Please create an account to participate in the Slashdot moderation system


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Comment Re: In other news, SANITIZE YOUR DAMN INPUT. (Score 1) 79

Well, that assumes a supermarket self-checkout. (Which, admittedly, is the most likely possible use for this kind of attack.) But there are other places where barcode readers are there for the general public to use.

As an aside, the barcode readers I've encountered at work do not need to be put into a programming mode. But on the other hand, my employer tends to go for inexpensive equipment...

Comment Re: In other news, SANITIZE YOUR DAMN INPUT. (Score 1) 79

There thing is that these scanners can be programmed to accept only a number of characters but nobody bothers to do so.

It probably wouldn't make that much difference anyway. Typically the only way to program barcode readers is by using special barcodes from the manual or printed out from the manufacturer's software. An attack would just need to start with the special barcode for 'enable these characters'.

Comment Re:In other news, SANITIZE YOUR DAMN INPUT. (Score 1) 79

Well, maybe. Evidently there is some case to be made for it being possible to use control characters in a barcode, else the standards wouldn't include them. It must be useful to someone, somewhere. So it shouldn't really be up to the scanner hardware to say "yeah nah, not passing that on, ever".

And as others point out, it's not really within the scope of applications to decide whether or not certain keypresses go through to the OS. So what does that leave us? Really just the device driver for the barcode reader. If it were possible to set as an option in the device driver "ignore control characters from this 'keyboard'", that'd do it.

Comment Re:Its laugh track is a crime against humanity (Score 1) 406

I don't doubt that many do it that way, but my own (admittedly limited) experience is a similar, but less dishonest/manipulative method.

Some years ago, I was at the recording of a comedy panel show (Good News Week back when it was on the ABC, in case there are any Australians of the right age reading). The show gets recorded, various bits get trimmed out for various reasons - so it'll fit in the time slot, because they messed something up, excessive swearing, etc. Before the show starts, they played clips from previous shows, including things that were funny but had to be left out for time, things that were hilarious but too sweary, etc. Same ultimate effect; warming the audience up, but it's all still from the show's own merits.

Comment Re:Yeah, nah. (Score 3, Informative) 576

It took this? Not our general policy of running around the world tampering with governments, murdering people, and blowing up cities for profit?

Those did kill it most of the way, and the "somewhat interested" is conditional on some pretty unlikely things, such as someone else footing the bill for the trip.

Comment Telnet (Score 1) 620

The oldest technology currently in use at my workplace is telnet. The clients for the system we use are glorified telnet clients with a couple of things bolted on, but for compatibility with the handhelds we sometimes use, it has a mode for working with straight telnet. I sometimes use that from PuTTY or a Unix command line.

Comment Re: I wonder... (Score 1) 277

Absolutely those are the problems with that approach. And, for the record, I've been saying for years that the NT server needs replacing, and it looks likely to happen soon as its hardware continues to get less reliable. But the fact remains that many things do not get upgraded because of one simple factor: "this works now, and may not after an upgrade". Hell, there's plenty of stuff out there that still runs DOS.

Comment Re:I wonder... (Score 1) 277

Yes, they have made a lot of changes, but those changes have only pissed off the tablet users. So now you have an OS that not only desktop users don't want to use, but tablet users don't want it either.

Sounds like a step in the right direction; the insistence on using the exact same UI on tablets and desktops is the biggest thing wrong with Windows 8. Which no-one really wants to use on either desktop or tablet anyway, so I'm not really seeing a lot of downside to these changes.

Comment Re:I wonder... (Score 2) 277

Sure, businesses upgrade when they need to. Never a moment before there is a serious, compelling NEED to upgrade; typically something they absolutely need to operate absolutely needing the newer version, or existing hardware failing and new purchases coming with the new version. The business I work for has mostly XP workstations, and the server that we rely on most is running NT 4.0.

"Upgrade when you need to" is secondary to "if it ain't broke, don't fix it". Whatever shiny new features the newer version has, there are always teething problems with an upgrade. They could be minor, such as needing to tweak the config of something and only taking a few minutes. Or they could be major, such the software you need not working properly with the new version and needing some rewriting, taking who knows how long. And there's no way of knowing ahead of time what it'll be, so upgrades are always a crapshoot on how much productivity you'll lose in the process.

Comment Re:Nope (Score 1) 531

It's nice that there is an option to disable it - even if it is indirect. But the fact that the "feature" is there at all still offends me. When the makers of a browser decide it's a good idea to turn my browsing history into targeted advertising, I decide a different browser is a good idea.

I've been making less use of Firefox in general in recent years anyway, but this is the straw that broke the camel's back. Firefox gets uninstalled on all my machines.

"Help Mr. Wizard!" -- Tennessee Tuxedo