Slashdot Mirror


User: Nursie

Nursie's activity in the archive.

Stories
0
Comments
4,686
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,686

  1. Re:Privacy on Fingerprint Test Tells Much More Than Identity · · Score: 1

    Do "most" places really do that in the US?

    It's really unusual here in the UK. I could see it being slipped in under the radar without too many people making a fuss - it only affects druggies right! - but I've yet to take a test.

    not that it would be positive, anyway.

  2. Re:Queue the jokes, and something serious... on Apple Sued For Turning Workers Into Slaves · · Score: 1

    Eating too much, buing chinese crap and leeching off the rest of the planet.

    Also there are more of us and we have a bigger economy.

  3. Re:Queue the jokes, and something serious... on Apple Sued For Turning Workers Into Slaves · · Score: 1

    Ooh, lets see -

    Europe has better cars than the US by a long way, we have the world's largest financial powerhouse (London got the jump on NY a little while back). The fact that the computer business is mostly american (fronted, with all the real work done in the far east) is less relevant.

  4. Re:Err,actually... Europe is horridly uncompetitiv on Apple Sued For Turning Workers Into Slaves · · Score: 1

    Who gives a fuck about france?

    Now they've gone too far the other way, and no denying. It doesn't help that they discriminatory laws based on age, either.

  5. Re:Queue the jokes, and something serious... on Apple Sued For Turning Workers Into Slaves · · Score: 1

    "Suuuuure... because the best chip designers (Intel and AMD) are European,"

    Oooh, like all the best cars come from the USA?

    By the way, more money flows through London now than anywhere else on the planet. We overtook Manhattan some time ago.

  6. Re:Queue the jokes, and something serious... on Apple Sued For Turning Workers Into Slaves · · Score: 1

    "This is not something I can avoid by changing a job - I am forced to pay up under the threat of force. And you call having a less-than-perfect contract slavery?"

    No, I call being forced by simple social pressure (you need a job, all jobs involve X amount of unpaid overtime) a bad thing.

    "Are you joking? The reason why some people work less hours is exactly because we have a slave economy in Europe - other people work for them."

    Eh, no it isn't. I'm sorry, but there's no hidden army of people working 95 hours a week to make up for my working 37.

    Now, if you want to talk about the unemployed, and how those of us working 37 hours a week are funding them, then you have a different argument. But the european economies do not run on routine overtime for all.

  7. Re:Queue the jokes, and something serious... on Apple Sued For Turning Workers Into Slaves · · Score: 3, Funny

    Eh no, sorry bub, we're not just leeches on the great ol' US.

    We're actually very similar to the US - we live on debt and cheap shit from China.

  8. Re:Queue the jokes, and something serious... on Apple Sued For Turning Workers Into Slaves · · Score: 5, Informative

    "They can't fire you for not working overtime. "

    Yes, yes they can, they can fire you without even giving a reason in any of the "at will" states.

  9. Re:Queue the jokes, and something serious... on Apple Sued For Turning Workers Into Slaves · · Score: 0, Troll

    Ignorant american assumes that nobody else could possibly have any insight into his own country because everyone else on the planet is inferior to the GOD DAMNED FREEEST COUNTRY ON THE PLANET!!!!

    FUCK YEAH! If you aren't doing it our way you must be some sort of fucking retard communist!

  10. Re:Err,actually... Europe is horridly uncompetitiv on Apple Sued For Turning Workers Into Slaves · · Score: 2, Insightful

    Umm, no, we are about as productive, as the US suffers from "presenteeism", where people show up and don't do anything.

    There's only so many useful hours of work you can get out of someone in a week. The law of diminishing returns applies here.

  11. Re:Queue the jokes, and something serious... on Apple Sued For Turning Workers Into Slaves · · Score: 2, Insightful

    "Successful people don't whine about their circumstances - they go out and try to change them."

    And this is why the US races to the bottom on workers rights and pay.

    There's more to life than work, and being coerced into working hundreds of extra hours a month because you don't have much choice (everywhere does it) and "that's what you do if you want to succeed". It's a very quick way to have an overworked and underpaid population with all the money staying at the top.

    Europe manages to be competitive with the US and yet we work less hours and (due to exchange rates) usually get paid more.

    Successful countries don't need a slave economy.

  12. Re:This won't have an effect in Belgium on IBM Granted "Paper-or-Plastic?" Patent · · Score: 1

    Still semi-common in the UK.

    I've only seen them recently on four packs of beer cans.

  13. Re:Just wait ... on Lessig Predicts Cyber 9/11 Event, Restrictive Laws · · Score: 1

    No, no it isn't, you just have to click through or make sure to pre-distribute your keys.

    That's not blocking, it's good sense to stock Joe six-pack getting scammed. SSL without authentication could extremely easily be monitored by your favourite (government co-operating) ISP.

  14. Re:One Question on Mozilla SSL Policy Considered Bad For the Web · · Score: 1

    No it doesn't. It requires sniffing a dns packet and spoofing the response.

    Easy to do with a script.

  15. Re:For How Long? on Linux Pre-Installs In the UK Hit 2.8% · · Score: 4, Informative

    Actually, with the eee 901s it's probably better than that.

    I know of a fair few folks here that couldn't get the linux 901 (distribution problems apparently) and so eventually caved, bought an XP model and linux'd it.

  16. Re:One Question on Mozilla SSL Policy Considered Bad For the Web · · Score: 1

    "My bank mailed me a SecureId key months ago. They could have also added their own CA certificate, which any attacker could get anyway by simply opening an account with them."

    Ah, but that's fine. It doesn't matter who gets it, it matters that their public key gets to you intact and unaltered. But then we enter the realm of "How much do you trust the courier?"

  17. Re:trust? on Mozilla SSL Policy Considered Bad For the Web · · Score: 1

    "If a connection is vulnerable to man-in-the-middle, then it's not really very sniffer proof, now is it...?"

    Yes, it is, because you can't decode it from just recording the packets.

    I agree that something not MITM proof is a very bad thing, but with DH(E) you can stop people just watching the stream, they have to get involved.

  18. Re:This is stupid on Mozilla SSL Policy Considered Bad For the Web · · Score: 1

    "All FF3 has to know is that I want it to accept the self-signed certificate. Period."

    Indeed. And it does, but after giving you fair warning that you do so at your own risk.

    Not even you can really tell if you're talking to your friend, unless he's given you his certificate ahead of time. Which is why we're having this discussion.

  19. Re:Letting go of privacy, for more security on Mozilla SSL Policy Considered Bad For the Web · · Score: 1

    Err...

    What's to stop folks that are using deep packet inspection from using a MITM proxy?

    It would be pretty easy too, just grab a list of authorities from popular browsers, check SSL/TLS Server_Hello messages for certificates that are not from the known CAs (at which point it's likely they are self signed and unauthenticated) and then insert yourself in the middle.

    if you've got the budget and the tech for DPI, you've probably got it for a MITM too.

  20. Re:Seconded. on Mozilla SSL Policy Considered Bad For the Web · · Score: 2, Insightful

    "Customers should just learn not to buy from www.amaz0n.com"

    And without a trusted certificate from a third party, they'll have no way of knowing if they're talking to "amaz0n.com" when their browser says "amazon.com", after a DNS poisoning.

    I agree that there are both too many CAs and the level of verification the perform is likely not enough, but getting rid of them is not the answer to everyone's problems.

  21. Re:One Question on Mozilla SSL Policy Considered Bad For the Web · · Score: 1

    "What I really want is for there to be no charge for encrypted connections and EVERY web connection to be encrypted in a fashion that assures that only I and the party I am communicating with can read the communication. If i can be sure that the machine I am communicating with is the machine I think it is then that would be a nice bonus."

    It's not a nice bonus, it's the only guarantee you're not broadcasting your data to a cracker/phisher/whatever. You almost may as well not bother with encryption otherwise. Sniffing attacks are (AFAIK) rare. DNS redirection seems to be quite possible right now.

    In other comments there was an open CA mentioned that give away certs for free and have their CA certificate in ... here it is - http://cert.startcom.org/

    The only reason that plaintext browsing should still exist, IMHO, is because we don't need security on everything and the extra processing overhead on large (or small) sites could be a killer.

  22. Re:This web site is not your bank. on Mozilla SSL Policy Considered Bad For the Web · · Score: 1

    "And making sure that her password for the wool forum doesn't get intercepted."

    She probably doesn't know or care about the possibility of anything like that happening.

    "And making sure that her password for her web mail account doesn't get intercepted."

    She uses Gmail, which "Just works". Like MSN and Yahoo.

    "Or perhaps the warning for HTTPS using a self-signed certificate could be to the effect: "This web site is not your bank.""

    Nobody will take the blindest bit of notice of a warning like that, and if you give them the real warning - "There is no guiarantee that you are talking to who you think you're talking to", then yes it will sound scary.

    Perhaps the answer is to scare people even more about unencrypted comms.

  23. Re:This is stupid on Mozilla SSL Policy Considered Bad For the Web · · Score: 1

    "but you can rest assured your data won't leak on its way here"

    No, you can't, because anyone could be dong a MITM attack. Encryption can't guarantee anything other than simple sniffing is not effective.

  24. Re:This is stupid on Mozilla SSL Policy Considered Bad For the Web · · Score: 1

    Because firefox 3 knows that on the internet, nobody can tell if you're a dog. or for that matter, if you're *really* talking to your friend.

    Now, if you and your friend are savvy enough, he can make his own CA, you import its certificate into fox, et voila - it all works.

    But most people are not savvy enough so someone does it for them. CAs. If these guys aren't trustworthy then that's a problem but don't pretend that firefox should treat a connection with at least some verification as equal to one that has none at all.

  25. Re:trust? on Mozilla SSL Policy Considered Bad For the Web · · Score: 1

    "If you don't have a shared secret, you need some kind of certificate authority that is known beforehand by both parties."

    Not quite true. There are a couple of ways to achieve this.

    Public/private key way - Client comes up with a session key, uses the server's (untrusted) public key to encrypt. The server is then the only party that can decrypt it with its private key.

    head-asploding mathsy way - Diffie Hellman

    When I tried to get my head around DH it was painful, but it *looks* painfully simple. Anyway, there are two ways of acheiving sniffer-proof end to end encryption with no authentication and no third party trust.

    Authentication is still very important - with these methods you are still vulnerable to classic MITM attack.