Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment: Re:LOL LOL OMG.. HAHAHAHA (Score 1) 384

by roman_mir (#49614407) Attached to: Former HP CEO Carly Fiorina Announces Bid For White House

The US economy is one step away from anarchy compared to either North Korea or East Germany

- ha, if by one step from 'anarchy' you mean the Federal Reserve bank, the IRS, FDA, EPA, FCC, FBI, FDIC, DHS, FHA, departments of agriculture, business, interior, education, health care, labour, etc. Sure, 1 step being 99% of what governments (federal and state and municipal) do.

Comment: Re:LOL LOL OMG.. HAHAHAHA (Score 1) 384

by roman_mir (#49612623) Attached to: Former HP CEO Carly Fiorina Announces Bid For White House

Actually very few really understand how it works today, which is why it will not be fixed, because the way that people think they understand it is wrong, they don't see the actual problem so the solution cannot be understood if people don't understand the problem in the first place.

Comment: Re:The Perfect Bait (Score 1) 849

by jcr (#49609799) Attached to: Two Gunman Killed Outside "Draw the Prophet" Event In Texas

Organise a "draw Jesus sodomizing Mary" contest in Texas and you'll get crazy Christian jihadists doing the same thing.

This turns out not to be the case. That dude who got tax money for an "art" piece that consisted of a crucifix immersed in urine is still walking around, with no contract on his head that I've ever heard of.

-jcr

Comment: Re:I'm not necessarily against the idea but... (Score 1) 317

by ThePhilips (#49599635) Attached to: Mozilla Begins To Move Towards HTTPS-Only Web

HTTPS is already designed with that kind of decoupling in mind. But it wouldn't make sense to offer encryption without identity verification to the end-user, because that would make the encryption useless, so any protocol that does encryption has to do both.

I know that. That's basic AAA.

Also note that for an effective MITM attack you would need to have new certificate for which you have got the private key. There are a number of things that will make this increasingly difficult in the future, like certificate pinning, increased willingness of browsers and OS vendors to blacklist CAs, and increased monitoring for rogue certificates which makes it easier to find rogue CAs.

I think you fail to realize the scale, the proportions, of the opposition the browsers face.

It's not some script kiddies who are threat here.

That's countries covering close to a half planet's population. They might as well simply outlaw the browsers. In fact, they already do outlaw some encryption software.

I personally would still argue that the CA system is the Achilles heel of HTTPS but the situation is getting better and it's a matter of time until we get a more distributed and robust way of certificate verification.

But that's another problem: you can't make CA distributed. CAs are the "single point of failure" which are allowed to be that, based on the promise that they will work hard not to fail. Making it distributed would basically nullify the promise, making the whole CA system vulnerable. IOW, nothing changes.

Comment: Re:This again? (Score 1) 445

by blue trane (#49596887) Attached to: New Test Supports NASA's Controversial EM Drive

"When somebody sounds like a total fucking crackpot, they almost always are."

Aristarchus of Samos sounded like a total fucking crackpot, and if you had called him out your prediction would have been right - for a couple millennia.

What if instead of taking your attitude, the Greeks had devoted their energy to developing better sensors to test Aristarchus's claims about the parallax motion of the stars? Instead of sitting around calling him a crackpot, we could have had an accepted heliocentric model of the solar system some 1800 years before Copernicus.

I'm a Lisp variable -- bind me!

Working...