Slashdot Mirror


User: tepples

tepples's activity in the archive.

Stories
0
Comments
68,260
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 68,260

  1. Multiple micropay providers on Prepare for the New Paywall Era (theatlantic.com) · · Score: 1

    or the content providers will need to have accounts with all of the micropay providers.

    What practical problem do you see with expecting each publisher to have accounts with all of the micropay providers?

  2. Adult Check: grown-ups can pay for nice things on Prepare for the New Paywall Era (theatlantic.com) · · Score: 2

    I've been flogging this horse for maybe 20 years... central micropayments site for the media providers.

    That existed 20 years ago, and it was called Adult Check. Subscribers gained access to all participating sites, and sites were paid per page view. I guess if you ignore the erotica on the network, you could explain the name as "Because grown-ups can pay for nice things."

    The problem comes when a single company operates both an ad network and a micropayment network. Such an operator has an incentive to track viewers' browsing habits across the Internet in order to build a dossier on their interests. For example, Google operates AdSense/AdWords on the one hand and Contributor on the other.

    A micropayment provider will appear more trustworthy to viewers if it doesn't have ads as a side business.

  3. Re:Fuck off with this security bullshit. on Wondering Why Your Internal .dev Web App Has Stopped Working? (theregister.co.uk) · · Score: 1

    Like if someone internal goes to http://www.dell.com/, they can be sent to an internal site that fetches information from Dell's portal but shows the corporate pricing.

    If the user is logged in to his user account on Dell's website, and this account has been configured with permission to show corporate pricing, then the site will show corporate pricing. The client IP address need not enter into it.

    Or presents a different www.google.com front page that aggregates google's search with an internal search.

    If the user is logged in to his Google Account, and this account has configured with permission to include internal search, then the results will include those of internal search. The client IP address need not enter into it.

  4. Then install your root certificate on Wondering Why Your Internal .dev Web App Has Stopped Working? (theregister.co.uk) · · Score: 1

    for fuck's sake let me trust a certificate I myself made.

    Which version of Google Chrome doesn't allow certificates that chain to a user-defined root certificate that has been installed into the repository of TLS CA certificates on each client machine?

  5. Re:Did the cool-aid taste good? on Wondering Why Your Internal .dev Web App Has Stopped Working? (theregister.co.uk) · · Score: 1

    Average Joe won't be able to set up a proxy server with a local CA and import its CA cert into all clients. And Power Joe won't do it because it hides the endpoint certificate from his view.

    Can't the server certificate generated and presented by the proxy include the origin server's certificate as a "comment" of some sort?

  6. Be your own root zone and root CA on Wondering Why Your Internal .dev Web App Has Stopped Working? (theregister.co.uk) · · Score: 1

    With http I all I need is an IP address or at least a TCP port on a shared address. With HTTPs I need a DNS name and a certificate.

    If you have administrative access on all machines on a private network, you can mint your own DNS names and your own certificates because you are the root zone and you are the root certificate authority. What you say is true of bring your own device (BYOD) scenarios however.

  7. Secure Contexts bans some JS APIs in clear HTTP on Wondering Why Your Internal .dev Web App Has Stopped Working? (theregister.co.uk) · · Score: 1

    What has HTTP/HTTPS to do with HTML?

    The Secure Contexts spec, currently a W3C Candidate Recommendation, deprecates use of some web platform features over cleartext HTTP. Attempting to use certain methods in a document served over cleartext HTTP will instead produce a SecurityException.

  8. Re:It's retarded and bad security on Wondering Why Your Internal .dev Web App Has Stopped Working? (theregister.co.uk) · · Score: 1

    We have a product that embeds MapQuest. But MapQuest doesn't allow HTTPS

    If MapQuest refuses to offer a means to authenticate that data actually came from MapQuest, then don't embed MapQuest in your product. Instead of embedding MapQuest in your product, embed a competitor to MapQuest in your product. What does OpenStreetMap or Google Maps fail to provide?

  9. Re:Fuck off with this security bullshit. on Wondering Why Your Internal .dev Web App Has Stopped Working? (theregister.co.uk) · · Score: 1

    Is your company's IT department aware that use of most HTTPS proxies will "reduce connection security and [...] introduce severe vulnerabilities"?[1]

    [1] Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael Bailey, J. Alex Halderman, and Vern Paxson. "The Security Impact of HTTPS Interception". Proc. 24th Network and Distributed Systems Symposium (NDSS ’17), 2017-02. Accessed 2017-11-30.

  10. Re:Fuck off with this security bullshit. on Wondering Why Your Internal .dev Web App Has Stopped Working? (theregister.co.uk) · · Score: 1

    On a private network, you control not only the DNS results, but also routing and address space. That's what makes it a private network.

    True. But you don't control the set of certificate authorities (CAs) recognized by the operating systems installed on devices brought by guests invited to your private network.

  11. Re: Fuck off with this security bullshit. on Wondering Why Your Internal .dev Web App Has Stopped Working? (theregister.co.uk) · · Score: 1

    Then for what name outside .dev should the operator of a private server on a home LAN obtain a certificate?

  12. Re: Fuck off with this security bullshit. on Wondering Why Your Internal .dev Web App Has Stopped Working? (theregister.co.uk) · · Score: 1

    I agree with you that the specific issue of HSTS .dev is a non-issue for internal servers not in .dev.

    But the larger issue of unavailability of browser-recognized certificates for internal TLS servers is an issue for internal servers not in .dev. I don't see most home users as willing to spend $15 per year on registering a domain in a public zone just to be able to use HTTPS over the LAN. Using cleartext HTTP becomes less of an option over time as more HTTP elements and JavaScript APIs become unavailable outside secure contexts.

  13. "Use a proxy." explained on Wondering Why Your Internal .dev Web App Has Stopped Working? (theregister.co.uk) · · Score: 1

    Let me state my understanding of Z__K's answer: Don't directly address the switch. Instead of directly addressing the switch, indirectly address the switch. Set up a server that addresses the switch's management interface and identifies itself correctly via https when the server is directly addressed, and address that server instead of the switch.

  14. Re: Fuck off with this security bullshit. on Wondering Why Your Internal .dev Web App Has Stopped Working? (theregister.co.uk) · · Score: 1

    It costs $15 to generate a new internal domain (source: Gandi.net), and $15 per year to keep it. Generate one in advance.

  15. Re:Fuck off with this security bullshit. on Wondering Why Your Internal .dev Web App Has Stopped Working? (theregister.co.uk) · · Score: 1

    Another common use case is that you as a company might want to present a different view of a site to your employees.

    This is best done with authentication. Present the public view until the user has logged in as an employee. That way, even telecommuting employees will get the employee view.

  16. Re: Which OS on laptops in stores? on Microsoft Sees the Future of Windows 10 as Sets, Ditching Windows For a Tabbed App Interface (pcworld.com) · · Score: 1

    How do people usually do necessary research? Does it involve making two trips to the showroom, the first to write down model numbers on paper (to take them to an Internet terminal at a branch of the public library for further research) and a second trip to make the purchase?

  17. Re: Which OS on laptops in stores? on Microsoft Sees the Future of Windows 10 as Sets, Ditching Windows For a Tabbed App Interface (pcworld.com) · · Score: 1

    Major U.S. electronics showroom chains don't list whether the specifications of each laptop in the showroom suit my needs. They don't even list which laptops are compatible with even one major GNU/Linux distribution.

  18. Re: Which OS on laptops in stores? on Microsoft Sees the Future of Windows 10 as Sets, Ditching Windows For a Tabbed App Interface (pcworld.com) · · Score: 1

    "Sorry, this product is warranted to run only Windows, not lie nicks."

  19. Re:I want a mod. I want a mod... on Microsoft Office Now Available On All Chromebooks (theverge.com) · · Score: 1

    Developer mode threatens to wipe the storage every time you turn on your Chromebook. (Learn More)

  20. Re: Which OS on laptops in stores? on Microsoft Sees the Future of Windows 10 as Sets, Ditching Windows For a Tabbed App Interface (pcworld.com) · · Score: 1

    If you do real work on a computer, you should be able to install a real OS yourself.

    So I've installed a real OS on a laptop, only to find that two or more of WLAN, Bluetooth, audio, accelerated graphics, and suspend are broken while the real OS is running. Now what should I do to make this computer suitable for real work?

  21. It was the part where you declined the upgrade from Windows 7.

    Not in the "red X means proceed" era of GWXUX.

  22. Because I don't currently run ownCloud on Microsoft Office Now Available On All Chromebooks (theverge.com) · · Score: 1

    So I notice you ignored the existence of LibreOffice ownCloud, is there some reason for that?

    I had never heard of LibreOffice ownCloud. A web search produced a first result that isn't responding. (I checked on isup.me and the site appears to be down.)

    The following is conjecture based on what little I know about ownCloud from other sources: In order to evaluate it, I would need to do one of two things, neither of which is without charge. One is purchase a server on which to run ownCloud and upgrade my home Internet to business class in order to have a static IP, avoid blocks of inbound ports 80 and 443, and avoid a disconnection penalty for running a server. The other is lease a VPS on which to run ownCloud. Either way, I would also need to buy a domain.

  23. Re:Country-specific entertainment rights on Researchers Identify 44 Trackers in More Than 300 Android Apps (bleepingcomputer.com) · · Score: 1

    How about asking "what is your location"?

    That's exactly what these apps do. The user can choose to deny location services to a particular application through the operating system's Settings. This would cause a movie streaming application to display only those movies to which the provider owns worldwide rights. Browse and search results would include a notice:

    Results are limited because location services are disabled. Learn More

    Tapping "Learn More" would display a help page:

    Some studios make movies available only in specific countries or groups of countries. AppName needs your location in order to determine which movies can be viewed in your country. To provide your location to AppName, open your device's Settings and follow these steps:

    On Android, it'd show steps like these; on iOS, it'd show steps like these. Does asking the user to turn on location services count as "asking"?

    If you meant providing a list of countries and allowing the user to choose one, this approach would encourage the user to defraud the provider by knowingly providing an incorrect location. Relying on a location provided by the operating system deters casual fraud.

  24. Re: Which OS on laptops in stores? on Microsoft Sees the Future of Windows 10 as Sets, Ditching Windows For a Tabbed App Interface (pcworld.com) · · Score: 1

    The intersection of "ANYTHING but Windows" and "laptops in stores" is MacBook. Is Windows so bad that Apple deserves a monopoly on laptops?

  25. Re:Future of Windows 10 is iOS and Android on Microsoft Sees the Future of Windows 10 as Sets, Ditching Windows For a Tabbed App Interface (pcworld.com) · · Score: 1

    I'm a retired IT guy and I do the things you'd expect.

    You make a good point.

    So that makes four niches for PCs: business, engineering, home desktops used by gamers who play with mods, and home desktops that belong to practicing or retired IT personnel. Anyone want to list niches I forgot?