Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment: best wishes ! (Score 1) 261

by swell (#49501549) Attached to: Ask Slashdot: What Features Would You Like In a Search Engine?

It wouldn't respond to my request. I had to allow a jquery script. Then it searched but couldn't find 'Benghazi'.

Things have been lost from search. Alta Vista allowed search for 'word1' NEAR 'word2', which proved very useful. Google used to give information about its finds such as date, size, ('cached' is still there, but hidden) and some things so long abandoned that I can't remember them. You know why date is important; size is also important because a very large page containing your terms is probably clickbait. A great sadness for me is that Wolfram Alpha is so wrapped up in fancy scripts that I've never been able to use it with my fairly secure Firefox (oh, it's better today).

Accurate reporting would be nice. I'm looking at a Google result that claims it found "About 54,100 results (0.46 seconds)" when actually there were only 245 unique results.

Location would be nice (maybe a flag icon from that country). An opportunity to vote the relevance of a result up or down and maybe indicate something inappropriate. Wildcards would be incredible. Apple's Spotlight search engine can now search the internet as well as local files- maybe your engine could take advantage of some sinister simpatico surreal symbiosis.

We need a fresh approach after a long period of stagnation. Who knows what clever innovation has been missed?

+ - Congress Introduces the Fair Play Fair Pay Act of 2015->

Submitted by Major Blud
Major Blud writes: Congressman Jerrold Nadler (D-NY) and Marsha Blackburn (R-TN) introduced the Fair Play Fair Pay Act today that would end regulations that don't require terrestrial radio stations to pay royalties to artists and labels. Currently, AM/FM radio stations aren't required to pay royalties to publishers and songwriters. The proposed measure requires stations that earn less than $1 million a year in revenue to pay $500 annually. For nonprofit public, college and other non-commercial broadcasters, the fee would be $100 per year — religious and talk stations being exempt from any payments. Larger radio companies like iHeartMedia (858 stations in the US) would have to pay more.

"The current system is antiquated and broken. It pits technologies against each other, and allows certain services to get away with paying little or nothing to artists. For decades, AM/FM radio has used whatever music it wants without paying a cent to the musicians, vocalists, and labels that created it. Satellite radio has paid below market royalties for the music it uses, growing into a multibillion dollar business on the back of an illogical ‘grandfathered’ royalty standard that is now almost two decades old,” said Congressman Nadler.

Link to Original Source

+ - Acetaminophen reduces both pain and pleasure, study finds->

Submitted by Anonymous Coward
An anonymous reader writes: Researchers studying the commonly used pain reliever acetaminophen found it has a previously unknown side effect: It blunts positive emotions. Acetaminophen, the main ingredient in the over-the-counter pain reliever Tylenol, has been in use for more than 70 years in the United States, but this is the first time that this side effect has been documented.
Link to Original Source

+ - Republicans introduce a bill to overturn net neutrality

Submitted by grimmjeeper
grimmjeeper writes:

A group of Republican lawmakers has introduced a bill that would invalidate the U.S. Federal Communications Commission’s recently passed net neutrality rules. The legislation, introduced by Representative Doug Collins, a Georgia Republican, is called a resolution of disapproval, a move that allows Congress to review new federal regulations from government agencies, using an expedited legislative process.

This move should come as little surprise to anyone. While the main battle in getting net neutrality has been won, the war is far from over.

+ - Duo Security iOS App Vulnerability

Submitted by dajjhman
dajjhman writes: Duo Security put out a PSA today informing users that their iOS application has not been checking the validity of SSL certificate domain names.
For those unfamiliar, Duo Security provides a 2 factor authentication system known for its implementation of push notifications to approve login requests. It is found in numerous applications, ranging from personal use to large enterprises
The vulnerability, identified as DUO-PSA-2015-002, allows attackers to use a Man in the Middle attack to see all of the network data. This was caused by a bug in a 3rd party library they used, and the announcement came along with an update to the App Store.
Duo says that due to the nature of their client-server communications, there was little risk an attacker could activate a push request as there is a client key. The PSA has not been posted to their blog at the time of this writing, but it is reproduced below.
The advisory is signed with the Duo Security PSIRT PGP key which is available from their security contact page.

Hash: SHA256

Duo Product Security Advisory

Advisory ID: DUO-PSA-2015-002
Publication Date: 2015-04-06
Revision Date: 2015-04-13
Status: Fixed
Document Revision: 2


Duo Security has identified an issue in recent versions of Duo Mobile for iOS that could allow attackers to perform a successful Man-in-the-Middle (MITM) attack against the app's TLS connections, if they can otherwise manipulate the network traffic exchanged between the mobile app and Duo's cloud service.

This issue has been fixed in Duo Mobile 3.7.1; all iOS users should update as soon as possible.


On the iOS platform, Duo Mobile leverages AFNetworking — a widely-used third-party HTTP client library — to communicate with Duo's cloud service. Recently, it was determined that AFNetworking did not validate digital certificates against server hostnames by default. As a result, Duo Mobile would e.g. consider a digital certificate for "" as valid for "" when establishing a TLS tunnel.

This behavior makes it possible for an attacker to perform a successful Man-in-the-Middle (MITM) attack against TLS connections from affected versions of Duo Mobile, if he can otherwise manipulate the network traffic exchanged between the mobile app and Duo's cloud service. This might be a risk, for example, when using Duo Mobile while connected to untrusted wi-fi networks.

However, in addition to TLS, Duo Mobile uses application-level signatures to ensure the integrity and authenticity of requests sent from Duo Mobile to Duo's service. Becauses of this mechanism, a MITM attack would still not generally allow an attacker to e.g. approve a fraudulent Duo Push authentication request.

Note: A different vulnerability was introduced into AFNetworking in version 2.5.1, and recently gained widespread attention ( Duo Mobile currently uses AFNetworking version 2.3.1, and was therefore not affected by that particular vulnerability. This is a separate — if very similar — issue.


An attacker can perform a successful Man-in-the-Middle (MITM) attack against Duo Mobile's TLS connections if he can otherwise manipulate the network traffic exchanged between the mobile app and Duo's cloud service. Duo's application-level signing mechanism still generally prevents the attacker from e.g. approving fraudulent Duo Push authentication requests. However, there are some limitations to this technique:

* Duo Mobile cannot use application-level signatures when setting up a new account, because — at this point — the app has not yet negotiated a key-pair with Duo's service. If an attacker intercepted traffic from Duo Mobile during this process, he could gain the ability to generate valid one-time passcodes and exert full control over subsequent Duo Push authentication requests intended for the targeted device.

* Requests from Duo Mobile to Duo's service have application-level signatures, but responses from the service do not. It may therefore be feasible for an attacker to manipulate details of a fraudulent authentication request such that it appears legitimate, thereby tricking a user into approving it.

Affected Product(s)

* Duo Mobile for iOS, versions 3.4 — 3.7


Duo Mobile 3.7.1 was published to the iTunes App Store on April 6, 2015. This version ensures that certificate domain-name validation is performed for all TLS connections.

Users should upgrade to this version immediately to prevent the issues described above. Note that administrators can audit their users' Duo Mobile app versions in the "phones" section of the Duo administrative interface.

As noted above, there is a small risk that users' Duo Mobile credentials could be compromised, if an attacker captured network traffic from Duo Mobile during account setup. After users have upgraded, administrators may choose to forcibly invalidate any existing credentials by re-activating users' Duo Mobile accounts in the administrative interface.

Vulnerability Metrics

Vulnerability Class: Improper Certificate Validation (CWE-295)
Remotely Exploitable: Yes
Authentication Required: No
Severity: High
CVSSv2 Overall Score: 5.8
CVSSv2 Group Scores: Base: 6.8, Temporal: 5.9, Environmental: 5.8


* CWE-295: Improper Certificate Validation —
* AFNetworking issue #2619 —
* Heartbleed Defense-in-Depth Part #2: Don't Trust SSL —


* Engineers at Duo internally discover that Duo Mobile for iOS does not correctly validate server certificates.
* Duo develops a fix and submits an updated Duo Mobile 3.7.1 to the iTunes App Store.

* Duo Mobile for iOS version 3.7.1 is approved by Apple

* Duo completes testing on Duo Mobile for iOS 3.7.1 and releases it to end users.
* Duo drafts advisory and shares it with affected Enterprise and Business customers.

* Duo updates advisory and shares it with all remaining customers.


Technical questions regarding this issue should be sent to and reference "DUO-PSA-2015-002" in the subject.

Other feedback regarding this issue can be sent to


+ - Little Languages For Compiling to JavaScript

Submitted by snydeq
snydeq writes: InfoWorld's Peter Wayner provides an overview of little languages that help you compile your code to JavaScript with surprising ease and few compromises. From Opal to Shen to PyPy, these tools enable developers to bring code written in everything from Ruby to Erlang and beyond to the Web. 'There are plenty of rationalizations that make the idea more palatable. First, JavaScript engines run much, much faster than they did in the past. Second, crafting a Web UI has never been easier, thanks to frameworks and ample HTML/CSS design talent. Third, JavaScript is becoming a bit of a lingua franca. If you can convert all of these languages to JavaScript, and the list is surprisingly long, you can also link them all together.'

Comment: xylitol (Score 1, Interesting) 68

by swell (#49455269) Attached to: Plaque-busting Nanoparticles Could Help Fight Tooth Decay

Nanobots delivering drugs to my teeth? No thanks. Xylitol sweetener will kill the bacteria, lower acidity and prevent bacteria from sticking to my teeth. And it tastes great. Don't expect your dentist to tell you about it. Don't expect to find it in your ADA approved toothpaste. Why would they want you to use it?

Just as sugar devastates your oral and physical health, xylitol benefits your health in many ways. Start here:

Comment: it's Kansas people, give him a break (Score 1) 297

by swell (#49451755) Attached to: Would-Be Bomber Arrested In Kansas; Planned Suicide Attack on Ft. Riley

Gotta say, if I lived in Kansas when I was 20 years old, I mighta done something ... something strange too. As it is I lived in another midwest state, not quite as boring. I acted out. Nobody should live in such circumstances. Everyone knows your business. Gossip. Rumors. Spiteful neighbors. If you're not a devout Christian, forget being accepted. God help you if you are LGBT etc. A simple lapse of judgement when you sorta borrow a car or release some cash from a liquor store and you're marked like forever.

When you live in such a place, even the middle east must seem a paradise. Lots of activity; while home is just oppressive stagnation. Lots of fighting for things that people believe in rather than ho-hum useless voting every few years. Real people taking their future into their own hands and not sitting back hoping for some politician to make things right. That's what I'm talkin 'bout!

So, let's have some pity on the gullible lad manipulated by the spooks at the FBI. The worst he could really do is paint graffiti on the Post Office. When he gets older we can all laugh it off as one of those adolescent pranks. Except that he'll be in prison for a very long time because there is no exception in our legal system for people of low IQ who do stupid stuff.

Comment: don't trust anything from the USA (Score 2) 100

by swell (#49451011) Attached to: Microsoft: Feds Are 'Rewriting' the Law To Obtain Emails Overseas

Every American manufacturer and service provider is suspect because of these government demands. Digital equipment may have back doors for the convenience of government spies. Cloud services are probably being watched. Software may have embedded spyware.

If you were a foreign company or government would you trust anything coming from the US? Even a US company or individual can't trust our own companies. Our government is making us non-competitive worldwide. (Open source products may be safer.)

Comment: don't feed monopolies (Score 2) 280

by swell (#49450931) Attached to: The Myth of Going Off the Power Grid

California ratepayers have lost billions of dollars to our friendly utilities. You may recall Enron, who devastated the entire state by manipulating utility prices. Now we have the power plant at San Onofre shutting down because the utilities and the government overseers were incompetent. Because the California Public Utility Commission exists to assure Wall Street profits, and not ratepayer protection, we have a few billion more in costs that ratepayers are expected to pay (shareholders are still raking in big dividends/profits).

So do you think it is a good idea to continue dependence upon the energy monopoly? How did you feel about the Microsoft monopoly? Is it good to have profit seeking telephone and cable and oil and water monopolies? When was this ever a good idea for ordinary consumers?

Comment: I will pray for you (Score 1) 91

by swell (#49412353) Attached to: Outside Beijing, a Military-style Bootcamp For "Internet Addiction"

(I have asked my sister to share my story with you, I no longer use the internet.)

When the ambulance arrived I could barely move. Lying on the floor in my own excrement, spasms jerking my body this way and that, I was not well. Not well.

The doctors determined that I was near starvation and dehydrated. They filled me with fluids. But none of that explained why I was dehydrated. My dear sister had a hunch that was confirmed by the psychologist at the hospital. They conspired with others to put me in this place.

I'm not sure exactly where I am, but I am sure that I can't find it on a Google map. They don't allow me to use computers. They said I had Internet Addiction. I think it's been around 3 weeks now. The drugs, food and kind people have been a help. I feel better. I don't know when, if ever, it will be safe for me to use a computer again.

I used to love slashdot. All you witty people who care about much more than just programming. I know you're there but I may never share your wonderful insights. Because I care so much I want to urge you to get help. Get tested. Don't let what happened to me happen to you.

Just a moment. What do you mean? It can't be! These damn drugs... Sorry people, I thought it was April first.

The world is coming to an end. Please log off.