Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Comment Re:Stupid (Score 1) 396

This is a dumb idea. A very dumb idea.

Since we're assuming MITM, what happens when I inject javascript into the page? Even assuming the browser prevents me from leaking the PROT header, I can still have it make arbitrary requests using your session.

What happens when I just block the original response, pretend your session died, and serve up a bogus login page that gives me your credentials?

Comment Re:Stuck between a rock and noplace (Score 4, Informative) 68

The paper explains it.

It is to support old servers (ancient Cisco gear comes to mind) that can't properly negotiate newer TLS versions. Unfortunately those failed negotations don't fail, er, gracefully -- it just kills the connection. Browsers (Chrome, Firefox, probably others) retry using SSLv3. Why? There's a lot of old gear out there.

Comment Er, what? (Score 5, Insightful) 191

though it might be as simple as including a Micro-USB-to-Type-C adapter with every new smartphone

This is genius.

"This new connector, whose only value is that it's reversible, doesn't work on the billions of existing devices. Why don't we include a non-reversible adapter?"

Hell, for extra convenience, just leave the adapter on the cable all the time.

Comment Re:Job Hopping (Score 2) 282

You're externalizing blame.

If you have a problem with 'hoppers' have you looked into why you're failing to retain people?

Small companies are especially bad for that: fewer employees means fewer paths for personal/professional advancement: there's nowhere 'up' to move, and wearing a half-dozen hats might seem like variety at first, but you'll be wearing those same hats forever. It's too bad that they have less room to take the hits from people leaving and new people coming up to speed, but it's also unreasonable to expect people to stick around past the point they gain anything from the exchange. People *should* be moving on when they feel they're stagnating.

Comment Re:so how fast is fast..? (Score 1) 117

I have an x230 that I put a Corsair SSD in. It's running Ubuntu 13.10, so I guess it's running a 3.11.something kernel. On resume I can see the kernel block for 10+s (by the timestamps in dmesg) waiting for my SSD to get its act together. Screen is on, lockscreen is displayed ... but I can't enter a password because the entire system is waiting on the disk.

It sounds like I will benefit from this.

Submission + - Researchers Create Tiny, $20 Car-Hacking Tool (forbes.com)

Sparrowvsrevolution writes: At the Black Hat Asia security conference in Singapore next month, two Spanish researchers plan to demo a small gadget they built for less than $20 that can be connected to a car’s internal Controller Area Network to allow hackers ot wirelessly inject malicious commands affecting everything from the vehicle's windows and headlights to its steering and brakes. Their tool, which is about three-quarters the size of an iPhone, draws power from the car’s electrical system and can wait for minutes or years before relaying a wireless command to the car's network via Bluetooth or GSM sent remotely from an attacker’s computer. They call it the CAN Hacking Tool, or CHT.

Just what the CHT can trick a car into doing depends on the model--the researchers tried four different vehicles and managed to only fiddle with windows and lights in some cases, while triggering anti-lock brake or emergency brake systems in others. For some of the cars, the device could only be planted by gaining access under the hood, but in other cases, it could be attached to the network just crawling under the car.

"It can take five minutes or less to hook it up and then walk away,” says one of the researchers. “We could wait one minute or one year, and then trigger it to do whatever we have programmed it to do.”

Submission + - What site would you recommend to replace Slashdot? 1

koreanbabykilla writes: Now that it looks like I'm no longer going to be able to use Slashdot due to beta.slashdot.org, I need somewhere to kill a few hours a day at work. Any suggestions?

Submission + - Kim Jong Un, Ghost of Hitler, Announce Approval of Slashdot Beta

An anonymous reader writes: The Supreme Leader of the Democratic People's Republic of Korea and the ghost of the former leader of National Socialist German Workers' Party have approved of the new Slashdot Beta site in a rare instance of agreement amongst the two. The two strong personalities have a history strong disagreement of the most mundane of things but united today outside the Great Pyongyang Unicorn Lair with Slashdot Editor Samzenpus to show support. "Morale at Dice [Slashdot's parent company] is at an all time low, but the show of support from such great world leaders is an encouragement to the entire team", said Samzenpus.

Submission + - CowboyNeal Locked In Basement For Opposing Slashdot Beta (dice.com) 23

Robotron23 writes: Slashdot's finest editor to date has been mercilessly locked in a basement filled with fuzzy dice Dice created to furnish Google's self-driving cars. Screaming, followed by sounds of frenzied masturbation, have been reported from the subterranean dungeon. "There's no way enough ejaculatory fluid is getting sprayed on our dice to make us care about this deluded protestor's opinion." a Dice executive commented earlier. Former Slashdot owner turned professional millionaire Robert Malda, expressed support: "No porn. More dice than a casino. Lame."

"All the people are so happy now, their heads are caving in. I'm glad they are a snowman with protective rubber skin" -- They Might Be Giants