fanatics but uses what suits the purpose best.

Most open source projects run on windows. Linux usually comes first, but 90% of the time there is a windows port. What % of Microsoft apps run on something other then windows? It looks to me that the "FOSS fanatics" are very good about allowing people to pick what suits them the best while Microsoft isn't.

Comment: Re:Pooling Opinions... (Score 0) 189

by ags1 (#37340980) Attached to: Moxie Marlinspike's Solution To the SSL CA Problem
So I hijack the router that website is using to access the internet. I install some software on the router to return a fake cert. I see the fake cert. All of the other notaries see the fake cert. It this is popular site the notaries might notice a cert change, but if its a low volume site that the notaries never go to. We all agree the fake cert is valid. How is this more secure? Or I hack the router you use to access the internet... all of the notaries you try to talk to I redirect to me. I say every site is valid regardless if it is or not. How is this more secure?

Comment: Re:Two problems here (Score 1) 249

by ags1 (#37129994) Attached to: Can We Fix SSL Certification?
a) How do you distribute the fingerprint? The MITM controls the network access, they can give you fingerprints that matches the fake cert that they are serving up. (rewriting web pages on the fly is easy, simple search for old fingerprint, replace with fake fingerprint) You're left with "out of band communications" like the phone network or snail mail. Something the MITM can't control. I don't really want to make a phone call to make a secure web connection. b) How do you get the user to make this verification? You tell most users to verify the finger prints they will look at their own hands. SSL is sound... the problem is the implementation of SSL. We have way too mean certificate authorities. We should have no more then 5. If they screw up, ie getting hacked, issuing a cert to someone who isn't who they say they are, etc... they get massively fined and on the second offense the lose their status as a CA.

Comment: Re:Two problems here (Score 1) 249

by ags1 (#37111374) Attached to: Can We Fix SSL Certification?

1. Prevent MITM attacks. Query several notaries and make sure that they fetch and deliver the same certificate you got. OK, I'll buy this. But:

How do you know your talking to the notaries and not the MITM pretending to be the site you want and the notaries? Maybe we should have notaries to check the notaries. But then how do you prevent those notaries from... we'll do it once more and everything will be ok. If the MITM controls the router/DNS/firewall/network/proxy/etc you used to access the internet the MITM might be the only one you can talk to. You could distribute the notaries certs with the browser so that they can't be MITMed... aka SSL.

Comment: Re:Google v. Oracle - Solved (Score 5, Insightful) 229

by ags1 (#35642800) Attached to: Java Creator James Gosling Hired At Google
C# is very portable, IF you pick your libraries right, IF you don't use any standard features that are windows centric, IF you don't call any native libraries, IF you want to wait for the advanced feature to get ported to your platforms implementation... etc. You have to do a lot of work to keep from falling into lock in. The thing about Java is, its very hard to make an app not cross platform. You have to do a lot of work to lock yourself into a platform using Java.

Byte your tongue.