Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Comment Re:And I'm going to continue to insist that... (Score 1) 147

Elon Musk has an infinitely better plan for going to Mars, and best of all, he has the smarts and the resources to do it.

I have as big a nerd-crush on Musk as the next geek, but he doesn't have what it takes to acomplish his "ultimate" goal of setting up a backup for humanity on Mars. Terraforming mars is a few orders of magnitude more difficult than reversing climate change here on Earth.

Comment Finding a Security Flaw Grudge (Score 1) 58

I was just embroiled in a dispute with someone who is selling security related software that refuses to address key issues with their security model. I think the situation is probably similar here, software engineers that have the best of intentions but simply lack the expertise to properly execute. Most programmers are engineers who are perfectly capable of building out a working system. However, when it comes to security related software, it's not good enough for something to just work, you have to be able to have a deep understanding of how every component interacts with the larger system.

Comment Re:The article isn't about PGP, but web-based emai (Score 1) 89

The real problem that needs solving isn't hacking PGP into web-mail, it's making certificate management user-friendly. And that's not even that hard to do!

Lol, users don't understand certificates and I doubt that most geeks are capable of managing them.

Comment Re:Any solution is better then none at all (Score 1) 89

There are usable and secure E2E email clients, but they require a separation between the messaging system and the software used to retrieve it. With traditional software distribution, we can rely on reproducible builds and security audits to increase the cost of backdooring software. On the web, each provider can deliver a custom (backdoored) version of their software to the target on demand.

Comment Re:Hire those "hackers"! (Score 1) 89

It's based on a decade of research, the 90% figure comes from actual behavioral studies

I doubt it. If you were actually familiar with these "behavioral studies", then you would have provided a citation. Studies have shown that 90% of people that claim "studies" support their opinion, without actually citing them, are just making stuff up.

It's in TFA.

Submission + - The Problem with End-to-End Web Crypto->

fsterman writes: Since the Snowden revelations, E2E web crypto has become trendy. There are browser add-ons that bolt a PGP client onto webmail and both Yahoo and Google are planning to support PGP directly. They attempt to prevent UI spoofing with icons similar to the site-authentication banks use to combat phishing.

The problem is that a decade of research shows that users habituate to these icons and come to ignore them. An attacker can pull off UI spoofing with a 90%+ success rate.

Link to Original Source

Comment Re:"without garbage collection" (Score 1) 211

Android got smooth by throwing hardware at it. The reason for a while Androiders were bragging that their phones had more cores or higher clock speeds was that Android needed it.

I'm sorry, but this is the same argument that people made against Java in the 90's, when Java was a few orders of magnitude slower. But as time went on, the total percentage that the computational overhead took up dropped to less than 1% because the hardware got faster. Java's success shows that developer convenience is a very powerful thing.

Comment Re:why does the poster thing this helps VP9? (Score 1) 68

How do you call VP9 royalty-free in the same article as the rest of this info.

There is not currently a patent pool for VP9. That doesn't mean it's in a better position than HEVC, given there could be a "freelance" patent pool for VP9 any day now.

Any standard which becomes successful attracts leeches. VP9 is no exception.

How do you call VP9 royalty-free in the same article as the rest of this info.

There is not currently a patent pool for VP9. That doesn't mean it's in a better position than HEVC, given there could be a "freelance" patent pool for VP9 any day now.

Any standard which becomes successful attracts leeches. VP9 is no exception.

Carefully avoiding all known patents puts them into a better position, even if the position is just a smaller number of patents.

Any sufficiently advanced bug is indistinguishable from a feature. -- Rich Kulawiec

Working...