Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment Re:There's a reason... (Score 1) 117

Assuming the COO is authorized to represent the company's position: 'In a talk entitled "Securing Mobility, Protecting Privacy", BlackBerry Chief Operating Officer Marty Beard told delegates that the company is a strong believer in providing law enforcement agencies with methods to lawfully intercept communications.' http://businessinsights.bitdef...

I've never been too keen on the "with us or against us" rhetoric, but this is math, not politics: systems are either designed to be as secure as they can be, or they are intentionally left with known vulnerabilities. The ability to intercept is, by definition, a known vulnerability.

Comment Re:Why we cannot have nice things.. (Score 2) 123

To be approved for inclusion in pretty much any reputable application, a CA has to conform to the requirements laid out by the CA/Browser forum; see https://cabforum.org/wp-conten... -- you'll note that Section 9.6.3, bullet 5 requires the ability for the domain holder to request revocation. Let's Encrypt conforms to these requirements. While ACME requires specific authentication material to perform automatic revocation, there's a manual process in place.

From https://letsencrypt.org/reposi... : "To report private key compromise, certificate misuse, or other types of fraud, compromise, misuse, inappropriate conduct, or any other matter related to certificates, please email cert-prob-reports@letsencrypt.org."

Basically, all LE's policy says is "We're not going to make a unilateral decision about whether the content someone is hosting on their own domain is legitimate, for that way lies madness. If a domain owner needs a cert revoked, and they can't use the automated tools to revoke it, they need to send an email, and we'll take care of it as soon as we can verify that they're the rightful owner of the domain."

I'm not sure it gets much more reasonable than that.

Comment Re:Another reason for Mozilla to shit their pants. (Score 1) 61

Firefox: has telemetry on, Do-Not-Track off, etc. by default. Also has built-in ads that read your browsing history.

You're confused about telemetry:
https://wiki.mozilla.org/Telem...

Also, the Do-Not-Track flag is an utter failure. No ad network listens to the DNT flag. If you don't want to be tracked, you need proactive browser support. Something like:
https://www.eff.org/deeplinks/...

And, for what it's worth, the in-browser advertising project ("tiles") in Firefox is being shut down, per a company-wide announcement sent out earlier today. Look for a public announcement soon.

Comment Re:Fucking morons (Score 1) 152

You're technically right that it's born of "ignorance" since I lack any inside information about the matter and I'm speculating.

Sure, but even a lay understanding of the word "profit" and the negating prefix "non" should give you some hint about how non-profit organizations are legally required to operate.

Comment Re:Never mind run Chrome extensions... (Score 3, Insightful) 152

Mozilla, for the love of god, stop breaking APIs, you morons.

That's actually the entire point of this move. The problem is that the current addon "API", such as it is, is literally every class in the entire freaking browser, which is an untenably huge and perpetually changing surface to maintain. The only way to keep the current API and stop breaking stuff constantly is to freeze all development on Firefox now and forever.

That's not really a viable approach.

The alternative is to come up with a more stable API surface, from the ground up, and provide a transition period for add-on developers to move from the large, unsupportable infrastructure to the stable one that won't be -- as you correctly observe -- constantly breaking.

Rather than developing a new API, the add-ons team decided to leverage the work that Chrome has already done in this space, which has the nice side effect of making life much easier for developers who want to write cross-browser add-ons.

One of the things that's getting lost in the noise here is that the portion of the API based on Chrome's current design is just the start. There will be additional API surface to enable some of the things that had been possible with the legacy wild-west-style Add-On approach. Since reading articles is not particularly trendy, I'll quote the relevant passage here:

A major challenge we face is that many Firefox add-ons cannot possibly be built using either WebExtensions or the SDK as they currently exist. Over the coming year, we will seek feedback from the development community, and will continue to develop and extend the WebExtension API to support as much of the functionality needed by the most popular Firefox extensions as possible.

Comment Re:Fucking morons (Score 1) 152

[T]he board of directors decided to just monetize the balls out of Firefox and ride a golden parachute down to its destruction.

The IRS has some pretty rigorously enforced guidelines about executive and employee compensation at 501(c)(3) nonprofits, like Mozilla. It's a complicated topic, but this gives a good introduction to the overall idea: https://www.councilofnonprofit...

The executive summary is that there's nothing anyone can do to make a nontrival personal profit off of anything Mozilla does. So you can sling mud all you want, but accusations that decisions at Mozilla are driven by some kind of profit motive are borne of plain ignorance.

Comment Re:Jury Nullification (Score 5, Informative) 608

Under FISA he is not allowed to use wistleblowing as a defense.

Actually, it's worse than that. Two of the counts he's charged with are violations of the Espionage Act, which was intended to prevent US citizens from colluding with US enemies during World War I. Unfortunately, the law provides no room for affirmative defenses at all: if secrets were leaked, you're guilty, and the court isn't allowed to consider even the slightest sliver of the surrounding context. Did you uncover something illegal? Doesn't matter. Is this course of action the only one that would have turned up malfeasance by intelligence agencies? That can't be discussed.

The reason the Obama administration's insistence that Snowden come back to the US to "face a fair trial" is so flagrantly disingenuous is that the act that he's charged under, by virtue of its complete lack of defenses, is explicitly and intentionally designed to result in anything but a fair trial. They're inviting him home for a railroading, and it doesn't matter whether it's done in private or public: he's fucked.

You should watch citizenfour, which spends quite a bit of time on this specific issue of how inappropriate the Espionage Act is for Snowden's actions, and just how unfair is is designed to be.

Comment Re:Is there a browser that doesn't try to be a nan (Score 1) 199

You don't suppose that the reason IE is slow and crashes on so many sites is precisely *because* it's so promiscuous regarding third-party components that are poorly written, do you? Of course you don't, because that would require admitting that what Google and Mozilla do -- blocking shit that ruins your experience -- is actually the only sane way to be good stewards of Chrome and Firefox. And you've already assumed that they're just doing that to piss you off.

Comment Re:As a Flash hobbyist... (Score 1) 283

,,,is there an equivalent development program for HTML5? Like, would I really have to code absolutely everything including the x,y positions of literally every shape to grace the screen, or is there something with a drag/drop transform interface to modify shapes directly on the canvas?

I think the program you're looking for is called "Adobe Flash Pro CC": http://blogs.adobe.com/jnack/2...

Slashdot Top Deals

"Hey Ivan, check your six." -- Sidewinder missile jacket patch, showing a Sidewinder driving up the tail of a Russian Su-27

Working...