Become a fan of Slashdot on Facebook


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Never saw that coming (Score 1) 209

"The purpose of these CAs is to Verify the Identity of the Domain Name for the purpose of establishing TLS connections. They verify DNS domain name Identity, Not Organizational Identity."

Your point? Unless there's a DNS compromise, AND a cert is issued by a widely accepted CA which doesn't verify the actual domain, it's not a real issue. Someone trusting a link to isn't an https/cert issue, it's an issue of ignorance. It's not any more serious than a fishing attempt which looks for email responses, or Rachael from Cardholder Services calling and asking for a credit card number and someone believing them. And what if someone does create a real "Organizational Identity" of Paypall? Then the difference between DNS and organizational identity is nil. Ultimately, people have to exercise due diligence, or they'll get burned. Trying to tell them that there are technical solutions for their naivete is a counterproductive lie, only instilling a false sense of security.

What's really interesting is that the /. cert is also issued by "Let's Encrypt."

Comment A couple questions (Score 1) 73

What's the existing license? Is this a migration from copyleft to a more permissive license, or is this a migration from an unusual license (some kind of openbsd license?) to something more standard?


Oracle is proud to extend its collaboration with the OpenSSL Foundation by relicensing its contributions of elliptic curve cryptography

What company that Oracle has bought originally contributed this?

Comment Re:And... (Score 1) 69

It damn well better make the "communicator sound" when you open it!

Didn't hold the Moto MicroTAC back.

Summary:"like every other device out there, but one that is unique in some aspect."

They already have Windows phones which are unique - no one wants them. Form over function is not a way toward getting significant market share. Unique in the current smartphone OS market would be respecting people's privacy, providing timely security updates which don't depend on carrier support, and a firm legal commitment to long term support so people aren't forced into a 2 year upgrade cycle. Add whatever it takes to get developers to support app parity on this new OS, and I'll consider it.

Comment Re:Sorry, it's time has passed (Score 3, Interesting) 171

OS/2 got interrupt handling exactly right. I could format a floppy, play Wolfenstein in a window, and have a mod tracker playing in the background on a 486/25. BeOS got close but was never quite as good.

My Linux machine today can't copy to a USB hard drive without making the rest of the system unusable.

It seems like Linux could still learn some tricks from these old OS's.

Comment Re: but you arent a traditional CA (Score 1) 209

Typosquatting has been a problem for twenty years and DV certs fo at least half that time. Why would this suddenly be Let's Encrypt's problem? $4.95 has never stopped phishing attacks before.

Any typosquatting solution is going to be entirely locale dependent - the only place to handle that is at the browser. Give Google and MoFo hell about never caring about this. For all I know the Khazak word for "hot pizza" looks like "citibank" but it's definitely not a job for Let's Encrypt to deny that pizza place a cert. If we insist they do, they will either fail to succeed or give up and go home. Cui bono?

Comment Re:but you arent a traditional CA (Score 1) 209

The entire reason this is happening is because the browser vendors got a stick up their ass and required HTTP/2 connections to be run over TLS.

And by that, you mean the browser vendors realized that "unsafe by default" is a shitty choice for a widely used Internet standard.

For the "HTTPS-everywhere" has basically made website operators costs double if they want to jump on that bandwagon because the bandwidth costs explode when they can no longer be cached.

Totally worth the tradeoff for making strong encryption the expected default.

Slashdot Top Deals

The faster I go, the behinder I get. -- Lewis Carroll