Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: All of you are missing the point... (Score 1) 154

by mrbluejello (#45151499) Attached to: Google To Support Windows XP Longer Than Microsoft

Google is doing this to build a migration path for users XP to Chrome OS.

By 2015 Google will have a mature Chrome OS, and a huge number of XP users that have no migration path. This is a huge opportunity for Google to win these people over as users -- first as Chrome users, then as Chrome Apps start becoming plentiful through Chrome, XP users will have a way to use modern services while skipping over WIndows XP and the non-existent modern services that will be available for it.

The next step for Google is to get Windows to boot directly into Chrome instead of WIndows XP loading the Explorer Desktop. This is a trivial configuration. Every Windows XP box can be converted into a Chrome OS box once Google gets all the right pieces in place. This is a path to wean users off of Windows and onto Chrome OS.

Of course, when users have to purchase another machine, they will already be familiar with Chrome OS.

Comment: Re:Target Microsoft (Score 1) 404

> The responsible thing to do when you find a bug is to inform those who are at risk from the bug. Any delay leaves those people at risk unnecessarily, and is irresponsible.

The users were at ~0% risk until the information was disclosed in the wild (with example of exploit). It is likely that this vulnerability has existed undiscovered for months or even years. Waiting an additional 7-10 days to disclose to the world and give Microsoft the ability to patch this (or at least assess the impact) would have been the responsible thing.

If some Google researcher had to track down this vulnerability and it hadn't yet been observed in the wild, it conceivably had ZERO systems at risk. All software has defects and potential vulnerabilities, only the known vulnerabilities actually pose immediate risk. The minute that researcher fully disclosed, every Windows desktop system has become a potential target, whereas immediately before none were at risk (assuming this wasn't in the wild).

The generally accepted responsible practice is to inform the party responsible for fixing the the bug (Microsoft in this case), and give them a reasonable window of time to issue a fix. If they fail to fix in a timely fashion, or it is observed in the wild, then go full disclosure. What this researcher did was flat-out irresponsible, and considering it exposed a business rival's users to more risk, was also a malicious act.

Had the Google researcher found a security flaw in GMail or Google Drive, he most certainly would have informed the appropriate Google product team and kept the vulnerability confidential. Perhaps after resolution the researcher would have released an academic explanation of the flaw and how it was dealt with.

Comment: Re:Tip of the iceberg (Score 4, Informative) 350

If you actively block (using a powered radio-frequency transmitter) in the USA, you are in violation of FCC regulations. Prepare for the government to come at you and take your money. If you passively block through construction materials and techniques, that is 100% completely legal. There are special wall papers, paints, wall boards and other materials that can passively block radio waves. Also, incorporating steel into the construction also inhibits radio signals.