Cisco runs some web service, over HTTPS as is (of course) best practice. It has a local component, provided by a WebSocket server running on the local machine. The WebSocket server must also be HTTPS or the browser will complain. That's why a private key is needed locally; nothing to do with DRM.
But the local HTTPS server only listens on localhost. It doesn't *need* to be secure at all, really. The only reason it needs HTTPS at all is because the browser will scream bloody murder if you try to make a WebSocket connection to a non-HTTPS WebSocket server (even if it's running on the local machine) when viewing an HTTPS site.
So in addition to all the problems you raised with getting a unique certificate for each, there's the additional problem of the HTTPS server not being reachable from the outside at all.
It would seem that in order to make things "secure", these internal-only HTTPS servers, which don't really need to be secure in the first place because it really is a local service, must be published online!
Decrypting it by what mechanism such that it's useful? I suppose the WebSockets app could include both the private key and the encryption key that was used to encrypt it, but is that really any better?
How the NBA team is doing as a team playing basketball, sure, that's out there. That's something along the lines of how a company is doing in market share.
How the NBA team is doing as a BUSINESS is quite different. And that's equivalent to how a tech company is doing overall. And it isn't quite so obvious how to measure that in either case.
The whole spam digest/folder/quarantine thing is one of my biggest peeves.
People seem to think that obvious spam should be rejected, questionable stuff should be put in a folder or a digest or otherwise hidden, and the obvious good stuff should go through.
That's treating the outright, no-doubt spam much better than the iffy stuff! Totally wrong. If you're not going to deliver to the user, then reject, so that the sender has some chance of even knowing there's a problem.
The summary should have clarified that this does not involve St. Jude Children's Research Hospital in Memphis. The article seems to be about a facility in California.
Is having Google be your ISP just asking for absolutely everything to be spied on?
If I get it, I'm thinking of renting a cheap VPS and running all my traffic through that over an encrypted tunnel. How bad would latency be? Other thoughts?
Nope... Remember the old "camcorders"? Those were really cool because you had both devices, the camera and the recorder, in the same box. Previously you'd have the camera and also be lugging around a recorder.
Point being that a camera does not by definition require an integrated recorder.
Slashdot Mirror
It's not a DRM issue.
Cisco runs some web service, over HTTPS as is (of course) best practice. It has a local component, provided by a WebSocket server running on the local machine. The WebSocket server must also be HTTPS or the browser will complain. That's why a private key is needed locally; nothing to do with DRM.
Exactly how would the local key for use on that machine be accepted by a browser?
I agree about nothing to see here in that the "vulnerability" is minimal.
But a self-signed certificate wouldn't have worked. The browser would complain and/or refuse to connect.
But the local HTTPS server only listens on localhost. It doesn't *need* to be secure at all, really. The only reason it needs HTTPS at all is because the browser will scream bloody murder if you try to make a WebSocket connection to a non-HTTPS WebSocket server (even if it's running on the local machine) when viewing an HTTPS site.
So in addition to all the problems you raised with getting a unique certificate for each, there's the additional problem of the HTTPS server not being reachable from the outside at all.
It would seem that in order to make things "secure", these internal-only HTTPS servers, which don't really need to be secure in the first place because it really is a local service, must be published online!
Decrypting it by what mechanism such that it's useful? I suppose the WebSockets app could include both the private key and the encryption key that was used to encrypt it, but is that really any better?
If they want an HTTPS website to be able to access a local service I've installed via WebSocket, then what other option is there?
Also, this only theoretically allows an attacker to steal cookies if they're based off the company's root domain. Doesn't seem so bad.
Yes it does.
How the NBA team is doing as a team playing basketball, sure, that's out there. That's something along the lines of how a company is doing in market share.
How the NBA team is doing as a BUSINESS is quite different. And that's equivalent to how a tech company is doing overall. And it isn't quite so obvious how to measure that in either case.
This is assuming that carbon is a "pollutant".
The real takeaway here is that AMP, and everything similar to it, need to die in a fire.
Don't use AMP, don't let your clients use AMP, don't click on any AMP links. AMP is cancer.
The whole spam digest/folder/quarantine thing is one of my biggest peeves.
People seem to think that obvious spam should be rejected, questionable stuff should be put in a folder or a digest or otherwise hidden, and the obvious good stuff should go through.
That's treating the outright, no-doubt spam much better than the iffy stuff! Totally wrong. If you're not going to deliver to the user, then reject, so that the sender has some chance of even knowing there's a problem.
The summary should have clarified that this does not involve St. Jude Children's Research Hospital in Memphis. The article seems to be about a facility in California.
Is "China" an adjective now? Would you say "America court rules against..."?
That's "mother lode".
I'm with you. I don't get it. I want the display to display whatever I throw at it. And sometimes play audio. Not much more, really.
EDO? Either you're writing from 1995 (which also might explain the $3K desktop) or you mean ECC.
I'm looking at wiring a house we might buy for Ethernet. Should I string some fiber in there too?
Well, they really can; you just have to open the thing up.
"populace"
I'd expect Google to actually be good at it.
Is having Google be your ISP just asking for absolutely everything to be spied on?
If I get it, I'm thinking of renting a cheap VPS and running all my traffic through that over an encrypted tunnel. How bad would latency be? Other thoughts?
There's already a perfectly good word: "incited". You don't need to make up "incentivized".
Nope... Remember the old "camcorders"? Those were really cool because you had both devices, the camera and the recorder, in the same box. Previously you'd have the camera and also be lugging around a recorder.
Point being that a camera does not by definition require an integrated recorder.
He wasn't comparing addresses to addresses. He was comparing IPv6 /64 blocks to IPv4 addresses, and saying that was the same number.
No. There are 2^64 /64 blocks. There are only 2^32 IPv4 addresses. You're off by a factor of four billion.