Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:Punishes users and good advertisers (Score 1) 707

I gave up on TV years ago, and when I travel or am exposed to it in public, I'm reminded why. I'm not missing anything and most other things are coming OTT or I can just download. I'm mostly happy with my relationship with purchasing a tv season and getting it the next morning commercial free. The buggy devices could use some refinement, but to avoid the 90dB noise fest, I can live with it.

Comment Re:STARTTLS broken, like UUCP maps (Score 1) 129

My comment re: UUCP is having to manually configure for each site I want to distribute mail to. I'm not worried about STARTTLS stripping, I want to avoid building a full list I have to maintain manually. This is mostly a postfix issue (for me) that it's not aggressive enough in using the STARTTLS offered by the far-side.

Comment STARTTLS broken, like UUCP maps (Score 1) 129

I had someone contact me about my server -> gmail as I host a number of mailing lists and other technical resources. After much research it seems the only way to fix it is to hard code that gmail and other locations are to be encrypted vs the default opportunistic encryption of "if they offer it, try it".

There are a lot of things that should be addressed here to ensure data is properly encrypted, this is easy and a solvable problem but at least for postfix I had to enter some custom maps which the software should have solved for itself with the 'may' setting. I'm past the UUCP days, I don't want to maintain a map of who can do things and who can't. We need to solve this software not doing the right thing problem first.

Google

Google To Take 'Apple-Like' Control Over Nexus Phones (droid-life.com) 180

Soulskill writes: According to a (paywalled) report in The Information, Google CEO Sundar Pichai wants the company to take greater control over development of their Nexus smartphones. When producing Nexus phones, Google has always partnered with manufacturers, like Samsung, LG, and HTC, who actually built the devices. Rather than creating a true revenue stream, Google's main goal has been to provide a reference for what Android can be like without interference from carriers and manufacturers. (For example, many users are frustrated by Samsung's TouchWiz skin, as well as the bloatware resulting from deals with carriers.

But now, Google appears to want more control. The report indicates Google wants to do a better job of competing throughout the market. They want to compete with Apple on the high end, but also seem concerned that manufacturers haven't put enough effort into quality budget phones. The article at Droid-Life argues, "We all know that Nexus phones will never be household items until Google puts some marketing dollars behind them. Will a top-to-bottom approach finally push them to do that?"

Comment Re:It's the population, duh! (Score 2) 63

I have to say it's this. 50% of the US population lives in the Eastern time zone. That means if you only have things on the east coast, you are most likely to cover everyone. Ask someone in a central state what their latency and network paths are, you end up going to Seattle, Chicago, Dallas, LA and sometimes the bay area to change networks. Not a lot of interconnection happens in the mountain states, and even markets like Phoenix while large don't quite have enough density to make sense.

Comment Re:Wny did they need the certificates? (Score 1) 95

Issuing for .test and .local are strictly prohibited by the CABForum EV requirements. They will soon be outlawed for DV under the basic requirements.

What seems to have happened is that instead of issuing all test certs for test.verisign.com as the procedure manual required, they had to modify the procedure when Symantec took over and they no longer had verisign.com.

So instead of doing what they should have done and using test.symantec.com or a test domain bought for the purpose, they typed the first name that entered their head.

Comment Re:Self Signed (Score 1) 95

Actually it doesn't. DANE certificates are not self-signed for a start, they are signed by the DNSSEC key for the zone.

The problem with DANE is that you swap the choice of multiple CAs for a monopoly run by ICANN, a shadowy corporation that charges a quarter million bucks for a TLD because that is what the market will bear. What do you think the price of DANE certification will rise to if it takes off?

ICANN is the Internet version of the NFL only with greater opportunities for peculation and enrichment.

Comment Re:Wny did they need the certificates? (Score 1) 95

Damn right they should. The CPS has a long section on the use of test hardware.

The problem is that all the original team that built VeriSign have been gone for years. A lot of us left before the sale of the PKI business to Symantec. The PKI/DNS merger was not a happy or successful partnership. The original point of the merger was to deploy DNSSEC. that effort was then sabotaged by folk in IETF and ICANN which has delayed the project by at least 10 and possibly 20 years. ATLAS was originally designed to support DNSSEC.

Unfortunately, in PKI terms what VeriSign was to IBM, Symantec is to Lenovo.

They apparently remember the ceremonies we designed but not the purpose. So they are going through the motions but not the substance.

One of the main criticisms I have heard is that we built the system too well. From 1995 up to 2010 it worked almost without any issues. So people decided that they didn't need things like proper revocation infrastructure. The only recent issue the 1995 design could not have coped with was DigiNotar which was a complete CA breach.

There are some developments on the horizon in the PKI world that will help add controls to mitigate some of the issues arising since. But those depend on cryptographic techniques that won't be practical for mass adoption till we get our next generation ECC crypto fully specified.

Comment Re:What is a pre-certificate? (Score 3, Informative) 95

A pre-certificate is created for use in the Certificate Transparency system. Introducing pre-certificates allows the CT log proof to be included in the certificate presented to an SSL/TLS server.

The CT system generates a proof that a pre-certificate has been enrolled in it. The proof is then added to the pre-certificate as an extension and the whole thing signed with the production key to make the actual certificate.

If the CT system logged the actual certificate, the proof of enrollment would only be available after the certificate had been created.

Submission + - NTP protocol vulnerabilities allow clock shifting (bu.edu)

jaredmauch writes: While recently the interest in the NTP protocol was the use for Denial of Service attacks, a team at Boston University has released 4 different attacks that permit shifting of clocks, or will make your NTP client no longer listen to accurate time from trusted servers.

Comment Re:Like a grownup (Score 1) 657

I was perhaps trying to be more subtle. This should have been a non-event. The problem here is clearly that people without a clue about technology went and abused this kid who is still learning. Did you take a moment to read the letter the school district sent out? They basically said that nobody else should bring something like this in and if they do to "tell an adult" vs ask some questions and have it be a non-event. Instead they paraded the kid out like he was a criminal. That's surely not private where the teacher saying "hey this is cool, can you show me after class" might be much better.

Thanks for misconstruing my comment though, I see it got you +5. I'll go back to cowboyneal jokes vs trying to engage in dialogue.

Comment Like a grownup (Score 1) 657

This is "tell a grownup" territory vs the schools helping teach teenagers (which need guidance, just like some of us adults need from time to time) on what is appropriate or not. This will obviously be a trigger story for people in the tech community that feel sensitive to this issue or raw because of bullying they received and why some of us have trouble trusting school judgement as grown men and women.

I just wish they handled this privately with the parents without dragging the liason officer into the mix, the local police, etc.. Judgement call made wrong way clearly.

And really. If the threat was actually real, or realistically perceived that way, we should have heard of the evacuation on the news yesterday.

Slashdot Top Deals

Computers are unreliable, but humans are even more unreliable. Any system which depends on human reliability is unreliable. -- Gilb

Working...