Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment: Re:lol, Java (Score 1) 79

by StikyPad (#48870017) Attached to: Oracle Releases Massive Security Update

I mean, when you qualify your comparisons by using ambiguous, ill-defined phrases like "well written," you can say anything. Novels are less interesting than a well written comic. Rules are less useful than a well written law.

Java is generally going to require less effort to port unless you're using platform-specific libraries, and that's easy to avoid since so much is included in the JDK.

As for the security of that code, everything may be within your control in C, but that doesn't come without some cost -- namely requiring deep knowledge of everything that's within your control to avoid creating your own security holes. And if you're using third party libraries (which is typical) then you're sacrificing some degree of control anyway. This is especially true if they're closed-source libraries, but even with open source, many people just trust that someone else has reviewed the code.

Comment: Re: The Dangers of the World (Score 2) 783

by StikyPad (#48832499) Attached to: Parents Investigated For Neglect For Letting Kids Walk Home Alone

Yes it is. Perfection is the enemy of good enough, but that's what people expect these days. The pursuit of perfection has a large cost, in time, money, and freedom while wasting all of those on an unachievable goal. What else are you willing to sacrifice for perfect security?

Comment: Re:Pope Francis - fuck your mother (Score 2) 893

by StikyPad (#48822637) Attached to: Pope Francis: There Are Limits To Freedom of Expression

Thank you. I was going to make a post along the same lines, and you've done it better than I could.

I agree that there's some amount of wrongness to mocking, diminishing, devaluing, or invalidating other people's religious beliefs, feelings, etc. It may (and should) be legal, but that doesn't make it ethical. It doesn't justify a response though. Two wrongs don't make a right.

The problem is that Islam doesn't call for pacifism against offenses; it calls for vengeance through physical punishment and/or death. Since there's no shared doctrine, the pope can't use scripture to accomplish his political goal of showing common ground with Muslims.

On the one hand, I think it's potentially beneficial to demonstrate common ground between the two major religions, and empathy with the feelings of the faithful regardless of their faith. On the other hand, sometimes it's better to just lead by example.

Comment: Not a problem (Score 1) 303

It's really only a problem if it results in the miscarriage of justice; otherwise it's just a potential problem. There are lots of potential problems in any situation, and no reason to believe (or evidence provided) that this potential problem is dire enough to warrant more attention than any other aspect of the case. But since the judge has been addressing it all along, a better headline might be: "Judge ensuring adequate explanations of technical issues. Nothing to see here."

Besides, the case doesn't rest on understanding Tor -- Ulbricht was observed accessing and communicating via the dreadpirateroberts account. You don't need to trace a phone call to demonstrate that someone on the other end is who you say they are; just show that they were observed on the other end of the phone while you were talking to them. This isn't rocket science or voodoo. And even if their evidence was purely circumstantial -- say DPR consistently appeared online when Ulbricht was at a computer, and never when he was away from a computer -- circumstantial evidence is still evidence.

It appears from everything we know thus far that Ulbricht was definitely the person responsible for running the site. Personally, my only concern is that they're using parallel construction (aka lying) to build the case.

Comment: Re: Status on other UNIX like kernels (Score 1) 84

by StikyPad (#48821731) Attached to: OpenBSD's Kernel Gets W^X Treatment On Amd64

ASLR is already implemented in Windows (since Vista for libraries, and 7 for kernel, IIRC) and OS X (since 10.5 for libraries, and 10.8 for everything), in iOS since 4.3, Android since 4.0.

I'll leave it as a judgment call to the reader as to how effective/successful any of those have been.

Comment: Re:Status on other UNIX like kernels (Score 2) 84

by StikyPad (#48812833) Attached to: OpenBSD's Kernel Gets W^X Treatment On Amd64

Still of limited value. ROP already bypasses DEP/NX protections, which are required for W^X to be effective. ROP techniques are used to great effect in iPhone jailbreaks.

These protections may guard against a (very small subset of) casual attackers, but they're just another minor hurdle for determined attackers.

For a primer, see also: (And the rest of the article.)

The biggest security advantage that BSD has is being such a small target.

Comment: Re:Just hire a CPA (Score 1) 450

It takes me about as long to do my own, including entering the cost bases for investments and mortgage interest payments. For those doing cost-comparisons, I eke it out of my "non-income-earning time" instead of my "income earning time," which makes it a net gain, at the cost of a little less enjoyment that day, and a little more enjoyment with the money I save. I've received one letter from the IRS, and it took about 5 minutes to reply. It's not rocket science. And I never get a refund, because I don't overpay my taxes in the first place.

When bad men combine, the good must associate; else they will fall one by one, an unpitied sacrifice in a contemptible struggle. - Edmund Burke