Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Yes, there is a simple fix (Score 1) 167

by mrnobo1024 (#44470581) Attached to: New JavaScript-Based Timing Attack Steals All Browser Source Data

How is even a malicious javascript code on one web page going to see the the content of a page that I have manuallly opened up in an entirely separate window?

It can't, but it can load that same page's URL in an iframe, and it will contain the same confidential information. Browsers try to prevent pages from reading the contents of cross-domain iframes, which is extremely difficult to do in a completely airtight manner. A much better solution would be not sending cookies on cross-domain requests and thus making it impossible for one site to load the secrets a different site is storing for you, but so far everybody is focused on treating the symptoms and not the disease.

Comment: Re:Patent-encumbered standards are stupid (Score 0) 182

by mrnobo1024 (#42702345) Attached to: ITU Approves H.264 Video Standard Successor H.265

This is the ITU, the same geniuses behind the "leap second" that crashed computer systems all over the world last June (because god forbid our clocks should ever be out of synch with the Earth's rotation by more than one second - never mind that given the way time zones are set up, many places are off by over an hour anyway). I'd be surprised if they even know what a patent is let alone why it's a bad thing to have on a standardized file format.

Comment: Re:Yeah, yeah, yeah. (Score 2) 156

by mrnobo1024 (#40185325) Attached to: The Cost of Crappy Security In Software Infrastructure

The designers of Java tried to do two things regarding security:
1. allow running untrusted code (applets) without letting it break out of its sandbox
2. prevent unsafe memory access by bounds checking, type checking on casts, no explicit deallocation

#2 is a prerequisite for #1, since if code can write to arbitrary memory locations then it can take over the Java runtime process. However, #1 is not a prerequisite for #2. Java has in practice done poorly at meeting goal #1 but has been quite solid at #2.

Comment: Re:wow, McAfee has fallen to new lows! (Score 1) 196

by mrnobo1024 (#39637747) Attached to: McAfee Claims Successful Insulin Pump Attack

Finding a security vulnerability is not "making viruses". Would you prefer that this be first discovered by someone who's not so nice as to disclose their findings, so that insulin pumps just start mysteriously "malfunctioning" and killing patients?

Regardless of what you may think of the quality of McAfee's software, they're not being anything besides white-hat here.

Comment: Re:McAfee for insulin pumps next (Score 1) 196

by mrnobo1024 (#39637641) Attached to: McAfee Claims Successful Insulin Pump Attack

That could have been believable back in the DOS days, when most viruses seemed to have no real purpose besides amusement, but today the vast majority of malware is written for profit. Selling antivirus software would be counterproductive if you're making a lot more money from owning a botnet and the antivirus would eat into that.

Comment: Re:They have a right to be angry ... (Score 4, Insightful) 151

by mrnobo1024 (#39610971) Attached to: Anonymous Hacks UK Government Sites Over 'Draconian Surveillance'

So-called "democracy" as it exists in countries like the US is a complete sham. The government can act against the public interest on literally every single issue and still stay in power: any individual is only going to be knowledgeable about a small fraction of what the government does, and a majority of people will just take the media's word for it that they're doing right on most everything else.

The only issues on which the public actually has any influence are those which our rulers recognize to be of relatively minor importance, so the parties can put on a show of virulently disagreeing on them, which makes people feel like they're actually making a difference when they throw out corporate-owned party A and put into power corporate-owned party B. On the most important issues, there's always bipartisan agreement on the wrong side.

Comment: Re:Yay! (Score 4, Insightful) 426

by mrnobo1024 (#39534157) Attached to: Adobe Releases Last Linux Version of Flash Player

I used to think of Flash as a CPU hog, but it pales in comparison to Javascript/HTML5. Even simple 2D games in Javascript will run at about 3 frames per second despite constantly using 100% CPU, and they often hog memory too (which Flash has never been all that bad about in my experience, unless you leave a dozen YouTube tabs open or something).

Annoying ads won't go away just because Flash does; they'll move to HTML5 and will be just as annoying, more resource hungry, and harder to block (disabling Javascript everywhere makes the Web unusable; a whitelist system like NoScript is going to be a necessity).

Comment: Re:WebM (Score 5, Informative) 320

by mrnobo1024 (#39345263) Attached to: Mozilla Debates Supporting H.264 In Firefox Via System Codecs

WebM supporters: Free Software Foundation, Participatory Culture Foundation, Xiph, Android, Codecian, Collabora, CoreCodec, Digital Rapids, FFmpeg, Adobe Flash Player, Flumotion Services, Google Chrome, Grab Networks, iLink, Inlet Technologies, Oracle Java, Matroska, Moovida, Mozilla, ooVoo, Opera, Oracle, Harmonic Rhozet, Skype, SightSpeed, Sorenson, Telestream, Tixeo, Ucentrik, VideoLAN, Wildform, Winamp Media Player, Wowza Media Server, XBMC Media Center, Allwinner Tech, AMD, Anyka, ARM, Broadcom, Chinachip, Chips&Media, C2 Microsystems, DSP Group, Freescale, GeneralPlus, Hisilicon, Hydra Control Freak, Imagination Technologies, Shanghai InfoTM Microelectronics, Leadcore Technology, Logitech, Marvell, MIPS, MStar Semiconductor, nVidia, Qualcomm, Rockchip Microelectronics, RayComm Group, SEUIC, Socle Technology Corp., ST-Ericsson, Texas Instruments, Verisilicon, Videantis, ViewCast, ZiiLABS, ZTE Corporation, Anevia, Brightcove, Delve Networks,, EntropyWave, Flumotion Services, HD Cloud,, Kaltura, Media Core, MetaCDN, ooyala, Panda, Panvidea, Sorenson 360, thePlatform,, VMIX, YouTube, Zencoder

You can be replaced by this computer.