Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:we ARE different (Score 3, Insightful) 355

That Africans have, on average, lower IQs, is a scientific fact

Which only tells you that IQ tests do not measure intelligence. Some people have even reported average scores for sub-Saharan countries that would qualify as mentally retarded in the Western world. This clearly does not make sense as the same group of people tends to do just fine when being raised in a first world country.

Comment Re:Not a very exciting name (Score 1) 150

There is marketing research that shows that people remember words with hard consonants better. So a word like "Nokia" or "Kodak", is in some ways a measurably better brand than a word like "Lumia".

If you only care about people rembering your brand name (and not about the associations that come with it), then "Ebola" would be even better.

Comment Re:AWS losing $2 billion a year? (Score 1) 150

Given the new information, then it doesn't matter. AWS is running at some sort of loss, but the question is why are they running at a loss.

Everyone is running cloud services at a huge loss because prices have been driven down so much that it is simply impossible to run a profitable cloud service. Of course, the companies are doing that to drive their competitors out of the market and profit afterwards by using a combination of price hikes and vendor lock-in effects.

Comment Re:I have an idea (Score 1) 174

I just tried and successfully passed the variable "_BASH_FUNC_thingy" with the value "my_attack" through my apache web server to a CGI script using a url entered into a browser.

No, you get something like QUERY_STRING="_BASH_FUNC_thingy=my_attack", which is harmless because function definitions inside QUERY_STRING are not being evaluated after the last update.

Comment Re:I have an idea (Score 2) 174

Unless of course the malefactors know this and stick BASH_FUNC_ in front of their exploit strings.

This won't work because an attacker will only be able to manipulate the content of some environment variable, but not its name. And being able to manipulate arbitrary environment variables has always been equivalent to being able to execute arbitrary code. Think LD_PRELOAD or IFS, for example.

Comment Re:I have an idea (Score 1) 174

How about releasing a version of bash that has function passing disabled.

People are using this feature and taking it away will break stuff. The latest update (not sure whether Apple already ships it) stores all function definitions with a prefix of BASH_FUNC_, and function definitions are disabled for all variables not starting with the prefix. This allows to retain the feature, but prevents the execution of malicious code at the same time.

Submission + - DHL Goes Live With "Parcelcopter" Drone Delivery Service

jones_supa writes: In December, Amazon announced that it intended to deliver packages to customers using drones. But its initiative was widely ridiculed for being an over-hyped announcement with little to show for it. This summer, Google demonstrated its own drone-based delivery service, using a fixed-wing aircraft to deliver little packages to farmers in the Australian outback. But now, German delivery firm DHL has beaten the tech firms to the post, announcing a regular drone delivery service for the first time, nine months after it launched its "parcelcopter" research project in December 2013. The service will use an quadcopter to deliver small parcels to the German island of Juist, a sandbar island 12km into the North Sea from the German coast, inhabited by 2,000 people. Deliveries will include medication and other urgently needed goods. Flying under 50 meters to avoid entering regulated air traffic corridors, the drone takes a fully automated route, carrying a special air-transport container that is extremely lightweight as well as weatherproof.

Submission + - Remote exploit vulnerability found in bash (csoonline.com)

kdryer39 writes: A remotely exploitable vulnerability has been discovered by Stephane Chazelas in bash on Linux and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271. This affects Debian as well as other Linux distributions.

The major attack vectors that have been identified in this case are HTTP requests and CGI scripts. Another attack surface is OpenSSH through the use of AcceptEnv variables. As well through TERM and SSH_ORIGINAL_COMMAND. An environmental variable with an arbitrary name can carry a nefarious function which can enable network exploitation.

Comment Re:Anonymous public peer review (Score 1) 167

As I am not a user of the PubPeer platform, I cannot judge if comments meant to attack the reputation of an other due to private disputes commonly occur. Furthermore, such attacks with other motive as pure improvement of scientific publication quality are difficult to spot, because this is what anonymous commenting enables to do.

If somebody presents evidence for image manipulations, then why would you care whether this was posted because someone has an axe to grind?

Comment Re:Anonymous public peer review (Score 1) 167

Anonymous review is usual in the peer-review processes of most journals, but these comments are in general non-public or at least reviewed by an editor before publication. Some reviewers choose to do their peer-review work without the cover of anonymity and I encourage this. If you have constructive criticism on the work of an other and can this criticism is well founded, you can very well do it openly.

No, you can't. Most active scientists do not have tenure and therefore openly criticizing the work of a bigwig in the field would be extremely dangerous, even when perfectly justified.

Something like PubPeer is extremely tricky. It's an open door to abuse and for commenter to wash their dirty linen in public.

Can you provide an example of someone using a service like PubPeer to wash dirty linen? I have a hard time to imagine how this could be done, especially if you want others to take your allegations seriously.

Comment Re:Easy solution (Score 2) 348

I wouldn't be surprised to see countries such as BRIC members, EU members, or other countries start trying to woo the best and brightest for economic gains.

I think this focus on the "best and brightest" is actually a part of the problem. Sure, you'll need certain skills to run a research group, but these skills are found in many people and not just in the top of the batch. Beyond a certain point, the individual abilities of a researcher tend to be only weakly correlated with the actual research outcomes. There are many examples of people doing amazing science even though they are generally not considered to be top-notch scientists, even including Nobel laureates.

Science is an inherently risky business, with most scientists not finding out anything really exciting during their entire career and only very few ones will hit something that turns out to be really big. But you cannot possibly know in advance what this next big thing is going to be and who will find it, otherwise this wouldn't be science at all. In such an environment, the best investment strategy is to allocate your funds evenly across as many scientists as possible (I think it was Taleb who showed that). Of course, you have to make sure that each scientist gets enough money to run his or her group, but this optimal strategy is exactly the opposite of the current trend towards mega-chairs involving multiple labs and dozens of grad students and postdocs.

Comment Re:Mandatory linux 4.3 upgrade (Score 1) 174

Correct me if I'm wrong but doesn't pulse running at the user level only allow ONE user and system-wide utilization is vehemently discouraged by the developers for SECURITY reasons?

No, it's the other way round: Running PulseAudio as a system daemon (as opposed to the default way of per-user sessions) has security implications.

Slashdot Top Deals

The trouble with opportunity is that it always comes disguised as hard work. -- Herbert V. Prochnow