Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:CyanogenMod is the only hope for some devices.. (Score 1) 73

Unfortunately, it's not so great at that. I have an HTC Desire (Bravo in the USA) that still works and I'd like to reuse as a SIP client. Unfortunately, it only runs CM 7.2. That would be fine if it were a patched version, but the latest nightly build was 2013 and that's so old that it doesn't contain an up-to-date certificate list or an SSL client library that supports modern versions of the TLS protocol, meaning that you can't use it for anything network connected.

Sure, the device is pretty old, but it has a 1GHz CPU, 512MB of RAM, and up to 32GB of flash on the SD card: that's ample for a lot of uses (it wasn't so long ago that I was using a desktop less powerful!) and throwing it away seems horribly wasteful. It was launched in 2010 and the last release (not nightly) from CM was 2012. That's less long-term support than Apple gives for iOS devices and Google gives for Nexus devices. Unfortunately, there's not much money to be made in supporting hardware that the manufacturers consider to be obsolete.

Comment Re:It's not that easy (Score 2) 178

Time zones compensate for the problem that, in different places in the world, the sun is not at its highest point at the same time. They provide a quantised approximation of a solution so that the sun is at approximately its highest point at noon. Time zones are sufficient wide that the error from being in a different place within a time zone is significantly larger than the error from the small changes in rotation that leap seconds compensate for. If we didn't have leap seconds, this would remain true for about the next thousand years. I propose that in 1,000 years one of the following will hold:
  • The position of the sun will not matter too much to the majority of the human race.
  • Humans will be extinct.
  • Civilisation will have collapsed to the point where a universal time standard is irrelevant.

It's really hard to come up with a scenario in which the problem that leap seconds solve actually exists.

Comment Re:I don't mean to belittle you (Score 1) 175

This is probably a localisation error. English and American use similar words, but for very different meanings. For example:

English: I don't mean to belittle you.
American: I mean to belittle you.

English: With all due respect.
American: With no respect.

English: You're almost right.
American: You are completely wrong in every possible way.

English: I'm sorry but...
American: I'm not sorry, this is your fault.

I hope this helps.

Comment Re:My PowerPoint Rule of Thumb. (Score 1) 38

There are a few horrible misfeatures in PowerPoint. The worst was copied by Keynote in later versions: automatically resizing text to fit. Most of the templates have a large enough font that you can only fit a few key ideas on the slides. That's fine, because you don't want your audience reading the slides, you want them as things to refer to while you're talking. The automatic size reduction feature means that you can just keep adding text until it's illegibly small, long after the point when you'd be unable to keep the attention of the audience while you're speaking.

Comment Re:That's nice.... (Score 2) 30

According to my optician, it's also one of the early signs of diabetes in a lot of people. It's something that they routinely check for (it's very easy to do if you have two photos of the retina from different times and not something that it should be difficult to train an expert system to do). The first time I had my retina photographed, my optician was telling me that the previous week they'd caught early signs of diabetes in a child that they were fitting for glasses: they were able to begin insulin treatments nice and early and significantly reduce the amount of damage that occurred before more obvious symptoms.

Comment Re:Encrypt! (Score 1) 394

Yup, they exist. They do require that you install their root cert on the client device though - I'm not aware of any vendors that have a pre-compromised one (though you can install your own, and I'm sure that intelligence services do). Certificate Transparency would protect you here, because you'd be seeing different certs to anyone else (except people behind the same proxy). Similarly, certificate pinning will work if you've connected to the site from a different location first. Self-signed certs won't help without certificate pinning, because you will just see a self-signed cert in both cases (unless the box signs even unsigned certs, in which case you might notice that you're not prompted that the encrypted connection is untrusted when it's been MITM'd).

Comment Re:Encrypt! (Score 5, Informative) 394

The absolute irony is that visiting a site with a self-signed certificate shows the user a warning error (I understand why, don't worry) yet the resulting HTTPS exchange is actually immune to any and all eavesdropping. When visiting a site with a cert authority signed certificate, no error is displayed, yet this connection is vulnerable to anyone who has broken/intercepted the chain of trust

Not quite. Both connections are entirely safe from passive eavesdropping. Even if I've compromised a root cert that you're using, that doesn't let me decrypt TLS traffic. It does mean that if I am actively performing a man in the middle attack on you, then you won't notice, because during the initial key exchange you'll connect to me and establish a secure connection and I'll connect to the remote server and establish a secure connection. You'll trust me because I'll use a cert signed by one that I trust. The difference between this and a self-signed cert is that when the server uses a self-signed cert, there's no need for me to compromise a root cert that you trust: I can still perform the MITM attack and you won't know the difference.

Certificate pinning protects you from this to a degree: If you connect to a server twice and the certificate changes, then there may be a problem. On the other hand, there might not be, and with a self-signed cert, you can't revoke it if it's compromised and you can't easily advertise the fact that this is a replacement cert from the same person (unless you properly self-sign, rather than simply not signing, and people pin your signing cert).

Certificate transparency protects in both cases, by providing a public log of all of the certificates that have been seen by people connecting to the server. If the server operator sees a cert that they didn't issue, or if you see a cert that's not the same one that other people are seeing, then something is wrong.

Slashdot Top Deals

APL is a write-only language. I can write programs in APL, but I can't read any of them. -- Roy Keir