Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: Re:503 (Score 1) 392

by jafiwam (#48629145) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

In any case, Google hasn't formally announced a decision yet, it has merely made a proposal public and started a discussion on the subject requesting feedback. The fact that everyone is condemning Google for this proposal vindicates all the companies that keep their discussions private and out of the public eye until they work them out -- all secretly first.

Google has already fucked with the icon in the address bar.

They have started to reject certain encryption protocols and now state "no public audit records available" for quite a number of domains and certificates. These changes went out a couple weeks ago.

So the "but they didn't start fucking with it yet!" comment is not valid. They'll request feedback and then do what they are already planning to do anyway.

Comment: Re:503 (Score 1) 392

by jafiwam (#48629131) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

https will not stop mass metadata collection.

It definitely will make the spying harder though...which is a good thing.

Harder for whom?

I am going to bet, that the big players in the data collection game already have a way to sniff traffic in SSL mode because they stole the root keys, certificates, intermediates, and even your certificate a long time ago.

Do you really think Network Solutions or GoDaddy are going to fight off the NSA or Mosad? (if they even _wanted_to?)

Comment: Re:503 (Score 1) 392

by jafiwam (#48629095) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

Yep, same here.

On topic, Google, I appreciate the focus on security, but stop deciding to simply implement however YOU THINK the web should be working. Ok, technically, it's just a change in the browser, but the semantics are obviously meant to "encourage" everyone to switch to HTTPS. However a good idea some of us think that is, it's not up to you.

This is why people are getting freaked out about the power you hold. You're starting to demonstrate that you're not afraid to *use* that influence to simply push things to work however you want them to. You've already done that once already by pushing forward an SSL-related change far ahead of when it really needed to be, and now it looks like you're floating a trial balloon to go one step further.

Am I overreacting here? Or is Google going too far, too fast with this?

They are most certainly going to far.

Last week, with the latest update of Chrome, they started putting a yellow warning triangle on any cert with SHA1 encryption. While SHA1 should be avoided, they are issuing what is basically a big "FUCK YOU" type warning. There were a number of CAs that didn't provide an option for anything else up until last year, so basically Google is forcing site owners to pony up for a new cert ahead of cycle, or do the paperwork to re-issue a cert and then re deploy it.

Likewise, Chrome is now bitching about lack of "public audit records" that have barely begun to be deployed with CAs, Let alone something that every certificate and domain have yet.

The changes mentioned in the article are not the first attempt at screwing with the function of the symbols in the address bar.

That little lock is one of the FEW things that end users have properly picked up on as part of security, now Google is undermining that. Instead of getting certs to "their standards" (who the fuck voted them boss on this?) they are going to end up teaching users what happens up there doesn't matter.

For a long time, people feared the Internet turned into something only the sanctioned big players could play in, assuming it would be media producers, TV networks, large telcos and internet providers.

Instead, we have Google doing it. If they succeed, the "little guy web site" is going to disappear from the internet.

My response is going to be "Chrome doesn't work right anymore, switch to Internet Explorer" Not going to bother complying to a standard that is unreasonable and unwanted at this time. Sure, in the FUTURE, however rushing shit through in a few months is pant-on-head retarded and extremely arrogant at the same time.

Comment: Re:A question I hope someone can answer (Score 1) 54

by jafiwam (#48554697) Attached to: POODLE Flaw Returns, This Time Hitting TLS Protocol

For those of us who are stuck using older browsers (FireFox v10 or IE6), even with SSL disabled and only TLS 1.0 enabled, will this be a problem?

As I said, stuck. I won't appreciate replies saying to upgrade my browser.

In IE 6.0, you can enable TLS 1.0. It is not on by default.

It is deep in the "Internet Settings" in "Security". Scroll down the list and find where it mentions TLS.

IE 6.0 does not do TLS 1.1 or later, so when TLS 1.0 gets shut off, you are done with it.

I believe RC4 is only in SSL 3.0 so that being on or off doesn't matter.

PS, most sites already have 3.0 off, so you may be in the clear already.

Comment: Re:PBS had a documentary... (Score 4, Insightful) 103

by jafiwam (#48513895) Attached to: Practical Magnetic Levitating Transmission Gear System Loses Its Teeth

Some huge trucks still have things based on variable transmission technology, so the entire gearbox doesn't have gears but just slides into the most convenient gearing automatically. They've been around for decades. And they work by using a strong belt that can slide up and down a conical shaft. I kid you not. Every few years, they are re-invented under another brand / patent / material and actually do quite a good job. But they are still considered specialist parts because we can't overcome their weaknesses.

For someone asserting they know all kinds of "unknoiwn" details, you sure are behind.

The description above is called a "Constant Velocity Transmission" and both Nissan (recently) and Subaru (since the 70's) have these. Subaru has had MOST of their new non-performance car fleet use CVTs for the last three years. Nisssan's CVT uses a "pusher" belt made of stacked plates connected by a chain. Subaru, a regular chain.

This is not "specialists" parts anymore. This is just a different type of automatic transmission.

True, "going back to the old" works sometimes, often that is because materials and engineering concepts have advanced far enough to actually make the stuff work now. That doesn't mean tinkering with, or taking another try at these old methods isn't worthwhile.

Comment: Re:Justifying (Score 1) 213

by jafiwam (#48496621) Attached to: Game Theory Analysis Shows How Evolution Favors Cooperation's Collapse

Society has strictly no duty to help those who truly cannot fend for themselves, just like cops have strictly no duty to put their lives on the line to save others. And before you contradict me on this point, have a look there: http://disinfo.com/2010/03/the...

Yup.

The grandparent poster is stating the socialism spin on an accurate statement.

There is no "duty" to protect the weak as it were. There just isn't. Philosophically you can't get there. That's pure political progressive ideas based on emotion and not actual thinking.

You CAN however, expand the argument a bit and come up with a compelling reason why helping the weak is actually helping yourself. First, everybody, at some point, is "weak" or "strong." For example. I am a nerd. I am generally, less physically capable than other adult men. (This is my own doing, shut up, I know.)

On the other hand, I carry a gun.

Someone, a large young man, could walk into a store and toss around a clerk or two while stealing swisher sweets and be the "strong" one. While he has no philosophical duty to protect the weak, it is SMART for him to do so, because there just may well be a nerd behind him with a loaded gun. Or, a skinny cop may tell him to get back on the sidewalk, where playing "tough" only gets the moron deaded.

The short version is, the "philosophy of using strength" gets you into conflicts in a society, where "philosophy of cooperating" tends to keep you out of conflicts. No matter how tough you are, you might end up standing in front of a nerd with a gun. This is true whether or not you are a socialist or some other political bent.

Comment: Re:Wouldn't time be better spent... (Score 0) 481

by jafiwam (#48448291) Attached to: Cops 101: NYC High School Teaches How To Behave During Stop-and-Frisk

... teaching the cops how not to alienate the people?

I agree they are teaching the wrong people.

Though, this effort would be best spent on the parents of the kids that get in trouble, along with the kids who DONT SHOW UP FOR SCHOOL.

What these classes do is make it clear to the non-criminals how collossally stupid the average thuglet really is. The people that need to know how not to get beat, don't pay attention to anything anybody tells them... or they would already know how not to get beat.

Comment: Re:Level3? (Score 1) 159

by jafiwam (#48401213) Attached to: Ask Slashdot: Dealing With VoIP Fraud/Phishing Scams?

I've got a better solution for both of you...

Put an automated message that says the following...

"If you are calling about a recent scam involving our number, please call Level 3 at..." and give the phone number to Level 3's complaint office. If they don't have a complaint office then simply give the main number. Better yet if you can, forward the call to them via a menu system. Let them deal with the fallout. Maybe they will take the hint.

I suggest the sales department phone number. Those seem to be able to accomplish things with screeching to management and IT.

Comment: Re:The Fix: Buy good Chocolate! (Score 1) 323

by jafiwam (#48401127) Attached to: MARS, Inc: We Are Running Out of Chocolate

Price of any stock will go up when the demand is higher than the supply. And if supplier business is truly not currently economically viable, less fields will be used for cocoa, supply will go down, and price will go up again. No need to talk about what one ethically "should" pay for it.

Yup. The market will adjust.

The problem is, the adjustments will be wild and put companies out of business.

Cocoa comes off a tree, so switching land from bananas to coca is not a "next year we'll grow that" type of transition. While that expansion happens, the price goes where ever. Also, with that start up time, a local farmer might get burned by being a little too late where large numbers of other fields are converted too. Leaving him out of business or at least less willing to do cocoa again.

If my industry relied on the good stuff, I'd be looking hard at geographically spreading my supplies out and getting production in places it hasn't been done before, AND stockpiling it if it keeps well. Just set a price, buy all of it you can.

Comment: Re:Shocked... (Score 3, Insightful) 203

by jafiwam (#48386903) Attached to: Window Washing a Skyscraper Is Beyond a Robot's Reach

You think $26.89/hr is a low wage? Wow. That's $53780/yr! A huge amount of money. And people wonder why international outsourcing and illegal immigrants are a problem. The North American standard of living is unsustainable, pure and simple. All these rich folks have no idea that the majority of the population works for far less. Housing alone costs about 80% of earnings for most people. Ain't capitalism grand?

In the cities where they are needed, that's not a whole lot of money. I bet those guys live in hovels or commute from waaaayyy outside the cities the work in.

Comment: Re:It won't happen (Score 2) 127

by jafiwam (#48379495) Attached to: Senate May Vote On NSA Reform As Soon As Next Week

When they have the majority in both the house and the senate starting next Jan. they will expand the NSA's powers and try to ram it through.

IOW, continuing the good work of the current majority and the administration?

Or, just now realizing the power structure of parallel construction, back room deals to harass people for political reasons, massive and invasive domestic eavesdropping abilities etc. are all going to be in the hands of the Republicans when Democrats lose the white house in 2016... and fearing the machine they created being turned against them.

Comment: Re:Ok, they got ONE right... (Score 1) 257

by jafiwam (#48373367) Attached to: Internet Sales Tax Bill Dead In Congress

roll back IRS harassment powers

If they were smart they would increase IRS funding since it results in something like a 10:1 return rate. You know where the extra money would come from? Tax cheats! People who don't pay their taxes aren't your heros, they are your parasites. While I'm being wistful about things that will never happen, increased funding might even give us more streamlined processes and overcome the turbotax lobby...which for years has been lobbying against simpler taxes that you can do yourself on the IRS website, reducing errors and thus the likelihood the IRS would want to talk to you.

No. The extra money would come from harassing politically "undesirable" non-profits out of existence.

How is LESS complication going to COST MORE? By your standards, someone putting more money into developing a better snow blower would end up with a shovel. Your ideas of how the world works are ass backwards.

"Free markets select for winning solutions." -- Eric S. Raymond

Working...