Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Phishing is good (Score 1) 249

If by succeeding, you mean completely failing to have any significant role in online commerce, and not being a significant source of information beyond currently trending events, then sure. Call me when there's something equivalent to Wikipedia that's built into Facebook without linking out into the Internet as a whole, or something equivalent to Amazon, or something equivalent to airline and hotel reservation websites, or....

So no, Facebook is not succeeding as a replacement for the Internetâ"only for the very narrow slice of the Internet that was previously dominated by MySpace.

Comment Re:Phishing is good (Score 1) 249

If by succeeding, you mean completely failing to have any significant role in online commerce, and not being a significant source of information beyond currently trending events, then sure. Call me when there's something equivalent to Wikipedia that's built into Facebook without linking out into the Internet as a whole, or something equivalent to Amazon, or something equivalent to airline and hotel reservation websites, or....

So no, Facebook is not succeeding as a replacement for the Internet—only for the very narrow slice of the Internet that was previously dominated by MySpace.

Comment Re:Phishing is good (Score 1) 249

If by succeeding, you mean completely failing to have any significant role in online commerce, and not being a significant source of information beyond currently trending events, then sure. Call me when there's something equivalent to Wikipedia that's built into Facebook without linking out into the Internet as a whole, or something equivalent to Amazon, or something equivalent to airline and hotel reservation websites, or....

So no, Facebook is not succeeding as a replacement for the Internet—only for the very narrow slice of the Internet that was previously dominated by MySpace.

Comment Re:Never saw that coming (Score 1) 249

It's not always a home ISP that's doing subtle MITM modification. It might be someone malicious in the same coffee shop as you.

Assuming DNSSec gets deployed as it should, someone in the same coffee shop will be able to passively snoop, but won't realistically be able to be in the middle of the communication unless the infrastructure is badly broken. After all, two hops over Wi-Fi should always realistically have higher latency than one hop plus a DHCP response. The biggest weakness is UDP-based DNS. For that matter, you could disable UDP-based DNS today, and you'd pretty much kill any hope of MiTM attacks by anybody other than your ISP. Arguably, you probably should.

Or it might be a government agency using the Fullscreen API to spoof the chrome of the entire desktop environment.

At that point, your endpoint is untrusted, so the communication is untrusted, period. There is no security mechanism that can have any real benefit if you cannot trust the browser itself or the operating system under it.

Comment Re:i cant believe what im seeing. (Score 1) 41

my one wish before I die --assuming I can merge-- is to see the second sign for the exit to interstate 10. Could this app be the miracle ive prayed for between prayers for the sweet release of death? I sure hope so.

Fear not, my friend, for I have heard tales of a land beyond the jam—a mythical place called the O.C.—where giant mice and princesses roam the streets and the terrors of Hollyweird are but a distant memory. But to get there, you must turn left now, for your current path leads only to drowning after you drive off into the ocean at Huntingdon Beach. Beware the Tides of March.

Comment Re:Second rule of business (Score 1) 80

Your business has absolutely nothing to do with what you want to sell... it has absolutely everything to do with what your customers want to buy.

"But we can shift that paradigm! This time, we'll plan better, we just need to educate our consumers."

Well, at least they taught their consumers a valuable lesson: Sony, famously guilty for shitting on the rights of virtually everyone through their crappy DRM-enabled hardware, still sold way more consoles than Microsoft.

Microsoft just has never excelled at building what customers want.

Nokia and everyone else had phones with Java, so Microsoft shipped WinCE phones - that didn't sell.
Apple came out with their DRM-encumbered iPod, so Microsoft followed it up with the DRM encumbered Zune - that didn't sell.
Apple came out with the iPhone with the walled app garden; so Microsoft shipped Windows Phones with a walled garden - that didn't sell.
Steam and Sony and Nintendo came out with DRM encumbered games; so Microsoft shipped the XBox One - that sold quite a few, but sucked.

Their two biggest problems are that they want to use services as license enforcement gateways, and that their stiffest competition to their Software V3.0 is their own Software V2.0. Nothing new in Office has been worth buying upgrades since about 2007, yet they have managed to convince some people to upgrade to Office 2010, 2013, and now Office365.

And people are getting more and more fed up with the constant greed. LibreOffice has caught up to about Office 2007 in terms of maturity, which is good enough for a lot of people and companies. Linux has caught fire in the corporate world, overthrowing WIndows Servers by the millions. Cloud computing is moving companies to outsource their hardware data centers. Azure is competent in this arena, but cloud computing is already close to a commodity - there's not a lot of value Microsoft can add over the other big players.

It's weird, but at the core it's an existential crisis for one of the world's largest companies. They are desperately trying to figure out something to sell that will still be in demand 10 years from now.

Comment Re:Never saw that coming (Score 1) 249

Without TLS, how do you ensure that a man in the middle isn't altering the information that you retrieve from said "Informational websites with no credentials"?

You don't, but it almost never matters. MiTM attacks tend to be harder than passive sniffing, and there are very few reasons why any ISP in its right mind would do so. They're far more likely to do blocking, or redirect a streaming site to their own streaming site, or other absurdity that's easy to spot.

Comment Re:but you arent a traditional CA (Score 1) 249

The few times I've used Let's Encrypt was during testing phases, as a place-holder until I had the time to get a "real" cert. My company has an inane procedure to get purchase orders to pay for anything, so often it takes a couple of weeks to get to the point of being able to purchase anything via a "new vendor". If you can't afford $5 or so to get a year-long cert, then your either not serious about your site or doing something wrong.

Or you have more than the one subdomain that most CAs allow for $5 certs. Even with a limit of five for Let's Encrypt, it takes two certs for my main domain. Bare domain, www, images, git, homeserver, kinji, and I feek like I'm still forgetting one. A wildcard domain cert starts at two hundred bucks.

Comment Re:Never saw that coming (Score 1) 249

Does anyone remember what the point of SSL was? It's just so our users don't see the non SSL warning right?

You say that jokingly, but there's some truth to that. The need for TLS is proportional to the damage done by compromising the connection. Informational websites with no credentials do NOT need TLS, typically, and the push to add TLS more broadly has played a major role in lowering the bar for getting a cert (out of necessity), thus weakening an already weak system further.

Slashdot Top Deals

NOWPRINT. NOWPRINT. Clemclone, back to the shadows again. - The Firesign Theater

Working...