Month: September 2016

Enlarge

The organization that develops Firefox has recommended the browser block digital credentials issued by a China-based certificate authority for 12 months after discovering it cut corners that undermine the entire transport layer security system that encrypts and authenticates websites.

The browser-trusted WoSign authority intentionally back-dated certificates it has issued over the past nine months to avoid an industry-mandated ban on the use of the SHA-1 hashing algorithm, Mozilla officials charged in a report published Monday. SHA-1-based signatures were barred at the beginning of the year because of industry consensus they are unacceptably susceptible to cryptographic collision attacks that can create counterfeit credentials. To satisfy customers who experienced difficulty retiring the old hashing function, WoSign continued to use it anyway and concealed the use by dating certificates prior to the first of this year, Mozilla officials said. They also accused WoSign of improperly concealing its acquisition of Israeli certificate authority StartCom, which was used to issue at least one of the improperly issued certificates.

"Taking into account all the issues listed above, Mozilla's CA team has lost confidence in the ability of WoSign/StartCom to faithfully and competently discharge the functions of a CA," Monday's report stated. "Therefore we propose that, starting on a date to be determined in the near future, Mozilla products will no longer trust newly issued certificates issued by either of these two CA brands."

Greetings, Arsians! Courtesy of our partners at TechBargains, we're sharing a bunch of great deals with you today. Now you can get a one-year Newegg Premier membership, which includes free return shipping and free three-day expedited shipping—and a $100 gift card for the site—for just $100. Newegg Premier costs $50 for the year, so you essentially get the service and all its perks for the price of just the gift card. It will undoubtably come in handy during the holiday shopping season, so grab it now and use it well into next year.

Check out the rest of the deals below, too.

Featured

Google's newest attempt at creating a decent instant messaging platform, Google Allo, is finally available. Google announced the new IM service at Google I/O 2016, and a whopping four months later, we finally get to try it out.

We're still not quite sure what the future of Allo holds. Will it eventually become Android's default instant messaging platform? Will we get a Chrome and Chrome OS client? After a lackluster effort with Google Hangouts (which Google says will stick around), how much does Google really care about this new platform? For now all we can do is talk about the present, and right now Google has given us an instant messaging client that doesn't seem like it was built for the modern age.

Setup—Google? What’s Google?

Setup relies on your cellular carrier's phone number. None of your Google information is pulled over.

Setup is very odd in that Allo doesn't use your Google account. Sign-up and identification are done entirely through your cell carrier's phone number, just like Whatsapp and Wechat. After typing in your random string of 10 digits and getting a verification text, Allo pretends you are a complete stranger and asks for your name and profile picture. Google asking for my name is definitely off-putting, especially when—thanks to my prodigious usage of Google services—the company probably knows damn near everything about me. Allo acts more like a third-party service and pretends the Google connection doesn't exist.

Enlarge (credit: EFF)

HP Inc. should apologize to customers and restore the ability of printers to use third-party ink cartridges, the Electronic Frontier Foundation (EFF) said in a letter to the company's CEO yesterday.

HP has been sabotaging OfficeJet Pro printers with firmware that prevents use of non-HP ink cartridges and even HP cartridges that have been refilled, forcing customers to buy more expensive ink directly from HP. The self-destruct mechanism informs customers that their ink cartridges are "damaged" and must be replaced.

"The software update that prevented the use of third-party ink was reportedly distributed in March, but this anti-feature itself wasn't activated until September," EFF Special Advisor Cory Doctorow wrote in a letter to HP Inc. CEO Dion Weisler. "That means that HP knew, for at least six months, that some of its customers were buying your products because they believed they were compatible with any manufacturer's ink, while you had already planted a countdown timer in their property that would take this feature away. Your customers will have replaced their existing printers, or made purchasing recommendations to friends who trusted them on this basis. They are now left with a less useful printer—and possibly a stockpile of useless third-party ink cartridges."

The original 124 was Fiat's best-selling car in America by far, selling 170,000 units in the 16 years it lived on these shores through the mid-1980s. Fiat wants to rekindle that love in the new millennium, and the route it chose was to partner with an expert. The result? The new Fiat 124, built on the same bones—and at the same Hiroshima factory—as the fourth-generation Mazda Miata.

Who could blame them? Mazda's success was not to ignore things like quality, management, or dealer networks, the things that contributed to the demise of the original 124 and other sports cars of its ilk. In 1989 Mazda struck gold with a reliable little roadster. The Miata became the best-selling two-seat roadster in history and also the most widely road-raced car in the world.

Since the 124 shares much with the Miata, it should feel and behave like one. Base prices are within spitting distance of each other: $25,890 for the 124 and $25,750 for the Miata Sport, with our Classica test model reaching $27,880 with Bluetooth, rear camera, and pearlescent paint as options. (All prices include destination charges.) Despite Fiat Chrysler Automobiles' efforts to position the 124 away from the Miata to avoid those comparisons (and any possible automotive fratricide), it cannot be ignored.