Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Re: In before Fractal of Bad Design (Score 1) 247

They were referring to being descendants of the algol programming language line, I believe.

"Unlike C and C++, Java has no concept of undefined behaviour, and does a far more complete job of insulating the programmer from platform-specific quirks."

    Very true. Java, benefiting from the experience of the languages that came before it, does a better job of insulating.

"Unlike C/C++, Java enforces left-to-right evaluation order, always uses 2's complement arithmetic (not target-platform specific), always uses big endian (not target-platform specific),"

    From the standpoint of error prone, I'm not certain on these.
        "left-to-right", I presume you mean left to right within an operator's precedence level.
            As long as the calculation result is correct, does this matter?
            W.R.T. overflow/underflow and calculation precision, I would think strict l to r within a precedence level could
                give worse results.
        "2's comp arith"
            As long as the calculation result is correct, does this matter?
            On a machine that did not do 2's comp arith, ( assuming it did the arithmetic correctly ), I would think
                that forcing 2's comp would lead to poor performance.
        "big endian"
            As long as the calculation result is correct, does this matter?
            Forcing the internals to be big endian on a little endian machine would seem to lead sub-optimal calculations.
            For stuff heading "off machine", converting to a common endian-ness would be good, but seems like a
                handled problem

"always initialises to zero (never UB), always performs array bounds checking (never UB), always checks for null when dereferencing (never UB), always checks for invalid casts at runtime (never UB), the list goes on and on."

        For the enumerated items, for most programmers, for most applications, these are all good things,
        but they do have a cost.

Submission + - The Weaknesses of Paper Ballots Revealed By Close Virginia Race

davide marney writes: The election of Virginia House of Delegates 94th district has still not been resolved due to conflicting interpretations of paper ballots that were incompletely or ambiguously marked by voters. Here are some of the dozens of news reports that have been filed documenting the twists and turns of this district's election.

A close election like this highlights the weaknesses of a hand-marked, machine-read paper ballot. Even with the error checking done by scanners at the moment when the ballots are deposited, there was still a change of 11 votes over 23,216 cast because votes that were previously considered not countable by machine in the original vote were counted by hand in the recount.

Paper ballots may allow for a much more robust recount, but that recount will be less accurate than if a software user interface were keeping the voter on the rails.

Submission + - Web Trackers Exploit Flaw in Browser Login Managers to Steal Usernames (bleepingcomputer.com)

An anonymous reader writes: Princeton privacy experts are warning that advertising and analytics firms can secretly extract site usernames from browsers using hidden login fields and tie non-authenticated users visiting a site with their profiles or emails on that domain. This type of abusive behavior is possible because of a design flaw in the login managers included with all browsers. Experts say that web trackers can embed hidden login forms on sites where the tracking scripts are loaded. Because of the way the login managers work, the browser will fill these fields with the user's login information, such as username and passwords.

The trick is an old one, known for more than a decade but until now it's only been used by hackers trying to collect login information during XSS (cross-site scripting) attacks. Princeton researchers say they recently found two web tracking services that utilize hidden login forms to collect login information. The two services are Adthink (audienceinsights.net) and OnAudience (behavioralengine.com), and Princeton researchers said they identified scripts from these two that collected login info on 1,110 sites found on the Alexa Top 1 Million sites list. A demo page has been created to show how the tracking works.

Submission + - Empirical Research Reveals Three Big Problems With How Patents Are Vetted (arstechnica.com)

An anonymous reader writes: If you've read our coverage of the Electronic Frontier Foundation's "Stupid Patent of the Month" series, you know America has a patent quality problem. People apply for patents on ideas that are obvious, vague, or were invented years earlier. Too often, applications get approved and low-quality patents fall into the hands of patent trolls, creating headaches for real innovators. Why don't more low-quality patents get rejected? A recent paper published by the Brookings Institution offers fascinating insights into this question. Written by legal scholars Michael Frakes and Melissa Wasserman, the paper identifies three ways the patent process encourages approval of low-quality patents:

-The United States Patent and Trademark Office (USPTO) is funded by fees—and the agency gets more fees if it approves an application.
-Unlimited opportunities to refile rejected applications means sometimes granting a patent is the only way to get rid of a persistent applicant.
-Patent examiners are given less time to review patent applications as they gain seniority, leading to less thorough reviews.

None of these observations is entirely new. But what sets Frakes and Wasserman's work apart is that they have convincing empirical evidence for all three theories. They have data showing that these features of the patent system systematically bias it in the direction of granting more patents. Which means that if we reformed the patent process in the ways they advocate, we'd likely wind up with fewer bogus patents floating around.

Submission + - Some Sonos and Bose Speakers Are Being Hijacked To Play Ghostly Sounds (theverge.com)

An anonymous reader writes: Researchers at Trend Micro have found that certain models of Sonos and Bose speakers have vulnerabilities that leave them open to hijacking, as reported by Wired. The accessible speakers are being exploited by hackers that are using them to play spooky sounds, Alexa commands, and Rick Astley tracks. Only a small percentage of speakers by the two companies are actually affected, including some of the Sonos Play:1, the Sonos One, and the Bose SoundTouch. All it takes is for the speaker to be connected to a misconfigured network and a simple internet scan. Once the speaker is discovered via the scan, the API it uses to talk to apps can be utilized to tell the speakers to play any audio file hosted at a specific URL. Of all the models, between 2,500 to 5,000 Sonos devices and 400 to 500 Bose devices were found by Trend Micro to be open to audio hacking.

Comment Deload (Score 2) 133

How do you avoid information overload?

Make space in your life.

1. Stop reading the news. It's amazing how (1) information isn't really all that important, nor informative and (2) you tend to get to know important information by IRL socialising.
2. Deactivate your Facebook. Or at least, remove the bloody app from your phone and stop checking it every damn day.
3. Socialise with real people, in real life. Have meaningful conversations.

Slashdot Top Deals

COMPASS [for the CDC-6000 series] is the sort of assembler one expects from a corporation whose president codes in octal. -- J.N. Gray

Working...