Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Back for a limited time - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Comment Re:let them start their own (Score 1) 135

RELX, the parent holding company in 2014 had revenues of 5.77B euros and net profit of 955M euros - 16.5%. That includes all lines and overhead. In the segment breakout, Sci/Tech/Med revenue was 2.048B euro w/ adjusted operating (not net) profit of 762M, 37.2%

Those figures are hadly that of an abusive monopoly.

Comment Re:let them start their own (Score 1) 135

That figure is vastly underestimated. It does not account for any human time, either in technical administration or copy editing and proofing. Hosting at a shared host? Are you kidding? The chosen archiving 'solution' strikes me as abusive of original author copyright but regardless, who is doing the day to day backups? Where are they stored? Who is doing restoration? What happens when free helpers leave? Get sick?

This type of setup may be appropriate for something in-house, like a departmental journal but I think it fails on many levels when it comes to the requirements of the real world. I shudder to think of something like Physical Review being run this way.

Comment Not that worried (Score 0) 123

Stagefright 1.0, however, was exploited via a specially crafted MMS message which were at the time automatically processed by Stagefright. Google’s patch means Stagefright no longer does so, especially in new versions of Google’s Messenger and Hangouts apps. With Stagefright 2.0, Avraham said the most logical attack vector would be the mobile browser where an attacker tricks the victim via phishing or malvertising to visit a URL hosting the exploit. An attacker could also inject the exploit via a man-in-the-middle attack, or host a malicious third-party app that uses the vulnerable library.

If you are really scared about MMS its pretty easy to fubar the settings to enable delivery of MMS messages. No big loss in the age of whatsapp, kik, line.

On the new variant it seems no different than desktop. Don't click links or view pages that may be dodgy. Don't download a ton of shit apps. And if someone is bothering to MITM you, problems are deeper than the exploit.

Comment More than just initials (Score 2) 118

There are really two components to this. First, is the time/effort/expense worth it to gain knowledge that may be useful in your profession or career generally. Second, will that certificate confer any additional monetary benefits or different/more advanced position in the near term.

The former is completely independent of the latter. Not everything you may know or do is assigned a tangible value by your current or future employer but having such knowledge may make your job easier to do or allow you to outperform others.

The later may often be true for all but the most specialized certifications. Rather than just list a bunch of acronyms it might be better to reference having 'a number of additional certifications in related fields' and allow the hiring firm to enquire further if they are interested. By doing so you show you continue to improve and stay current for its own sake and not to wave a bunch of letters at someone.

Comment Cyanogenmod has gone downhill a bit (Score 2) 87

As another example, in late June they promised final snapshot images of CM11 for all devices. Yet relatively few actually got an update while their build system continued to churn out nightlies. Comments on the original blog post are ignored. Sure we all know it is free but don't promise people something if you have no intention of delivering on it.

Comment Android or is it Java? (Score 1) 105

Perhaps someone with more Java/Android experience can elaborate but my quick read on serialization leads me to believe that this is a flaw in Java itself and that per the below, while steps can be taken to mitigate the risk, it can't be eliminated.

While the patches xed the specic instances that
we had found, we feel that a general problem de-
serves a general mitigation, reducing the impact of
such serialization attacks. Since Bundles are very
common in Android’s Inter-Process Communication,
we suggest changing the Bundle’s default behavior
that automatically instantiates all of its values (under
BaseBundle.unparcel, that is invoked by any ’touch’
of the Bundle) to a lazy approach, i.e. retrieving
only the values of keys it is asked for. Of course by
design the problem will still remain, but will depend
more on specic developer’s code, so less apps will
be vulnerable if another vulnerable class is found,
signicantly narrowing the attack surface.

Nobody said computers were going to be polite.