Become a fan of Slashdot on Facebook


Forgot your password?
Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Comment Re:Fake God Detector, Blamed For Hundreds of Death (Score 1) 141

How is the parent not yet modded Troll?

A) Anybody who wants to study the science behind those things can do so, and there is quite sufficient evidence (replicated continuously in labs all over the world) for the latter two (assuming you mean Darwin's theory of evolution by natural selection, and yes, speciation through evolutionary response to environmental pressure has been demonstrated in the lab). The effect of the first is still hotly (haha) debated, but the basic science behind it - humans emit literal tons of CO2, CO2 causes greenhouse effect, greenhouse effect warms the planet - are quite thoroughly understood.

B) Can you find me anybody, anywhere, who was killed for not believing in any of the above three things? I'd call you a blithering idiot to your face, but I wouldn't have you killed even if I was dictator of the world and could get away with it. It bears no resemblance to the kind of fanaticism that leads to mass murder.

The evidence is present and sufficient, and nobody is demanding you accept it. You might find yourself lacking opportunities to breed with anybody that has an IQ above room temperature, but such it the price of being vocally moronic.

Comment Re:Public key pinnng (Score 1) 87

It would work with a preloaded pin list similar to the HSTS preload list, for sites that should use HTTPS even on the first visit. It would also work for sites like Google properties (in Chrome) or Mozilla properties (in Firefox) where the expected cert is baked into the browser even in advance of HPKP deployment.

It would also work if nobody was intercepting your traffic the first time you visited the site. You would only be in danger if you were being intercepted every single time, including the first time, with this rogue certificate. That's a relatively low-risk threat, though the possibility of such interception does exist and this is why HSTS has a preload list.

But yes, this kind of pwned-before-you-even-start thing is Really Bad.

Comment Re:They cost enough money, they have to be good. (Score 1) 207

Luxury, yes, but I'm not actually sure about the margins. They make money on every car sold, but they still end up in the red most quarters due to things like R&D costs. Now, maybe they just spend a ton on R&D (and probably also things like Supercharger stations, the new factory, etc.), but they aren't exactly raking in the dough the way "high margin" implies.

Comment Re: Smart move. (Score 2) 207

Recalls are usually checked at routine maintenance time, too. My Subaru (I'd love a Tesla, but they don't suit my driving needs) got a couple of minor repairs - nothing likely to be life-threatening, just stuff that would probably cost them more to repair if they ignored it - for free when I took it in for its scheduled maintenance.

Now, Teslas don't need a lot of servicing, but they do get some. I'm sure some people will schedule a special service time to have the seatbelt checked, but for most people they'll probably just give the belt a good tug / look at and poke the bolt, conclude that it's fine, and forget about it until the next time they take their car in for routine maintenance. At that time, the tech will spend the extra few minutes - highly unlikely to average anywhere near half an hour - to check it themselves.

Still, good on Tesla for doing this. Remember that, for people who bring in their car *just* for this recall, there's a lot of overhead and it ends up costing much more than just the tech's time. Still probably not a major amount, even if a lot of people do participate in the recall outside their scheduled maintenance cycle, but non-trivial.

Comment Re:Never been accomplished? (Score 1) 131

Emulators are run-time, this is compile-time. The closest thing I'm aware of it WineLib, which lets people compile Win32 code for Linux or OS X, and takes care of stuff like translating DirectX calls to OpenGL ones. It's reasonably "successful" in terms of usage, but far from complete or bug-free. A lot of apps just won't work through it, and many others will exhibit new and exciting bugs.

Comment Re:Technically true but completely wrong. (Score 1) 181

Whoops, thanks, you're right. Three options for what the machine does when the configuration changes, including do nothing, switch automatically, or prompt. That's even better than needing to set it beforehand or trusting Microsoft to get it right. I primarily run Win10 on a desktop, so I hadn't seen the prompt.

Comment Technically true but completely wrong. (Score 4, Informative) 181

I take it you not only haven't used, but haven't even *seen* Win10?

If your computer has an attached keyboard and you don't go well out of your way to do so, you will never see "Metro" in Win10. No full-screen Start, everything runs in a window, no Charms bar, no App Bar, etc. Windows Store apps (including the Store itself) now run in windows on the desktop. Title bars are visible at all times and can be dragged, edges can be dragged to resize, apps can be snapped with desktop apps, and so on.

Now, if your computer is a tablet without an attached keyboard, then yes, the OS will default to "tablet mode" with the full-screen apps and so on. You can tell it not to do so, though; it's a simple setting (Settings -> System -> Tablet Mode). You can change the current mode, the default mode, and whether it automatically switches depending on the hardware configuration.

Comment Re:Maybe Cook is jealous (Score 1) 478

The sad thing is, the Surface RT (and Windows RT generally) would have had a chance if MS has just not crippled the thing with insane lockdowns. It had the full Win32 and .NET 4.x APIs, used standard driver models so you could easily add support for devices that used its full-size USB port, and supported a bunch of features found in no other mainstream ARM tablet (full file system access, built-in script engines, multi-user capability, Windows networking, placing any windows you wanted to side-by-side, booting off removable media, browser with developer tools, etc.). It had compelling hardware, aside from the lowish screen resolution (and it's not *that* low, the MacBook Air has the same resolution, but cost a hell of a lot more).

It was trivially easy to port many Win32 programs to it; if they would compile in Visual Studio 2012, you could compile them for RT. .NET programs didn't even need re-compiling. Drivers built using the modern driver kits were as easy to port as Win32 programs; some open-source drivers were successfully ported, and Pluggable even managed to get theirs USB Ethernet dongle's driver signed by MS before MS backpedaled on that. The bitch was getting past the stupid signature checks (most people were even less lucky than Pluggable). You could compile (where needed), and you could copy the programs to the tablet. You could even tell it to run them as Admin. But, without a jailbreak or a Microsoft signature (not just any Authenticode signature, it had to be from specific Microsoft keys), it wouldn't run.

That doomed the whole RT ecosystem. The app store's offerings were neither plentiful enough nor desirable enough to make the tablet worth its price (which was good for an 8-hour-battery laptop, but high for an ARM tablet). The initial jailbreak brought a surge of interest in porting open-source programs, and even led to the development of an x86-to-ARM dynamic recompilation (like emulation, but faster) layer that allowed running unmodified Win32 programs, including some old games. For months, MS didn't bother people who were finally getting to use their tablets as actually computers... and then 8.1 came out, and they blocked the jailbreak four different ways. There's a new jailbreak out now, but people just don't care much anymore. I don't know what idiot at MS thought that making RT even less useful was going to increase sales, but they traded in their .22 pocket footgun for a .50 fully automatic footrifle, and people just stopped bothering with it.

Comment Re:"Tries too hard to do too much" (Score 3, Informative) 478

* Only if you don't include the weight and battery life among those specs. As a computer, it's overpriced. As a *portable* computer, it's just about smack in the middle of the pack for its class, price-wise.

* Switch the touch keyboard to the "Standard" or full layout. It has the meta keys you are looking for. You may need to enable it. In Win10, the setting is at Settings -> Devices -> Typing -> "Add the standard keyboard layout as a touch keyboard option".

* In desktop apps (i.e. non-Store apps), tap-and-hold is always right-click. In Win8.x Windows Store apps, right-clicking brings up the app bar; you can also achieve this by swiping in to the screen from above or below.

* I generally avoid the app store stuff - for me, its limitations aren't worth it, even in a touch environment, and that's without even getting into the fact that it's a DRM system.

Comment You trolling? (Score 1) 140

For a "fundamentally broken" browser, it's very good at rendering web pages, has nicely configurable settings, is quite stable, and very fast. Do you have an actual objection to any aspect of it, or are you just talking out your ass? You don't even present a subjective, much less objective, fault in the browser. I could mention a few, but eh, none count as anything like "fundamentally broken".

Comment Re:Would it kill you to mention the vulnerability? (Score 1) 115

It's an OS commend injection vulnerability. Deserializing an object should not, by itself, ever execute arbitrary code. The only function that automatically runs on a deserialized object is that object's readObject function, which should in no way be usable to execute an arbitrary OS command. Apparently the writers of this library would find that concept bemusing.

This isn't a matter of

Deserialize the object, see if it's an instance of FootGun, and if so call its shoot() function. We're just that stupid.

This is more a matter of

Well, we expect an object of type Foo, but it should matter what it is as long as we don't call any functions on it and it can only be something in our server's classpath anyhow. Let's deserialize it to see what it is. Huh, it deserialized to a FootGun instead, and for some reason the FootGun class automatically calls shoot() upon deserialization!
  Why the fuck do we even have a self-firing FootGun in our classpath, anyhow?

In case you missed it, the Apache Commons Collection library is, for some reason, shipping a self-firing footgun. They should patch that.

I've got a bad feeling about this.