Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:The problem is not Java (Score 1) 309

by briansmith (#37560138) Attached to: To Stop BEAST, Mozilla Developer Proposes Blocking Java Framework

No matter what we do to the browser's TLS implementation, this attack would still be possible via Java, because Java has its own TLS implementation.

We are already working on proactively mitigating any improvements on the BEAST attack that could be made to work using native browser features that would be affected by changes to our TLS implementation. But, right now, there are no known ways to implement the attack using built-in browser features.

Comment: Re:Won't help (Score 1) 309

by briansmith (#37560044) Attached to: To Stop BEAST, Mozilla Developer Proposes Blocking Java Framework

There may indeed be other vectors for an attack that use built-in browser features. However, some characteristics of how the browser manages connections and how it formats HTTP requests would defeat most (all, as far as we know at this time) variations of the attack that use built-in browser features.

Comment: Re:Java still there (Score 1) 309

by briansmith (#37559954) Attached to: To Stop BEAST, Mozilla Developer Proposes Blocking Java Framework

Implementing that workaround in the browser will not help when the attacker users Java, because the Java Plugin does not use the browser's TLS implementation; it uses its own.

An Oracle engineer is the one that came up with that technique for interfering with the exploit.

We are going to implement it. I am finalizing the patch now.

Comment: How about human rights-based licensing? (Score 1) 1109

by briansmith (#15906940) Attached to: New 'No Military Use' GPL For GPU
Look at the BSD license, which contains the following clause: "Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution"

Imagine a modification of this license to also add this clause (lifted and slightly modified from the Apple Computer Inc. hiring policy):

"I support the equal rights of all people regardless of their race, color, religion, sex, national origin, marital status, age, sexual orientation, gender identity characteristics or expression, disability, medical condition, military or veteran status."

Would this be a good license? I think so. Notice that it doesn't prevent anybody from using the software, even if they disagree with the statement, as long as he keeps the clause intact when he distributes it. Yet, if the software presents this message in its slash screen every time it starts up, it sends a message. Not only is it saying that the creator and/or distributor believe in this message, but that the user does too, because it is on his/her computer.

The effect would be to discourage (not prevent!) people who do not believe in equal human rights from using the software. In particular, extremist evangelicals like Osama bin Laden, Jerry Falwell, Pat Robertson, Hitler, et al. would prevent themselves and their followers from using their software, but only by their own edicts, not through any action of yours.

I've got all the money I'll ever need if I die by 4 o'clock. -- Henny Youngman