Please create an account to participate in the Slashdot moderation system


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Are they big enough? (Score 1) 64

yes. for 3 reasons:
-when you get a CA, you want it to work in all browsers... market share may not be high, but it is still a very popular browser. spread the word that the site do not work in all browsers is enough to cause panic in many people

- mozilla, microsoft, google and apple are usually in sync about CA issues. This was found by mozilla and they decided the action they will take... other companies will now analyze this and take their own actions. As mozilla action is a good one, it may be accepted by the other companies as well. The political power of mozilla is a lot higher than the 8%

- MS Edge have 5%, less than firefox... would you ignore it? market share numbers change a lot across countries, sites, user type and type of device. Mozilla on mobile have a very low market share and higher on desktop... all this is just junk numbers, when users start to complain, the perceived small market share number seems to increase by magic :)

Comment Re:Damnit, I'm on Startcom (Score 1) 64

read the article: only NEW certs will be distrust, existent ones will keep work, until they expire.
In a year, if they behave and follow all rules, they MAY be trusted again.... if they keep doing wrong things, they will be removed.
basically, mozilla removed the CA market from then for one year as penalty

Comment read the article: only NEW certs will be distrust (Score 1) 64

please read the article... only the NEW certs will be distrust, old ones will keep valid until they expire. You might have problems only on renews...

If they behave well and follow all the rules, in one year they may be trusted again... if they keep trying to issue certs using past dates, they will be totally removed and if they ever try to reenter the CA business, they will have to follow again all the audits, tests, checks, etc... takes ages, log of money and in the end, mozilla can still say "NO"

Comment They are luck! (Score 1) 1

After reading the document, they are breaking the rules and lying about that. Also, they tried to hide they control startcom ( for many people) and changed the way they worked. For a type of service based in TRUST, this breaks all the trust on their actions and leadership.

They are luck to ONLY get one year suspended trust. If they survive, they may learn and issue again certificates later on... Lets also see if they will inform the users that mozilla will stop trusting then (although i suspect that google might also take similar action) or if they will try to do any "marketing" stunt and "forgot" to warn the users about it.

Anyway, firefox will disable this CA and the ball is in their side now... other CAs will also see what can happen to then when they agree to get in to shady practices.

This is why i trust mozilla (at least for now, we never know what the future holds), they really try to make a better web

Submission + - Game over for WoSign and Startcom? ( 1

Zocalo writes: Over the last several months Mozilla has been investigating a large number of breaches of what Mozilla deems to be acceptable CA protocols by the Chinese root CA WoSign and their perhaps better known subsidiary StartCom, whose acquisition by WoSign is one of the issues in question. Mozilla has now published their proposed solution (GoogleDocs link), and it's not looking good for WoSign and Startcom. Mozilla's position is that they have lost trust in WoSign and, by association StartCom, with a proposed action to give WoSign and StartCom a "timeout" by distrusting any certificates issued after a date to be determined in the near future for a period of one year, essentially preventing them issuing any certificates that will be trusted by Mozilla. Attempts to circumvent this by back-dating the valid-from date will result in an immediate and permanent revocation of trust, and there are some major actions required to re-establish that trust at the end of the time out as well.

This seems like a rather elegant, if somewhat draconian, solution to the issue of what to do when a CA steps out of line. Revoking trust for certificates issued after a given date does not invalidate existing certificates and thereby inconvenience their owners, but it does put a severe — and potentially business ending — penalty on the CA in question. Basically, WoSign and StartCom will have a year where they cannot issue any new certificates that Mozilla will trust, and will also have to inform any existing customers that have certificate renewals due within that period they cannot do so and they will need to go else where — hardly good PR!

What does Slashdot think? Is Mozilla going too far here, or is their proposal justified and reasonable given WoSign's actions, making a good template for potential future breaches of trust by root CAs, particularly in the wake of other CA trust breaches by the likes of CNNIC, DigiNotar, and Symantec?

Comment Re:Rich people toy at best due to energy costs (Score 1) 129

No you're just making that up. The energy to run a horseless carriage wasn't unprecedented: it was about the same needed to run a conventional carriage. You're correct that a manufacturing line and economies of scale were the major factor in making cars affordable though, because the cost of manufacture was what made cars rich people toys for over a hundred years before the model A came out, not energy costs.

Comment Perl... (Score 1) 351

but I bet that most of the code I write is in posix sh, bash or perl

Perl, yeah. I like it a lot too.

But sometimes I need to be able not only to write, but also read what I've written.
To determine what a piece of code actually does.

Or if it was simply my cat walking over the keyboard.

Or it it was my cat that successfully patched a mission critical Perl-script by randomly walking across my keyboard...


Comment Merge conflict detected (Score 2) 48

I don't understand why the linux community is not capitalizing on the situation with the Windows 10 Fiasco and Google and Apple spying on you? This is quite the time to hit them with a secure OS. Start making deals to get Adobe products to work on Linux and others like the old Unix's did before.

Git cherry pick failed: merge conflict detected.
Please resolve manually.

Comment Joke? (Score 1) 48

I think what the poster meant is that he's working on the other side of the same street.
(Or working from home), and litteraly doesn't need a complex system to tell him what are the conditions on the sole cross-read he needs to cross.


Alternatively, he's Scandinavian, and the traffic problems he has to face are more weather-related (read: heavy snow-falls) other than other-people related (his closest neighbour, Olaf Guntersson, lives half an hour away).

Comment German Autobahn!!! (Score 1) 48

So if your phone is going 100mph in a 45mph zone {...} if we want to catch speeders it is a much smaller data sets with less big computation.

Hallo ! Vee are the German Automakers von BMW, Daimler and Volkswagen.
Vee are tasked mit designing dis car data aggregator.

Vat is dis "Speed limit" dat you're speaking of ?
Vee have never heard about it....

(Alzo, vat are dis "mph" units ? Do you have nicht metric Zystem ?)


Comment Germany (Score 1) 48

As mentionned :
BMW, Daimler and Volkswagen are German automakers. Their bound by German laws.
And people in Germany tend to be very picky about their privacy.

The car will probably have to ask you if you agree to share you data.
With options to opt-in or opt-out.

(Though maybe the US-export model will get tempered with and will simply opt out of receiving the aggregated traffic information, but still constantly beam your position. To the NSA. And also transmit everything it can hear around).

Comment Data aggregation method (Score 1) 48

The map display in a Tesla already shows traffic congestion.

And you could probably find even older GPS units/applications that predate Tesla and still show traffic congestion.
(e.g.: old Tomtom do show traffic).
Even before the age of on-line connected cars, in Europe there were traffic information over the RDS data channel on FM stations
(and probably the same on the US equivalent ?)

The novelty isn't the traffic information, it's the way data is aggregated.

I have heard that they get the data from aggregate cell phone data. The cell towers can tell when the cellphones bunch up and stop moving.

The news here is that HERE-Maps managed to get competing automakers to work together to share their data on congestion (as determined by the connected cars themselves).
(Which could be combined with the coarser info from cell tower to get even more informations).

Slashdot Top Deals