Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Finding a Security Flaw Grudge (Score 1) 58 58

by fsterman (#49483451) Attached to: Why "Designed For Security" Is a Dubious Designation

I was just embroiled in a dispute with someone who is selling security related software that refuses to address key issues with their security model. I think the situation is probably similar here, software engineers that have the best of intentions but simply lack the expertise to properly execute. Most programmers are engineers who are perfectly capable of building out a working system. However, when it comes to security related software, it's not good enough for something to just work, you have to be able to have a deep understanding of how every component interacts with the larger system.

Comment: Re:The article isn't about PGP, but web-based emai (Score 1) 89 89

by fsterman (#49420117) Attached to: The Problem With Using End-to-End Web Crypto as a Cure-All

The real problem that needs solving isn't hacking PGP into web-mail, it's making certificate management user-friendly. And that's not even that hard to do!

Lol, users don't understand certificates and I doubt that most geeks are capable of managing them.

Comment: Re:Any solution is better then none at all (Score 1) 89 89

by fsterman (#49420105) Attached to: The Problem With Using End-to-End Web Crypto as a Cure-All

There are usable and secure E2E email clients, but they require a separation between the messaging system and the software used to retrieve it. With traditional software distribution, we can rely on reproducible builds and security audits to increase the cost of backdooring software. On the web, each provider can deliver a custom (backdoored) version of their software to the target on demand.

Comment: Re:Hire those "hackers"! (Score 1) 89 89

by fsterman (#49420091) Attached to: The Problem With Using End-to-End Web Crypto as a Cure-All

It's based on a decade of research, the 90% figure comes from actual behavioral studies

I doubt it. If you were actually familiar with these "behavioral studies", then you would have provided a citation. Studies have shown that 90% of people that claim "studies" support their opinion, without actually citing them, are just making stuff up.

It's in TFA.

+ - The Problem with End-to-End Web Crypto->

Submitted by fsterman
fsterman writes: Since the Snowden revelations, E2E web crypto has become trendy. There are browser add-ons that bolt a PGP client onto webmail and both Yahoo and Google are planning to support PGP directly. They attempt to prevent UI spoofing with icons similar to the site-authentication banks use to combat phishing.

The problem is that a decade of research shows that users habituate to these icons and come to ignore them. An attacker can pull off UI spoofing with a 90%+ success rate.

Link to Original Source

Comment: Re:"without garbage collection" (Score 1) 211 211

by fsterman (#49405781) Attached to: Rust 1.0 Enters Beta

Android got smooth by throwing hardware at it. The reason for a while Androiders were bragging that their phones had more cores or higher clock speeds was that Android needed it.

I'm sorry, but this is the same argument that people made against Java in the 90's, when Java was a few orders of magnitude slower. But as time went on, the total percentage that the computational overhead took up dropped to less than 1% because the hardware got faster. Java's success shows that developer convenience is a very powerful thing.

Comment: Re:why does the poster thing this helps VP9? (Score 1) 68 68

by fsterman (#49365945) Attached to: Another Patent Pool Forms For HEVC

How do you call VP9 royalty-free in the same article as the rest of this info.

There is not currently a patent pool for VP9. That doesn't mean it's in a better position than HEVC, given there could be a "freelance" patent pool for VP9 any day now.

Any standard which becomes successful attracts leeches. VP9 is no exception.

How do you call VP9 royalty-free in the same article as the rest of this info.

There is not currently a patent pool for VP9. That doesn't mean it's in a better position than HEVC, given there could be a "freelance" patent pool for VP9 any day now.

Any standard which becomes successful attracts leeches. VP9 is no exception.

Carefully avoiding all known patents puts them into a better position, even if the position is just a smaller number of patents.

Comment: Re:Its a shame WebM sucks (Score 1) 68 68

by fsterman (#49365835) Attached to: Another Patent Pool Forms For HEVC

I think there are two distinct worlds, people who handle the distribution of video and content creators. For content creators, they need highly polished GUIs ... like those provided by Final Cut Pro and iMovie. There are also batch video conversion tools that are entirely oriented around the GUI.

Comment: Re:So You are Saying (Score 1) 68 68

by fsterman (#49365773) Attached to: Another Patent Pool Forms For HEVC

... these are not single algorithms, nor are they in any way simple. This is very sophisticated software. At least scan through the Wikipedia entry linked in the summary to get a rough idea of the complexity of these monsters.

I actually read through some of the patents Nokia was threatening VP8/9 with and they really are not sophisticated at all, they are just written in the most confusing possible way. For example, the following paragraph is from a Nokia patent that basically describes the selection of neighboring pixels:

selecting a first reference video pixel in the first video block and a second reference video pixel in the second video block, the first reference video pixel and the second reference video pixel being other than the first boundary video pixel and the second boundary video pixel and the first reference video pixel and the second reference video pixel being placed closer to a central portion of each of said video blocks than the respective boundary video pixel, in such a way that the reference video pixels and the boundary video pixels are situated on a straight line, the straight line being transverse to the boundary, drawn from the first reference video pixel to the second reference video pixel, wherein the first and the second boundary video pixels are located between the first and the second reference video pixels on the straight line,

I was planning on busting all of the Nokia patents myself, but then I got busy :p

The rate at which a disease spreads through a corn field is a precise measurement of the speed of blight.

Working...