Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Dealing With Companies With Poor SSL Practices? (Score 1) 88

by chihowa (#48685471) Attached to: Ask Slashdot: Dealing With Companies With Poor SSL Practices?

This one's easy: don't.

If they're not taking security seriously, that's a bad sign and you should reconsider giving them your personal information. If they're actively trying to hide their own contact information, that's a huge red flag and you'd be crazy to do business with them.

There's no need to overthink this. This is the internet equivalent of the shady guy selling Armani suits out of a stolen car (actually happened near me, recently). Just avoid shady businesses.

Comment: Re:don't fucking post it! (Score 1) 203

by chihowa (#48685439) Attached to: Facebook Apologizes For 'Year In Review' Photos

He's got a point, though. Facebook is the creepy guy in the van trading pictures of your kids for candy. They're not exactly shy about sharing the fact that they want to monetize every bit of information you give them.

You're just playing the "Don't blame the victim!" card... I can feel sorry for the guy while still hoping that he (and others) learns from this incident.

Comment: Re:No problem. (Score 1) 129

by chihowa (#48685055) Attached to: Google and Apple Weaseling Out of "Do Not Track"

If you read through the issue database for Privacy Badger, it seems like the devs are very concerned with not alienating the tracking companies. In many cases, this includes ignoring user input and instead trusting the tracking companies (eg, looking for a /.well-known/dnt-policy.txt file and if found, disregarding the user's desire to block attempted connections).

I think their intentions are good and the plugin has potential, but it seems that the devs see the tracking companies as honorable players and respect their desires a little too much.

Comment: Re:It's hard to take this article seriously (Score 1) 623

by chihowa (#48646945) Attached to: What Happens To Society When Robots Replace Workers?

That's a noble goal, but housing, food, and utilities are all land intensive. With concentration of wealth comes ownership and control of land. Most of what is needed to sustain a person isn't items, but a place to live (limited resource, owned by the wealthy), water (somewhat limited resource, water rights owned by the wealthy), and food (land and water dependent). Even electricity depends on expensive-to-extract fuel (thus available at the whim of the wealthy) or land (for wind, solar, geothermal, etc).

What makes you think that the owners of the land will let you use it? The items that you make aren't worth anything to them since they can make their own items without you.

Comment: Re:Sure... (Score 1) 341

If that's true, then every legitimate aspect of a business is a profit center (including the custodial services, etc) and the term loses any useful meaning. Really, the term was coined by Peter Drucker, the father of a failed management style, (who later referred to it as, "One of the biggest mistakes I have made."). It is currently only used by cartoon-grade MBA types to differentiate sales departments from support departments for the purposes of inflated bonuses and compensation.

Comment: Re:503 (Score 1) 396

by chihowa (#48628475) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

Absolutely. Verification out-of-band on first connect was implied, but I should have stated that more clearly. Ultimately I just use my own CA and DANE, which is simpler and easier to roll out.

If we're going to stick with the root CA system, we really should start fixing it. Allowing multiple CA signatures, pinning certificates, limiting the scope of CA signatures, etc... Any of those options improve the situation. Even culling the root CA list and setting up region specific CA packs would help tremendously. There's no reason my systems should implicitly trust all of the corporations and governments in that list. If I want to shop on Chinese sites, I can download the Chinese CA list, but there's no reason for everybody in the world to have every root CA. This is a weakest-link system by design. Continually adding more links isn't helping!

Comment: Re:503 (Score 1) 396

by chihowa (#48625865) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

If you verify the self-signed certificate the first time you use it, it can't be substituted for another self-signed certificate at any later point in time without triggering an alert. However, even if you personally verify a CA signed certificate, it can be continually be replaced with other CA signed certificates without ever alerting you (DANE and such not withstanding).

Because of the currently implemented browser behavior, which is to implicitly trust any certificate signed by any root CA, personally verified self-signed certificates are more resistant to MITM attacks.

Comment: Industry support (Score 2) 137

by chihowa (#48610283) Attached to: Microsoft Gets Industry Support Against US Search Of Data In Ireland

This case is about personal privacy and national sovereignty somewhat, but it's primarily about the setting precedent for the privilege of multinational corporations.

I know this is going to be an unpopular viewpoint, but the industry is behind Microsoft here because it lessens their accountability to any governments anywhere. The Snow Crash future, where big corporations make their own rules and don't answer to anyone, depends on them not having any accountability to anyone else. Just like shuffling their money around the globe gets them out of having to pay taxes anywhere, shuffling their data around will prevent them from even being investigated for any crimes they may commit. Expect future incriminating emails and documents to be stored safely in subpoena-proof countries.

Comment: Re:Misleading article - you must use ACH (Score 1) 156

by chihowa (#48602315) Attached to: Small Bank In Kansas Creates the Bank Account of the Future

You don't AI to implement an automated system. As you said, it all works fine with the debit card system. The problems are not so much with ACH itself as they are with the implementation (manual processing and infrequent polling).

The advantage of sticking with ACH is that it's already widely implemented. Rolling out truly automated backend handling and increased polling rate can be done gradually, bank by bank, while not interrupting the operation of banks that haven't upgraded yet.

This whole thing reads like, "We need a new system of transportation! The automobile sucks because we've all agreed to only use it once a day."

Comment: Re:Misleading article - you must use ACH (Score 1) 156

by chihowa (#48601459) Attached to: Small Bank In Kansas Creates the Bank Account of the Future

Perhaps I'm missing something, but why isn't ACH ("Automated", by the way, even though I like "Atomated" better!) up for this task? Even if the upgraded ACH isn't instantaneous, it could at least be faster. Increase the polling rate and the transaction handling and the whole system is faster.

We already have a system in place to handle money transfers. It could use some tweaking, sure, but kludging a replacement based on debit cards isn't the right way to get to a better system.

Comment: Re:You are not in control (Score 1) 113

by chihowa (#48584423) Attached to: Study Explains Why Women Miscarry More Males During Tough Times

The fact that we're not perfect is not a reason to avoid striving for perfection. Understanding the mechanism of human nature, with all of its irrational twists, is part of the path to bettering ourselves.

The fact that most people don't even accept that an emotional attachment to a position that lacks evidence is an issue indicates that we don't even understand our own motivations and thought processes very well. It's alright that we're not perfectly logical and our irrational behavior probably benefits us in significant ways, but it's important that we be able to recognize where the motivation for our (lack of) reasoning originates.

Comment: Re:I prefer this memo. (Score 3, Insightful) 772

by chihowa (#48559779) Attached to: CIA Lied Over Brutal Interrogations

Traffic deaths aren't random, even if they aren't intentional. Nearly every traffic death can be traced to a specific and often avoidable cause. Addressing a minute fraction of those causes will have a dramatic effect on the number of people who die in the US every year.

On the other hand, if your opponent's most successful attack ever can't be distinguished from year to year variations in the death rate of Americans, spending any significant energy fighting him is a waste. We could have a 9/11 attack every single day for hundreds of years and still not deplete the American population. This is an ant-bite of a threat and deserves an ant-bite appropriate response.

Don't sweat it -- it's only ones and zeros. -- P. Skelly