Well, the good news is that with the private key available I believe that anyone could generate a revocation for this certificate. First person to revoke this key on every major key repository wins a bag of gummy bears!
So not only do these machines have a preinstalled, Dell generated root certificate, but they included the private key? WTF? The private key for a root certificate should only exist on a locked down, air gapped computer in an access controlled environment. The fact that this was included is downright scary.
A good tinfoil hat wearing individual might conclude that one of the TLAs told them to install a system that could automatically load signed executables without user's knowledge. In a fit of defiance they created this certificate knowing that it would be discovered and would call into question the reasons behind it.
What impact would these self-signing root certificates have on security?
All root certificates are self signed. It's just a matter of whether you choose to trust them or not. Your system comes with a bunch of certificates that it trusts as root certificates. Dell just added an extra one to the mix.
Honestly, make him an editor and give us a box to block stories from him.
It won't work. They have an "Ask Slashdot" category but the editors (Hi Timothy!) can't be bothered to or can't figure out how to post articles of that type in that category.
No security people will image a camera card. At best they look at all the pictures using the camera.
If you are an average person then maybe. If you are a "person of interest" then they will image anything you have that they find. Relying on something this arbitrary seems like a really bad idea.
The best book on calculus I've ever encountered, beating any modern prescribed text by a country mile in terms of how it explains things, is Sylvanus Thompson's "Calculus Made Easy".
This. My daughter was having some difficulty understanding Calculus. I loaned her my copy of "Calculus Made Easy" and it was like night and day. The language is heavily dated and makes some antiquated assumptions about what you might have learned previously, but the explanations and examples are hugely insightful. I imagine at the end of the day I'm going to have to buy myself another copy of this when my daughter keeps the one I loaned her.
I got an HP Stream 7 for the same price (same specs) and it has a screen. It's nice to carry a portable 7" Windows 10 full desktop OS around with you sometimes.
Can you connect your HP Stream 7 to an external monitor or projector? Different use cases I guess then.
Your expert witness credentials check out just fine. When can you start?
In what way does his "expert witness credentials", or possible lack thereof, invalidate the facts of his comment? An expert witness is
a person who is permitted to testify at a trial because of special knowledge or proficiency in a particular field that is relevant to the case. His comment does not require any special knowledge. It is a statement of fact, which can be verified as either true or false. In this case a request for a citation might be in order but an ad hominem reply such as this only reflects poorly on you.
I would like it to approve 100% of the transactions that I do and decline 100% of the fraudulent transactions that someone else tries to do with my cards. Why would you want anything else?
If you're just using the software, there's nothing in the GPL that has any effect on you.
So if you build a library from source, then link the binary into your application, are you bound to release your source or not?
From xpdf's license:
If you want to incorporate the Xpdf source code into another program
(or create a modified version of Xpdf), and you are distributing that
program, you have two options: release your program under the GPL (v2
and/or v3), or purchase a commercial Xpdf source license.
P.S. That being said, I will admit I bought a more expensive bluetooth OBD-II adapter to use in my explorer that requires a physical button press to pair. Cheaper adapters are generally discoverable when not connected to a host and used a generic 0000 or 1234 pin. I leave the adapter plugged in all the time because there's an old android tablet between the seats that logs OBD-II PIDs while I'm driving and auto-uploads them when I'm in my driveway.
This is just another example of how security through obscurity will never work. At the end of the day the client browser ends up with a URL for the user to click on to view the ad. No amount of obfuscation or iframe shell games can change this fact. Game over.
Slashdot Mirror
Sadly, EULAs and the like tell them they can do this. Courts have upheld it. Which means taking them at their word is pretty much useless.
Citation please or I call BS.
"The public/private key encryption is used in the beginning of the handshake to exchange a stream cypher usually something like DES."
No one with an ounce of up to date crypto knowledge uses DES. Perhaps you meant AES.
In addition, both DES and AES are block ciphers, not stream ciphers.
Well, the good news is that with the private key available I believe that anyone could generate a revocation for this certificate. First person to revoke this key on every major key repository wins a bag of gummy bears!
So not only do these machines have a preinstalled, Dell generated root certificate, but they included the private key? WTF? The private key for a root certificate should only exist on a locked down, air gapped computer in an access controlled environment. The fact that this was included is downright scary.
A good tinfoil hat wearing individual might conclude that one of the TLAs told them to install a system that could automatically load signed executables without user's knowledge. In a fit of defiance they created this certificate knowing that it would be discovered and would call into question the reasons behind it.
What impact would these self-signing root certificates have on security?
All root certificates are self signed. It's just a matter of whether you choose to trust them or not. Your system comes with a bunch of certificates that it trusts as root certificates. Dell just added an extra one to the mix.
Java is to Javascript as car is to carpet.
Honestly, make him an editor and give us a box to block stories from him.
It won't work. They have an "Ask Slashdot" category but the editors (Hi Timothy!) can't be bothered to or can't figure out how to post articles of that type in that category.
Last WWII fort I went to, they still had the trajectory calculator in place.
Where was this at?
No security people will image a camera card. At best they look at all the pictures using the camera.
If you are an average person then maybe. If you are a "person of interest" then they will image anything you have that they find. Relying on something this arbitrary seems like a really bad idea.
Timothy - Any chance you could post "Ask Slashdot" stories to the "Ask Slashdot" section of the site? It exists for that very reason you know.
Everyone that was convicted on the basis of any test performed by the crime lab should have their record cleared and if still incarcerated, released.
The first thing that you do is redo the lab work and only worry about the cases where the results differ.
The best book on calculus I've ever encountered, beating any modern prescribed text by a country mile in terms of how it explains things, is Sylvanus Thompson's "Calculus Made Easy".
This. My daughter was having some difficulty understanding Calculus. I loaned her my copy of "Calculus Made Easy" and it was like night and day. The language is heavily dated and makes some antiquated assumptions about what you might have learned previously, but the explanations and examples are hugely insightful. I imagine at the end of the day I'm going to have to buy myself another copy of this when my daughter keeps the one I loaned her.
I am Sooooo shanking you tonight.
I don't think that word means what you think it means.
I got an HP Stream 7 for the same price (same specs) and it has a screen. It's nice to carry a portable 7" Windows 10 full desktop OS around with you sometimes.
Can you connect your HP Stream 7 to an external monitor or projector? Different use cases I guess then.
Your expert witness credentials check out just fine. When can you start?
In what way does his "expert witness credentials", or possible lack thereof, invalidate the facts of his comment? An expert witness is a person who is permitted to testify at a trial because of special knowledge or proficiency in a particular field that is relevant to the case. His comment does not require any special knowledge. It is a statement of fact, which can be verified as either true or false. In this case a request for a citation might be in order but an ad hominem reply such as this only reflects poorly on you.
So is your rewritten version of Star Trek available somewhere?
The taxi industry is regulated for very good reasons (one being safety)...
The taxi industry is regulated for many reasons, a couple of them are even good reasons. The rest not so much.
How would you like it to work instead?
I would like it to approve 100% of the transactions that I do and decline 100% of the fraudulent transactions that someone else tries to do with my cards. Why would you want anything else?
If you're just using the software, there's nothing in the GPL that has any effect on you.
So if you build a library from source, then link the binary into your application, are you bound to release your source or not?
From xpdf's license:
If you want to incorporate the Xpdf source code into another program (or create a modified version of Xpdf), and you are distributing that program, you have two options: release your program under the GPL (v2 and/or v3), or purchase a commercial Xpdf source license.
P.S. That being said, I will admit I bought a more expensive bluetooth OBD-II adapter to use in my explorer that requires a physical button press to pair. Cheaper adapters are generally discoverable when not connected to a host and used a generic 0000 or 1234 pin. I leave the adapter plugged in all the time because there's an old android tablet between the seats that logs OBD-II PIDs while I'm driving and auto-uploads them when I'm in my driveway.
Very interesting. What do you do with the data?
How do you get money out of an ATM without a PIN?
You use your ATM PIN which is different. Right now most card issuers in the US do not support an EMV PIN yet.
The advertisers have really brought this on themselves for the most part. Not 100% of the blame, but ~95% of the blame is on them.
Yep, it's that miscreant 95% that give the other 5% a bad name!
This is just another example of how security through obscurity will never work. At the end of the day the client browser ends up with a URL for the user to click on to view the ad. No amount of obfuscation or iframe shell games can change this fact. Game over.
I think Java is being used correctly (in the PDF/paper
Maybe this brief quote will clear things up:
The java file "show_ads.js" embeds the ads in the target website HTML code once it has been completely loaded in the browser.
Except the link that says "downloadable PHP files" takes you to a PDF.
Here is a link to the source code mentioned.