Become a fan of Slashdot on Facebook


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:"Master" keys? (Score 1) 148

by jonathanjespersen (#44383761) Attached to: CNET: Feds Put Heat On Web Firms For Master Encryption Keys

So with the key, your hidden urls would turn back to plain text months, years later via a stored server/logs.

URLs in transit over HTTPS are encrypted, but once they hit the server logs, they are stored in plain text along with any other data configured to be logged (unless on an encrypted volume, but that's outside the control of the web server software).

Comment: Re:Time to replace the HTTP protocol (Score 1) 148

by jonathanjespersen (#44383139) Attached to: CNET: Feds Put Heat On Web Firms For Master Encryption Keys
Key exchange is not performed over HTTP - it is performed by SSL or TLS (or whatever encryption protocol is being used). Even then, the public key exchange and encryption that is set up by the handshake is to set up a secure connection for exchanging symmetrical keys. Then the entire payload (whether it be HTTP, FTPS, or other application protocol) is encrypted. Asymmetric (key pairs) encryption/decryption is expensive, which is why symmetric keys are generated and used.

Comment: Re:Self signed certs (Score 1) 148

by jonathanjespersen (#44381425) Attached to: CNET: Feds Put Heat On Web Firms For Master Encryption Keys

The signing happens on the PUBLIC key, not the private. They can still give their private key to the NSA, who can use it regardless of who signed the public key.

The public key of the certificate is signed by the private key of the CA. In a self-signed scenario, I own the private key of the CA and I own the private key of the certificate. I'd have to give one of those up to make your scenario work.

Comment: Re:Ah Slashdot: Reap what you sow (Score 1) 480

Ownership and copyright may be about getting credit, but getting credit is not always about ownership and copyright - some times it's just about getting credit. Unfortunately, people are sometimes driven to using ownership and copyright to maintain proper attribution.

Comment: It depends ... (Score 2) 623

by jonathanjespersen (#43850633) Attached to: How Did You Learn How To Program?
on the definition of "program". To preface, I'm not a programmer, but I can write basic code. I did Apple BASIC in elementary and middle school. Dabbled in Pascal, C, and VBA in college. I would plant my "learned how to program" flag in my last year of college, when my roommates and I downloaded Slackware floppy images over a modem, downloaded Merc 2.2 source code, learned to compile it, then rewrote 80% of the code.

Comment: Re:Anything to get more customers (Score 1) 716

by jonathanjespersen (#43740119) Attached to: Google Demands Microsoft Pull YouTube App For WP8
No, Google does not have the right to have advertising. They do have the right to insert advertising content into their data streams as it is content they host. The consumer has the right whether they view the advertising (or run software to remove the advertising).

Whether or not MS is in the right on this is a gray area for me, but I'm in their corner for making something their consumers will likely want (even if their motivation wasn't to meet their consumer demand).

Comment: Where'd the malicious links come from? (Score 2) 157

From the article:

Malicious links embedded in the Department of Labor website focused on webpages that dealt with illnesses suffered by employees and contractors developing atomic weapons for the Department of Energy.

So in addition to the 0-day exploit found in IE, what was exploited to put malicious links on the web site?

% APL is a natural extension of assembler language programming; ...and is best for educational purposes. -- A. Perlis