Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: Re:What are natural flavors, really? (Score 1) 163 163

Artificial colors and flavors have little to do with "flavor-ant that has been isolated and extracted (with chemical processes and solvents in most cases) starting with a natural source and the same chemical that has been produced with a chemical process starting with purified raw ingredients". Most are carcinogens or hormonal disruptors.

The dose makes the poison. Water can be toxic if consumed in large quantities. Mercury can be harmless or highly toxic depending on which type of molecule you ingest and in what quantity.

Red #40 is harmless in the quantities used. Hint: that box of Froot Loops has less than a drop in it. But I would not want to drink a pint of the stuff.

Comment: Re:Conterproductive, perhaps? (Score 5, Informative) 79 79

No, the law isn't about hacking. Bill C-51 gives the government power to share information about citizens between departments. It also authorizes heavier surveillance, stronger powers of arrest, while not adding any accountability.

http://www.michaelgeist.ca/201...

Comment: Re:Those of you who are? (Score 1) 156 156

I appreciate software is different than engineering, but the collaboration, mentoring, and comorodory of an open office environment really helps build the business for us. While I do have an office

You like the open office environment, although you have your own office... how nice. Open offices are really nice as long as it is someone else dealing with being packed in like cattle.

+ - SF Says AdWare Bundled with Gimp Is Intentional-> 5 5

tresf writes: In response to a Google+ post from the Gimp project claiming that "[Sourceforge] is now distributing an ads-enabled installer of GIMP", Sourceforge had this response:

In cases where a project is no longer actively being maintained, SourceForge has in some cases established a mirror of releases that are hosted elsewhere. This was done for GIMP-Win.

Editor's note: Gimp is actively being maintained and the definition of "mirror" is quite misleading here as a modified binary is no longer a verbatim copy. Download statistics for Gimp on Windows show SourceForge as offering over 1,000 downloads per day of the Gimp software. In an official response to this incident, the official Gimp project team reminds users to use official download methods. Slashdotters may remember the last time news like this surfaced (2013) when the Gimp team decided to move downloads from SourceForge to their own FTP service.

Therefore, we remind you again that GIMP only provides builds for Windows via its official Downloads page.

Note: SourceForge and Slashdot share a corporate parent.
Link to Original Source

+ - SourceForge wraps open source software in adware

An anonymous reader writes: "SourceForge, the code repository site owned by Slashdot Media, has apparently seized control of the account hosting GIMP for Windows on the service, according to e-mails and discussions amongst members of the GIMP community—locking out GIMP's lead Windows developer. And now anyone downloading the Windows version of the open source image editing tool from SourceForge gets the software wrapped in an installer replete with advertisements."

+ - Sourceforge re-packaging old software with adware

Koyaanisqatsi writes: As previously reported here, the Windows installer for the popular GIMP image editing software has been bundled with additional commercial software. What seems most disturbing is that apparently Sourceforge is making these changes to a number of other less-active packages in their site, according to reporting by Ars.

Note: SourceForge and Slashdot share a corporate parent.

+ - SourceForge grabs GIMP for Windows account, wraps adware installer

An anonymous reader writes: SourceForge.net, the code repository site owned by Slashdot Media, has apparently seized control of the account hosting GIMP for Windows on the service, according to e-mails and discussions amongst members of the GIMP community — locking out GIMP's lead Windows developer. And now anyone downloading the Windows version of the open source image editing tool from SourceForge gets the software wrapped in an installer replete with advertisements.

+ - Two Programmers Expose Dysfunction and Abuse in the Seattle Police Department->

reifman writes: Programmers Eric Rachner and Phil Mocek are now the closest thing Seattle has to a civilian police-oversight board. Through shrewd use of Washington's Public Records Act, the two have acquired hundreds of reports, videos, and 911 calls related to the Seattle Police Department's internal investigations of officer misconduct. Among some of Rachner and Mocek's findings: a total of 1,028 SPD employees (including civilian employees) were investigated between 2010 and 2013. (The current number of total SPD staff is 1,820.) Of the 11 most-investigated employees—one was investigated 18 times during the three-year period—every single one of them is still on the force, according to SPD. In 569 allegations of excessive or inappropriate use of force (arising from 363 incidents), only seven were sustained—meaning 99 percent of cases were dismissed. Exoneration rates were only slightly smaller when looking at all the cases — of the total 2,232 allegations, 284 were sustained. This is partly why the Seattle PD is under a federal consent decree for retraining and oversight. You can check out some of the typically excellent Twitter coverage by Mocek from his #MayDaySea coverage.
Link to Original Source

Comment: Re:Not a Piece of Shit (Score 2) 128 128

One of the requirements of PCI compliance with the credit card companies is that you don't use default passwords in any equipment tied to the card transaction.

Which makes this even more interesting. Based on the password and the fact that a paperclip is required I know the specific vendor and equipment to which the article refers, despite the authors going to great lengths to omit that information. The vendor is a big one and their equipment is involved in millions of electronic payments made every day. You could even say they are "the way to pay." In fact, they are involved in PCI certification for most production deployments involving their hardware: most, but not all, because certain deployments using default configurations do not need additional certification, just a quick verification that IP addresses and the like are properly configured.

I understand the need for a default password, but it really should be changed. That being said, the encryption keys are not accessible using that password. They are stored in a hardware module that self-destructs if you tamper with it. They can only be set in one of two secure locations both controlled by the vendor: if you attempt to use any other means to mess with the keys, bye-bye memory card that stores them. This is bad, but not as bad as it sounds at first.

Comment: Re:call the library ? (Score 3, Informative) 246 246

If there's a real incident in progress, this wouldn't work. They'd either not answer, or be compelled by the people with guns to tell the cops that everything is a-okay.

I agree, nobody would answer. From the summary, nobody even has to read the article for this one:

...claimed to be holed up in the town's closed public library with two hostages and a bomb.

Comment: Re:The big advantage of XOR (Score 2) 277 277

I might be missing something, but if you encrypt the plaintext by XOR ing it with itself, wouldn't you get an easily decryptable to letter frequency attack cypertext?

You get a string as long as the plaintext consisting of NUL characters (0x00).

Comment: Re:the US 'probably' wont use a nuke first.... (Score 1) 341 341

Also, this author probably doesn't have a security clearance, so pretty much all the sources of info he is going to have access to is going to be by definition declassified.

By definition, classified information released into the world and publicly available is still classified. It still has legal protections, including being a felony for distributing it.

In practice in 2015 this policy is ineffective, but it is still the law. Back when a leak meant photocopying secrets and giving them to the Soviets it made more sense. Now that we have the Internet, Wikileaks, Snowden, Manning, et al. it does not make a lot of sense but it does not have to as long as we are talking legal definitions.

+ - Defending Privacy Doesn't Pay: Cdn Court Lets Copyright Troll Off the Hook->

An anonymous reader writes: A Canadian court has issued its ruling on the costs in the Voltage — TekSavvy case, a case involving the demand for the names and address of thousands of TekSavvy subscribers by Voltage on copyright infringement grounds. Last year, the court opened the door to TekSavvy disclosing the names and addresses, but also established new safeguards against copyright trolling in Canada. The court awarded only a fraction of the costs sought by TekSavvy, which sends a warning signal to ISPs that getting involved in these cases can lead to significant costs that won't be recouped. That is a bad message for privacy. So is the likely outcome for future cases (should they arise) with subscribers left with fewer notices and information from their ISP given the costs involved and the court's decision to not compensate for those costs.
Link to Original Source

"It takes all sorts of in & out-door schooling to get adapted to my kind of fooling" - R. Frost

Working...