Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment I am happy for my freedom (Score 0, Offtopic) 76

My laptop died while I was on travel. I want to select my next expensive device carefully, so I need a disposable computer, something I can hand off to a computerless person in a few months. I went last night to Micro Center and bought a $219 Acer laptop, a $55 250GB SSD and a $35 8GB stick of DDR3L RAM. And a screwdriver, spudger and static strap.

2 hours later, I was able to shove an Ubuntu 16.04 live DVD into the drive of this thing and start computing on the hotel network. The removed 500GB hard drive preloaded with Windows 10 (yuck) and the OEM 4GB stick of RAM sat alongside it.

I was able to completely avoid Microsoft's preloaded pile of shit and other than throwing a couple of switches in the BIOS, it was fairly painless...for me*. And I got a pretty responsive system for my effort. Compare and contrast to the cellphone situation.

I roll with an iPhone for this reason. My last Android device (HTC Desire Z) was my last Android device, ever.

*this system being such a POS that I had to remove the entire motherboard, blower fan and WLAN card to change out one SODIMM of RAM. The plastic bottom even has a nifty RAM chip pressed into the (nonremovable) solid bottom of the case, as if it were some kind of access door.

Comment Re:What is it that you say? (Score 1) 442

No, they're not dropping that veneer.

Saying you compete with someone, isn't the same as saying you're the same kind of business. e.g. courier bikes, courier pigeons, telegrams and email can all compete with one another, but work differently and might have really good reasons for being regulated differently.

(BTW, I'm not taking a position about how Uber should or shouldn't be regulated; I'm just saying that there is nothing about their reaction which implies they're admitting anything.)

Comment Re:Microsoft broke my scanner once... (Score 1) 216

More people need to be made aware of VueScan. Cross platform, acceptable price, unbeatable scanner support. My father has a SCSI Minolta Dimage with APS support. Drivers up to Windows 2000, XP worked with a bit of hacking. SANE doesn't want to know about it.

VueScan? Just works.

I have no stake in this. I am just a happy customer.

Comment Re:Publishing porn without actor permission (Score 2) 133

I am not sure it's a matter of 'not caring'. I think it's a matter of litigation following the money, and there was no pot of gold at the other end of the "Fappening" investigation.

You can see it too with the dim view that most courts take towards ACLU/EFF type cases. The logic seems to go "this case doesn't matter, since it will have no practical effect, so why am I being forced to decide it?" In reality, it does have a practical impact on governance, but courts tend to view that as dollars and cents. I wonder if we should be upset about that, or happy that the courts are less than eager to be making political decisions?

Comment Re:Publishing porn without actor permission (Score 2) 133

Sounds like E&O coverage. They'd find a way to avoid paying in this case. That's more than half of what insurance companies spend time doing - finding ways to weasel out of paying for the purchased coverage. I did that for a while and then had to take many showers to clean off the sleaze of manipulating people into screwing themselves out of payment.

He was also personally liable to the tune of I think $10 million. I also don't think the $135 million would be all his anyway. And they'll try to siphon it all off with the judgement anyway - first thing the lawyers should do is petition to impound that money for the duration of the appeal.

Comment Re: Do they really ignore them? (Score 2) 124

Oh, so you're manually inspecting the self signed certificate every time you visit your website? If not, then how do you know nobody is intercepting your communication, making your self signed certificate as useless as having no encryption at all.

No, and he didn't imply that. Here are several situations, in increasing order of security.

1) The connection is not encrypted or signed. No certs exist. Nobody knows who they're talking to. An active attacker on the network between the two parties, can proxy and impersonate each side. A passive attacker, someone who just gets copies of the traffic, while they can't impersonate, can at least read what everyone is saying. No warning.(?!)

2) The connection is encrypted, but with unknown parties' public keys. Certs exist but are essentially worthless. An active attacker on the network between the two parties, can proxy and impersonate each side. A passive attacker, someone who just gets copies of the traffic, can't read anything. DANGER! DANGER! FREAK OUT!!

3) The connection is encrypted, and if you believe certain faceless parties who are totally unaccountable to you and who you don't know anything about, you think you probably know the other side's identity. Active attackers can't do anything, unless they're active enough to coerce or trick the CA. Passive attackers can't read anything. No warning.

4) The connection is encrypted just like above, but the CA pinky-swears that they really tried hard to make sure. Green URL bar.

5) As case 3 or 4, but multiple CAs, which might be hard for a single attacker to simultaneously coerce or trick, have all signed the cert. We don't have this in our browsers yet; it's early 1990s level tech that we're still waiting for.

6) As case 3 but the user has verified the identity through a different channel. No trusted introducer was needed. The cert need not be signed at all, or might be signed by the user himself. No warning, but also no green URL bar. (Yet, this is the very best-possible case, definitely more secure than any other.)

See anything wrong here? Scenarios 1 and 2 have their warning severities reversed. (And there's also a UI defect at high degrees of security, too, but that's less important.) This trains the use to think of warnings as not necessarily meaning increased severity or risk. A user will adjust to this by ignoring warnings. This is bad communication, and it's making us all a little stupider.

What you should do is add your known self signed certificate to your local certificate store, which means that the warnings will stop

He's talking about a situation where it's not known. Adding it to the local store would be inappropriate. That would be an attempt to treat scenario 2 as scenario 6, just to get around a UI bug. It'd be much better to just fix the bug.

Comment Payoff table shows whose guys they are (Score 1) 272

Maybe they're our guys, maybe they're not.

Country A is full of citizens, businesses, and government orgs which routinely depend on working computers and networks. Country B is similar, but a little behind, because they're not as wealthy.

Both countries' citizens, businesses and government orgs pretty much run the same code. Same OSes, same big applications, etc.

For the most part, everyone's computers run pretty badly, and outages and various fuckup are frequent. Criminals in both countries are very happy with the situation. Both countries have a pretty easy time with espionage, but a nearly impossible problem with counter-espionage. Everyone can attack, but hardly anyone seems to be able to defend.

Well, they're about the same, but not exactly. In Country B, due to the lower tech, more people use cash, more things are done low-techy, etc. Computer crime isn't quite as easy there. Fewer government systems (both civilian and military) are vulnerable to cyber-attack simple because they're not as computerized. Fewer businesses depend on networks. The airlines' schedules in Country B are run by a guy who has a big notebook, but Country A has an airline schedule that's run in some datacenter.

A group of nerdy people figure out part of the problem with everyone's fucked up computers. Turn out, there are bugs in popular software. Sometimes the symptoms just happen (bad luck) and sometimes they are exploited by adversaries.

The nerds have to make a decision: "Do we tell software industry about the bugs and have them fixed, so that everyone (both our country and the other country) get a defense advantage? Or do we not talk about the bugs, thereby preserving everyone's attack advantage?"

The group of nerds chooses the latter, opting to not have the bugs fixed.

Tell me this: judging from the nerds' actions, which country do you infer they working for? Who has more to win or lose from the computers continuing to work so badly?

Slashdot Top Deals

The person who can smile when something goes wrong has thought of someone to blame it on.

Working...