Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment: cui bono? (Score 1) 7

by bill_mcgonigle (#48625245) Attached to: Who's To Blame For Rules That Block Tesla Sales In Most US States?

Who benefits from banning [X]? With near certainty those are the people who bought off whoever is in power (the partisan nonsense in TFS is a smokescreen to keep you distracted). It doesn't matter if it's the UAW or the Auto Dealer's Association that is behind the corruption - you should be disgusted that politicians deign to tell you what kinds of cars you may purchase. "Yes, massa."

Comment: Re:Home of the brave? (Score 1) 481

by Smidge204 (#48624973) Attached to: Top Five Theaters Won't Show "The Interview" Sony Cancels Release

I will bet your chances of being killed in a mall go way up if there are specific threats against that mall.

No, it doesn't. The mall could have been attacked at any time with no announcement at all. The only difference is now you know somebody out there has an axe to grind.

Knowing the odds does not change the odds.

In fact, I'd argue that you might actually have a slightly LOWER chance of being killed or injured if the the intent to attack is announced. They could be bluffing. Increased security could ward off or apprehend the attackers. Law enforcement might be able to intervene and prevent the attack.

The most realistic outcome of this scenario? The mall would be closed and your appointment canceled... but assuming for the sake of argument that doesn't happen, you might as well go because your odds are certainly no worse than at any other time.

Comment: Re:Does the job still get done? (Score 1) 583

by swillden (#48624819) Attached to: Economists Say Newest AI Technology Destroys More Jobs Than It Creates

I used the phrase "thinkers", not "elites". Those groups I "give credit" to are huge. I don't hesitate for a moment that there are members of those groups who have the intelligence at hand and the foresight to see where things are going and to prepare for them. Lumping everyone in those groups as either/or doesn't make sense.

Regardless, you still give them way, way too much credit.

Comment: Re:Ugh, WordPress (Score 1) 27

I recently moved from hand-written HTML for my personal site to Jekyll, which is the engine that powers GitHub pages. It does exactly what I want from a CMS:
  • Cleanly separate content and presentation.
  • Provide easy-to-edit templates.
  • Allows all of the content to be stored in a VCS.
  • Generates entirely static content, so none of its code is in the TCB for the site.

The one thing that it doesn't provide is a comment system, but I'd be quite happy for that to be provided by a separate package if I need one. In particular, it means that even if the comment system is hacked, it won't have access to the source for the site so it's easy to restore.

Comment: Re:Validating a self-signed cert (Score 1) 239

by TheRaven64 (#48623991) Attached to: Google Proposes To Warn People About Non-SSL Web Sites
That's the best way of securing a connection, but it doesn't scale. You need some out-of-band mechanism for distributing the certificate hash. It's trivial for your own site if you're the only user (but even then, the right thing for the browser to do is warn the first time it sees the cert), but it's much harder if you have even a dozen or so clients.

Comment: Re:The web is shrinking (Score 1) 239

by TheRaven64 (#48623981) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

The 'brought to you by' box on that site lists Mozilla, Akamai, Cisco, EFF, and IdenTrust. I don't see Google pushing it. They're not listed as a sponsor.

That said, it is pushing Certificate Transparency, which is something that is largely led by Ben Laurie at Google and is a very good idea (it aims to use a distributed Merkel Tree to let you track what certificates other people are seeing for a site and what certs are offered for a site, so that servers can tell if someone is issuing bad certs and clients can see if they're the only one getting a different cert).

Comment: Re:This again? (Score 1) 239

by TheRaven64 (#48623971) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

It depends on your adversary model. Encryption without authentication is good protection against passive adversaries, no protection against active adversaries. If someone can get traffic logs, or sits on the same network as you and gets your packets broadcast, then encryption protects you. If they're in control of one of your routers and are willing to modify traffic, then it doesn't.

The thing that's changed recently is that the global passive adversary has been shown to really exist. Various intelligence agencies really are scooping up all traffic and scanning it. Even a self-signed cert makes this hard, because the overhead of sitting in the middle of every SSL negotiation and doing a separate negotiation with the client and server is huge, especially as you can't tell which clients are using certificate pinning and so will spot it.

Comment: Re:So perhaps /. will finally fix its shit (Score 2) 239

by TheRaven64 (#48623949) Attached to: Google Proposes To Warn People About Non-SSL Web Sites
Every HTTP request I send to Slashdot contains my cookie, which contains my login credentials. When I do this over a public WiFi network, it's trivial for any passive member of the network to sniff it, as it is for any intermediary. Worse, because it uses AJAX stuff in the background, if I briefly connect to a malicious access point by accident, there's a good chance that it will immediately send that AP's proxy my credentials. I've been using this account for a decade or so. I don't want some random person to be able to hijack it so trivially.

Comment: Re:I am cynical (Score 1) 481

by PsychoSlashDot (#48622909) Attached to: Top Five Theaters Won't Show "The Interview" Sony Cancels Release

I have the feeling the reason the show was cancelled , was because the pre-release feedback was very negative, that it was a bad film, but with those threat they saw an opportunity, and now they are priming the US market for a massive "buy it to spite terrorrist !" direct to DVD.

You know, I wouldn't be surprised if beyond you being right, Sony has insurance that covers this situation. "Political turmoil preventing or delaying release of film." Could be a clause. They may actually make money by holding it back. Maybe.

Comment: Re:The handwriting's on the wall: Alice v. CLS Ban (Score 1) 187

by terjeber (#48622553) Attached to: What Will Microsoft's "Embrace" of Open Source Actually Achieve?

Wait for a company who you've hurt to be on the ropes financially

Microsoft hurt B&N? And here was me thinking it was a comination of Amazon and people not buying books anymore that was the problem. What was it specifically that Microsoft did? Cripple that horrible Nook thing?

I have not yet begun to byte!