Slashdot Mirror


User: JohnFen

JohnFen's activity in the archive.

Stories
0
Comments
4,432
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,432

  1. Re:Carmack on Snow Crash on Facebook Buying Oculus VR For $2 Billion · · Score: 1

    I'm sure there's going to be a lot of people terrified because of imagined privacy implications, but I'm still fascinated to see where this ride takes us.

    I was too until I heard that Facebook was involved. That evaporated all the excitement in one single moment.

  2. Re:Question! on Facebook Buying Oculus VR For $2 Billion · · Score: 1

    In your opinion, is it better than having Oculus VR bought by Microsoft?

    In my opinion, it would have been much better if Microsoft bought it over Facebook. They'd both be bad, of course, but Microsoft is the clear lesser of two evils in my view.

  3. Re:Kickstarter is not an investment on Facebook Buying Oculus VR For $2 Billion · · Score: 1

    It's being killed off in this sense: Facebook owns it now. Facebook is incredibly toxic and untrustworthy. To a lot of people (myself included), if Facebook owns it then it's untouchable regardless of whatever merits it may have. So, as far as I'm concerned, it's been killed off.

    Which is sad, as this is literally the only exciting new game-related thing that I've seen in a lot of years.

  4. Re:Not only Linux on Speedy Attack Targets Web Servers With Outdated Linux Kernels · · Score: 2

    Oh, hell, looking through that list... there are Windows Server installations in there as well!

  5. Re:It would be nice to know what Web Server... on Speedy Attack Targets Web Servers With Outdated Linux Kernels · · Score: 1

    One edge of that sword is a lot duller than the other. The cracker community is likely already well aware of how the exploit works (they do talk with each other frequently, after all), so it would most likely be a case of telling them what they already know.

  6. Re:Not only Linux on Speedy Attack Targets Web Servers With Outdated Linux Kernels · · Score: 1

    So then it's very likely not a kernel exploit.

  7. Re:It would be nice to know what Web Server... on Speedy Attack Targets Web Servers With Outdated Linux Kernels · · Score: 1

    If you don't know what the exploit is, then why are you implicating the 2.6 kernel? Particularly when that's not much better than just saying "the kernel", as 2.6 covers a ton of versions.

    The implication is that you have some idea of what the exploit looks like. If that's true, you could be more helpful. If that's not true, you're misleading people.

    My suspicion is that this is yet another scare story intended to help the sale of Cisco products, and that it's based on almost nothing.

  8. Re:Downgrading is a horrible idea. on A Call For Rollbacks To Previous Versions of Software · · Score: 4, Insightful

    Sure, occasionally it would be nice to go back.

    Or more than occasionally, if I've forgotten to turn of the abomination that is automatic updates.

    The upgrade might be required to work with changes to the back-end server for example.

    Which is yet another point in the lengthy list of reasons to avoid anything that depends on the cloud or proprietary third party servers to function.

    Ultimately, the best solution is for the users to quit being such whiney bitches.

    Ultimately, the best solution is for developers who can't bring themselves to actually take customer needs and desires seriously (or at least to stop insulting them) to get out of the business that they obviously loathe.

  9. Re:Yes they did. on Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees? · · Score: 5, Interesting

    Intercepting the network traffic of dishonest employees stealing company time and network access is perfectly legitimate

    Why are you assuming that the employees are dishonest and stealing company time and access? My company specifically allows personal use of their network (within certain limitations), so nobody here is being dishonest.

    as is the company reselling the captured personal data in the open market.

    That's nowhere near legitimate, regardless of whether the employee is honest or not. That's an even greater level of dishonesty than someone checking their bank account on company time. If I found a company did that to me, I'd sue them as hard as I could, and I think I would have a decent shot of winning.

  10. Re:Maybe the company's not actually doing it? on Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees? · · Score: 1

    "Unjustly"? How do you figure that? Regardless of just-ness, it's still a MITM attack,

  11. Re:Just don't use the employer's Internet on Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees? · · Score: 1

    If you are using an employer's resources to surf the internet just figure that *everything* you do is monitored.

    Absolutely correct. And one of the ways they monitor network traffic is by performing MITM attacks. Why do you think it's ridiculous to say so?

  12. Re:not at all what you think on Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees? · · Score: 1

    So you give an example of what the OP is talking about, but he's an idiot? Huh?

  13. Re:Mobile phone hotspot on Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees? · · Score: 1

    (Posting as AC because I lost my ~1997 account long ago and can't bear the shame of a new one with a high uid)

    Suck it up, buttercup! I lost my old (5 digit UID) account long ago, and had to make a new one. The shame passes with time.

  14. Re:Is there a way to route through cell phone? on Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees? · · Score: 1

    Yes, look into tethering.

  15. Re:Paranoia on Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees? · · Score: 1

    It may be baseless, but it's a necessary assumption. A MITM attack means that, effectively, you are transmitting data in the clear. It is good security practice to assume that all such data is being recorded and/or logged.

  16. Re:I suspect... on Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees? · · Score: 1

    This is how you do a transparent proxy with SSL. It doesn't mean that data is being stored somewhere, it just means you're taking reasonable precautions to protect against malware/spam/internet threats.

    But it does mean that users can't trust the system.

  17. Re:Rare +6 comment on Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees? · · Score: 1

    How is it not an attack? I don't understand the argument.

  18. Re:Not MITM on Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees? · · Score: 2

    Technically, it's a MITM attack even if the user is notified of it.

  19. This is the single worst reason for doing it.

  20. That's funny! I'm still of the opinion that not enough sites require HTTPS. It should be 100% of them.

  21. Conversely, no employee should trust their employer's network so much that they'd be willing to attach their devices to it. And they should absolutely not allow the company to install any software on their devices.

    So, win/win!

  22. Extremely.

  23. Re:Maybe the company's not actually doing it? on Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees? · · Score: 5, Insightful

    The company does not own the employee, and does not own the server that the employee is talking to, and so it really is a MITM attack. The company is the middle.

    Your advice is on the nose, though. It is impossible to trust any employer run system, and therefore you should never, ever do anything of a personal nature on company systems. Even if, as where I work, using the company systems for reasonable personal use is allowed.

  24. Re: Yes they did. on Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees? · · Score: 3, Interesting

    If your company cannot see the contents of HTTPS communications then you're right, they're just proxying and not performing a MITM attack. That is not what we're talking about here, though -- we're talking about actual MITM attacks which let the employer examine the encrypted datastreams.

    And yes, it is an attack -- even if it's legal and you can make a good case for doing it, it's still an attack. It doesn't have to be "abusive" to qualify.

  25. Re:Yes they did. on Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees? · · Score: 4, Insightful

    In the US, this is totally legal, although there may be disclosure requirements (I'm not sure). The "my system, my rules" argument wins. My workplace does this, and they informed me that they do this when I was hired.