Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment: Re:I don't see the big deal here. (Score 1) 165

by Shakrai (#48628277) Attached to: US Links North Korea To Sony Hacking

The yield doesn't have anything to do with how deliverable the weapon(s) are. You said that North Korea's nukes are WW2 sized in a comment about missile technology. I'm curious what you based on that assumption on? Or perhaps you were speaking about yield all along, rather than deliverablity, though in that instance I'd wonder why it came up in a discussion about missiles. In any case, a 7kt weapon is enough to kill tens of thousands of people in an urban area. Even a fizzle might manage to do that, via prompt radiation. North Korea's nukes can't be casually dismissed....

Comment: Re:I don't see the big deal here. (Score 1) 165

by Shakrai (#48627051) Attached to: US Links North Korea To Sony Hacking

but not likely with a nuke as their nukes are freaking huge (like WWII huge...).

Do we actually have evidence of that or are you just making assumptions? North Korea is known to have exchanged nuclear technology with Pakistan and Pakistan does have warheads small enough to be mounted to missiles.

Comment: Re:Ugh, WordPress (Score 1) 29

I recently moved from hand-written HTML for my personal site to Jekyll, which is the engine that powers GitHub pages. It does exactly what I want from a CMS:
  • Cleanly separate content and presentation.
  • Provide easy-to-edit templates.
  • Allows all of the content to be stored in a VCS.
  • Generates entirely static content, so none of its code is in the TCB for the site.

The one thing that it doesn't provide is a comment system, but I'd be quite happy for that to be provided by a separate package if I need one. In particular, it means that even if the comment system is hacked, it won't have access to the source for the site so it's easy to restore.

Comment: Re:Validating a self-signed cert (Score 1) 315

by TheRaven64 (#48623991) Attached to: Google Proposes To Warn People About Non-SSL Web Sites
That's the best way of securing a connection, but it doesn't scale. You need some out-of-band mechanism for distributing the certificate hash. It's trivial for your own site if you're the only user (but even then, the right thing for the browser to do is warn the first time it sees the cert), but it's much harder if you have even a dozen or so clients.

Comment: Re:The web is shrinking (Score 1) 315

by TheRaven64 (#48623981) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

The 'brought to you by' box on that site lists Mozilla, Akamai, Cisco, EFF, and IdenTrust. I don't see Google pushing it. They're not listed as a sponsor.

That said, it is pushing Certificate Transparency, which is something that is largely led by Ben Laurie at Google and is a very good idea (it aims to use a distributed Merkel Tree to let you track what certificates other people are seeing for a site and what certs are offered for a site, so that servers can tell if someone is issuing bad certs and clients can see if they're the only one getting a different cert).

Comment: Re:This again? (Score 1) 315

by TheRaven64 (#48623971) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

It depends on your adversary model. Encryption without authentication is good protection against passive adversaries, no protection against active adversaries. If someone can get traffic logs, or sits on the same network as you and gets your packets broadcast, then encryption protects you. If they're in control of one of your routers and are willing to modify traffic, then it doesn't.

The thing that's changed recently is that the global passive adversary has been shown to really exist. Various intelligence agencies really are scooping up all traffic and scanning it. Even a self-signed cert makes this hard, because the overhead of sitting in the middle of every SSL negotiation and doing a separate negotiation with the client and server is huge, especially as you can't tell which clients are using certificate pinning and so will spot it.

Comment: Re:So perhaps /. will finally fix its shit (Score 2) 315

by TheRaven64 (#48623949) Attached to: Google Proposes To Warn People About Non-SSL Web Sites
Every HTTP request I send to Slashdot contains my cookie, which contains my login credentials. When I do this over a public WiFi network, it's trivial for any passive member of the network to sniff it, as it is for any intermediary. Worse, because it uses AJAX stuff in the background, if I briefly connect to a malicious access point by accident, there's a good chance that it will immediately send that AP's proxy my credentials. I've been using this account for a decade or so. I don't want some random person to be able to hijack it so trivially.

Comment: Re:About Fucking Time (Score 2, Insightful) 382

by Shakrai (#48620191) Attached to: In Breakthrough, US and Cuba To Resume Diplomatic Relations

A couple of airstrikes in Libya counts as a war now?

Yes. Dropping bombs on a sovereign nation is considered an Act of War under any definition of the phrase. Bonus points for not being bothered to get Congressional approval for the measure.

But hey, since were comparing economic apples to oranges, lets note that in the 60s the "real" unemployment rate was >40%, since most families weren't dual income and as a result overall labor participiation was far lower

There are a multitude of different "real" unemployment rates that one can quote; I've never heard of one that includes people who willingly decline to participate in the workforce (i.e., students and homemakers) The traditional definition includes people who desire work but whom have abandoned all hope of finding it. In any case, if you actually believe the <8% number I have a bridge in the Sahara that you might be interested in...

If Obama cured cancer, they would blame him for putting doctors out of work.

Just so you know, I'm not one of "them." I had very high hopes for BHO, voted for him in 2008 (primary and general), and even campaigned for him against HRC in the primaries. It would require thousands of words to tell you all the reasons why I'm disappointed with him; rather than subject you to that I'll just say that my biggest takeaway from BHO was the loss of all optimism towards politics with resulting massive increase in my cynicism level.

If it happens once, it's a bug. If it happens twice, it's a feature. If it happens more than twice, it's a design philosophy.

Working...