Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment: Re:Is Google trying to fragment web? (Score 1) 165

by 51M02 (#38555160) Attached to: MAME Running In Chrome

We had that shit before with ActiveX.

Native Client runs in a sandbox so it's nothing like ActiveX.

HTML5 does nothing in itself, it still needs some coding to be done in Javascript. While Javascript interpreters did get better and faster it's still far from native speed. And it's still only Javascript. If you have a game developped in C I still don't see how to convert it to Javascript. MAME is one example of a complex C program hard to translate to Javascript but could be ported easily (4 days) to the Native Client platform.

Chrome is available for most platform including Linux and is open source. So stop whining about it not being a standard. It's not IE we are talking about.

Handhelds

+ - RIM forced to change name of new platform->

Submitted by Mastadex
Mastadex (576985) writes "RIM's brand new BlackBerry mobile OS, due in early 2012, was expected to be called "BBX." But due to a recently court ruling against it, RIM has dropped BBX and opted simply for "BlackBerry 10." Software company Basis International said a US federal court in Albuquerque has granted a temporary restraining order against RIM, barring it from using Basis' BBX trademark. The court decision bars RIM from using the trademark at its Asian DevCon conference on Wednesday and Thursday in Singapore."
Link to Original Source
Security

+ - 8 Out of 10 Applications Don't Meet Security Stan->

Submitted by Orome1
Orome1 (1901578) writes "Considered “low hanging fruit” because of their prevalence in software applications, XSS and SQL Injection are two of the most frequently exploited vulnerabilities, often providing a gateway to customer data and intellectual property. When applying the new analysis criteria, Veracode reports eight out of 10 applications fail to meet acceptable levels of security, marking a significant decline from past reports. Specifically for web applications, the report showed a high concentration of XSS and SQL Injection vulnerabilities, with XSS present in 68 percent of all web applications and SQL Injection present in 32 percent of all web applications."
Link to Original Source
Software

+ - Microsoft offer Windows Store devs 80% revenue cut->

Submitted by Anonymous Coward
An anonymous reader writes "With the launch of the Windows Store alongside Windows 8 next year, Microsoft is changing the revenue split rules slightly. The default will still be a 30% cut (as announced in September) , but developers can increase their 70% cut to 80% if their app turns out to be very popular. Once an app has earned $25,000, Microsoft will automatically reduce their cut from each subsequent sale to 20%.

Microsoft is also undercutting Apple in terms of the how much a developer subscription costs. Companies will have to pay $99 every year, but individual developers get a cheaper $49 option."

Link to Original Source
Government

+ - 40% of Gov Sites Vulnerable to SQL Injection->

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "New research from security firm Veracode found 40% of government Web sites were found to contain SQL injection vulnerabilities on their first scan, compared with 29% of Web sites for financial-sector firms and 30% of software vertical sites. Overall, the prevalence of SQL injection holes declined from the same period six months ago, Veracode found, though that wasn't the case with government sites.

The story was even more grim with cross site scripting vulnerabilities. Seventy five percent of the government Web sites Veracode tested had cross site scripting holes on their first try. Finance sites faired only slightly better: 67% contained at least one cross site scripting hole and 55% of software industry Web sites."

Link to Original Source

Comment: Re:Alternate Outcome: Greenpeace Activist Shot... (Score 1) 561

by 51M02 (#38274004) Attached to: Greenpeace Breaks Into French Nuclear Plant

Since a law passed in 2009, it's the responsability of special teams of the Gendarmerie called peloton spécialisé de protection de la gendarmerie, trained by National Gendarmerie Intervention Group to secure special site like nuclear plant.

The question is why did they not intervene? Officially they are saying it's because they recognized it was some GP activists and as such did nothing. Sounds like a huge BS to me. There is some history between the French government and Greenpeace which demonstrate the French could be more than happy to shoot, and the role of such special team would have to intervene in some way.

Anyway Kudos to GP.

Comment: Re:What if it turned out the other way? (Score 1) 561

by 51M02 (#38273778) Attached to: Greenpeace Breaks Into French Nuclear Plant

There was supposed to have some gendarmes on site already since a law passed in 2009 (before the security was implemented by the French energy provider directly). Those units are supposed to be trained by the French Counter-Terrorists SWAT team (the GIGN).

Anyway they did nothing to stop Greenpeace. The French government said they recognized it was some activists and did nothing. Officially.

Comment: Do you really need CGI??? (Score 3, Informative) 422

by 51M02 (#38266562) Attached to: Filmmakers Reviving Sci-fi By Going Old School

For your information, the most realistic Sci-Fi movie ever made, 2001: A Space Odyssey, did not used any CGI nor green screen. Of course those technologies did not exist back in 1968 and it was 9 years before Star Wars which again did not use CGI nor green screen at the time of its release.

The first movie to include most of its action in a computer generated set was Tron in 1982, almost 30 years ago. In that time we went from miniature models and ingenuity in creating special effect to a software based point-and-click interface.

LoTR still used sets, some being really large. I can't imagine Rivendell or Edoras being 100% CGI. Some TV shows now use CGI almost everywhere like Sanctuary, to make them cheaper to produce and in that it makes senses. In the end I think CGI is used not because it gives the best result but because it's cheaper and easier to produce than miniature models. On the other hand, we have shows like Doctor Who who still is a show produced on a budget with minimum CGI films with proper and "real" props and set, proving it still can be done.

In the end knowing the battle cruiser in the beginning of Star Wars is a lot smaller than you typical Sedan car and still being blown away would maybe not happen if we knew it was only done by a computer file.

Comment: It is just a part (Score 1) 301

by 51M02 (#37703676) Attached to: Ask Slashdot: Is Reverse DNS a Worthy Standard For Fighting Spam?

I've set up a few mail relay and spam filtering server and I can tell you it helps a lot to reduce the number of spam arriving to them.

I am a Postfix kind of admin (hell with sendmail!) and I know you can set some filter just before the reverse DNS check to accept the connection if it comes from a particular host/IP address, bypassing the reverse DNS check. Or you could add that reverse DNS to your local/client DNS server but it seems not that a good solution.

Anyway following standards is always the best solution.

Comment: To the Windows users feeling pretty secure... (Score 1) 429

by 51M02 (#37624410) Attached to: As a target for malware, my main computer is ...

I have only one thing to say to you : Anti-Virus? What is it? :)

Reading the comments I see MBR virus, Email virus, malware, attacks banner ads infected computer and only one operating system seems to know those joys.

What? And you paid to have that system? And you have no control over what that mighty corporation will do to its next version? Hell you don't even have access to the source code to make a better one?!

And you're defending that piece of crap too. Whouah that's great mind control. :)

Comment: Re:Blame PHP. Blame JavaScript. (Score 1) 87

by 51M02 (#37038758) Attached to: Compromised WordPress Blogs Poison Google Image Searches

The syntax is a shitty imitation of C. The semantics, even for basic things like boolean values and comparisons, are extremely fucked up.

And yet you are posting on a website coded in Perl which, no one will argue with, is a pretty f**ked up language but a powerful one. And Slashdot even use Javascript. Is this site insecure?

A language, in itself is just an abstraction for machine code. Assembler code is just a literal version of machine code. C is a the closest language to machine code and the primary one used everywhere like core OS components to video game. A language in never secure or unsecure, it's its interpretation in machine code that may be more secure with additional code to prevent hazardous events. PHP is just a script engine that use similar semantics to C and is mostly a big wrapper around some well known C libraries like PCRE and cURL. It is open-source and its community is regularly releasing maintenance releases to fix any security flaws, which is a must. On itself it is pretty secure.

That being said and with the majority of computer issues, the problem is most often found between the chair and the keyboard. If developers don't check users input and send that directly to a SQL backend, in any language it will result in a security flaw. Its developers practices that are to blame, not language semantics.

There is nothing so easy but that it becomes difficult when you do it reluctantly. -- Publius Terentius Afer (Terence)

Working...