Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Not a huge change. (Score 1) 109

Honestly, the most noticeable change was that the font changed on the tabs and URL bar.

Oh gawd, this obviously means that Firefox will have to make the same change in their Chrome-clone browser. I dread it every time Google makes a change because I know it'll be in the next release of Chromefox...

Comment: Re:research funded by DARPA (Score 1) 40

by arglebargle_xiv (#49352525) Attached to: MIT Debuts Integer Overflow Debugger

Okay, research paid for with my tax dollars. Where can I download it?

You can't. The title should have read "MIT Publishes Paper Discussing Alleged Integer Overflow Debugger That You'll Never Be Able to Get Your Hands On".

(Incidentally, this isn't the first paper on a tool like this. None of the tools have ever been released for general use, although you can occasionally find buggy, research-prototype level code somewhere. I played with one a year or two ago, after several hours of rewriting their code to try and get it working on something other than the one specific configuration of some old Linux distro they tried it with I gave up).

Comment: Re:Duh (Score 1) 23

by arglebargle_xiv (#49352511) Attached to: 'Bar Mitzvah Attack' Plagues SSL/TLS Encryption

The flaws in RC4 have been known about for a long time but were thought irrelevant in the scheme of SSL/TLS to the point where RC4 was the preferred cipher suit only a few years ago as it was one of the few that were able to mitigate the BEAST attack. So the GP's comment that there's no surprise since RC4 has been known to be weak for a decade isn't quite the full story.

At least part of the fault lies in the TLS standard and standards process itself. While TLS includes extensive processes for adding new mechanisms of all types to the protocol (and dear God has there been a mountain of crap shovelled in there over the years), there's no procedure whatsoever for taking things out (apart from the very ad-hoc "ZOMG THE SKY IS FALLING TELL EVERYONE NOT TO USE THIS ANY MORE" approach). So the single biggest step towards fixing these problems (there's many of them) is to build in some way of removing these ancient, flaw-riddled mechanisms.

Comment: Re:Congress is a bunch of fucking retards (Score 2) 131

I think that the reason is DoD. A really good telescope could as well be turned towards Earth

You'd think that after President Clark did that with the planetary defense grid, any new deployments would have safety interlocks to prevent it from happening again.

Comment: Re:NameCheap (Score 5, Funny) 295

by arglebargle_xiv (#49281373) Attached to: Ask Slashdot: Advice For Domain Name Registration?

I'd be happy to recommend NameCheap for .com and domains as well. But I have a question about domain name registration myself: I'll soon have to register some .cn domains, does anyone know a good registrar for .cn domain names with IDNA support?

Check your spam folder for many messages from providers who'd be more than happy to register a .cn for you. They'll also sell you bulletproof hosting if you need it.

Comment: Re:No thanks... (Score 4, Funny) 138

by arglebargle_xiv (#49281367) Attached to: Windows 10's Biometric Security Layer Introduced

So the last sentence in the summary should have read "We've heard time and time again how insecure passwords are, and Microsoft is aiming to replace them with a password-equivalent where you can never change your password when it's compromised, you leave copies of it on everything you touch (or look at), and which can be defeated with a bit of gelatin or a printout of a photo".

Yay, Microsoft!

Comment: Re:Yet another Ted Cruz bashing article ! (Score 1, Insightful) 416

by arglebargle_xiv (#49273271) Attached to: Politics Is Poisoning NASA's Ability To Do Science

While I don't agree with the OP, it does seem to be gratuitous bashing of Cruz. AFAIK what he's pointing out is that NASA was chartered to explore space (the NOAA, not NASA, was chartered to do climate research), and yet in my entire lifetime, apart from the 1970s-era Space Shuttle, the only thing of note they've managed to do in this area is launch a few remote/robot probes. Holy fsck, this is an organisation with an $18 billion/year budget that's done basically nothing to further getting mankind into space since the Apollo program ended over forty years ago. They've been busy dicking around with various expensive toys for the last several decades, cancelling one pie-in-the-sky project after another, and presumably will be relying on some of their huge budget to eventually rent room on Russian, or Chinese, or Indian, or whoever else gets there, missions to the moon or Mars.

Looked at another way, if some pro-science senator came along and told them to get their s**t together, would there be such an outcry?

Comment: Re:I must be missing something. (Score 1) 240

Clicking on one icon to switch to "metro" and then clicking on another to switch to "desktop" doesn't seem terribly cumbersome.

Installing Window Blinds and Start8 as a one-off doesn't seem terribly cumbersome, and then you have the UI that Microsoft should have given you in the first place (best ever response to this was taking my laptop in to Microsoft and having a MS person staring over my shoulder and eventually asking "what is that and where can I get it too").

Comment: Re:Must be designed secure - not "coded" (Score 5, Insightful) 69

by arglebargle_xiv (#49247425) Attached to: OpenSSL To Undergo Massive Security Audit

Couldn't the first step be libreSSL? They cleaned out a ton of junk and applied some uniform coding standards. That would be much easier to audit, and a much sounder base. Flag as Inappropriate

Exactly (no mod points left, sorry). Auditing OpenSSL makes about as much sense as auditing Windows 95, we already know it's broken beyond repair, and any further effort expended on it is just throwing good money after bad. Focus on something that's worth going with, like LibreSSL, or something that was never OpenSSL to begin with.

Comment: Re:The moan of sour grapes (Score 1) 450

by arglebargle_xiv (#49231073) Attached to: Reactions to the New MacBook and Apple Watch

For me, Swiss watches represent the pinnacle of hand crafted micro engineering. I also own a quartz watch that keeps better time and runs for years on a single battery for a micro-fraction of the cost (and requires no expensive servicing). So what? I find it refreshing to use an entirely mechanical device with amazing latent complexity. It serves a single purpose simply and elegantly yet almost perfectly.

Same here. I have an Atmos clock, which is entirely mechanical. You're supposed to get it serviced every 30 years (mine has just gone in for its second service, the first in the time I've owned it). The standard models are meant to run for about 400 years, the fancier ones like the du Millenaire are calibrated out to 3000 AD, although I'm not sure whether civilisation will still be around then if something goes wrong.

I'll bet the $10,000 Apple watch will be a piece of expensive inanimate jewellery long before my clock goes in for its third servicing.

Comment: Re:Fire them quickly. (Score 2) 255

by arglebargle_xiv (#49231047) Attached to: On Firing Open Source Community Members

Had an interesting discussion about this with some fellow geeks over steak recently, one of them proposed firing the bottom 80% of all your developers. Reason: Not only are they not contributing much that's useful, they are in fact a negative input on productivity since the other 20% who are useful have to go round cleaning up the mess they make.

I'm not sure if it's 80% (I'd say maybe 50%), but I know too many situations like this, where the clueless/incompetent are not only not doing anything useful but actively preventing the competent from getting their work done.

(The problem, which was pointed out at the time, is identifying who the incompetent 50% are. Many of them are where they are today because they know how to manipulate the system, rather than because they're any good at what they do).

Comment: Re:Standards (Score 1) 29

by arglebargle_xiv (#49195493) Attached to: Firefox 37 To Check Security Certificates Via Blocklist

"The prescribed global standard doesn't work so we're just going to roll our own. Twice."
Great. Thanks for that. Not "we will penalise sites that don't allow OSCP pinning because we think it's necessary" but "bugger this, we'll apply our own definition of what can be trusted or not to every user"

The reason for using this alternative to the alternative is because any kind of blacklist-based security doesn't work. It rates #2 in the six dumbest ideas in computer security, with default-allow (which arguably is the problem that blacklists are trying to deal with) at #1. First there were CRLs, which don't work. They were replaced with OCSP, which doesn't work. Now we have cert blacklists, which are fairly recent so they haven't failed often enough for it to be obvious to everyone that they don't work, but give it time...

Once they fail, the browser vendors will come back with version 4 of the dumbest idea, then version 5, and then version 6, and they'll just keep on doing the wrong thing over and over and over until eventually it starts working, dammit!

What is worth doing is worth the trouble of asking somebody to do.