Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Mozilla's made mistakes, but people exaggerate (Score 1) 240

by jones_supa (#49605835) Attached to: Chrome Passes 25% Market Share, IE and Firefox Slip

For instance Chrome and Internet Explorer are both proprietary applications. And before you get on me about Chrome not being proprietary I wouldn't consider any program which includes non-free bits free software.

Who cares? Even Firefox is developed by a tight group of developers who can pour anything in the absolutely massive codebase. I don't think there is any practical difference between free and non-free. That something is proprietary does not automatically mean that the makers want to screw you. I don't know why that attitude is so widespread in Slashdot. Both parties, free and non-free, strive to create a product that works for the users.

Comment Re:Not when they are as crappy as Unity (Score 1) 125

by jones_supa (#49600921) Attached to: Should Developers Still Pay For Game Engines?

It will help prevent your game from having a generic feel.

It's interesting that you point that out. I have also noticed that I can put my finger on some games and know that they have been made with Unity. For example, The Long Dark or Shelter. Great games but there's the certain "Unity feel" in them. I'm not completely sure what makes it. :)

Comment Re:Oh come on. (Score 2) 250

by jones_supa (#49600159) Attached to: Long Uptime Makes Boeing 787 Lose Electrical Power
I am not completely familiar with the matter, but I remember hearing that using signed types in some situations can be a better choice, even when the value would normally be used to represent only a non-negative value. It could make overflows more obvious and calculating deltas might be easier? If someone actually knows about this stuff, feel free to chime in.

Submission + - Long Uptime Makes Boeing 787 Lose Electrical Power 1

Submitted by jones_supa
jones_supa writes: A dangerous software glitch has been found in the Boeing 787 Dreamliner. If the plane is left turned on for 248 days, it will enter a failsafe mode that will lead to the plane losing all of its power, according to a new directive from the US Federal Aviation Administration. If the bug is triggered, all the Generator Control Units will shut off, leaving the plane without power, and the control of the plane will be lost. Boeing is working on a software upgrade that will address the problems, the FAA says. The company is said to have found the problem during laboratory testing of the plane, and thankfully there are no reports of it being triggered on the field.

Comment Re:The editor can't load arbitrary binary files (Score 2) 72

One tip for those who are using regular VS though. Not many know that there is actually an integrated hex editor.

In the "Open File" dialog, select a file and then choose "Open With..." from the pull-down menu in the bottom. A new dialog pops up from which you can select "Binary Editor".

Submission + - Mozilla Begins To Move Towards HTTPS-Only Web

Submitted by jones_supa
jones_supa writes: Mozilla is officially beginning to phase out non-secure HTTP to prefer HTTPS instead. After a robust discussion on the mailing list, the company will boldly start removing capabilities of non-secure web. There are two broad elements of this plan: setting a date after which all new features will be available only to secure websites, and gradually phasing out access to browser features for non-secure websites, especially regarding features that pose risks to users' security and privacy. It should be noted that this plan still allows for usage of the "http" URI scheme for legacy content. With HSTS and the upgrade-insecure-requests CSP attribute, the "http" scheme can be automatically translated to "https" by the browser, and thus run securely. The goal of this effort is also to send a message to the web developer community that they need to be secure. Mozilla expects to make some proposals to the W3C WebAppSec Working Group soon.

Submission + - Once a Forgotten Child, OpenSSL's Future Now Looks Bright

Submitted by Trailrunner7
Trailrunner7 writes: Rarely does anything have a defined turning point in its history, a single day where people can point and say that was the day everything changed.

For OpenSSL, that day was April 7, 2014, the day that Heartbleed became part of the security lexicon. Heartbleed was a critical vulnerability in the venerable crypto library. OpenSSL is everywhere, in tens of thousands of commercial and homespun software projects. And so too, as of last April, was Heartbleed, an Internet-wide bug that leaked enough memory that a determined hacker could piece together anything from credentials to encryption keys.

“Two years ago, it was a night-and-day difference. Two years ago, aside from our loyal user community, we were invisible. No one knew we existed,” says Steve Marquess, cofounder, president and business manager of the OpenSSL Foundation, the corporate entity that handles commercial contracting for OpenSSL. “OpenSSL is used everywhere: hundreds, thousands of vendors use it; every smartphone uses it. Everyone took that for granted; most companies have no clue they even used it.”

To say OpenSSL has been flipped on its head—in a good way—is an understatement.

Heartbleed made the tech world realize that the status quo wasn’t healthy to the security and privacy of ecommerce transactions and communication worldwide. Shortly after Heartbleed, the Core Infrastructure Initiative was created, uniting The Linux Foundation, Microsoft, Facebook, Amazon, Dell, Google and other large technology companies in funding various open source projects. OpenSSL was the first beneficiary, getting enough money to hire Dr. Steve Henson and Andy Polyakov as its first full-timers. Henson, who did not return a request to be interviewed for this article, is universally known as the one steady hand that kept OpenSSL together, an unsung hero of the project who along with other volunteers handled bug reports, code reviews and changes.

Submission + - RealTek SDK Introduces Vulnerability In Some Routers (arstechnica.com)

Submitted by jones_supa
jones_supa writes: SOHO routers from manufacturers including at least Trendnet and D-Link allow attackers anywhere in the world to execute malicious code on the devices, according to a security advisory issued over the weekend. The remote command-injection vulnerability resides in the "miniigd SOAP service" as implemented by the RealTek SDK. Before someone asks, there is no comprehensive list of manufacturers or models that are affected. Nerds may be able to spot them by using the Metasploit framework to query their router. If the response contains "RealTek/v1.3" or similar, the device is likely vulnerable. For now, the vulnerable routers should be restricted to communicate only with trusted devices. HP's Zero Day Initiative reported the bug confidentially to RealTek in August 2013, but the issue was disclosed 20 months later as no fix has been provided.

Comment Re:But why? (Score 1) 634

by jones_supa (#49569205) Attached to: How To Increase the Number of Female Engineers

Not necessarily. For example, I could be eating vanilla ice cream day after day, but if I one day experimented with chocolate ice cream, I might say "yowzers, I didn't realize how awesome this is!"

Same thing with jobs. We might find new aspects of working if we introduce more of the other gender into the workplace. Who knows, right?

Slashdot Top Deals

This restaurant was advertising breakfast any time. So I ordered french toast in the renaissance. - Steven Wright, comedian

Close