Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:doh! (Score 2, Informative) 528

Obama didn't release his birth certificate for one very good reason, he is very clever and Trump is very stupid.

The fact is that the Republicans will always invent some crazy idiotic 'scandal' that they obsess about and endlessly throw up smoke. The birther conspiracy was mind numbingly ridiculous. It would require someone to go back in time to plant the birth notice in the papers. Or for some group of conspirators to go to an enormous amount of trouble in order to make a particular black kid president.

So rather than release the birth certificate and let the Republicans invent a new scandal, Obama held onto it and let them obsess about a scandal nobody else thought made the slightest sense, knowing that he could knock their house of cards down any time he chose. Which of course he did a week before the Bin Laden raid which was guaranteed to end the story.

George W. Bush opened torture chambers across the world and collected photographs for a sick sexual thrill. Yet nobody ever talks about that. None of the people complaining about Hilary ever complained about GWB refusing to comply with Congressional investigation or the deletion of 5 million emails.

So here is what is going to happen. Trump is going to go down to the biggest defeat since Carter and he is going to drag the rest of his party down with him. And afterwards there is going to be a new civil rights act that prohibits Republican voter suppression tactics and the gerrymandering that give them a 5% advantage in elections. And by the time it is all done the Republican party will have two choices, either boot the racist conspiracy theorists and Trumpists out or face two decades in the wilderness.

Comment Re:Punishes users and good advertisers (Score 1) 707

I gave up on TV years ago, and when I travel or am exposed to it in public, I'm reminded why. I'm not missing anything and most other things are coming OTT or I can just download. I'm mostly happy with my relationship with purchasing a tv season and getting it the next morning commercial free. The buggy devices could use some refinement, but to avoid the 90dB noise fest, I can live with it.

Comment Re:STARTTLS broken, like UUCP maps (Score 1) 129

My comment re: UUCP is having to manually configure for each site I want to distribute mail to. I'm not worried about STARTTLS stripping, I want to avoid building a full list I have to maintain manually. This is mostly a postfix issue (for me) that it's not aggressive enough in using the STARTTLS offered by the far-side.

Comment STARTTLS broken, like UUCP maps (Score 1) 129

I had someone contact me about my server -> gmail as I host a number of mailing lists and other technical resources. After much research it seems the only way to fix it is to hard code that gmail and other locations are to be encrypted vs the default opportunistic encryption of "if they offer it, try it".

There are a lot of things that should be addressed here to ensure data is properly encrypted, this is easy and a solvable problem but at least for postfix I had to enter some custom maps which the software should have solved for itself with the 'may' setting. I'm past the UUCP days, I don't want to maintain a map of who can do things and who can't. We need to solve this software not doing the right thing problem first.


Google To Take 'Apple-Like' Control Over Nexus Phones (droid-life.com) 180

Soulskill writes: According to a (paywalled) report in The Information, Google CEO Sundar Pichai wants the company to take greater control over development of their Nexus smartphones. When producing Nexus phones, Google has always partnered with manufacturers, like Samsung, LG, and HTC, who actually built the devices. Rather than creating a true revenue stream, Google's main goal has been to provide a reference for what Android can be like without interference from carriers and manufacturers. (For example, many users are frustrated by Samsung's TouchWiz skin, as well as the bloatware resulting from deals with carriers.

But now, Google appears to want more control. The report indicates Google wants to do a better job of competing throughout the market. They want to compete with Apple on the high end, but also seem concerned that manufacturers haven't put enough effort into quality budget phones. The article at Droid-Life argues, "We all know that Nexus phones will never be household items until Google puts some marketing dollars behind them. Will a top-to-bottom approach finally push them to do that?"

Comment Re:It's the population, duh! (Score 2) 63

I have to say it's this. 50% of the US population lives in the Eastern time zone. That means if you only have things on the east coast, you are most likely to cover everyone. Ask someone in a central state what their latency and network paths are, you end up going to Seattle, Chicago, Dallas, LA and sometimes the bay area to change networks. Not a lot of interconnection happens in the mountain states, and even markets like Phoenix while large don't quite have enough density to make sense.

Comment Re:Wny did they need the certificates? (Score 1) 95

Issuing for .test and .local are strictly prohibited by the CABForum EV requirements. They will soon be outlawed for DV under the basic requirements.

What seems to have happened is that instead of issuing all test certs for test.verisign.com as the procedure manual required, they had to modify the procedure when Symantec took over and they no longer had verisign.com.

So instead of doing what they should have done and using test.symantec.com or a test domain bought for the purpose, they typed the first name that entered their head.

Comment Re:Self Signed (Score 1) 95

Actually it doesn't. DANE certificates are not self-signed for a start, they are signed by the DNSSEC key for the zone.

The problem with DANE is that you swap the choice of multiple CAs for a monopoly run by ICANN, a shadowy corporation that charges a quarter million bucks for a TLD because that is what the market will bear. What do you think the price of DANE certification will rise to if it takes off?

ICANN is the Internet version of the NFL only with greater opportunities for peculation and enrichment.

Comment Re:Wny did they need the certificates? (Score 1) 95

Damn right they should. The CPS has a long section on the use of test hardware.

The problem is that all the original team that built VeriSign have been gone for years. A lot of us left before the sale of the PKI business to Symantec. The PKI/DNS merger was not a happy or successful partnership. The original point of the merger was to deploy DNSSEC. that effort was then sabotaged by folk in IETF and ICANN which has delayed the project by at least 10 and possibly 20 years. ATLAS was originally designed to support DNSSEC.

Unfortunately, in PKI terms what VeriSign was to IBM, Symantec is to Lenovo.

They apparently remember the ceremonies we designed but not the purpose. So they are going through the motions but not the substance.

One of the main criticisms I have heard is that we built the system too well. From 1995 up to 2010 it worked almost without any issues. So people decided that they didn't need things like proper revocation infrastructure. The only recent issue the 1995 design could not have coped with was DigiNotar which was a complete CA breach.

There are some developments on the horizon in the PKI world that will help add controls to mitigate some of the issues arising since. But those depend on cryptographic techniques that won't be practical for mass adoption till we get our next generation ECC crypto fully specified.

Comment Re:What is a pre-certificate? (Score 3, Informative) 95

A pre-certificate is created for use in the Certificate Transparency system. Introducing pre-certificates allows the CT log proof to be included in the certificate presented to an SSL/TLS server.

The CT system generates a proof that a pre-certificate has been enrolled in it. The proof is then added to the pre-certificate as an extension and the whole thing signed with the production key to make the actual certificate.

If the CT system logged the actual certificate, the proof of enrollment would only be available after the certificate had been created.

Submission + - NTP protocol vulnerabilities allow clock shifting (bu.edu)

jaredmauch writes: While recently the interest in the NTP protocol was the use for Denial of Service attacks, a team at Boston University has released 4 different attacks that permit shifting of clocks, or will make your NTP client no longer listen to accurate time from trusted servers.

Comment Re:Like a grownup (Score 1) 657

I was perhaps trying to be more subtle. This should have been a non-event. The problem here is clearly that people without a clue about technology went and abused this kid who is still learning. Did you take a moment to read the letter the school district sent out? They basically said that nobody else should bring something like this in and if they do to "tell an adult" vs ask some questions and have it be a non-event. Instead they paraded the kid out like he was a criminal. That's surely not private where the teacher saying "hey this is cool, can you show me after class" might be much better.

Thanks for misconstruing my comment though, I see it got you +5. I'll go back to cowboyneal jokes vs trying to engage in dialogue.

Comment Like a grownup (Score 1) 657

This is "tell a grownup" territory vs the schools helping teach teenagers (which need guidance, just like some of us adults need from time to time) on what is appropriate or not. This will obviously be a trigger story for people in the tech community that feel sensitive to this issue or raw because of bullying they received and why some of us have trouble trusting school judgement as grown men and women.

I just wish they handled this privately with the parents without dragging the liason officer into the mix, the local police, etc.. Judgement call made wrong way clearly.

And really. If the threat was actually real, or realistically perceived that way, we should have heard of the evacuation on the news yesterday.

Slashdot Top Deals

I have the simplest tastes. I am always satisfied with the best. -- Oscar Wilde