Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:Not a priority (Score 1) 56

by jafiwam (#48829129) Attached to: Google Finally Quashes Month-Old Malvertising Campaign

> Stopping malware is not a priority for advertising companies.

> The priority is to do whatever they can to help advertisers, because advertisers give them money.

Yes, but there is a gap between the two statements. How about:

The priority is to do whatever they can to help malware (while only appearing incompetent and not actually evil), because malware spreaders are giving them money.

All I am saying that this is a very slippery slope. Google is most certainly helping to spread malware, and they are probably making money from it. And they could do more to avoid it if they wanted to...

Malware is the primary reason why I have aggressive ad blocking strategies.

I don't see ads on the internet.

If I never had to clean up some poor sap's computer of malware caused by ads, I wouldn't care about ads. I have the bandwidth to handle it. I just don't want my shit infected.

Comment: Re:OP customer here: this must be pure vandalism (Score 1) 92

by jafiwam (#48735997) Attached to: Finnish Bank OP Under Persistent DDoS Attack

I see no other reason for this DDoS attack but vandalism of some sort. The attackers have no political agenda (this is a small Finnish bank, not one of the big tax-haven transfer banks like UBS. It also has no political connections/owners. The attack also has no way of obtaining any useful info, as all banks in Finland use one-time passwords for login.

That part in bold is irrelevant.

Often these are a distraction to get the manpower (management in a tizzy, IT busy) doing lots of stuff while they break in somewhere else. Customer accounts are not the target. The infrastructure NOT under attack at the time IS.

It also could be as simple as "no particular reason" sometimes it is random boredom. They chose this target because they thought the logo looked stupid, or they figured they could actually accomplish something over larger perhaps "more deserving" banks.

Comment: Re:WHY GOD WHY (Score 2) 248

by jafiwam (#48694985) Attached to: Microsoft Is Building a New Browser As Part of Its Windows 10 Push


Why? I like the idea of having browsers that can show off what they're better at, by rendering pages in different ways. It creates a market with a variety of browsers.

The great unwashed masses fucking EXPECT them to render in exactly the same way.

That's why.

'But it looks different at home .... blah blah blah"

If that quote above, didn't give you fits of anger, you haven't done enough web development and need to shut up on the subject you don't know anything about.

Comment: Re:503 (Score 1) 396

by jafiwam (#48629145) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

In any case, Google hasn't formally announced a decision yet, it has merely made a proposal public and started a discussion on the subject requesting feedback. The fact that everyone is condemning Google for this proposal vindicates all the companies that keep their discussions private and out of the public eye until they work them out -- all secretly first.

Google has already fucked with the icon in the address bar.

They have started to reject certain encryption protocols and now state "no public audit records available" for quite a number of domains and certificates. These changes went out a couple weeks ago.

So the "but they didn't start fucking with it yet!" comment is not valid. They'll request feedback and then do what they are already planning to do anyway.

Comment: Re:503 (Score 1) 396

by jafiwam (#48629131) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

https will not stop mass metadata collection.

It definitely will make the spying harder though...which is a good thing.

Harder for whom?

I am going to bet, that the big players in the data collection game already have a way to sniff traffic in SSL mode because they stole the root keys, certificates, intermediates, and even your certificate a long time ago.

Do you really think Network Solutions or GoDaddy are going to fight off the NSA or Mosad? (if they even _wanted_to?)

Comment: Re:503 (Score 1) 396

by jafiwam (#48629095) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

Yep, same here.

On topic, Google, I appreciate the focus on security, but stop deciding to simply implement however YOU THINK the web should be working. Ok, technically, it's just a change in the browser, but the semantics are obviously meant to "encourage" everyone to switch to HTTPS. However a good idea some of us think that is, it's not up to you.

This is why people are getting freaked out about the power you hold. You're starting to demonstrate that you're not afraid to *use* that influence to simply push things to work however you want them to. You've already done that once already by pushing forward an SSL-related change far ahead of when it really needed to be, and now it looks like you're floating a trial balloon to go one step further.

Am I overreacting here? Or is Google going too far, too fast with this?

They are most certainly going to far.

Last week, with the latest update of Chrome, they started putting a yellow warning triangle on any cert with SHA1 encryption. While SHA1 should be avoided, they are issuing what is basically a big "FUCK YOU" type warning. There were a number of CAs that didn't provide an option for anything else up until last year, so basically Google is forcing site owners to pony up for a new cert ahead of cycle, or do the paperwork to re-issue a cert and then re deploy it.

Likewise, Chrome is now bitching about lack of "public audit records" that have barely begun to be deployed with CAs, Let alone something that every certificate and domain have yet.

The changes mentioned in the article are not the first attempt at screwing with the function of the symbols in the address bar.

That little lock is one of the FEW things that end users have properly picked up on as part of security, now Google is undermining that. Instead of getting certs to "their standards" (who the fuck voted them boss on this?) they are going to end up teaching users what happens up there doesn't matter.

For a long time, people feared the Internet turned into something only the sanctioned big players could play in, assuming it would be media producers, TV networks, large telcos and internet providers.

Instead, we have Google doing it. If they succeed, the "little guy web site" is going to disappear from the internet.

My response is going to be "Chrome doesn't work right anymore, switch to Internet Explorer" Not going to bother complying to a standard that is unreasonable and unwanted at this time. Sure, in the FUTURE, however rushing shit through in a few months is pant-on-head retarded and extremely arrogant at the same time.

Comment: Re:A question I hope someone can answer (Score 1) 54

by jafiwam (#48554697) Attached to: POODLE Flaw Returns, This Time Hitting TLS Protocol

For those of us who are stuck using older browsers (FireFox v10 or IE6), even with SSL disabled and only TLS 1.0 enabled, will this be a problem?

As I said, stuck. I won't appreciate replies saying to upgrade my browser.

In IE 6.0, you can enable TLS 1.0. It is not on by default.

It is deep in the "Internet Settings" in "Security". Scroll down the list and find where it mentions TLS.

IE 6.0 does not do TLS 1.1 or later, so when TLS 1.0 gets shut off, you are done with it.

I believe RC4 is only in SSL 3.0 so that being on or off doesn't matter.

PS, most sites already have 3.0 off, so you may be in the clear already.

Comment: Re:PBS had a documentary... (Score 4, Insightful) 103

by jafiwam (#48513895) Attached to: Practical Magnetic Levitating Transmission Gear System Loses Its Teeth

Some huge trucks still have things based on variable transmission technology, so the entire gearbox doesn't have gears but just slides into the most convenient gearing automatically. They've been around for decades. And they work by using a strong belt that can slide up and down a conical shaft. I kid you not. Every few years, they are re-invented under another brand / patent / material and actually do quite a good job. But they are still considered specialist parts because we can't overcome their weaknesses.

For someone asserting they know all kinds of "unknoiwn" details, you sure are behind.

The description above is called a "Constant Velocity Transmission" and both Nissan (recently) and Subaru (since the 70's) have these. Subaru has had MOST of their new non-performance car fleet use CVTs for the last three years. Nisssan's CVT uses a "pusher" belt made of stacked plates connected by a chain. Subaru, a regular chain.

This is not "specialists" parts anymore. This is just a different type of automatic transmission.

True, "going back to the old" works sometimes, often that is because materials and engineering concepts have advanced far enough to actually make the stuff work now. That doesn't mean tinkering with, or taking another try at these old methods isn't worthwhile.

Comment: Re:Justifying (Score 1) 213

by jafiwam (#48496621) Attached to: Game Theory Analysis Shows How Evolution Favors Cooperation's Collapse

Society has strictly no duty to help those who truly cannot fend for themselves, just like cops have strictly no duty to put their lives on the line to save others. And before you contradict me on this point, have a look there: http://disinfo.com/2010/03/the...


The grandparent poster is stating the socialism spin on an accurate statement.

There is no "duty" to protect the weak as it were. There just isn't. Philosophically you can't get there. That's pure political progressive ideas based on emotion and not actual thinking.

You CAN however, expand the argument a bit and come up with a compelling reason why helping the weak is actually helping yourself. First, everybody, at some point, is "weak" or "strong." For example. I am a nerd. I am generally, less physically capable than other adult men. (This is my own doing, shut up, I know.)

On the other hand, I carry a gun.

Someone, a large young man, could walk into a store and toss around a clerk or two while stealing swisher sweets and be the "strong" one. While he has no philosophical duty to protect the weak, it is SMART for him to do so, because there just may well be a nerd behind him with a loaded gun. Or, a skinny cop may tell him to get back on the sidewalk, where playing "tough" only gets the moron deaded.

The short version is, the "philosophy of using strength" gets you into conflicts in a society, where "philosophy of cooperating" tends to keep you out of conflicts. No matter how tough you are, you might end up standing in front of a nerd with a gun. This is true whether or not you are a socialist or some other political bent.

Comment: Re:Wouldn't time be better spent... (Score 0) 481

by jafiwam (#48448291) Attached to: Cops 101: NYC High School Teaches How To Behave During Stop-and-Frisk

... teaching the cops how not to alienate the people?

I agree they are teaching the wrong people.

Though, this effort would be best spent on the parents of the kids that get in trouble, along with the kids who DONT SHOW UP FOR SCHOOL.

What these classes do is make it clear to the non-criminals how collossally stupid the average thuglet really is. The people that need to know how not to get beat, don't pay attention to anything anybody tells them... or they would already know how not to get beat.

Comment: Re:Level3? (Score 1) 159

by jafiwam (#48401213) Attached to: Ask Slashdot: Dealing With VoIP Fraud/Phishing Scams?

I've got a better solution for both of you...

Put an automated message that says the following...

"If you are calling about a recent scam involving our number, please call Level 3 at..." and give the phone number to Level 3's complaint office. If they don't have a complaint office then simply give the main number. Better yet if you can, forward the call to them via a menu system. Let them deal with the fallout. Maybe they will take the hint.

I suggest the sales department phone number. Those seem to be able to accomplish things with screeching to management and IT.

Comment: Re:The Fix: Buy good Chocolate! (Score 1) 323

by jafiwam (#48401127) Attached to: MARS, Inc: We Are Running Out of Chocolate

Price of any stock will go up when the demand is higher than the supply. And if supplier business is truly not currently economically viable, less fields will be used for cocoa, supply will go down, and price will go up again. No need to talk about what one ethically "should" pay for it.

Yup. The market will adjust.

The problem is, the adjustments will be wild and put companies out of business.

Cocoa comes off a tree, so switching land from bananas to coca is not a "next year we'll grow that" type of transition. While that expansion happens, the price goes where ever. Also, with that start up time, a local farmer might get burned by being a little too late where large numbers of other fields are converted too. Leaving him out of business or at least less willing to do cocoa again.

If my industry relied on the good stuff, I'd be looking hard at geographically spreading my supplies out and getting production in places it hasn't been done before, AND stockpiling it if it keeps well. Just set a price, buy all of it you can.

"Say yur prayers, yuh flea-pickin' varmint!" -- Yosemite Sam