Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Re:What is it that you say? (Score 1) 442

No, they're not dropping that veneer.

Saying you compete with someone, isn't the same as saying you're the same kind of business. e.g. courier bikes, courier pigeons, telegrams and email can all compete with one another, but work differently and might have really good reasons for being regulated differently.

(BTW, I'm not taking a position about how Uber should or shouldn't be regulated; I'm just saying that there is nothing about their reaction which implies they're admitting anything.)

Comment Re:It's tiny compared to airships of the past (Score 1) 187

My Dad grew up in New Jersey. He said when the Hindenberg flew by, the teacher let them look out the window. Even though it was miles away they could clearly see it I guess. The Washington Monument is a mere 555 feet tall. The Empire State Building is 1250, not including the spire. So try to imagine more than the WM, and more than half the ES floating by low on the horizon, perhaps with the swastika visible. The implications weren't fully understood yet--a few years later my Dad and all his brothers were off to war.

Comment Re: Do they really ignore them? (Score 2) 124

Oh, so you're manually inspecting the self signed certificate every time you visit your website? If not, then how do you know nobody is intercepting your communication, making your self signed certificate as useless as having no encryption at all.

No, and he didn't imply that. Here are several situations, in increasing order of security.

1) The connection is not encrypted or signed. No certs exist. Nobody knows who they're talking to. An active attacker on the network between the two parties, can proxy and impersonate each side. A passive attacker, someone who just gets copies of the traffic, while they can't impersonate, can at least read what everyone is saying. No warning.(?!)

2) The connection is encrypted, but with unknown parties' public keys. Certs exist but are essentially worthless. An active attacker on the network between the two parties, can proxy and impersonate each side. A passive attacker, someone who just gets copies of the traffic, can't read anything. DANGER! DANGER! FREAK OUT!!

3) The connection is encrypted, and if you believe certain faceless parties who are totally unaccountable to you and who you don't know anything about, you think you probably know the other side's identity. Active attackers can't do anything, unless they're active enough to coerce or trick the CA. Passive attackers can't read anything. No warning.

4) The connection is encrypted just like above, but the CA pinky-swears that they really tried hard to make sure. Green URL bar.

5) As case 3 or 4, but multiple CAs, which might be hard for a single attacker to simultaneously coerce or trick, have all signed the cert. We don't have this in our browsers yet; it's early 1990s level tech that we're still waiting for.

6) As case 3 but the user has verified the identity through a different channel. No trusted introducer was needed. The cert need not be signed at all, or might be signed by the user himself. No warning, but also no green URL bar. (Yet, this is the very best-possible case, definitely more secure than any other.)

See anything wrong here? Scenarios 1 and 2 have their warning severities reversed. (And there's also a UI defect at high degrees of security, too, but that's less important.) This trains the use to think of warnings as not necessarily meaning increased severity or risk. A user will adjust to this by ignoring warnings. This is bad communication, and it's making us all a little stupider.

What you should do is add your known self signed certificate to your local certificate store, which means that the warnings will stop

He's talking about a situation where it's not known. Adding it to the local store would be inappropriate. That would be an attempt to treat scenario 2 as scenario 6, just to get around a UI bug. It'd be much better to just fix the bug.

Comment Payoff table shows whose guys they are (Score 1) 272

Maybe they're our guys, maybe they're not.

Country A is full of citizens, businesses, and government orgs which routinely depend on working computers and networks. Country B is similar, but a little behind, because they're not as wealthy.

Both countries' citizens, businesses and government orgs pretty much run the same code. Same OSes, same big applications, etc.

For the most part, everyone's computers run pretty badly, and outages and various fuckup are frequent. Criminals in both countries are very happy with the situation. Both countries have a pretty easy time with espionage, but a nearly impossible problem with counter-espionage. Everyone can attack, but hardly anyone seems to be able to defend.

Well, they're about the same, but not exactly. In Country B, due to the lower tech, more people use cash, more things are done low-techy, etc. Computer crime isn't quite as easy there. Fewer government systems (both civilian and military) are vulnerable to cyber-attack simple because they're not as computerized. Fewer businesses depend on networks. The airlines' schedules in Country B are run by a guy who has a big notebook, but Country A has an airline schedule that's run in some datacenter.

A group of nerdy people figure out part of the problem with everyone's fucked up computers. Turn out, there are bugs in popular software. Sometimes the symptoms just happen (bad luck) and sometimes they are exploited by adversaries.

The nerds have to make a decision: "Do we tell software industry about the bugs and have them fixed, so that everyone (both our country and the other country) get a defense advantage? Or do we not talk about the bugs, thereby preserving everyone's attack advantage?"

The group of nerds chooses the latter, opting to not have the bugs fixed.

Tell me this: judging from the nerds' actions, which country do you infer they working for? Who has more to win or lose from the computers continuing to work so badly?

Comment Re:The phones model (Score 3, Insightful) 263

Who cares if the XB1 can play Sagittarius games? The import thing will be that the Sagittarius can play XB1 games, and Scorpio games. And that the Taurus can play XB1 games, and Scorpio, and Sagittarius. And so on.

Look at how excited everybody got when Red Dead Redemption was finally announced for XB1 backwards compat.

People expect that their old rig can't play Witcher 3, but people also expect that their brand new, top-of-the-line rig can play the old games, perhaps with dosbox or some other emulation. But gog.com is absolutely a thing that proves that concept.

Comment Re:good luck with that. (Score 1) 275

I don't think a border agent can prevent a US citizen from entering the country.

As a foreign national trying to enter the US, you're absolutely right. The border agent can ask you to dance, riverdance style, while singing 'God Bless America,' and deny you if your foot work isn't up to par. But I meant specifically an American attempting to reenter the country. They can still get fucked with, don't get me wrong, but the rules are different.

Then there's that whole 'The border is 100 miles deep' thing America likes to claim.....

Comment Leprechaun at Rio (Score 1) 180

I wish they still made those Warwick Davis Leprechaun movies. They could totally have an olympics one, where he dissolves some gold thief in the pool. OMFG, gold thief! The Leprechaun could be in the olympics, and he's pissed that other contestants are winning "his" gold medals. It's perfect; the movie writes itself.

But the last two (no, the last three, but especially the "Hood" ones) totally sucked, so I understand why they don't make 'em anymore. My friends and I were so pissed that the "Hood" ones sucked; within just a few minutes of trying to get over our disappointment after watching the first one, were were making up limerick-raps way better than anything in the movie. Those bastards put in so little effort in the end, and why they made "back 2 tha hood" I can't begin to imagine. Sigh.

So anyway, Warwick, tell your agent that you're up for doing another, but only if they'll do a good job, like in Leprechaun 3 (total classic, best of the series!).

Slashdot Top Deals

Due to lack of disk space, this fortune database has been discontinued.

Working...