Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re: Then what's the point? (Score 1) 266

Obviously Firefox wasn't shamed last year, or they would have tried to improve security.

It is a bit premature to say this. Mozilla has been working on some major security enhancements, it is just not done yet.

Rust is a language with heavy emphasis on security, among other things it guarantees memory safety, and threads without data races, which are 2 of the most common sources of security vulnerabilities in every software. Mozilla is building a new rendering engine called servo in Rust, with an explicit goal of enhancing security.

Comment Statistics you don't see (Score 1) 571

So a few people have died by GPS because they drove to the wrong place.

What the moronic article fails to take into account is how many deaths have been prevented by GPS.

How many deaths have been prevented because without the GPS they would have driven to the wrong place?
How many deaths have been prevented because the driver was not distracted looking down a map instead of keeping the eyes on the road because they had turn by turn instructions?

Comment Re:Uh... let me think about it (Score 4, Insightful) 571

You're better off having GPS than not having it

Depends on how you're defining it. Following word-by-word directions as seems to be so popular today--you're better off without that. Having a map, on which GPS will show you where you are, that's great. You know where you are and what's around you. But following directions blindly--and you don't have any choice but to follow directions blindly if you don't have a map--you're not better off with that.

So, you are saying we are better off taking the eyes off the road to look down on a map while doing 70 mph?

Have some people died because the GPS took them to the wrong place? sure, I have no trouble believing it.
But how many deaths have been prevented by GPS because drivers were not distracted trying to figure out where to go?

Comment Re:Alternate title (Score 0, Troll) 133

Alternate title: "India insists on network neutrality"

And this is a prime example of why network neutrality is _wrong_.

Here is a company, willing to offer free access to some content to many people. People would obviously benefit, otherwise nobody would use it. The company (facebook) would benefit, by having more customers and what not. It is a clear cut win-win. The only party that is negatively affected are competitors ISP which are surely lobbying at the TRAI ears.

So government steps in and makes it illegal for said free service to be provided, arguing it is the best for its people.

The net neutrality advocates completely ignore the fact that people (like in this case) would actually prefer a free non network neutral service than an expensive network neutral internet access.

This is slashdot, 9 out of 10 are in favor of net neutrality, so go ahead, mod me down.

Comment Re:Prior art? (Score 1) 129

except that insurance is not about being dumb to save money and having someone else pay for it. and it's not like you're going to pay the bill of tens of thousands of $$$ all by yourself

In other words, you are saying that it should be illegal for me to ride with someone that does not have insurance? Whether I pay or not, makes no difference in your argument, so by your logic, It should be illegal for me to share a ride with a friend if his insurance won't cover me.

Even though I already have my own medical insurance that will cover me.

Once again, I should be FREE to choose what I want, and not be dictated by a bureaucrat hundreds of miles away that is so full of himself that he thinks he knows what is best for me.

Comment Re:Prior art? (Score 1) 129

That's perfectly fine so long you don't get injured in a car accident with your unregulated, uninsured driver. Who foots the bill for your hospital stay? Uber? Good luck with that.

It should be me.

If I get into an uber card that has no insurance, I am assuming responsibility for my medical bills if something happens. If I don't want that, then I can simply request that the driver has insurance and I would pay a little more for it.

Comment Re:Prior art? (Score 2) 129

This will be random people under no regulations driving you around for a fee.

What if that is all I want. What if I don't care at all if my driver has a taxi license, proper insurance and liability? Why should I as a customer be forced to pay for those things? Heck, I would much rather see great reviews for an uber driver than a taxi license.

In the land of the free, it should be up to me if I want the extra assurances or not, not up to some bureaucrat sitting in some office hundreds of miles away, because he thinks he knows better and forces me to use the more expensive service "for my own good".

You complain that taxis have a lot more requirements than uber drivers. Well, the solution is simple: remove those requirements from taxis. If they are important to customers, they will chose the taxi driver that meets the extra requirements and pay the associated premium.

Comment Re:Human drivers are terrible (Score 1) 748

The point is that human drivers are idiots and drive in all sorts of unpredictable ways

You got this backwards. The point is that perfectly abiding by the law is not the safest way to drive. Don't just assume the law is right because it is the law, it was put in place by humans who make mistakes. Rather take this opportunity to improve the law such that it more closely reflects the safest way to drive.

Comment Re:Self-fulfilling prophecy? (Score 1) 241

There's no actual security issue there. How can one client POST something and the response from that request go to a completely different client? They can't. And if the user's client machine is compromised to inject javascript in a post, well, um, what is the point of sending it to the server to have it send it straight back?

You are right, there is no actual security issue in this constrained example because one would not attack himself, it is just a bug that cannot be exploited. But you can easily see where I was going. When you are displaying content entered by a different user (it would not be in the $_POST variable) that is when it would turn into a security issue. This happens very often.

Comment Re:Self-fulfilling prophecy? (Score 4, Insightful) 241

There is more to it than simply being popular. Consider a case where you want to output data that the user posted in a form. The obvious way to do it in PHP is this:

Hi <?php echo $_POST['name']; ?>.

In fact up until a few years back, the php tutorial had code like this.

This is vulnerable code, the values posted may contain javascript, and the browser would execute it happily. If you are displaying content that other people posted, then a malicious user can easily exploit this code to hijack other users sessions. This is known as XSS (Cross site scripting), and it is one of the most common vulnerabilities in PHP code.

The secure way is this:

Hi <?php echo htmlspecialchars($_POST['name']); ?>.

A good language should be designed in such a way that the simple way is the safe way, and make you be more explicit if you want something else. For example the php expression blocks should do html escaping, and when you don't want escaping you would use a more verbose command that would make it clear that you are outputting a trusted value. In the name of convenience PHP is plagued by questionable design decisions like this. register_globals was on by default up until php 4.2, it is incredibly easy to write sql injection vulnerabilities in php if you are not paying attention, etc.

Comment Re:I don't think... (Score 1) 411

Atheism seems to have it's own type of religion. A cult with an agenda.

What the actual fuck?

From the dictionary:

Religion: the belief in and worship of a superhuman controlling power, especially a personal God or gods.

As an atheist myself, I do not believe in the existence of any superhuman controlling power, God or gods. Atheism is by definition not a religion.

From the dictionary:

Cult: a system of religious veneration and devotion directed toward a particular figure or object

Once again, no religious veneration here at all. No rituals, no candles, no penitence, no cards, no inferring anything based on star positions at the time of birth .

I don't meet with a bunch of atheist to worship our supreme leader that will guide the world towards a god free society. I do not give a shit what other people believe, I simply do not believe in any type of supernatural higher power. There is no agenda, I have no interest of convincing anybody to be atheist, I don't want to overthrow anything, being atheist means one thing only: we do not believe in god, anything else is beyond being atheist.

If there are atheists that want to change something, i.e. they have an agenda, that is _them_. Saying that atheist have an agenda because a few atheist do, makes as much sense as saying that Christians are pedophiles because of a few priests. You can't even say "most atheist are xxx" because there is no actual number to back that up. All you can possibly say about a person that identifies himself as an atheist is that he does not believe in any god.

So please realize generalization is the mother of all bigotry, and try not to prejudge people on the simple fact that they don't believe the same thing you do.

Slashdot Top Deals

"Though a program be but three lines long, someday it will have to be maintained." -- The Tao of Programming