Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Hope for Hurd yet? (Score 1) 83

Still going, and you can get a Debian distro. They've got rid of that 2 Gb limit on disk (originally it was linked to the addressable RAM), but it's still 32 bit and things like USB don't seem to be there yet. Most people seem to be running it in emulation rather than on the metal..

Comment Re:Space Patrol Unsatisfactory (Score 1) 180

We have several security measures, so it is not possible to make a good forgery. However a significant proportion of our £1 coins are conspicuous forgeries and still circulate, so a forgery doesn't need to be good to be viable. I'm pretty sure that starch-free paper with the same handling feel would be enough to pass muster for many purposes, if you could get a photocopier to work with them.

Comment Re:Like all One-Size-Fits-All approaches.. (Score 1) 243

Again: I am unaware of any auditing requirements. What auditing do you believe takes place, who is placing the requirements, and what is your source for this information?

In respect of dual signature, the key word is "green" - this would be appropriate for validated domains such as banks, not necessarily for all hosts.

An advantage of a WoT model is that it is possible to give partial trust to different signers, and set a policy to trust a site once there are enough partially trusted supporters for it. This means that the system need not be fragile to a lapse in a single signer. At base though, you can have something exactly equivalent to the current single-signer model by issuing the root public certificates for the current CAs with the operating system.

Comment Re:Like all One-Size-Fits-All approaches.. (Score 1) 243

As far as I know, it is not true to say that CAs are audited, and in fact there are well-known problems with CAs signing stuff that they shouldn't.

An advantage of the web of trust model is that you can incorporate CAs as parties that you trust (exactly as for the current model), but you can also require multiple signatures, which as far as I know is not possible with the current model. You might, for instance, require that two of the current CAs have signed a certificate before it lights up as "green" in a browser URL bar.

Comment Why is googlecode used? (Score 1) 179

I use NoScript. The demo site requires code from to be permitted. While the Javascript provided by Google may be innocuous, I would personally not make this assumption. I don't think that it would be possible for it to get the private key, but I would suspect that it would do datamining which would reveal the email addresses in use.

Comment Re:I guess the Vatican doesn't want (Score 1) 323

First of all, you're forgetting where the Bible even comes from []. The Bible is not the sole rule of faith, was never intended to be...

The church existed before the New Testament was written - yes. However that does not mean that the Roman church was responsible for its production, or the that the various writers agreed with the emerging traditions of Rome. The gospel of Matthew, for instance, appears to have been written by and for Jewish Christians, and in ch 15 (part of the Sermon on the Mount) clearly states that all of the existing Law still applies to Christians - a view diametrically opposed to that of Paul (Peter appears to have swithered on this question, according to Acts).

Comment Re:In other words (Score 0) 517

No, the difference is that the economy of the US depends on continual borrowing, both for funding, and to control some aspects of the economy by setting the interest rate. If the US printed too much currency, existing bonds (loans) would become devalued, which would make it much more expensive to take out new loans, which is done several times per year. Hence no US govt would want to print its way out of trouble.

Comment Re:Why the fuck does a PIN pad get the bank detail (Score 1) 162

That's not how a GSM SIM works (I am working on a couple of SIM products). Firstly, most of them don't have crypto coprocessors. Secondly, the PIN (or PIN2) doesn't wake anything up. Entering the PIN is required to get access to some of the files on the SIM, so it's more like entering a password the first time you use sudo. However there have been proposals for SIM toolkit financial applications which would work roughly as you describe.

Slashdot Top Deals

Stinginess with privileges is kindness in disguise. -- Guide to VAX/VMS Security, Sep. 1984