Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Norton (Score 1) 62

Step one: Any browser that cares about security MUST stop regarding https with CA certificates as any more trustworthy that self-signed certificates or plain http.

Why? Plain HTTP can be compromised by anyone on a hop between you and your destination. HTTPS with a self-signed certificate can be compromised by anyone on a hop between you and your destination, but can be detected if you do certificate pinning or certificate transparency. HTTPS with a signed cert can only be compromised with cooperation from a CA. The set of people that can compromise signed HTTPS is significantly lower than the set that can compromise self-signed HTTPS.

I remember in the days of IE 6 and me opening questionable porn in my youth I would get slow or weird responses from HTTP websites. I do an ipconfig of the name of the site. I then disconnect and then reboot and or sometimes do a ipconfig /release and VIOLA now when I do an ipconfig it points to a different IP address.

MITM was quite on occurrence in the old days. Of course if my DNS is pointing to somewhere else it means my PC was probably compromised but my point is changing something and a ipconfig /release fixes it shows it is easy to spoof before MS took security more seriously as it does today.

Comment Re:The Dying Days of the Certificate industry (Score 1) 62

You have a better solution? You want the US government deciding instead like ICAAN in addition to being a central point of exploit?

If you let others self sign that means you risk having the private keys known and it's game over. Let's encrypt has same problem in which they can screw up and hand out extra certificates. Also if they are hacked and private key is leaked then game over the Internet is done as we know it. This makes me not want lots of players on the CA space

Submission + - Astronomers Observe Supermassive Blackhole Ejected by Gravitational Waves (

An anonymous reader writes: From NASA:
"Astronomers have uncovered a supermassive black hole that has been propelled out of the center of a distant galaxy by what could be the awesome power of gravitational waves.

Though there have been several other suspected, similarly booted black holes elsewhere, none has been confirmed so far. Astronomers think this object, detected by NASA's Hubble Space Telescope, is a very strong case. Weighing more than 1 billion suns, the rogue black hole is the most massive black hole ever detected to have been kicked out of its central home.
Researchers estimate that it took the equivalent energy of 100 million supernovas exploding simultaneously to jettison the black hole. The most plausible explanation for this propulsive energy is that the monster object was given a kick by gravitational waves unleashed by the merger of two hefty black holes at the center of the host galaxy."
The findings of the study will be published in the journal Astronomy and Astrophysics on March 30th.

Comment Quanta (Score 1) 124

I'm guessing the spoofed company is Quanta. There's a lot of surplus last-gen equipment on eBay (meaning companies would be upgrading), and I believe Facebook used them as an OEM for their Open Compute nodes (Quanta Mindmill). Not sure who else uses Quanta OEM in particular, but some of their switches appear to be reference designs for Dell, etc.

Comment Re:DRM is necessary to stop piracy (Score 1) 219

DRM is the excuse publishers use to justify the ongoing control over one's computer, spying regime modern-day DRM schemes make possible and use, and thus pose genuine risks to everyday computer users. This is not about "balancing" rights as another poster said, this is about copyright holders and their business partners using a mechanism to get more control over your devices, your privacy, and your life than they ought to have.

If you really need the latest rehashed, "reimaged" Hollywood trash then run it in a VM, problem solved.

I want to see proof and lots of it

What proof do you have to back up your statements of them getting control of your life? That sounds like a pretty ominous statement so how about you strip away the hyperbole and give a concrete example of what you mean.

I mean do you really think anybody is going to take you seriously when you say things like that in reference to a piece of software that just enforces end-to-end encryption? Yes I do understand that in theory it could do many things, but that's no different to any piece of proprietary hardware or software, this has been the case for as long as computers have existed and the solution is still the same: If you're worried about it then don't use it or seek out, fund, promote an alternative.

Comment Re:Alternative Choices (Score 1) 219

The DRM module is a black box that can do anything with your computer

Why are you running your browser with privileges that allow it the scope to do anything with your computer? Yes back in the old Windows days everybody ran everything effectively with administrator privileges but

and is legally protected from reverse enginering attempts, so nobody is allowed to know what it does.

So - assuming you just have to view Hollywood's latest rehashed, "reimagined" crap - run it in a VM, sane people have already been doing that with the various existing DRM mechanisms for years. There is no change here.

Also browsers may just secretly sideload the DRM module for "usability" when it isn't explicitly installed. The Chrome devs were caught patching the open source Chromium repo so it would do just that.

Yes of course, because that's what the majority of people are going to want. For the minority who don't want this just fork the repo and remove that code. What good is open source if you're not going to bother actually doing anything with it?

Comment Re:Alternative Choices (Score 1) 219

"Trusted" in this case means "trusted by the movie companies to work against the users wishes"

I think you misunderstand what users want: By and large they just want to be able to watch the content. But that's still beside the point, you don't have to use EME or DRM at all if you don't want to.

Slashdot Top Deals

Talent does what it can. Genius does what it must. You do what you get paid to do.