Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:Will Power Shell become useful? (Score 1) 285 285

Because this is a direct outcome of configuring secure-by-default. It's there to stop people shooting themselves in the foot the first time they try. Don't like it? Try one of the FIFTEEN WAYS you can run a powershell script without requiring a policy change.

I personally prefer #9 but YMMV.

Comment: Re:Clean room implementation? (Score 1) 223 223

And why should developers and other companies "benefit from Java API's good design with $0 license payment"? That's exactly why Oracle are introducing their Licensed Java Developer program. For only $10,000 per annum, you can be certified to write code that uses the Java API. If you're writing for a company, that company will need to be part of the Licensed Java Application program too, at $25,000 per annum. Extra programs can be brought under the same company umbrella for just $5,000 each. Please note that this program only covers internal applications used by staff, and interested organisations should ensure they comply with the Licensed Java User and Licensed Java Non-Staff User agreements. Applications and code delivered over the Internet will require the organisation owning the code to comply with the terms of the Licensed Java Internet Application agreement, and pay the annual $100,000 fee to Oracle.

You might need a few <sarcasm> tags there, but I do wonder how far Oracle will try to push this.

The next problem though is this. If the Java API is copyrighted, then _any_ API must also be copyrighted. Thus the following are also all copyrighted works which you can't use without the owner's permission:

  • * int main (int argc, char**argv)
  • * int swap (int a, int b)
  • * Any C/C++ header file
  • * Any object hierarchy, containing at least one class, method or property

You.can't specify a level of complexity (it will be gamed) so you cannot avoid even the simplest "API"s from being copyrighted. It's not quite "the end of the world" but it's a pretty good attempt.

Comment: Re:"Need more info" (Score 1) 486 486

No, unless it is or can be economically comparable to costs at the time it is commercially available, it's next to useless. You seem to have forgotten inflation, price gouging, increases in demand from consumers etc.

You're suggesting that if it's commercially available in (say) 10 years, and approximately a 1:1 direct replacement for fossil diesel, it has to sell for about $2.80 a gallon (at today's prices from some presumably US site called "Daily Fuel Gauge Report"), even if fossil diesel is selling for $6.00 a gallon. That's illogical.

Comment: Re:Help me out here a little... (Score 1) 533 533

Imagine you have a power supply with a 0V ground, a +5V supply and a +12V supply.

Now connect a resistive load with the input lead on +12V and the ground lead on +5V. You now have a +7V delta and are treating the +5V supply line as if it were ground.

Often done in building PCs to be quieter (as the fans move less air, but are significantly quieter).

Comment: Re:It's quite simple really... (Score 1) 158 158

Yes, OK, somehow it's Microsoft's fault that the web developers completely failed to produce a site that works in real IE. So by that logic, it is also Mozilla's fault that Firefox doesn't work, and Google's fault that Chrome doesn't? Of course not. You just wanted an excuse to play in the big boy pool didn't you? "See, I'm just like you popular kids and I fit in because I'm copying your behaviour, two seconds after you do it".

Where's your browser, AC? Which browser deployed across millions of PCs did you write? And why won't you take responsibility for it failing to work with this site? And why do you and Google and Mozilla and Microsoft keep disagreeing on the way the box model works, and where the lines go, and what spacing is what? Oh, because the spec is ambiguous you say? Still must be your fault then!

I'm all for bashing Microsoft when they do stupid stuff. But if you want to be effective, wait until it's actually their fault.

Comment: Re:How many minutes until this is mandatory? (Score 1) 287 287

Meanwhile here in AU, it's quite common to see dual-sided speed signs. The "front" has the normal road speed (which might be 110km/h - around 70mph). The "back" has a roadworks speed limit of 40km/h (25mph). Watch for shenanigans as the Ford sees the wrong sign on the wrong side of the road (not uncommon either) and suddenly decides the road is 1/3 of the normal speed.

Comment: Re: Positive pressure? (Score 1) 378 378

No, they actually usually mean LPG. I think it's only the US that conflates these terms (IME most other countries call the liquid fuels for vehicles "petrol" and "diesel"). In a gas attack, the criminals generally bring along a compressed cylinder of LPG - open the valve and the pressure causes the flammable and explosive gas to be expelled, into the air vents of the ATM. Add sparks and boom.

Comment: Re:Ways to protect vs DDoS (Score 5, Interesting) 336 336

None of these protect against a volume-oriented DDoS. Many are DoS only (single / few sources) and do not apply when every IP on the Internet appears to be sending thousands of requests, or more likely, responses. Further, you've completely ignored spoofing of addresses combined with amplification attacks (send out a 64 byte DNS request pretending to be the DDoS target, get 4kB sent to the target). Finally, regardless of the 50-100Gbps pipes MS, Sony and Amazon no doubt have, they're useless when there's 1Tbps of amplified crap directed down the pipes. With the example above, you'd only need about 4Gbps of bandwidth total (40 cheap VPS on "100Mbps" connections) to generate 256Gbps of DDoS.

When 256Gbps of rubbish arrives at your servers or firewalls ... registry settings and kernel tweaks do jack (note that CloudFlare was hit 11 months ago with more than 400Gbps of DDoS, so this is not implausible!)

And since it seems it was apk I'm replying to ... I'm actually half surprised you didn't try to claim that a HOSTS file would magically help.

Comment: Re:Bad for small business owners (Score 1) 396 396

Buddy, you can get a certificate for less than FIVE US dollars per year. Is that too much for you?

Actually yes, frankly it is. Because according to Google's overpaid, brain-dead Chrome developers, I need one for the KVM, one for each of the management cards in the servers, one for each of the appliances I have (from DVRs to firewalls etc), one for each little device with a web server (assuming it even supports writing a certificate to storage, and config for HTTPS), one for each workstation or server with an app or config UI. Quick count for my house alone ... 47 certs excluding the devices that quite literally have NO way to store and use a cert. I simplified too by assuming the devices supporting certs can handle SHA256 (thanks Google for THAT little recent shitfight). And the certs don't support SANs nor do CAs allow local names, so I have to use the correct FQDN all the time now (no more http://dvr/ or typing the IP - now it's And what have I gained? I've had to spend $230+ and several hours of work to avoid irrelevant anti-sec warnings, on devices no-one can get to except me. It's bulldust.

Comment: Re:So perhaps /. will finally fix its shit (Score 1) 396 396

And that adequately reflects the rest of the world how? I have customers with multiple 5Mbps connections (literally the best they can get, there IS NO FIBER) at $400/month. They have dozens of users, 10-100MB files to send and receive, every day, and therefore a local caching proxy is the only way they can get any reasonable web access at all. But go on believing the rest of the world is like your little Utopia.

Comment: Re:Does HTTP/SSL force one IP address per www doma (Score 1) 396 396

No - this problem is solved with SNI (Server Name Indication) which is part of all the current browsers, and has been for a while now. The client tells the server which certificate to return (which hostname it's going to ask for) in plaintext. There's probably a module you need for Apache to support this - IIS finally does it natively, so I'm sure it was already there in Apache/nginx.

Comment: Re:Stupid (Score 2) 396 396

And forcing SSL does nothing to prevent your employer setting up an SSL proxy with a wildcard certificate, decrypting everything you request, and tracking you anyway. I've set up MITM proxies for companies before, and it's literally 10 minutes of effort in most cases (because the end-users already trust the corporate CA). And if you think the Government can't MITM you as well you haven't been paying attention for the last 12 months.

There is no opinion so absurd that some philosopher will not express it. -- Marcus Tullius Cicero, "Ad familiares"