Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment: Re:Like all One-Size-Fits-All approaches.. (Score 1) 243

by tengwar (#37012862) Attached to: Ask Slashdot: Does SSL Validation Matter?
Again: I am unaware of any auditing requirements. What auditing do you believe takes place, who is placing the requirements, and what is your source for this information?

In respect of dual signature, the key word is "green" - this would be appropriate for validated domains such as banks, not necessarily for all hosts.

An advantage of a WoT model is that it is possible to give partial trust to different signers, and set a policy to trust a site once there are enough partially trusted supporters for it. This means that the system need not be fragile to a lapse in a single signer. At base though, you can have something exactly equivalent to the current single-signer model by issuing the root public certificates for the current CAs with the operating system.

Comment: Re:Like all One-Size-Fits-All approaches.. (Score 1) 243

by tengwar (#37011870) Attached to: Ask Slashdot: Does SSL Validation Matter?
As far as I know, it is not true to say that CAs are audited, and in fact there are well-known problems with CAs signing stuff that they shouldn't.

An advantage of the web of trust model is that you can incorporate CAs as parties that you trust (exactly as for the current model), but you can also require multiple signatures, which as far as I know is not possible with the current model. You might, for instance, require that two of the current CAs have signed a certificate before it lights up as "green" in a browser URL bar.

Comment: Why is googlecode used? (Score 1) 179

by tengwar (#36789502) Attached to: Mozilla BrowserID: Decentralized, Federated Login
I use NoScript. The demo site requires code from to be permitted. While the Javascript provided by Google may be innocuous, I would personally not make this assumption. I don't think that it would be possible for it to get the private key, but I would suspect that it would do datamining which would reveal the email addresses in use.

Comment: Re:I guess the Vatican doesn't want (Score 1) 323

by tengwar (#35168092) Attached to: Vatican Bans IOS Confession App

First of all, you're forgetting where the Bible even comes from []. The Bible is not the sole rule of faith, was never intended to be...

The church existed before the New Testament was written - yes. However that does not mean that the Roman church was responsible for its production, or the that the various writers agreed with the emerging traditions of Rome. The gospel of Matthew, for instance, appears to have been written by and for Jewish Christians, and in ch 15 (part of the Sermon on the Mount) clearly states that all of the existing Law still applies to Christians - a view diametrically opposed to that of Paul (Peter appears to have swithered on this question, according to Acts).

Comment: Re:In other words (Score 0) 517

by tengwar (#35167788) Attached to: Online-Only Currency BitCoin Reaches Dollar Parity
No, the difference is that the economy of the US depends on continual borrowing, both for funding, and to control some aspects of the economy by setting the interest rate. If the US printed too much currency, existing bonds (loans) would become devalued, which would make it much more expensive to take out new loans, which is done several times per year. Hence no US govt would want to print its way out of trouble.

Comment: Re:Why the fuck does a PIN pad get the bank detail (Score 1) 162

by tengwar (#34667196) Attached to: UK Banks Attempt To Censor Academic Publication
That's not how a GSM SIM works (I am working on a couple of SIM products). Firstly, most of them don't have crypto coprocessors. Secondly, the PIN (or PIN2) doesn't wake anything up. Entering the PIN is required to get access to some of the files on the SIM, so it's more like entering a password the first time you use sudo. However there have been proposals for SIM toolkit financial applications which would work roughly as you describe.

Comment: Re:E-mail address? (Score 1) 135

by tengwar (#34667110) Attached to: Problems With Truncation On the Common Application
SMS was not invented to be email, and came in when fax was more common than email. In fact it was invented for engineers rolling out mobile phone infrastructure so that they could communicated before voice was fully up and working. It's bodged in to a signalling protocol, which is why there is a 160 byte limit - that's all that would fit into the frame, and for the original application it wasn't worth putting in concatenation. Then it was used as one-way notification from the network to the handset, primarily to tell you that you had voicemail. Eventually send-capable phones became available. I bought a Nokia 2110 to be able to send SMS - one of the earliest adopters. Now get off my lawn, kids!

Comment: Calm down, nothing to see here. (Score 1) 400

by tengwar (#34603360) Attached to: Look Forward To Per-Service, Per-Page Fees

I've worked for a large mobile telco for more than ten years. "Content based charging" has been discussed for all of that time, usually by new people coming in to the business. I don't think it's ever going to happen in the way described here. What we do have is zero-rated "on-net" content - that means that if you go to our internal web sites, it doesn't come out of your bundle (monthly allocation of data). That's reasonable, because you don't want to be charged for going to your account management page.

In general we just want to sell you a bundle of data, and we aren't too worried about what you do with it. There are some exceptions - for instance for VoIP traffic, if possible (and it usually isn't) we try to give a low-latency traffic profile. Video streaming is sometimes throttled for the very good reason that there is only so much bandwidth on the air side, and we need to be able to give other customers on the same cell reasonable service. Sorry guys, but this is more the laws of physics than The Man trying to screw you.

Yes, there are ways that we want to take advantage of our position as a phone company, but this isn't a zero sum game. We have things like micro-charging and secure identification that we are trying to build products on (or more commonly get third parties to build products on) - but this isn't going to work unless we can persuade you that you want to buy those products.

Comment: Re:Somehow I dont think its a loss of religious fa (Score 1) 547

by tengwar (#33916512) Attached to: Internet Dismantling the State Church In Finland

Probably, although I suspect that it also reflects people who left the church years or decades ago in practical terms.

One thing I find amusing about endless American discussions about the separation of church and state is that for many Christians, this is one of our important beliefs. I live in England (specifically England, don't confuse with the UK). We have a state church, the Church of England. Until the 60's farmers had to pay tax (tithes) to the C of E, even if they belonged to non-conformist churches - i.e. those churches which reject a link between church and state. From 1661 until 1828 non-confirmists were barred from holding public office, and were only permitted to take university degrees in 1871.

We don't believe in state support: it's a Faustian bargain. If church and state are linked, the state will control the church, at least to some extent.

One good suit is worth a thousand resumes.