Become a fan of Slashdot on Facebook


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:TLS (Score 1) 67

by thegarbz (#49184991) Attached to: FREAK Attack Threatens SSL Clients

It's not as bad as you think it is.

-RC4 is weak, but the BEAST attack is mostly resolved on clients, and SSLLabs doesn't even penalize you for it anymore.
-TLS1.2 and lack of PFS only really breaks IE at this point, and not the latest version either. In many cases you can sleep at night. Not implementing PFS still doesn't open you up to the major attacks on SSL that are presently out there and will allow IE to work.
-Chain certificate issues are administration problems, and there's no reason not to re-issue your certificates with a stronger signature right now. It doesn't affect clients.
-Not entirely sure about FREAK but from my understanding is the downgrade attack drops you back to export only ciphers which really should be restricted for use anyway. I don't think a default installation of Apache / OpenSSL will make you vulnerable to this downgrade attack as I hope the weak ciphers are rejected. I'm still digging up more info about it.
-OpenSSL supports TLS1.2 just fine and has for a while now.
-LibreSSL isn't available in mainstream distros true, but I would caution against jumping on the bandwagon until the code has been properly re-factored tested and shown to be reliable. The old, never buy version 1.0 of a product rule applies here.

If you abandon older versions of IE you can get an A+ rating on SSLLabs and support all other major browsers. Also again based on my limited understanding that you can specify a cipher order so just because you support IE doesn't mean you don't get PFS and TLS1.2 with a browser that supports it. That only affects clients that connect in an obsolete way. Some of those clients have other internet breaking features like the inability to support virtual hosts with SSL. The only other problem then is a downgrade attack, and even then you can only downgrade to a certain point and if the server doesn't accept vulnerable ciphers then even with the attack you're not in too bad of a shape.

This is just my understanding of the issues. Please correct me if any of this is wrong, I'm by no means an expert on this.

Comment: Re:Define 'desktop' ... (Score 1) 304

by thegarbz (#49184875) Attached to: Microsoft Convinced That Windows 10 Will Be Its Smartphone Breakthrough

So windows 10 will, what, be just as broken as the desktop was in Windows 8.1? Or it will try to suck less and be less like a tablet experience?

Are those statement's mutually exclusive?

- Posted from a Surface Pro currently in tablet mode.

At this point, I'm forced to conclude (from a week or so of running my new Windows 8.1 machine) that most of the decisions Microsoft has been making indicate they no longer know how to write a UI for a desktop, and they're entirely focused on writing only stuff for tablets.

Not knowing and not wanting to are two completely different things. A lot of the UI decisions in Windows 8 were precisely for tablets. Bigger areas for button presses, charms, bigger hit boxes and all that stuff, and you know what? Good for them, I hope they keep going in that direction.

I've only been wanting a tablet that isn't crippled for a good 10 years now. Walking down the isle in Office Works I see more than half the laptops have a touch screen and from those that do half of those again can be folded backwards tablet style. One thing was certain, you could not use these systems with the Windows 7 UI. Windows 8.1 is far from perfect, but your view of "tablet = bad" is ignoring the realities of where the market is heading, and my opinion is we're finally going in the right direction not requiring me to unfold a 2 piece rigid set of electronics to take a simple note. Guess what, your spreadsheets still work, so does Visual studio, but I can now use the system using a touch interface too, is that so bad?

I hope they improve the integration so you can do everything from the metro interface and everything from the normal interface rather than the mishmash at the moment. Don't get me wrong, it pisses me off no end that I can't open wireless settings without hitting that damn side bar, but at the same token I'm glad I can do something from that side bar because trying to hit that tiny TINY wireless icon with my finger is borderline impossible when I don't have a keyboard and mouse with me.

I'm looking forward to being able to use my tablet more like a PC.

Comment: Re:What I find unbelievable... (Score 1) 96

by thegarbz (#49184791) Attached to: New Zealand Spied On Nearly Two Dozen Pacific Countries

What is the deal with the general public's apathy when it comes to NSA/GCQH/GCSB/etc ?

I have one theory. We now know that the NSA/QCQH/GCSB/etc seemingly know everything about everyone. Yet the underwear bomber was allowed to board a plane despite being dobbed in to the powers that be by his own family, and terrorism really hasn't changed much.

I am beginning to get a feeling of apathy because I am starting to believe they have so much information that they aren't able to draw any meaningful conclusions from any of it. It's very hard to target a person when you're busy tracking 7billion.

Comment: Re:Opposite of loser edit (Score 1) 138

by thegarbz (#49180445) Attached to: Technology's Legacy: the 'Loser Edit' Awaits Us All

This, and it's not just about surprise too. In some cases it can be about empathy. I've seen one such reality TV show edited such that it looked like one group had an endless stream of bad luck and mishaps. They rarely won the weekly contests, they rarely succeeded in finishing any of the challenges, and yet at the end they took home the second largest prize.

In the mean time the actual loser was shown to be a bitch the entire way through the show. Maybe she was, but maybe she wasn't and the entire show was cut to have a "happy ending" where the unfortunate get the prizes, and the nasty bitches get their comeuppances.

This along with the surprise factor is a much better narrative than the "loser-edit" which is what I'm going to consider is the slow-news-day sensation of lets coin a new term.

Comment: Is this really an issue? (Score 1) 67

by thegarbz (#49179627) Attached to: FREAK Attack Threatens SSL Clients

It's a downgrade attack that uses ancient old ciphers. Can we assume that any site that is vulnerable to FREAK is also vulnerable to other downgrade attacks and generally is likely to use old and insecure ciphers?

I mean if you score an A on ssllabs tests which already penalise you for weak ciphers it shouldn't be an issue right?

Comment: Re:Monopoly Control (Score 2) 103

Windows has never had a complete monopoly on operating systems, but that didn't mean they weren't guilty of monopolistic abuse by bundling Internet Explorer to cut out Netscape/etc.

False. They got done for just that. When they were grilled for the IE bundling you could not buy a computer without Windows. A mixture of a requirement that all computers come with an OS, predatory pricing of OEM bundles to discourage competition, its general market share, and the fact that there was zero alternative for the common user made them a perfect example of a complete monopoly. They didn't even need all of those requirements, some of them alone would have sufficed.

Comcast also fits the bill on a local case. There are many areas where Comcast and only Comcast was the option for internet. Likewise in Australia one of the major telecom companies with only 70% of the cable internet business was ruled to be acting as an anti-competitive monopoly because most of those 70% had no other choice.

Comment: Re: Yes, I agree (Score 1) 535

by thegarbz (#49178287) Attached to: Why We Should Stop Hiding File-Name Extensions

There's set in my ways, and then there's confronted with a modern piece of shit that some marketing wanker thinks is helpful.

And, I'm sorry to say it, but almost all of the crap I had to figure out how to remove was garbage, intended to give a tablet like interface

Well there's an answer to that, buy a modern computer. Windows 8.1 interface is a step towards the right direction for anyone with a convertible touch screen machine. I say a step because there are some bad inconsistencies but you know what, Windows 7 is useless on a tablet, Windows 8.1 is not.

Oh it doesn't fit your use case? Well carry on the rage then.

Comment: Re:Poor QA from GoPro is par for the course (Score 1) 35

by thegarbz (#49178265) Attached to: Flaw In GoPro Update Mechanism Reveals Users' Wi-Fi Passwords

Par for what course? For the most part reviews on the GoPro have been overwhelmingly positive. For the most part they are far better than the competition both in performance and in construction.

My own personal experience has been flawless. I've taken my go pro to -40degC. I've taken it into an confined space firefighting exercise and despite the protective casing melting it worked beautifully. I've dropped it from the 3rd flaw of my apartment inside the protective casing, and it survived a very high quad crash without a protective casing.

It is by far the single most well built and durable camera I've ever owned.

But since you think so poorly of them, what should I be spending my money on instead?

Comment: Congratulations Bennett Haselton (Score 1) 250

by thegarbz (#49177397) Attached to: Gritty 'Power Rangers' Short Is Not Fair Use

I think congratulations are in order for Bennett Haselton. This is the first time he's written anything where people have made an attempt to reply on topic.

It's still a worthless load of drivel but there's actual discussion happening. I will put this down to an accident or Slashdot users not RTFS like usual. But to restore balance to the world: Fuck Bennett Haselton, this is not your personal blog.

Comment: Re:Pandora's Box (Score 4, Interesting) 415

This is why we have police departments.

And what happens when the police departments show complete disinterest to your problem?
Seriously in some regards screw em. I've been robbed and then told by the police that they won't investigate because I'm covered by insurance anyway. Then I see them standing by the road side spending all their time making sure people don't drive more than 1km/h over the speed limit.

Police departments are great when they work, but often they don't. If someone tries to stab me and I get away, I'd go to the police. If someone hurts my feelings online I'll try to get revenge online.

Comment: Re:Biggest Problem (Score 1) 514

by thegarbz (#49177007) Attached to: Users Decry New Icon Look In Windows 10

And the XP to vista, to windows 7 interface changed in what meaningful way?

Really you're arguing semantics here, but the reality is that Windows and OSX have always provided a more consistent UI which was only ever broken in Windows 8 and that Linux has always provided more choice.

I'm not saying that this is good or bad. This just is. And in a thread that started talking about UI consistency, claiming the opposite, then claiming choice, then claiming to Google things, then claiming the time span between Gnome 2 and Gnome 3 ignoring the changes between 2.1 2.2. 2.3 and 2.4 were more significant than the changes between XP and Vista, and 7, is not really making a strong case.

The moon is a planet just like the Earth, only it is even deader.