Sits - Slashdot User

Comment WoSign's issues not just political... (Score 2) 57

by Sits on Tuesday July 11, 2017 @01:54AM (#54783859) Attached to: Google Guillotine Falls on Certificate Authorities WoSign, StartCom

The thing everyone jumped on WoSign for was doing a customer a favour. Some significant Australian customer wasn't ready for SHA1 certificates being phased out and asked if WoSign could help them out. WoSign issued back-dated SHA1 certificates for the customer.

Yep - and I'm pretty sure we know who that customer was. There are still major institutions still using SHA1 certs internally - and if they get moved to newer ones by the end of the year then I'd be shocked. The reality is, this stinks of a scapegoat - the industry in question would face *MASSIVE* disruption for the everyday Australian because of the relatively quick move to higher level certs. A lot of these are still contained within embedded devices that cannot upgrade so easily.

Instead, let's execute the CA for political reasons. Don't pretend its anything else.

Looking through the list on Mozilla's list of WoSign Issues it looks like WoSign not just issued

long lived SHA1 certs
identical certs other than the notbefore date
certs with identical serials
certs that violate the "Baseline Requirements"
certs using unapproved cryptographic settings

but their setup also violated a number of other best practices and security measures too (such as unpatched servers). However I'll note that on the political front folks were unhappy that the Startcom acquisition wasn't made public earlier. Outside that though there are a lot of different technical complaints.

CA's have been dropped in the past for non-political problems (see DigiNotar) so I don't think it's fair to attribute WoSign's woes to purely political motivations as you alleged.

Comment Re:Easily Thwarted (Score 1) 270

by Sits on Friday June 02, 2017 @02:40AM (#54532277) Attached to: Trump Administration Approves Tougher Visa Vetting, Including Social Media Checks

It's a bit more elaborate because if you need a visa (citizens of some countries can get visa waivers) at application time you MIGHT be asked to give up all this extra information if they deem it necessary. It's not clear that every visa application will force the applicant to cough up all this information right away or only if you trigger some extra checks required tripwire (e.g. "name contains non-even number of letters, full information required"). Also note this presumably happens once per visa so if your visa lasts a year and you were pressured into having to do this you'll have done it once for that year even though you may fly many times...

Comment Re:Hit Job on Google? (Score 3, Interesting) 301

by IamTheRealMike on Sunday March 26, 2017 @08:52AM (#54112093) Attached to: Still More Advertisers Pull Google Ads Over YouTube Hate Videos

No, News Corp has been doing this for years. The reason is Murdoch thinks Google and Google News specifically is killing the news industry, and that the iPad will save it (or at least he thought that a few years ago). It's pure inter-corporate warfare being played out through manipulation of public opinion. The WSJ in particular are experts at it.

Comment Mod parent up? (Score 1) 235

by Sits on Sunday March 12, 2017 @02:35AM (#54021413) Attached to: Will WebAssembly Replace JavaScript?

It's hard to know for sure because the account that posted the parent comment seems to be new and it's unclear who the commenter is in real life but this seems to be a well written complaint about the outcome of WebAssembly. I did a quick search and it doesn't immediately look like a copy/paste of critique from elsewhere so it seems a shame to see this slip below the waves. Sadly, I suspect few will see it because this story has passed the "breaking news" point...

Comment Why's that company so big? (Score 2) 319

by Sits on Thursday February 02, 2017 @07:01PM (#53791543) Attached to: Firefox Fail: Layoffs Kill Mozilla's Push Beyond the Browser

Here's a blog post from Dan Luu on the topic of "Why's that company so big? I could do that in a weekend". Turns out there's a lot to do in a lot of places...

Submission + - Virtual reality in music and games: it's the new 3D. (rocknerd.co.uk)

Submitted by David Gerard on Wednesday December 14, 2016 @07:48PM

David Gerard writes: Virtual Reality: it's the new 3D! Expensive, consumers don't want it and it makes you throw up. The music and games industries are convinced it is their saviour. They are wrong, for precisely the same reasons 3D failed in recent memory.

Comment Re:Finally (Score 2) 540

by IamTheRealMike on Sunday November 20, 2016 @12:13PM (#53326755) Attached to: Why Automation Won't Displace Human Workers

Software development can be a high skilled job but entry level skills can be obtained in months, which is not coincidentally, how much training time seems to be involved with learning to be a long haul truck driver in the USA (I see quotes of about two months of full time study for the formal exam around the internet so maybe call that three months when employer training time is included). Three months of full time study isn't going to make you a well paid programmer but that's plenty of time to learn basic web development skills, and another two or three after that with a good course will get someone writing basic CRUD business web apps if they want to. Of course, it's the start of the journey, but now think how many clueless developers you've encountered who are earning good money.

Can the software development world absorb millions of new developers? Sure, it has done in the past, think dotcom boom. Trucking won't disappear over night, nor will taxi drivers, if only because of limited capacity to upgrade vehicle fleets even assuming the technology becomes perfect (which it isn't), and not all drivers will become software developers.

Comment Re: Fake News? (Score 2) 624

by IamTheRealMike on Sunday November 20, 2016 @11:37AM (#53326597) Attached to: Snopes.com Editor on Fake News: Social Media Is Not the Problem

Can you give some specific examples?

Comment Re:Ataturk would be spinning in his grave (Score 2) 99

by IamTheRealMike on Saturday November 05, 2016 @02:25PM (#53219355) Attached to: Turkey Doubles Down On Censorship With Block On VPNs, Tor

Well, Ataturk tried to forcibly reform Turkey into a western style country through a dictatorship. He was always in favour of democracy ... in the future, knowing full well that he hadn't built any real support amongst the people for his plan but betting that over time the culture would change. Seems like he lost that bet.

Comment Re:Meanwhile the EU is saying... (Score 1) 315

by IamTheRealMike on Monday September 05, 2016 @12:46PM (#52829655) Attached to: Japan Goes Public With Brexit Demands, Says Data Flow Deals Must Be Protected

EU law was written by the EU. Article 50 is a mess, there was an interview with the guy who wrote it where he said he didn't bother doing it properly because he thought it'd never be used.

Submission + - Bandcamp: the Holy Grail of online record stores (rocknerd.co.uk)

Submitted by David Gerard on Monday August 29, 2016 @03:53PM

David Gerard writes: Is Bandcamp the Holy Grail of online record stores? Hell yes. Unencumbered downloads in any format you like, excellent discoverability and a ridiculously better experience than any other download store. Musicians too: "The interface and the available tools are all so well-thought-out it’s genuinely a pleasure to use." They also like that they straight-up get 85% of the take.

Comment Re:Is there something to understand (Score 1) 78

by David Gerard on Sunday August 21, 2016 @08:02PM (#52744861) Attached to: 'SingularDTV' Will Use Ethereum For DRM On A Sci-Fi TV Show

Original article author here: you have summarized the whole thing better than I did.

Submission + - The timing of error messages contributes to them being ignored (byu.edu)

Submitted by sandbagger on Sunday August 21, 2016 @04:53PM

sandbagger writes: A new study from BYU, in collaboration with Google Chrome engineers, finds the status quo of warning messages appearing haphazardly — while people are typing, watching a video, uploading files, etc. — results in up to 90 percent of users disregarding them.

Researchers found these times are less effective because of "dual task interference," a neural limitation where even simple tasks can't be simultaneously performed without significant performance loss. Or, in human terms, multitasking.

Submission + - Kim Dotcom's Mega 3, with Bitcoin: two bad ideas that go worse together (rocknerd.co.uk)

Submitted by David Gerard on Sunday August 21, 2016 @04:32PM

David Gerard writes: "Colourful racing identity" Kim Dotcom has a scheme for his third Mega enterprise: combining MegaUpload with Bitcoin. It is entirely unclear how anything about this makes sense, but I'm sure that with a trustworthy soul with an impeccable track record like Dotcom at the helm, nothing can possibly go badly for anyone involved.

Submission + - Ask Slashdot: Handling Windows Updates after October 2016 (slashdot.org)

Submitted by Anonymous Coward on Sunday August 21, 2016 @04:24PM

An anonymous reader writes: We've read about the changes coming to Windows Update in October 2016. Average Joe and Grandma Flo will end up getting the cumulative update via WU each month which includes non-security updates. For more discerning users with existing Win 7 / 8.1 systems, one can disable WU and download the security-only update each month. But what happens when it's time to wipe and reload the OS? Or what about installing Windows on different hardware? Admittedly, there are useful non-security updates worth having, but plenty to avoid (e.g. telemetry).

How does one handle this challenge? Set up a personal WSUS box before October to sync all desired updates through October 2016? System images can work if you don't change primary hardware, but what if you do?

Or should one just bend the knee to Microsoft, go to the nearest drug store, and stock up on KY?

Slashdot Top Deals