Become a fan of Slashdot on Facebook


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Foundamental flaw of the CA infrastructure (Score 1) 250

the proxy server, or that guy in sitting next to me at Starbucks.

Which is exactly what I said in my first message: for public access like Starbucks, it makes a little sense. For home access, where the only people in between are network operators, the likelihood of a MitM is tiny.

Comment Re:Foundamental flaw of the CA infrastructure (Score 1) 250

The CA IS chosen by the client.

No, the CA is chosen by the server. The only choice for the client is to either trust or not trust. They cannot decide to use another CA with more guarantees.

defining that a server belongs to a domain that it claims

Which is all but useless, and exactly the source of the present thread.

Comment Foundamental flaw of the CA infrastructure (Score 4, Interesting) 250

This story shows the fundamental flaw of the TLS CA infrastructure: it only certifies that the connection is established with the reported DNS domain name. That is not utterly useless, but not far from it.

The protection against man-in-the-middle attack is relevant only in a handful of cases. With home Internet access, MitM can more or less only be performed by network operators, who have a lot to lose if they are caught playing these games. It is more of an issue with public access, but still rather minor.

What would be really useful would be CA that certify the honesty of the sites. “If you see our green padlock, that means this site is reliable. If they scam you, we will refund you.”

I will not hold my breath.

Comment Re:Obligatory Oatmeal (Score 1) 244

Hear, hear!

I am convinced that most people are inherently honest and would gladly pay for what they watch, if given the chance. And I remember a TED talk by Amanda Palmer saying the same thing.

But what do they ask us to pay for? Exclusive rights wars, clumsy proprietary players, limited play periods.

If the studios and distributors had any brains at all, they would acknowledge that limiting the spread of the files is a lost war, they would give easy access to them and a wide variety of payment methods, including an open “I have watched something from you for free (I will not tell you if it was legally or not), I would like to give back” donate form. And they would actually charge for extra features such as earlier access.

I even suspect a lot of pirates would respect that and not compete with the paying extra features.

At this time, as far as I know, only Crunchyroll gets it almost right.

Comment Re:Why do we care? (Score 1) 45

Your analogy is flawed in two ways.

First, “cloud repositories” are not used just to distribute malware. But that is not the most important.

Second, if someone shoots me with a gun, I die, I do not have any choice. If someone hands me malware, I ignore it and move to something else.

Malware is a non-issue. The real issue is the abysmal security of consumer devices and software.

Comment Re:GPL (Score 1) 176

Actually, you are slightly wrong. The three options you suggest apply before you are in a situation of copyright violation: when you are considering distributing your project, you have to do one of these things.

But after the copyright violation, it is too late. If you steal something, get caught and give it back, you still go to prison. The same applies to any kind of wrongdoing: undoing it after getting caught does not avoid the punishment.

The GPL has an explicit provision for violations: (emphasis mine) “Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License.”

In other words, if someone violates the terms of the GPL and gets caught, they lose all right to the software, and have to beg the copyright holders to get them back. The copyright holders may be satisfied with simple compliance, but they may require extra good will proofs.

Of course, if the infringer does not want to comply, the only option becomes to sue them. And the judge would not order compliance, only damages.

Comment Re:Why is that possible in the first place? (Score 1) 97

Why is it possible in the first place?

If I were to design a protocol of this kind, one of the first measures I would take, in the protocol itself if relevant and in any implementation, would be to check that peer-provided source addresses match the routing system, making spoofing impossible. I cannot fathom that the people who designed this particular protocol did not do the same from the beginning, and even more so that they did not fix it since then.

Comment Re:He can buy it back ... (Score 1) 111

Hear, hear.

This is exactly wanting to have the cake and eat it. Or even more appropriately, the French version: he wants the butter and keep the butter money.

As a side note, since trademarks are associated with a particular kind of products, he could sell McAfee sandwiches or open the MacAfee massage salon and be ok.

Comment Re:You are missing the point (Score 2) 219

Indeed. I should have been more explicit in my message: the wad of cash and the brass knuckles were colorful examples, but the real threat comes from peer pressure within the family, even more so because it is most often implicit.

(There is a scene in an Astérix comic book: the village must vote between its current (male) chief and a woman; the Druid explains the secret ballot procedure, the woman candidate proposes a show of hand, and then a show of hand to decide if the actual vote will be by a show of hand; all the women raise their hand for the show of hand, and when the men want to raise theirs for the secret ballot, a dark look from their wives stops them. It loses a lot of its funny if you think about the actual reality of domestic abuse that is being parodied and that usually goes the other way around, but I think it illustrate how important and tricky the secret ballot is.)

Slashdot Top Deals

"If you can, help others. If you can't, at least don't hurt others." -- the Dalai Lama