Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment: Not uncommon in my world :) (Score 2) 104

by nuckfuts (#49425121) Attached to: Google Let Root Certificate For Gmail Expire

I usually figure out that a cert has expired when something breaks. For example, I like to use free certs from StartSSL on Exchange Servers. When they expire, people get warnings when accessing OWA, or smartphones stop connecting.

If it happens to be on an SBS Server it can really be a pain, however, since it will stop working as a Terminal Services Gateway, making it difficult to log back on and replace the cert.

Comment: Re:FFS (Score 2) 72

by nuckfuts (#49387349) Attached to: Military Caught Training Children To Fight

Wow. You sound inordinately passionate about April 1st. If such articles are so much to your liking, perhaps it's you who needs to go elsewhere. May I suggest America's Finest News Source?

As for this site, the motto used to be "stuff that matters". When April Fools articles become so numerous, it's no longer amusing. It's like the same joke being told over and over again. April Fools is not a "huge holiday". It's a day literally intended for fools, and only a fool finds the same joke funny time after time.

Comment: What are the actual risks to your network? (Score 1) 114

by nuckfuts (#49088837) Attached to: Duplicate SSH Keys Put Tens of Thousands of Home Routers At Risk

OK, this is clearly a bad thing, but I don't think it means that your private LAN is immediately accessible to people all over the world does it? Multiple routers using the same keys means you could be tricked into logging in to someone else's router without knowing, but that would still require some way of directing your traffic to the imposter's device to begin with, such as DNS hijacking.

Knowing someone's keys would also allow you to encrypt/decrypt traffic as that device, facilitating a man-in-the-middle attack, but still, you need a way to get in the middle between two devices. This is not something that's trivial to do from one arbitrary location to another.

I'm not suggesting this isn't a serious problem, but I don't think it's as bad as, say, remote administration being enabled with a known default password.

Comment: Interviewer is not as smart as he thinks he is. (Score 1) 809

by nuckfuts (#49050321) Attached to: Ask Slashdot: What Portion of Developers Are Bad At What They Do?

I asked another applicant a similar question: "Suppose you wanted to send me a file with very sensitive information, how would you encrypt it in such a way that I would decrypt it?" The person started off by asking me if it was an excel file, a PDF, etc.

What's wrong with asking that? Both Excel and Acrobat have built-in encryption capabilities. There's nothing ignorant about considering whether the built-in functionality is sufficient.

Comment: Re:The most insecure OS in the world (Score 1) 136

The security of an operating system should be judged by its default configuration, not by how insecure it is after you've installed a bunch of 3rd party apps. Even a security-oriented OS like OpenBSD can't prevent other people from doing insecure things to it.

Comment: Bad Comparison (Score 1) 645

by nuckfuts (#49000489) Attached to: Does Showing a Horrific Video Serve a Legitimate Journalistic Purpose?

Once again, Godwin's Law is proven.

Seriously though, you're making the wrong comparison. From descriptions I've read, the ISIS video contains quite a lengthy rant before the murder takes place. A more apropos question would be whether the Allies should have aired Hitler's speeches to the masses during the war.

A debugged program is one for which you have not yet found the conditions that make it fail. -- Jerry Ogdin