Become a fan of Slashdot on Facebook


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:SubjectsSuck (Score 2) 204

What are the best alternatives to NACL for cryptographic primitives?

I think the point is "first" is a weird word to use when you are talking about "modern" as "modern" changes with time.

OpenSSL or mcrypt or whatever else you might point to were "modern" when they were "first" used, even if they aren't "modern" any more.

"Only" might be a better choice if you are talking about the current time.

Comment Re: EBCDIC (Score 1) 615

One of the (external) interfaces I work with involves sending ASCII encoded EBCDIC encoded data as post data to a UTF8 web server. (Ie where I need to send the digit "1", we send the hex bytes 46 31, ASCII encoded chars for F9, the EBCDIC character code for the "1" character) This stuff does live on and on and typically gets wrapped inside something else....

Comment Re: This actually makes sense (Score 1) 136

They certainly used to: used to
I think the formula may have opened up a little since then and other manufacturers are involved.
The McLaren Applied Technologies part of the company make a fair few parts used in different racing series.
I think a lot of McLaren's technical and design capabilities would be a good fit for Apple. Whether the racing and even supercar parts are is another question.

Comment Re:Er (Score 1) 623

my point is how can you call this an "autopilot"

In the same sense that a plane autopilot is an autopilot? Ie it keeps you on the course and speed you set it at but doesn't do much else. It's perhaps odd that people interpret "autopilot" as meaning "self driving", it's probably called autopilot precisely because it isn't self driving.

Comment Re:Collision avoidance, not autopilot (Score 1) 219

Tesla's Autopilot isn't auto-pilot either. It's collision avoidance, radar cruise control and lane-keep-assist.

That seems broadly analogous to what Autopilot in a airplane does (though I'm not sure airplanes actively avoid collsions, autopilot typically just manages air speed and heading).

What do you expect "Autopilot" to do?

Comment Low quality ports seem overstated (Score 1) 142

These aren't two radically different pieces of hardware like the PS3 and PS4, it mostly looks like a bump in graphics capabilities. It seems fairly plausible that games will run well on the PS4 in HD and on the new machine at 4K. I have a PS 4 and am not particularly worried about this. Maybe if the VR is better with this on or if I decide to get a 4KTV at some point it might be worth the upgrade. Otherwise I expect to be happy with my PS4 and expect a lot of people will still continue to buy the cheaper PS4 because they only have an HD TV which will keep the PS4 as the most common PS4 platform (and therefore the one game makers consider the primary target) for quite a while.

Comment Re:People don't need supersonic anymore... (Score 1) 132

No one like being in a plane for a long time, even if they have movies to watch or can check their email.

Probably of more relevance is cost efficiency. Not much else matters to Airlines. Airlines get paid for taking someone from point A to point B. It's difficult to imagine it not being expensive, but if a single aircraft can make 5 trips round the world a day compared to 1 then it might be cost effective.

Comment Re:joek (Score 1) 101

The payment card industry needs to fix its crappy, insecure payment cards first before accusing businesses,

It's not entirely clear what you mean by "payment card industry". The "payment card industry" is everybody, including "businesses" and there's an awful lot of existing infrastructure all that has to keep working. It sounds like you are complaining about card schemes (Visa, MasterCard, Amex) but the Tokenisation stuff they've come up with via EMVco is pretty good, it's just there's an awful lot of infrastructure (including at "businesses") that needs to be updated to work with it. (Indeed EMV one time payment tokens appear to be one of the modes supported by ApplePay, so it's probable that people are doing such payments today, but probably only in cases where the cardholder's bank supports it, the merchant supports it in their app, and the merchant's payment gateway supports it, etc etc etc).

But saying the payment industry should do X "before" trying to improve security at businesses is ludicrous, security is about dealing with the real world and trying to make what is already there better, not doing nothing until some ideal solution becomes available.

Comment Re:joek (Score 1) 101

I did not cheat the test. The test was a fraudulent, claiming to identify flaws in my network that were not present.

Well, you did "cheat" the test. A scan is just a scan, it isn't 'fraudulently' doing anything, it's just reporting a possible problem. It's up to you to justify any listening port with a business reason and demonstrate appropriate controls for the service.

Of course it's not immediately clear what sort of compliancy tests you are doing. If it's just Tier 3 then you probably not paying much for your ASV and they are geared (and priced) for scenarios where scans show very little is in scope and not much manual appraisal is done. If it's a higher tier then you should be dealing with people who take the time (and are being paid to) to understand your system and make an informed assessment.

PCI isn't perfect but isn't awful as a set of minimum standards and guidelines.

Comment Re:Choice of words? (Score 1) 86

for why they need SHA-1 certs? Old POS terminals using public CA roots, and still without SHA-256 support. Welcome to the embedded world. And yes, I'm sure they have lots of other vulnerabilities.

What I don't understand (and maybe because I haven't looked too hard) is what "Old POS terminals" have to do with Mozilla. I can understand why Worldpay might need to support SHA1 for their own stuff, I don't quite get why that means a general browser should.

Indeed, perhaps it's nothing to do with the browser at all, and it just means that Symantec can issue these certs without being considered by Mozilla (the group) in breach of some agreed to policy, but that these certs still won't we accepted (if they were seen) by Mozilla (the browser).

If that is the case, then really this isn't a big deal at all. Mozilla's response just gives Worldpay a little more time to get their shit together within the current framework (the alternative, cutting them off, could be less secure, as it would probably mean Worldpay would end up rolling their own SHA1 CA and distributing that root authority to their POS terminals, perpetuating the problem indefinitely rather than giving them a short grace period to catch up)

Comment Bricking the phone still isn't a good solution (Score 1) 123

Even if you are defending against a potentially dodgy fingerprint scanner all you need to do is pop up a dialogue on boot saying there's a problem with the fingerprint scanner and that the phone won't accepting fingerprints from it.

Personally I can't imagine what sort of attack it's supposed to prevent, any adversary capable of replacing the fingerprint sensor in your phone is going to be an adversary capable of obtaining and replicating your finger print to the sensor.

If it's just the risk of cheap knock-off parts compromising security by doing something like sending the same "fingerprint" when touched without actually reading the surface then that is a good reason to stop trusting the fingerprint scanner, it's not a good reason to brick the phone.

Comment Re:invite more people in? (Score 1) 547

because they don't integrate. Even politicians have to admit that multiculturalism failed.

This seems to suggest a misunderstanding of what multiculturalism is. The clue is in the name, it doesn't presuppose integration, at least in the sense you seem to be using it, (that would be a monoculture), rather the side by side existence of multiple cultures.

Comment A lot of PCI is about scope management (Score 2) 91

I'd be looking at moving that email server out of scope, ie out of your PCI environment.

You'd need some policies around your use of email (ie "We don't send cardholder data via email", with bonus points if you have a way of 'enforcing' that, eg a mail scanner) but with that in place there should be no reason why your mail server is in scope if it's seperate from your PCI environment (ie hosted elsewhere).

Comment Why I chose PS4 (Score 1) 375

In the same situation I ended up going for the PS4. All in all they seemed pretty similar but the PS4 seemed marginally better performance wise. It's smaller size was also a factor for me.

The swinger though was probably Morpheus/Playstation VR. Obviously it's not out yet, but I've been waiting for decent VR since I was a kid (ie for over two decades) so the possibility of it coming to a home console holds a lot of excitement. Whether I end up getting it depends on reviews etc but, with all other thing being relatively equal between the consoles, keeping that option open down the road was a factor.

Slashdot Top Deals

The cost of living hasn't affected its popularity.