Become a fan of Slashdot on Facebook


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment uh..really? (Score 1) 171

That Venus is not the work of Andy Warhol if I remember correctly. (Well, he might have done the HAM-fisted cut and paste of the third eye in the middle of her forehead..)

I remember seeing it on the cover of one of the Amiga magazines as the full reproduction. I realize that Warhol stole most of what he did from other artists, but surely this has to be a joke.

Comment Re:Missing the reality of what kids do to insects (Score 1) 512

If I recall correctly, the Donner Party didn't undertake cannibalism because it was entertaining or educational.

And while arguments can be made against the necessity of killing animals for sustenance - there are many mechanisms that we employ to make life better on what ultimately ends up on our dinner table. (Free range whatnot, humane slaughtering, etc)

Comment Re:Why do we trust SSL? (Score 1) 233

With regards to the question about becoming your own signing authority - it's not that difficult really from a technical standpoint. If you've ever generated a self-signed certificate you've satisfied the most basic mechanics of the operation.

The rub is getting your root certificate onto clients. A good example of this is the process that Microsoft requires - you must have infrastructure that meets certain criteria with regards to security (physical and digital), submit to third party auditing once or twice a year, etc etc. None of which is very difficult as long as you have the money and tick off all the boxes on the checklist.

However, consider for a moment that it's not just Microsoft you have to deal with, but Apple, Firefox, Opera, Chrome/Google, Android, Nokia, WaWei(sp?), etc.

There's no guarantee that an application will utilize an OS-wide keystore, and in some cases they don't - but ship their own list of 'trusted root ca' certs.

So with each vendor that provides an application or operating system you have to then convince them that you're (1) trustworthy (2) a big enough player that they should even bother. And even then, what motivation do they have to do YOU the favor of shipping your cert? There's more than likely for lack of a better term "distribution fees", (rhymes with payola) to get your cert out there into the world.

An alternative to this is that you get an intermediate CA certificate from an existing CA (which negates any security you would bring to the table being a sub-root to someone else who could just create a cert pretending to be you) - but there's very little motivation aside from providing a skeleton key to your certs as a root ca because if you're reselling certs that's less certs for them to sell anyway.. why would they dilute the market like that?)

Long story short - the SSL certificate business is essentially a money printing operation that if you want a slice of, you'd need to grease a lot of palms (some of which are probably ungreasable), spend a lot of money.

This will likely never change because there's no motivation for existing players to change it and plenty of motivation for them to keep it as is.

If you want the security of rolling your own keys and don't have the infrastructure to deploy them to clients through an installer (i.e. you're an online vendor that accepts 'walk-in' internet traffic) - you're screwed.

If you run your own network and want to provide SSL services without using any upstream providers - just make deployment of your cert part of machine imaging / bring-up / maintenance.

Comment Just wait.. (Score 3, Insightful) 404

If they really were thinking about customers, the contract would be a no-penalty cancel-anytime-you-want contract that would lock you in for a specific price for a non-trivial amount of time.

I'm skeptical and will stick with AT&T out of laziness for a while. Prove me wrong T-Mobile and I'll switch. But even though cellular has been one-sided customer-screwing contracts since the inception of the service - contracts can actually protect _both_ parties if you do them right. No contract == No guarantee.

Slashdot Top Deals

For every complex problem, there is a solution that is simple, neat, and wrong. -- H. L. Mencken