Having the private key and sniffing is (simetimes!) insufficient for breaking TLS. The concept is "perfect forward secrecy."
I wouldn't say that, "SSL isn't all that secure when someone has complete control over your traffic." An adversary with control over your trust store is a problem, particularly because all of the CAs in your trust store can issue certs for any domain.
I don't think such a thing would be popular. Most people don't care, but those few that do would find it easier to use a service with a better privacy policy. Perhaps Bing or Yahoo! could profit from the backlash in the unlikely event that one should materialize.
"Working in partnership with Microsoft and elements of the Department of Defense, NSA leveraged our unique expertise and operational knowledge of system threats and vulnerabilities to enhance Microsoft's operating system security guide without constraining the user to perform their everyday tasks, whether those tasks are being performed in the public or private sector,"
This is software from Microsoft which helps prevent unpriveleged users from altering your computer in any way. Install this, enable the guest account, and switch users when people ask to borrow your machine. You'll need a password on your account, of course.
Microsoft.doc is arguably the worst format ever. It's pretty much just a dump of Word's internal state. To make it work, you pretty much have to re-implement MS Word.
I don't think nutter is a particularly harsh term. Have you heard him sing?
Java is not a trap. Never was. Something like Java could have contributed to a world in which Linux on the desktop might have been more useful to more people. Java pre-installs on Windows fizzled because of legal issues, and on Linux fizzled because of unfounded fears.
Now the only de-facto universal platform is web+flash. Stallman will tell you that's a trap too.
You expect hardware vendors to make enormous usability investments -- enough to compete with Microsoft and Apple?
That's insane. Hardware companies are not going to be the ones that finally make a usable desktop Linux.
They would invest all that time and effort and then what would happen? Their competitor could use it for free because it's open source. Hardware vendors simply don't have the incentive to do this.
In this case the way it worked was that features were added for the sponsor's version of the project, and were covered by NDA some some period of time after which they were allowed to be folded into the main project. I understand there was some tension there: both between the developer and the community and between the employer and the developer. An NDA/noncompete is a difficult thing to enforce because contributions to open source projects may be made anonymously or under false names. People get suspicious.
In terms of ethical issues, I think it depends on the extent to which this really is your work. If you take the cash and implement the ideas of others in the community or make very extensive use of what you learned there I think that is an issue.
Yeah, remember when some bozo was doing static code analysis on Debian's SSL implementation? He removed a 'finding' that resulted in Debian generating very weak keys. The flaw has been attributed to incompetence, but who is to say it wasn't malice?
I think there was another story that had something to do with some dirstro leaking the password to their package respository. Actually, I think that may have also beeen Debian.
Newer versions of older protocols (LDAP, POP, IMAP) have features like StartTLS and SASL. It is interesting because these methods offer a way to standardize the way encryption and authentiction methods get build into a protocol.
Any producer of perishable agricultural food products who suffers damages as a result of another person's disparagement of any such perishable agricultural food product, when the disparagement is based on false information which is not based on reliable scientific facts and scientific data and which the disseminator knows or should have known to be false, may bring an action for damages and for any other appropriate relief in a court of competent jurisdiction. Oklahoma's is less reasonable.
The answer to what you see as a problem is likely answered by the notion of "agency" or on whose behalf the software is acting.
If the software blocks incoming messages at the behest of the recipient, as is the case with spam filtering and "do not disturb" type IM configurations, it's obvious that the software is acting as an agent for the user wherever the code is running.
The law is cheifly concerned with the actions of men and not of the tools they use. This is the right way to do things.
You're willfully misreading my words in order to insinuate that I would support loyalty oaths. This will be the last reply I write to you as I regard you to be dishonest.
What's elitist is the claim that there is no right to free speech seperate from ownership of property. The idea of public property an an open forum is important to me. What makes the first amendment important is its implications to public property. Mr. Kinsella is totally against the concept of public property. "What I am getting at is that the state does own many resources, even if (as I and other anarcho-libertarians believe) the state has no natural or moral right to own these things," he writes.
In Mr. Kinsella's ideal world, all property is private. Everywhere you go, you do so at the pleasure of a property owner. Everything you say or do while there is dependant upon remaining in his good graces.
What is monarchy but anarcho-libertarianism with a single property owner? That's why I say he's an elitist.
His arguments come not from a desire to promote innovation or practical concerns, but rather are rooted in disdain for democratic government.
Among other gems, he insists that there is no right to free speech, but only a right to property from which a right to speech derives. With a straight face he tells us that speech is a right which belongs only to those who own property. Elitist douchebag.
Unfortunately defending against even an unfounded libel suit could be very costly. We've seen here on slashdot how lawyers can deprive you of liberty and property if you speak ill of them or their wealthy clients. Criticizing even an obvious scam : http://en.wikipedia.org/wiki/Who's_Who_scam : can get you into serious trouble in this country.
I agree, when I install an antivirus product the very first thing I do is disable all the "real-time" protections. They're usually more trouble that they're worth. A scheduled scan is good enough.
Slashdot Mirror
American values are better. Western humanism is better.
There is no sense pretending to be objective. No objective point of view exists.
Having the private key and sniffing is (simetimes!) insufficient for breaking TLS. The concept is "perfect forward secrecy."
I wouldn't say that, "SSL isn't all that secure when someone has complete control over your traffic." An adversary with control over your trust store is a problem, particularly because all of the CAs in your trust store can issue certs for any domain.
Pah! Yesterday's news. We're up to Feces Cloud 2.0 Cloud. By next year we should have Feces OS, built on top of GNU Turd.
I think you missed an opportunity for a fart joke.
I don't think such a thing would be popular. Most people don't care, but those few that do would find it easier to use a service with a better privacy policy. Perhaps Bing or Yahoo! could profit from the backlash in the unlikely event that one should materialize.
DISA and the NSA produce guides.
http://iase.disa.mil/stigs/stig/index.html
http://www.nsa.gov/ia/guidance/security_configuration_guides/index.shtml
They're patting one another on the back because they worked on the guide before Windows 7 was released.
Here is a real answer:
http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx
This is software from Microsoft which helps prevent unpriveleged users from altering your computer in any way. Install this, enable the guest account, and switch users when people ask to borrow your machine. You'll need a password on your account, of course.
...constantly playing catch-up to Microsoft.
Microsoft .doc is arguably the worst format ever. It's pretty much just a dump of Word's internal state. To make it work, you pretty much have to re-implement MS Word.
I don't think nutter is a particularly harsh term. Have you heard him sing?
Java is not a trap. Never was. Something like Java could have contributed to a world in which Linux on the desktop might have been more useful to more people. Java pre-installs on Windows fizzled because of legal issues, and on Linux fizzled because of unfounded fears.
Now the only de-facto universal platform is web+flash. Stallman will tell you that's a trap too.
RMS is a nutter.
You expect hardware vendors to make enormous usability investments -- enough to compete with Microsoft and Apple?
That's insane. Hardware companies are not going to be the ones that finally make a usable desktop Linux.
They would invest all that time and effort and then what would happen? Their competitor could use it for free because it's open source. Hardware vendors simply don't have the incentive to do this.
In this case the way it worked was that features were added for the sponsor's version of the project, and were covered by NDA some some period of time after which they were allowed to be folded into the main project. I understand there was some tension there: both between the developer and the community and between the employer and the developer. An NDA/noncompete is a difficult thing to enforce because contributions to open source projects may be made anonymously or under false names. People get suspicious.
In terms of ethical issues, I think it depends on the extent to which this really is your work. If you take the cash and implement the ideas of others in the community or make very extensive use of what you learned there I think that is an issue.
Yeah, remember when some bozo was doing static code analysis on Debian's SSL implementation?
He removed a 'finding' that resulted in Debian generating very weak keys.
The flaw has been attributed to incompetence, but who is to say it wasn't malice?
I think there was another story that had something to do with some dirstro leaking the password to their package respository. Actually, I think that may have also beeen Debian.
Newer versions of older protocols (LDAP, POP, IMAP) have features like StartTLS and SASL. It is interesting because these methods offer a way to standardize the way encryption and authentiction methods get build into a protocol.
I made a few assumptions.
Enter the HTTPS proxy.
The answer to what you see as a problem is likely answered by the notion of "agency" or on whose behalf the software is acting.
If the software blocks incoming messages at the behest of the recipient, as is the case with spam filtering and "do not disturb" type IM configurations, it's obvious that the software is acting as an agent for the user wherever the code is running.
The law is cheifly concerned with the actions of men and not of the tools they use. This is the right way to do things.
You're willfully misreading my words in order to insinuate that I would support loyalty oaths. This will be the last reply I write to you as I regard you to be dishonest.
What's elitist is the claim that there is no right to free speech seperate from ownership of property. The idea of public property an an open forum is important to me. What makes the first amendment important is its implications to public property. Mr. Kinsella is totally against the concept of public property. "What I am getting at is that the state does own many resources, even if (as I and other anarcho-libertarians believe) the state has no natural or moral right to own these things," he writes.
See http://www.lewrockwell.com/kinsella/kinsella18.html
In Mr. Kinsella's ideal world, all property is private. Everywhere you go, you do so at the pleasure of a property owner. Everything you say or do while there is dependant upon remaining in his good graces.
What is monarchy but anarcho-libertarianism with a single property owner? That's why I say he's an elitist.
His arguments come not from a desire to promote innovation or practical concerns, but rather are rooted in disdain for democratic government.
Among other gems, he insists that there is no right to free speech, but only a right to property from which a right to speech derives. With a straight face he tells us that speech is a right which belongs only to those who own property. Elitist douchebag.
A narrow majority and the president's veto authority.
Of course, a principled conservative might oppose the patriot act in support of smaller government, but conservatives are on the whole unprincipled.
Unless you had another stop to make before returning home such that you go around the earth.
Dallas > London > Tokyo > Dallas (maybe)
It's been covered on Slashdot, http://yro.slashdot.org/article.pl?sid=07/10/16/1918204&from=rss : people still use NNTP to pirate material, IRC too.
It wouldn't surprise me if someone out there is using Gopher to pirate material.
Unfortunately defending against even an unfounded libel suit could be very costly.
We've seen here on slashdot how lawyers can deprive you of liberty and property if you speak ill of them or their wealthy clients.
Criticizing even an obvious scam : http://en.wikipedia.org/wiki/Who's_Who_scam : can get you into serious trouble in this country.
I agree, when I install an antivirus product the very first thing I do is disable all the "real-time" protections. They're usually more trouble that they're worth. A scheduled scan is good enough.