Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment missing functionality (Score 2) 165

There is so much essential functionality missing from key management and encrypted e-mail, that it is in a barely usable state. For the Brazilian government, or any government for that matter, to provide end-to-end email encrytption for their own workers, so much more needs to be done.

Name me even one mail client or plug-in that can search encrypted messages, the body not just the metadata. Or how about re-keying stored messages? Federal employees often have an obligation to archive communications, but how will that fit with the recommended practice of re-keying? The list goes on.

E-mail encryption has been rather thoroughly thought through at the protocol level (thanks, Phil!) but when it comes to how it can be made to fit in with normal workflow, practically nothing has been done yet.

Comment Secret APIs (Score 3, Informative) 479

Microsoft used secret APIs to give its programs an advantage over competitors. That had a big effect in the 1990's. It is apparently still going on in some things but we'll have to wait, as usual, a long time before it turns up in court records. And like before, the damage will have been done. The only way to stop it is to stop using M$ products.

You can find more like that if you wade through the material of the Comes V Microsoft case at the now archived Groklaw site. Basically anything bad that has been said about M$ and the people that work there is true.

Comment vpns (Score 1) 477

And that was just a lame excuse. She obviously had other motives for cancelling telecommuting as there is no need for a VPN for real work. SSH does not require a VPN. Nor do version control systems (git, bzr, svn). Nor do HTTPS for the intranet or IMAPS for the mail. Not even SIP or Skype for calls needs a VPN.

VPNs only add an extra layer of complexity and add little to nothing in return. That goes double for PPTP, which is garbage.

So regardless if her telecommuters were productive or unproductive, VPN use is an irelevant metric.

Comment IRC helping to identify users (Score 1) 234

Which makes me wonder why IRC is being pushed so much. It helps very much with the scenario you describe. Being centralized and synchronous, it is practical to pull the virtual plug on a targeted user and then see which name drops out of the channel. That was one thing that Usenet had going for it, it was decentralized and asynchronous, making it all but impossible to censor or even track specific users. Remember, not long ago it was part of the package of Internet access advertised by ISPs, it was a key part "getting on the Internet". Suddenly all that stopped. It would not be surprising if there were a little pressure on the ISPs to phase it out, including especially the text groups and not just from the MAFIAA over the dreaded binary groups.

Comment iptables -m limit (Score 1) 99

Please note that the author did not mention Denyhosts since his servers run OpenBSD, which incorporates DenyHosts functionality through ''pf'', its packet filter/firewall software (see the brute-force configuration of pf for more details).

You can do the same with iptables on Linux using the module "limit". See the manual page for "iptables-extensions" for the details. DenyHosts may have it's good points, but mostly it just complicates things. There is already a lot of functionality in the packet filter that you can use, whether on Linux or BSD.

However, what I see now, in contrast to years ago, are slower paced attacks. These come in steadily but at a rate that just passes under the threshold. One of these days I ought to look at what is blocked to see if it's just the slow ones getting through or if all the probes are now timed that way.

Comment carafe (Score 3, Informative) 134

If you want to oxygenate the box wine before serving, just pour it into a carafe a little ahead of time. The wine remaining in the box stays as it is but the wine in the carafe gets the oxygen needed to take care of some of the tannins. Seriously, even with wine in a bottle, using a carafe is a good way to deal with tannins.

A nice carafe can also help show off the wine itself.

Comment sshfs (Score 1) 136

I don't get why they are wasting time and money building their own client, especially when they appear to lack the will or skill to make it secure. What they could have done instead, for zero effort, would have been to support sftp with RSA keys. That would be as secure as it gets, work out of the box, and allow ease-of-use addons like sshfs. As it stands now, even their design is flawed. It runs a client but one from their server. It has access to the users' passwords and could even be swapped for a malicious client with no effort.

Comment Re: Windows == negligence (Score 1) 71

In addition to security there is also the ease of maintenance that you gain by eliminating windows. But security alone should be enough to force the decision by insurance companies offering 'hacker insurance': Time may go by and the name may change, but it is still the old NT kernel underneath.

The Vista series is as vulnerable as XP. That includes Vista 7 and Vista 8. Every few months you have vulnerabilities that affect the whole zoo. On top of that you have a thriving ecosystem of malware flame and Conficker. New malware arrives and joins the old which never really goes away. It is the whole system that is weak, not just the pieces. Not even new, unready systems like Haiku-OS have that. The only way to leave it behind is to leave Windows behind.

No, the only real change since more than 10 years ago has been how M$ has been gaming the vulnerability reports and CERT. Even the shills and astroturfers defending M$ are nothing new.

Comment Windows == negligence (Score 1) 71

Because insurances are notorious for requiring their customers to minimize the chance for a reason to file a claim, and your premium is usually dependent on your risk.

Windows user pay higher premiums, but at this point it could qualify as willful negligence. Sure the system may have come with Windows but that's no excuse not to clean it off before connecting to the net.

Slashdot Top Deals

"What the scientists have in their briefcases is terrifying." -- Nikita Khrushchev