Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment "Bug that takes forever in generating keys" (Score 1) 216

TFA reads like a classic example of "User refuses to learn to use screwdriver, complains all fasteners are hard to use."

* Author seems to think encryption is a simple magic bullet.
* Author doesn't even bother reading the manual for the tool.
* Author reviews only one tool in a large family of tools, blames the entire family of tools for his own ignorance and incompetence.
* Author doesn't know about the problem space, has expectations that reveal a tragic level of misunderstanding.

The bottom line is encryption is easy.... authenticity is not.

Without authenticity, encryption isn't terribly useful.

Authentication isn't a problem that's been remotely solved. If you have a better idea than the following two, you're going to make a fortune:

- A web of trust requires real effort on the part of the user to work - you have to attend a few keysigning parties for it to work. Even then, can you really trust a web of trust?
- A trusted third party model assumes a third party is actually trustworthy -- which experience has shown isn't really the case.

Comment Re:PKI itself is the culprit (Score 1) 216

But if the PKI infrastructure makes it really hard to manage certificates, there's not a lot the mail user agent can do about that!

I've been using PKI infrastructure for about as long, and my experience has been very different, even with non-technical users.

I'm curious what issues you're running into that makes it "really hard to manage certificates." Perhaps your definition of difficult differs greatly from mine..

Comment Re:So much doubletalk and bullshit ... (Score 3, Interesting) 68

So it wouldn't surprise me at all that the banks want to negotiate a lower service fee (much like the UK and Russia have done).

I have zero sympathy for the stores, however, whose motivation is clearly to track their consumers, and sell the invormation. You know, little things like tracking what we spend, what we buy, how much we spend, where, what time, and so on. Very much like how in the days before EMV, the magstripe on a credit/debit card was (and still is) used to track consumers in the US.

It's shockingly invasive (and creepy) to start getting advertisements for baby needs the same week I bought my first Baby bottles in anticipation of my firstborn. My transaction information was clearly bought and sold. Who needs Big Brother to watch when every major store and payment provider is just as invasive.

Comment Re:180 from "Don't be evil" (Score 1) 229

This is complete opposite from "Don't be evil". This is outright intrusive and evil.

Big brother is real... he's just not a government employee, nor does he work for Apple or Microsoft.

When Google does absolutely anything that's pro-user and pro-privacy at the cost of advertiser intrusiveness, I'll re-evaluate that statement.

Comment Re:Connected devices (Score 1) 229

I'm generally in the camp of "If your 2nd factor is an app you're doing it wrong".

2nd factor is pretty worthless if it doesn't require human interaction, otherwise, you get malware working with a keylogger to silently connect over Bluetooth and obtain valid 2nd factor as long as you're within range.

Comment Re:Completely unfocused (Score 1) 319

Rust is the only thing with a shadow of a promise to tackle either of those two problems.

The idea that Rust is the only thing with promise to address either is pure bullplop, and a lousy pretense to justify their NIH asshattery.

* Rust is not the only memory safe language. Seriously, they've been around for decades now.
* Rust is not the only concurrent language. Again, concurrency isn't a new problem, and solutions have existed for decades.
* Rust sure as hell isn't the first concurrent and memory safe language.

It reminds me of the first chapter of Mozilla's history: Back between 1998 and 2002, Mozilla shipped nothing. The only thing to come from them were promises and platitudes.

Instead of shipping a browser for users, and promoting an open web in the now (when it mattered), Mozilla implemented an entire cross-platform userspace, and after that, they started working on a browser. Mozilla was perpetually late, and was perpetually delayed.

By the Mozilla shipped anything, you couldn't log into most banks without IE running on Windows.

KDE's developers also know of the "promise" of Mozilla, except they saw it for the lie it was. KDE did in one year what Mozilla couldn't do in four: write a clean, lightweight W3C compliant web browser from the ground up.

The rest is history...

History, it seems, is repeating itself. Instead of promoting an open web and shipping a modern product, Mozilla is (yet again) leaving us with a stagnant turd while it wastes time it doesn't have re-implementing the wheel again.

Comment Re:Comparing it to a Rolex? (Score 1) 406

We'r emote or less agreeing here: Few apple watches will ever be an heirloom (and even then, purely for sentimental reasons, much like an old pair of sneakers owned by somebody).

Rolexes are an entirely different animal - they are heirlooms, and that's my entire point: It's not terribly clever to compare a Rolex, which will be around for decades against something that'll be junked in a few years.

It's not all that different from comparing a Rolex to a Garmin fnix. They both tell time, but it's a ridiculous comparison to begin with.

Even Apple realized that mistake: They don't even sell a gold version anymore.

Slashdot Top Deals

You will be successful in your work.