Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×

Comment Re:Like all One-Size-Fits-All approaches.. (Score 1) 243

Again: I am unaware of any auditing requirements. What auditing do you believe takes place, who is placing the requirements, and what is your source for this information?

In respect of dual signature, the key word is "green" - this would be appropriate for validated domains such as banks, not necessarily for all hosts.

An advantage of a WoT model is that it is possible to give partial trust to different signers, and set a policy to trust a site once there are enough partially trusted supporters for it. This means that the system need not be fragile to a lapse in a single signer. At base though, you can have something exactly equivalent to the current single-signer model by issuing the root public certificates for the current CAs with the operating system.

Comment Re:Like all One-Size-Fits-All approaches.. (Score 1) 243

As far as I know, it is not true to say that CAs are audited, and in fact there are well-known problems with CAs signing stuff that they shouldn't.

An advantage of the web of trust model is that you can incorporate CAs as parties that you trust (exactly as for the current model), but you can also require multiple signatures, which as far as I know is not possible with the current model. You might, for instance, require that two of the current CAs have signed a certificate before it lights up as "green" in a browser URL bar.

Comment Why is googlecode used? (Score 1) 179

I use NoScript. The demo site requires code from googlecode.com to be permitted. While the Javascript provided by Google may be innocuous, I would personally not make this assumption. I don't think that it would be possible for it to get the private key, but I would suspect that it would do datamining which would reveal the email addresses in use.

Comment Re:I guess the Vatican doesn't want (Score 1) 323

First of all, you're forgetting where the Bible even comes from [catholicapologetics.info]. The Bible is not the sole rule of faith, was never intended to be...

The church existed before the New Testament was written - yes. However that does not mean that the Roman church was responsible for its production, or the that the various writers agreed with the emerging traditions of Rome. The gospel of Matthew, for instance, appears to have been written by and for Jewish Christians, and in ch 15 (part of the Sermon on the Mount) clearly states that all of the existing Law still applies to Christians - a view diametrically opposed to that of Paul (Peter appears to have swithered on this question, according to Acts).

Comment Re:In other words (Score 0) 517

No, the difference is that the economy of the US depends on continual borrowing, both for funding, and to control some aspects of the economy by setting the interest rate. If the US printed too much currency, existing bonds (loans) would become devalued, which would make it much more expensive to take out new loans, which is done several times per year. Hence no US govt would want to print its way out of trouble.

Comment Re:Why the fuck does a PIN pad get the bank detail (Score 1) 162

That's not how a GSM SIM works (I am working on a couple of SIM products). Firstly, most of them don't have crypto coprocessors. Secondly, the PIN (or PIN2) doesn't wake anything up. Entering the PIN is required to get access to some of the files on the SIM, so it's more like entering a password the first time you use sudo. However there have been proposals for SIM toolkit financial applications which would work roughly as you describe.

Comment Re:E-mail address? (Score 1) 135

SMS was not invented to be email, and came in when fax was more common than email. In fact it was invented for engineers rolling out mobile phone infrastructure so that they could communicated before voice was fully up and working. It's bodged in to a signalling protocol, which is why there is a 160 byte limit - that's all that would fit into the frame, and for the original application it wasn't worth putting in concatenation. Then it was used as one-way notification from the network to the handset, primarily to tell you that you had voicemail. Eventually send-capable phones became available. I bought a Nokia 2110 to be able to send SMS - one of the earliest adopters. Now get off my lawn, kids!

Comment Calm down, nothing to see here. (Score 1) 400

I've worked for a large mobile telco for more than ten years. "Content based charging" has been discussed for all of that time, usually by new people coming in to the business. I don't think it's ever going to happen in the way described here. What we do have is zero-rated "on-net" content - that means that if you go to our internal web sites, it doesn't come out of your bundle (monthly allocation of data). That's reasonable, because you don't want to be charged for going to your account management page.

In general we just want to sell you a bundle of data, and we aren't too worried about what you do with it. There are some exceptions - for instance for VoIP traffic, if possible (and it usually isn't) we try to give a low-latency traffic profile. Video streaming is sometimes throttled for the very good reason that there is only so much bandwidth on the air side, and we need to be able to give other customers on the same cell reasonable service. Sorry guys, but this is more the laws of physics than The Man trying to screw you.

Yes, there are ways that we want to take advantage of our position as a phone company, but this isn't a zero sum game. We have things like micro-charging and secure identification that we are trying to build products on (or more commonly get third parties to build products on) - but this isn't going to work unless we can persuade you that you want to buy those products.

Thus spake the master programmer: "Time for you to leave." -- Geoffrey James, "The Tao of Programming"

Working...