Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

+ - Are code analysis tools always correct? ->

An anonymous reader writes: I work at a company that makes software for call center optimization. Recently my boss arranged for my code to be tested by IBM AppScan tools for cross site scripting vulnerabilities. It found 233 of them, but most of them are false positives. Now my boss won't ship my code and has inserted an extra level of oversite on my outputs. No doubt other developers have experienced what I have, being smarter than IBM isn't hard after all, but I'm not sure how to convince my boss of this. Any tips?
Link to Original Source

+ - Is Chrome the 'secondary' OS of the future?->

ruphus13 writes: The notion of dual OSes is not new. Of late, on netbooks especially, manufacturers are pushing dual Operating Systems, each serving very specific tasks. For example, for 'fast boot', Linux has become the 'OS' of choice, even on Windows netbooks. With several services moving to the cloud, is Chrome going to find its niche as being the 'Cloud OS' for devices? OSes like Jolicloud claim "people should be able to switch operating systems on their netbooks...Like the adoption of Firefox made Web 2.0 possible, enabling users to switch OS will accelerate the growth and benefits of open cloud computing.”. From the post, "Let’s assume that the Chrome OS cloud-only model does alienate users. In that case, could Google reposition Chrome OS as a secondary, instant-on operating system that might ship alongside other operating systems, or simply be downloadable to use that way? Could it be the OS that you hop into for a crash-proof, cloud-based experience, just as many people hop in and out of the Chrome browser for its stability and other reasons? As evidence of how achievable this would be, people are already easily running Chrome OS on Dell netbooks, and noticing how much faster than Windows it is at booting. People are also calling Chrome OS “lightning from a USB key” as they use it via USB alongside other operating systems without even having it locally installed."
Link to Original Source

Goldman Sachs Tries To Shut Down Dissident Blogger 161 161

The Narrative Fallacy sends along a piece from the Telegraph on efforts by Goldman Sachs to silence a blogger who is posting commentary critical of the bank. "Goldman Sachs has instructed Wall Street law firm Chadbourne & Parke to pursue blogger Mike Morgan, warning him in a recent cease-and-desist letter that he may face legal action if he does not close down his website goldmansachs666.com. According to the C&D letter, dated April 8, the bank is rattled because the site 'violates several of Goldman Sachs' intellectual property rights' and also 'implies a relationship' with the bank itself. Morgan claims he has followed all legal requirements to own and operate the website and that the header of the site clearly states that the content has not been approved by the bank. In a post entitled Goldman Sachs vs Mike Morgan, the blogger predicts that the fight will probably end up in court. He went through a similar battle with US home builder Lennar a few years ago after he set up a website to collect information on what he alleged was shoddy workmanship in its homes. 'Since I went through this with Lennar, I've had advice from some of the best intellectual property lawyers, and I know exactly what I can and can't do. We're not going to back down from this.'"

Comment: Re:Grey-trapping (Score 1) 109 109

The ISPs are using this approach, it's called a "spamtrap". If you look at the spamcop reports for an IP or SNDS data from Microsoft you can see the number of spamtrap hits. This does not blacklist the sender right away, but it does increase their spamscore.

I think your Yahoo situation is unlikely -- I'm sure Yahoo has some rate limiting/captcha/etc. in place to prevent someone to sign up thousands of accounts programmatically.

The Courts

George Riddick — the One-Man RIAA of Clip Art 175 175

An anonymous reader writes "Pages at ireport.com and extortionletterinfo.com have been documenting and researching the activities of George P. Riddick III, previously known for his lawsuits against IMSI and Xoom at the turn of the century. In 2007 he issued a largely-ignored press release claiming the majority of clip art online infringes a copyright and has ranted about how Microsoft and Google are stealing from him. In recent months, he's apparently made a business model of going after web site operators who were using clip art they believed to be legally licensed or public domain, telling them they're infringing clip art collections he hasn't offered commercially in years and making outrageous settlement demands. He seems to have tested the waters on this some years back, but emboldened by the passage of the PRO-IP act, he's gone aggro with it. A few dodgy anonyblogs had popped up to 'out' him as a copyright abuser, but these recent ireport.com and extortionletterinfo.com reports go much deeper in documenting and researching Riddick's recent one-man campaign to be the RIAA of clip art."

Comment: Re:Listen to yourselves! (Score 1) 378 378

KDE4's panel is one of those things that you figure out and then say "WhereTF was the tutorial for this?" That is, after you figure out that you have to manually add it because it's not there by default. You can right-click where it doesn't have any programs or on the edge, and there's a rectangle you can click+hold and drag to change size I think.

I call this the Microsoft Excel Charting experience: where you have to guess where and how (left-click, right-click,click-and-drag) to click to set various parameters. It's frankly exhausting, more like a crappy game of skill than configuration.

KDE3, conversely, gives me a tree view, and somewhere within that tree are all the settings I need. I may take a bit of time looking through the tree to find what want, but no magical clicking is required, and I don't have to guess what an option does: it's clearly labeled.

KDE4 is a massive step backwards; Gnome, which I've always detested because it's not configurable, is preferable to KDE4. I'm really at a loss as to what the KDE4 team was thinking.

Comment: Re:I like KDE 4 (Score 2, Interesting) 378 378

KDE 4.1 looks like Gnome, only worse. The default font sizes are HUGE, and the default antialiasing is horrible. The launcher button on the kicker panel, instead of just showing applications, shows a tabbed panel that starts on the "favorites" tab; to actually launch an app, I have to chose the application tab, then get a list in a HUGE font, when menu, instead of cascading, are replaced by sub-panels, and the replacement is made slower by stupid animation.

The kicker panel itself is way too large, probably 50 pixels high.

The desktop isn't a normal desktop, instead there's some pseudo-transparent lozenge in which desktop items are grouped.

When I open "System Settings", I get some multi-applet container like MS-Windows or Gnome, not the tree-view I saw in KDE 3.5. I can't even find most things I want to change (like Window Decorations) or even a menu with an about which would tell me what app I'm running.

Did I screw up the install somehow? Am I still running Gnome (no, can't be, every app starts with "K").

What the hell??? If I wanted Gnome or Vista, I'd run that crap. Why can't KDE be KDE?


I liked KDE because it was clean and functional. KDE 4.1 is a travesty.

Ok, read this bullshit marketing drivel from KDE, it reads like an MBA's sales pitch:

        However Plasma is more than just this familiar collection of utilities, it is a common framework for creating integrated interfaces. It is flexible enough to provide interfaces for mobile devices, media centres and desktop computers; to support the traditional desktop metaphor as well as well as designs that haven't yet been imagined.

Christ, man, I just want to launch an app, and occasionally glance down at the laucher to see how much battery life I have. I don't want a "framework" that can do everything.

But, says KDE:

        Plasma takes a different approach, engaging the user by creating a dynamic and highly customizable environment.

I don't want to be engaged, I just want to launch an app. I'll probably maximize that app, so the desktop won't even be getting a look.

But, says KDE, you can get rid of the gee-whiz gee-gaws:

        With Plasma, you can let your desktop (and accompanying support elements) act like it always did. You can have a task bar, a background image, shortcuts, etc. If you want to, however, you can use tools provided by Plasma to take your experience further, letting your desktop take shape based on what you want and need.

Oh, ok, that's cool. So can I get rid of the "cashew" control on the desktop?

        Although putting an option to disable the cashew for desktops sounds reasonable, from a coding point of view it would introduce unnecessary complexity and would break the design. What has been suggested is, since the destkop itself (a containment) is handled by plugins, to write a plugin that would draw the desktop without the cashew itself. Currently some work ("blank desktop" plugin) is already present in KDE SVN. With containment type switching expected by KDE 4.2, it is not unreasonable to see alternative desktop types developed by then.

So let me get this straight: Plasma's a revolutionary framework that can do things "that haven't yet been imagined." But it also supports the traditional desktop.

But getting rid on a "cashew" on the desktop is too hard to code, but if you write a trivial plugin that redraws the entire desktop (which isn't so trivial, as it's a yet unready work in progress, and won't even be possible until the next release of KDE) you can get around this unwanted "feature".

Come on, guys, your super framework requires a plugin to be written just to present a blank desktop? And plugins won't work until 4.2? And a boolean "don't show" would break the design? You guys got seduced into major mission creep.

This isn't a desktop environment, it's the dev's toy. Which is great, but don't claim it's ready for end users.


Worm Attack Prompts DoD To Ban Use of External Media 295 295

An anonymous reader writes "The Pentagon has suffered from a cyber attack so alarming that it has taken the unprecedented step of banning the use of external hardware devices, such as flash drives and DVDs [...] The attack came in the form of a global virus or worm that is spreading rapidly throughout a number of military networks."
User Journal

Journal: I'm Feeling Grumpy 1 1

My only comment on Election 2008:

It's not left vs. right, or republicans vs. democrats. It has nothing to do with political parties. Instead the simplest two sides in the most general terms are:

People who don't have much power (financial, political, business, etc...)


People who have all the power (financial, political, business, etc...)

Comment: Re:The individual is never the problem .... (Score 1) 3 3

I am speaking more about the damage that has come about from catering to the individual. It leads to people feeling they have a right to preferential treatment. This problem exists at all levels of economic status and in turn leads to people trying to find ways to use systems that might otherwise be beneficial to all for their own personal gain. All the while, their self-serving approaches slowly begin to erode the system for others who are willing to follow the rules. You see this in the people who attempt to cheat the welfare system (so called "welfare queens"). You also see it in the insider trading of the upper middle class and wealthy. Both the welfare system and the stock market can be positive systems that could benefit everyone. But for that to work, everyone involved must follow some rules.

Another less important but example of how placing focus on the individual is a detriment is the concept of "tagging" on the web. It is one of the ultimate examples of the cult of the individual. It places the importance of an individual's perceptions above formal taxonomy of information using known and predictable classifications. Tagging, might have some useful applications in some arenas, but not when you really want reliable classifications. We wouldn't want tagging to be used to classify species, or define parts of the human body, or categorize library books. But, one of those things is being talked about. Some libraries are considering moving away from or entirely abandoning the Library of Congress or Dewey Decimal system in favor of more "friendly" tagging. Can you imagine the morass that libraries would become if they rely on end-user tagging? People have enough trouble finding the books they want on the shelves today. Tagging would make that an impossible task.

Yet another bit of fallout from placing too much focus on individuals is the lack of civility that we've seen in western society. People are much more likely to place far too much importance on their own endeavors and their own time to be bothered with actually thinking of others. It is a major inconvenience for people today to think about how they affect everyone else. And I suggest that this has happened only because we've been raising one or two generations (possibly three) with the idea that they as individuals are the most important thing in life. It's led to an "I've got mine, you go get yours" attitude that is destroying civility. There is no longer any consideration for what was once called "civic duty".

Because of all of this focus on the individual, people also tend to feel that there's no reason for them to put forth the effort and hard work required to keep the rest of the world working. "Leave that to someone else. I'm busy working on making myself a success. Why should I need to know how to do X, Y and Z when I can just become a millionaire and pay other people to do this stuff for me"? The sad reality is that people with that attitude exist at every level of society and because of the cult of the individual, they have increased in number to a count that is far higher than it ever was in previous generations.

People like this used to be considered sociopaths and were ostracized for their selfish behavior. Today, they are glorified in the media as being the prime example of the highest form of human being. Just look at the number of celebrities and "personalities" who are held up as successes, completely ignoring the fact that they've done nothing for the betterment of mankind. In many cases they don't even have any real talent worthy of the attention. And yet, there they are, on display for the rest of the world to emulate.

I concur that the shepherds in this case are the advertising business within the media simply trying to separate people from their money. But, I don't see that as the real problem. The real problem, in my view, is that people are not resistant to these appeals to the individual. The small number of people who are resistant to those appeals are vastly marginalized in our society as modern day outcasts. They are the "fools" who don't see the writing on the wall. Or they are "out of touch" with the pulse of America. Or they are dull, boring and needlessly pedantic.

This cult of individuality reached a turning point enabled first by cable television and then in the 90s, by the internet. It appeals to the lazy, the mediocre and the cunning (which is not the same as intelligent or smart). That is specifically what I am talking about. The growing push for people to be like this has also been accompanied by a society-wide time impoverishment. With the lack of time to do all the things that one wants and needs to do in a day, people are content taking shortcuts. Those shortcuts are built around putting the individual in an imaginary position of authority over their own lives. But the insidiousness of the whole situation is such that the shortcuts simply mold them into the sheep that the various shepherds want.

Mostly I'm just writing this to clarify my belief that placing the focus on the individual is not a good thing. My nature is such that I've always preferred cooperative modes of working to competitive ones. The progress might not be as fast as when competition is the driver, but I think the progress is more stable, and usually fair for all. As long as everyone does the most important thing when working as a group: follow the rules.

Comment: Re:Independent Engines (Score 1) 74 74

I'm suddenly reminded of this joke:
Three prisoners were sitting in a U.S. jail, found guilty of "economic crimes" and were also comparing stories. The first one said, "I charged higher prices than my competitors, and I was found guilty of profiteering, monopolizing and exploiting consumers." The second one said, "I charged lower prices than my competitors, and I was found guilty of predatory pricing, cutthroat competing and under-charging." The third prisoner said, "I charged the same prices as my competitors, and I was found guilty of collusion, price leadership and cartelization."

"I don't believe in sweeping social change being manifested by one person, unless he has an atomic weapon." -- Howard Chaykin