moray - Slashdot User

Comment Correlation does not imply causation (Score 4, Insightful) 497

by Gerv on Wednesday November 22, 2017 @01:30PM (#55604111) Attached to: Apple Only Wants To Put Its Stores Where White People Live, Investigation Reveals

Correlation does not imply causation. And in this case, it seems like there are pretty good candidates for the common cause. And the article even recognises that - the headline is clickbait.

Submission + - A bufferbloat-less christmas (blogspot.com)

Submitted by mtaht on Saturday December 24, 2016 @11:44PM

mtaht writes: Inside the lede-project, two core new bufferbloat-fighting techniques are poised to enter the linux mainline kernel and thousands of routers — the first being a fq-codel'd and airtime fair scheduler for wifi, and the second, the new "cake" qdisc, which outperforms fq_codel across the board for shaping inbound and outbound connections.

It's been nearly 6 years since the start of the bufferbloat project. Have you or has your ISP fixed your bufferbloat yet?

Comment Re:WebRTC (Score 1) 237

by Gerv on Monday August 15, 2016 @08:51AM (#52703735) Attached to: Ask Slashdot: Are There Secure Alternatives To Skype?

Not for ever - they are working on a method of doing bridge-based WebRTC which is nevertheless end-to-end secure - see https://datatracker.ietf.org/w... . AIUI, the way it works is that it established point-to-point encrypted tunnels between the endpoints for key distribution so the bridge isn't able to decrypt the data even if it wanted to, and yet, you don't need N->N transmission of streams.

Gerv

Comment WebRTC (Score 3, Informative) 237

by Gerv on Monday August 15, 2016 @04:43AM (#52703075) Attached to: Ask Slashdot: Are There Secure Alternatives To Skype?

WebRTC-based services, in the form of e.g. https://meet.jit.si/, are end-to-end secure and decentralised. Not sure if Windows Phone has any browser which supports WebRTC, though.

Comment Seems to work with Firefox too (Score 1) 164

by Gerv on Wednesday July 13, 2016 @12:18PM (#52504289) Attached to: Microsoft Finally Releases New Skype App For Linux

web.skype.com lets me log in using Firefox, no problem, so presumably it works there as well.

Gerv

Comment Re:Exaggerated? (Score 2, Informative) 115

by Gerv on Saturday March 05, 2016 @05:52AM (#51642763) Attached to: Server Snafu Makes Microsoft Beg For CA Audit Data From Its Partners

It a load of rubbish from the original author. There's no reason whatsoever that loss of this data would cause problems in IE or Edge. Removing roots from MS's program doesn't happen without human input.

Comment Re:Choice of words? (Score 1) 86

by Gerv on Sunday February 28, 2016 @11:01AM (#51602887) Attached to: Mozilla Breaks Its Own Promise, Allows Symantec To Issue Insecure Certificates

"What I don't understand (and maybe because I haven't looked too hard) is what "Old POS terminals" have to do with Mozilla."

The certificates they are using chain up to publicly-trusted roots, and so are covered by Mozilla's policies. In 20-year hindsight, that was a bad idea, but it was a decision taken a long time ago.

Comment Re:zlib (Score 1) 68

by Gerv on Monday October 26, 2015 @05:52AM (#50801523) Attached to: Mozilla Giving $1 Million To Open Source Projects It Relies On

Er, it's a wiki. Add it.

Comment Re: Chrome (Score 1) 97

by Gerv on Monday September 07, 2015 @09:09AM (#50471159) Attached to: Bugzilla Breached, Private Vulnerability Data Stolen

The code for the DRM module Firefox uses is not part of the Firefox build system, but is downloaded at runtime. This can be done whether it's a Firefox built by Mozilla or not. So the DRM question has no bearing on whether you can call your version Firefox or not.

This series of blog posts: http://blog.gerv.net/2010/01/p... explains why Mozilla doesn't let just anyone call their modified version "Firefox".

Gerv

Comment Re: Haha. (Score 1) 97

by Gerv on Monday September 07, 2015 @09:07AM (#50471141) Attached to: Bugzilla Breached, Private Vulnerability Data Stolen

The bug is unfixed for philosophical reasons, not because it's hard to fix. The Bugzilla developers feel history should be immutable.

And there has been no rewrite into another language since that bug was filed; Bugzilla as released by Mozilla has always been in Perl.

Gerv

Comment Re: Haha. (Score 1) 97

by Gerv on Monday September 07, 2015 @09:05AM (#50471127) Attached to: Bugzilla Breached, Private Vulnerability Data Stolen

There was no issue with the Bugzilla software here; the problem was that a user reused their password on another site, which suffered a breach.

Gerv

Comment Work at Mozilla (Score 1) 318

by Gerv on Tuesday July 07, 2015 @08:49AM (#50061871) Attached to: Ask Slashdot: How Do You Find Jobs That Offer Working From Home?

https://careers.mozilla.org/

HTH, HAND. :-)

Comment Boot's On the Other Foot Now... (Score 1) 431

by Gerv on Thursday January 29, 2015 @09:37AM (#48930933) Attached to: Justice Department: Default Encryption Has Created a 'Zone of Lawlessness'

we could have lawful access... that we're prohibited from getting because of a company's technological choices.

Now you know how the public feels when they want to make fair use of some video on a DVD or Bluray.

Comment Self-aggrandizing (Score 4, Interesting) 141

by kylegordon on Monday January 19, 2015 @12:14PM (#48850017) Attached to: Iran Forced To Cancel Its Space Program

FTA "but had to become an American to realize her full potential."

Where others might say "had to leave Iran to realize her full potential" ...

Comment Dan Geer is a founder of computer security. (Score 1) 118

by jg on Friday August 08, 2014 @06:59PM (#47634349) Attached to: Cornering the Market On Zero-Day Exploits

First: In-Q-Tel is the venture capital arm of all of the U.S. intelligence services, including DHS, FBI, etc; not just CIA. DHS, for example, will be blamed for any big security disaster; you should not presume that the motives of the agencies are uniform. Nor is all of what those agencies do bad.... It's the pervasive surveillance we *must* stop, and compromising our security standards. See: https://www.iqt.org/about-iqt/ for In-Q-Tel rather than the Wikipedia entry for Dan.

Second: Dan has never taken a security clearance, over his entire career.

Third: He's actually not a In-Q-Tel employee, but a consultant (full time) for them. This is so that he does *not* have to sign a employee agreement, but can remain able to speak freely. Which he does regularly: See http://geer.tinho.net/pubs for some of his publications. One I sparked him to write recently is: http://geer.tinho.net/geer.lawfare.15iv14.txt in reaction to the information I cover in my Berkman Center talk you can find at: https://cyber.law.harvard.edu/events/luncheon/2014/06/gettys

Fourth: people who know Dan, who is really one of the founders of the computer security field, hold him in very high regard and trust, as I do.

If you look at Dan Geer's career, rather than jumping to unfounded, ill informed presumptions based on news reports that don't bother to go beyond reading the Wikipedia entry, you will find:
1) he managed the development of Kerberous at Project Athena (where I got to know him)
2) he co-authored the famous Microsoft is a dangerous monoculture paper a bit over a decade ago (which Microsoft hated so much they
got @Stake to fire him.
3) he is a holder of the USENEX Flame award https://www.usenix.org/about/flame

In short, guys, he's one of "us"....

Don't be ill-informed slashdotters....

Slashdot Top Deals