Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

Comment: Initial capital (Score 1) 108

by tepples (#48631253) Attached to: Critical Git Security Vulnerability Announced

There is a difference after all between "Polish metal" (geographic connotations) and "polish metal" (to make shiny).

Not at the beginning of a sentence.

Or, as another example, the sentences "I helped my Uncle Jack off a horse" and "I helped my uncle jack off a horse".

Or better yet, "I went to my Uncle Jack's stud farm and helped him jack off a horse". Not that there's anything wrong with that.

Comment: Re:No irony - rusty argument that falls apart (Score 1) 113

by tepples (#48631107) Attached to: The Personal Computer Revolution Behind the Iron Curtain

Should I be responsible for what IBM did in the 1940s if I use an IBM product?

No.

Should Pajitnov be personally responsible for what the lawyers of the people he sold his rights to are doing?

Last time I checked, the Tetris keiretsu (Tetris Holding, The Tetris Company, and Blue Planet Software) was managed by Alexey Pajitnov and Henk Rogers. So yes.

Comment: Re:Caching proxy's certificate (Score 1) 362

by tepples (#48630933) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

As long as you aren't using any apps that verify both ends of the cert communication

Apps like this probably don't work over an ordinary HTTP proxy anyway. Nor do they typically need caching, so you could probably just run them straight out to the Internet.

as long as you don't care or need to see whether certs have EV

Then have the proxy verify the EV and use a separate EV certificate (which you have accepted in your browser)

especially when working in some industries where SSL inspection of various classes of traffic can be illegal due to breach's of various privacy and confidentiality laws

If deep inspecting HTTPS for the sole purpose of office-wide caching is illegal, then deep inspecting HTTP ought to be illegal too.

Comment: Domain vs. org validated certs (Score 1) 362

by tepples (#48627909) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

DANE, Perspectives, and other CA-free approaches are equivalent in assurance level to a domain-validated certificate from a CA. The difference between a domain-validated certificate and an organization-validated certificate is that it's a lot harder for a typo squatter to get an organization-validated certificate for, say, "bankofamerrica.com". This is why the Comodo Dragon browser warns for domain-validated certificates.

Comment: Unpossible Terrifying Fuckery (5:erocS) (Score 1) 362

by tepples (#48627735) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

UTF must stand for Unpossible Terrifying Fuckery

For a while, Slashdot did support Unicode. This allowed vandals to not only evade the ASCII art lameness filter with foreign characters but also use bidirectional override characters to impose Unpossible Terrifying Fuckery on the site's layout.

Bus error -- please leave by the rear door.

Working...