Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Comment Why I chose PS4 (Score 1) 373

In the same situation I ended up going for the PS4. All in all they seemed pretty similar but the PS4 seemed marginally better performance wise. It's smaller size was also a factor for me.

The swinger though was probably Morpheus/Playstation VR. Obviously it's not out yet, but I've been waiting for decent VR since I was a kid (ie for over two decades) so the possibility of it coming to a home console holds a lot of excitement. Whether I end up getting it depends on reviews etc but, with all other thing being relatively equal between the consoles, keeping that option open down the road was a factor.

Comment Lots of layers to consider (Score 1) 74

There are several layers here that make a solution quite "interesting". On the one hand you are trying to protect your users by avoiding serving them bad content. On the other hand you want to protect your service. Protecting your users means doing more work on the uploaded content which increases your own attack surface.

Personally if we are just talking about PNGs then I think that one of the safest things for your clients/customers would be to not serve the file as uploaded, but to serve a file that is the result of a successful render->save process (which might get you a bonus improvement of allowing you to optimise the image). That way you should end up serving a valid image without any dodgy stuff someone may have tried to sneak through. Of course there have been plenty of vulnerabilities in image handling over the years. So reprocessing the images does come with it's own risk that might suggest it's own mitigations (eg doing it on a seperate untrusted server that doesn't have access to anything interesting).

There might be third party services you could use, but of course that opens up it's own questions in terms of trust, security and availability.

Comment Thank you for playing Wing Commander (Score 4, Interesting) 145

As development for Wing Commander came to a close, the EMM386 memory manager the game used would give an exception when the user exited the game. It would print out a message similar to "EMM386 Memory manager error..." with additional information. The team could not isolate and fix the error and they needed to ship it as soon as possible. As a work-around, one of the game's programmers, Ken Demarest III, hex-edited the memory manager so it displayed a different message. Instead of the error message, it printed "Thank you for playing Wing Commander."


Comment Re:Great news! (Score 1) 125

See, the introduction of the GST was to coincide with the bundling of a bunch of other taxes into one. For some goods, most notably electronics and "luxury items", they actually got cheaper. This was because it's truly a stealth tax on the poor, by taxing commodities like bread and orange juice (which previously would have been taxed at lower rates or even subsidized),

Bread and orange juice are not subject to GST.

Comment Re: Lame (Score 1) 95

There is literally nothing for me to buy right now. Why can't this 10% off be in the form of a code that we can use any time we wish?

Isn't that pretty much what Sony are saying they will give. A code you get to apply to a shopping cart once?

"In addition, sometime this month we will announce that for a limited time, we will be offering a 10 percent discount code good for a one-time discount off a total cart purchase in the PlayStation Store as a thank you to all PSN members."

I suppose the the "for a limited time" could be a problem, depending on how reasonable it is. If it was something like 6 months then it probably isn't too bad. In that time frame there would probably be something you would buy anyway. At that point it probably comes down to whether the code recipient us capable of delaying gratification. If there's plenty of time to use the code and you choose to use it to buy things you wouldn't have otherwise then that'd be your choice (no doubt one Sony would be happy with). Personally I'll aim to hang on to it until there's something I want. If it turns out there's a game I want, a TV series I want and a movie or two I'd like to see then the 10% could be quite a saving. Then again I've already got more games queued up than I have time to play.

Comment Re:Why the distros? (Score 1) 112

"well, distributions backport security fixes, so 5.3.3 is secure on distro XYZ".

Are you aware of any analysis as to the extent that is actually true, ie for distro X or Y which patches really have been backported and which are skipped?

I had a quick poke about the W3Tech site and couldn't really see much of their methodology, especially in terms of how they identify PHP usage and what version is being used. I'd have though that if you looked at their PHP page there should be a not insignificant number where they can reasonably guess it's using PHP (due to file extensions in URLs perhaps) but not be able to identify the version being used.

I wonder how much your "% of installs that are secure" statistic could be inaccurate due to most (I'd hope) sites that care even slightly about security suppressing the Apache header PHP version information. Are they just missing from the W3Tech stats? It's possible that a significant number of the "secure" PHP installs could be invisible to your calculations because the sort of people who keep their software up to date are the same people who follow fairly basic server set up recommendations.

I suppose there are also questions as to what "insecure" means in practice. For bulk hosting sites running unknown third party code everything is critical but for a lot of sites running their own code whether they are actually "insecure" depends not only on what PHP does but also what their code does. Eg for the most recent PHP 5.4 release there is a fix for a fairly nasty looking bug in unserialize(), but (as I understand it) a site admin with a defined codebase might quite legitimately determine that they never use unserialize() on user generated data and not be in any rush to update if they have other things to be doing. PHP version 5.4.35 might be "insecure" for the purposes of your stats but may not be in practice someone's server if they know they don't use unserialize() in an exploitable fashion (or mcrypt).

None of the above should be interpreted as criticism of your analysis, just food for thought. I find what you have done very interesting and expect that even if there are 'hidden' secure servers, the number of insecure ones would still be alarmingly high.

Comment Re:Sexual Harassment shouldn't cost us knowledge (Score 1) 416

Deleting all of Cosby's TV shows and movies would still be wrong as they are a part of our cultural history.

No one is doing that though, there is a difference between no longer promoting something and erasing it from history.

To stretch the Cosby link further, you might (quite reasonably) think things Cosby did in the past are funny and even have value beyond pure humour, as social commentary etc. If that were the case and you know someone who had been abused by Cosby, would you choose to put a Cosby video on for them and expect them to find it an enjoyable experience?

That is the situation MIT is in. They aren't just dealing with 'theoretical' students who might somehow be deprived of some value that only those videos can impart. They are dealing with real students actually effected by the situation at hand.

If you wouldn't knowingly ask someone you care about to be entertained by someone who had abused them, why would you expect MIT to ask someone to be educated by someone who harassed them?

Comment Re:Just wondering... (Score 1) 416

If you can't separate presenter from content, that's your serious character flaw, leave the rest of us out of it.

If you were someone taking the course who had been harassed by him would you consider it a "serious character flaw" not to be able to "separate presenter from the content"?

I imagine a lot of people might find that difficult and wouldn't need to have a "serious character flaw" to struggle with it. I think it's entirely reasonable for MIT to ditch (and replace) the content if it means the effected people can continue on with their education without having the chap popping up in their courseware.

I don't think it makes sense to worry about the (theoretical) "students (...) punished by removing good lectures" and not consider the (evidently real) students actually effected by what has happened.

"Spock, did you see the looks on their faces?" "Yes, Captain, a sort of vacant contentment."