Please create an account to participate in the Slashdot moderation system


Forgot your password?
Back for a limited time - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Comment Re:Be sure they really are cheaper (Score 4, Informative) 249

I second using a site like pcpartspicker. It can help you avoid some petty technical mistakes, like buying an under capacity CPU cooler, or a power supply without enough of the correct connectors and voltages for your cards.

One thing I've noticed about homebuilt rigs is that they are occasionally louder than normal. I think a lot of builders don't think about noise or airflow, and a lot of the cabinetmakers just provide a bunch of fan mounting points but they can't really consider the cooling needs of the particular motherboard and CPU you're dealing with. If noise is important (perhaps you're going to use it as a media PC in a home theater, too) then you can factor that in as well, or consider options like liquid cooling solutions.


C.H.I.P. vs Pi Zero: Which Sub-$10 Computer Is Better? ( 102

Make Magazine weighs in on a issue that's suddenly relevant in a world where less thn $10 can buy a new, (nominally) complete computer. Which one makes most sense? Both the $9 C.H.I.P and the newest, stripped-down Raspberry Pi model have plusses and minuses, but to make either one actually useful takes some additional hardware; at their low prices, it's not surprising that neither one comes with so much as a case. The two make different trade-offs, despite being just a few dollars apart in ticket price. C.H.I.P. comes with built-in storage that rPi lacks, for instance, but the newest Pi, like its forebears, has built in HDMI output. Make's upshot? The cost of owning either a C.H.I.P. or a Pi is a bit more money than the retail cost of the boards. Peripherals such as a power cable, keyboard, mouse, and monitor are necessary to accomplish any computer task on either of the devices. But it turns out the $5 Raspberry Pi Zero costs significantly more to operate than the Next Thing Co. C.H.I.P.

Comment Re:How does Pi compare to PDP-11 (Score 1) 225

How does a Pi with a remote text terminal session compare performance wise to a PDP-11 :-)

Way faster, way more capable. I worked with a PDP11 on a summer job. If I remember correctly, it had 2x64KB memory (data and code pages); the Pi has more main memory than the PDP had hard rive storage.

It managed to support about a dozen concurrent users that used it for monitoring an industrial process. It was tight enough, though, that we had to stop people using a full-screen clock application, since it couldn't cope with all terminals running it at the same time.

Comment Re:Holy crap ... (Score 1) 67

The security difference between chip-and-signature and chip-and-PIN matters in only one case, and that is if your physical card is stolen from your wallet. Skimmers, data breaches, shoulder-surfing, all the hacking attacks won't yield the secret key inside the chip, preventing it from being counterfeited. If you don't like the security of your chip-and-signature card because you're afraid your card might be stolen, ask your bank to issue you a chip-and-PIN card instead. If your bank won't, there are plenty of other banks who will, and who will be grateful for your business.

Visa and the retailers originally figured U.S. customers would prefer chip-and-signature because it makes selling things "easy". But that's a pretty stupid attitude, because lots of people (including you and me) are wary about identity theft. Customers need to complain to their banks so that they learn we'd rather have PINs than signatures.

Overall credit card security will still remain terrible for a long time to come because static mag stripes still exist, and online card-not-present transactions still use static authentication data like CVV2 codes. What really needs to happen to actually improve security is that mag stripes and static numbers like CVV2 need to be flat-out outlawed. The recent "liability shift" is the opening salvo in the conversion, but we're probably still a decade away from actual security.

Comment Re:If we're going systemd, we should go full throt (Score 4, Interesting) 737

If the community get's behind systemd, it works and is/becomes usable and apps start relying on it being there - so what?

by taking over and forcing out all other options, it becomes a monoculture. and that, as we know from decades of experience where monoculture OSes have created cartels and monopolies, is incredibly dangerous.

i dedicated three years of my life - without proper financial recognition - to breaking the NT Domains monopoly, saving companies world-wide billions of dollars in the process. it is also not very well-known that i dedicated another year reverse-engineering the Exchange 5.5 protocol.

this dedication gave people a choice: they could choose to remain on monoculture monopolistic insecure proprietary and expensive per-seat-licensed servers, or they could choose to move over to software libre on any number of POSIX-compliant OSes including HPUX, AIX, Solaris, BSDs and GNU/Linux OSes - the *exact* opposite of a monopolistic monoculture. they could also choose to move to any number of proprietary solutions from companies such as Tarantella, Honeywell, Network Appliances and many more - all companies who got together because i pioneered the reverse-engineering (and wasn't murdered for doing so) which forced Microsoft to start doing proper documentation, and to sponsor CIFS conferences.

now i am witnessing a process by which everyone in the GNU/Linux community, by working in a totally dedicated way in "their corner" that has to be respected precisely *because* it is so dedicated, yet as a whole *all* of us have gone "hmmm, i'm working in my corner, the global problem isn't my problem: i'm making local decisions, here, which make my life easy and i'm doing what i think is best", totally forgetting that the overall consequences are like a shoal of fish: EVERYBODY has "flipped" - all at once - and the direction is a dangerous one that no one person has any responsibility or control over, because we are *not* a company, we do *not* have a "Board of Directors who can give us orders that we are required to follow or be fired", we are a bazaar - a self-organised group of self-organised individuals with independent free will and highly-focussed responsibilities.

the "flip" is to a dangerous monoculture position with, as we are now witnessing, absolutely zero choice (bad choices are no choice at all) - which i've warned about well over a year ago, and was told, basically, to "fuck off". well... now we begin to see the consequences.

i am running fvwm2 - i have been for 20 years - and i am using's recompiled versions of critical dependencies (udevd and others) all of which have "--no-systemd" in the files. so i will not be concerned about trojans that attack vulnerabilities in systemd, exploiting the new features such as allowing the firewall to be disabled and much, much more. but you - all you who trust the systemd authors and the desktop environments that now operate exclusively on systemd? you should be concerned.

The Courts

Insurer Refuses To Cover Cox In Massive Piracy Lawsuit ( 100

An anonymous reader writes with news that Cox Communications' insurer, Lloyds Of London underwriter Beazley, is refusing to cover legal costs and any liabilities from the case brought against it by BMG and Round Hill Music. TorrentFreak reports: "Trouble continues for one of the largest Internet providers in the United States, with a Lloyds underwriter now suing Cox Communications over an insurance dispute. The insurer is refusing to cover legal fees and potential piracy damages in Cox's case against BMG Rights Management and Round Hill Music. Following a ruling from a Virginia federal court that Cox is not protected by the safe-harbor provisions of the DMCA, the Internet provider must now deal with another setback. Following a ruling from a Virginia federal court that Cox is not protected by the safe-harbor provisions of the DMCA, the Internet provider must now deal with another setback."

Comment Re:Works for me (Score 1) 137

Manufacturers have long made custom versions of products for specific store chains, and not just TV sets. Pots and pans, clothing, furniture, most products are available to any store that's willing to pay for them. Some stores (like Walmart) have a specific price point, so the manufacturers produce a model without the chrome-plated knobs, the low contrast screens, and use only the cheapest cloned capacitors and dubious quality power supplies.

There's a lot of marketing power in it, too. Not only do they get to offer big TVs for ridiculously low prices, it's also safe to tout benefits like a "150% price match guarantee", when they have the exclusive contract to sell that exact model.

Comment Re:What's Unusual? (Score 1) 93

This new piece of malware shows sophistication of design, but that's not unheard of. Older malware was often customized by compile time switches and definitions; this just abstracts some of that away.

Many people (i.e. journalists and managers) think of malware authors as pimple-faced script kiddies hacking in their mothers' basements. They think that large, well-designed projects require teams of skilled developers who would only do so for a fat paycheck.

What's happened now is that vulnerabilities are so profitable that the threat landscape is no longer the exclusive domain of the single hacker - criminal gangs want a piece of it. They can afford to pay team salaries to engineer a solution.

And malware authors have learned to avoid the biggest risks of getting caught. In the old days a virus writer would also be the distributor. Modern authors get paid by selling their exploit code, along with customization and support contracts, to gangs of attackers. The attackers take on the risks, the developers collect fat checks. In some cases of vertical attacks (ATM skimmers for example), the "owner" of the malware uses cryptography to encrypt the skimmed data, preventing the low-level attackers from profiting from the stolen data. The profits go to the top first, and the paychecks cascade down (assuming honor among thieves.)

So what's newsworthy here is that they believe this malware to be further evidence of a new breed of well organized criminal software developers.

Comment thinkpenguin, librem and eoma68 laptops (Score 4, Insightful) 92

... y'know... it has to be said, this is precisely why thinkpenguin (and other FSF-Endorsed hardware) do wipe-it-down-to-the-bedrock products, even to the extent of replacing the standard BIOS with coreboot, and why the purism librem laptop exists (and was successfully funded last year). but even there, the problem is that for the past 15 years all intel processors have to have an RSA-signed bootloader that goes into EEPROM on-board the processor, where there's absolutely no chance of obtaining the source code for that proprietary firmware blob. you have absolutely no idea what goes into that bootloader, but it's already been demonstrated that your laptop - and your desktop - can be woken up by external network signals - without your consent or knowledge - *even when you powered them down*.

the only possible solution here is... to not use intel (or AMD) processors. and that opens up a whole can of worms, which is why i've been sponsored to make an upgradeable laptop. if any one CPU is ever found to have problems, the whole CPU Card can be popped out and replaced... *without* having to throw away the entire laptop.

designing a laptop from the ground up so that its main CPU module can be replaced... only two years ago that could have been said to be "total paranoia". now we have the kinds of stunts being pulled by Dell, Lenovo and the NSA which were only previously believed to *potentially* be carried out...

Comment Re:Awww (Score 3, Interesting) 93

Because neonicotinoids are among the safest overall pesticides that have ever been developed. They very effectively target insects, but have very minor effects on mammals. The LD50 of Safari is over 2000 mg/kg of body weight in rats. They're rated category III by the EPA, which means 'slightly toxic and/or slightly irritating.'

The big problem is with bees. Neonics are supposedly 150X more lethal to bees than to any other insect genera.

The EU has already banned neonics (possibly because population density is higher and bees may be more shared than in the US); the US is dragging their feet.

Comment Re:Translation : (Score 1) 93

Actually, they've known for several years that minute quantities of neonicotinoids cause bees to 'dance' incorrectly; where the dance no longer correctly directs other bees to their discovery of nectar. The loss of food may be partly responsible for Colony Collapse Disorder. It's not surprising that this would also lead to reduced pollination.

Submission + - Sued freelancer allegedly turns over contractee source code in settlement

FriendlySolipsist writes: Blizzard Entertainment has been fighting World of Warcraft bots for years, but TorrentFreak reports Bossland, a German company that operates "buddy" bots, alleges Blizzard sued one of its freelancers and forced a settlement where he turned over Bossland's source code to Blizzard. In Bossland's view, their code was "stolen" by Blizzard because it was not the freelancer's to disclose. This is a dangerous precedent for freelance developers in the face of legal threats: damed if you do, damned if you don't.

I like work; it fascinates me; I can sit and look at it for hours.