Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Submission + - Researchers reverse-engineer Dropbox cracking heavily obfuscated Python app

rjmarvin writes: Two developers were able to successfully reverse-engineer Dropbox http://sdt.bz/64049 to intercept SSL traffic, bypass two-factor authentication and create open-source clients. They presented their paper, "Looking inside the (drop) box" at USENIX 2013, explaining step-by-step how they were able to succeed where others failed in reverse-engineering a heavily obfuscated application written in Python. They also claimed the generic techniques they used could be applied to reverse-engineer other Frozen python applications: OpenStack, NASA, and a host of Google apps, just to name a few...

Submission + - ICANN working group seeks to kill WHOIS (computerworld.com.au)

angry tapir writes: An Internet Corporation for Assigned Names and Numbers (ICANN) working group is seeking public input on a successor to the current WHOIS system used to retrieve domain name information. The Expert Working Group on gTLD Directory Services (EWG) has issued a report that recommends a radical change from WHOIS, replacing the current system with a centralised data store maintained by a third party that would be responsible for authorising "requestors" who want to obtain domain information.

Submission + - Ask Slashdot: How do you prove an IT manager incompetent?

An anonymous reader writes: I have been asked by a medium-sized business to help them come to grips with why their IT group is ineffective, loathed by all other departments, and runs at roughly twice the budget of what the CFO has deemed appropriate for the company's size and industry. After just a little scratching, it has become quite clear that the "head of IT" has no modern technological skills, and has been parroting what his subordinates have told him without question. (This has led to countless projects that are overly complex, don't function as needed, and are incredibly expensive.) How can one OBJECTIVELY illustrate that a person doesn't have the knowledge sufficient to run a department? The head of IT doesn't necessarily need to know how to write code, so a coding test serves no purpose, but should be able to run a project. Are there objective methods for assessing this ability?

Submission + - Slashdot has racist fortune file 1

An anonymous reader writes: Found this on the bottom of the slashdot page:

    Q: What do you say to a Puerto Rican in a three-piece suit? A: Will the defendant please rise?

Really? Is that supposed to be funny?

Submission + - 13 Geeky Items To (Secretly) Wear To The Office (forbes.com)

Esther Schindler writes: Not everyone works in an office where superhero t-shirts are acceptable. Sometimes you have to play Clark Kent... but with superhero underwear.

In that vein: Carol Pinchefsky found a few fun things for you to wear to your next business meeting that happen to be subtle and not easily recognizable as geeky. "This way you can maintain your superhero- (or space hero-)inspired confidence while keeping your geeky proclivities on the down-low," she explains. "Plus, if you meet someone who does recognize these items, you may have made a new breakroom buddy."

(Yes, this is a slide show: I admit it. But these things are inherently visual, so it's justified. Plus, it might make you giggle, or rush over to /r/shutupandtakemymoney. I don't foist such things on you usually, do I? Trust me. Or at least buy me the Wonder-Woman underwear and the Starfleet Academy class ring.)

Submission + - Practical HTTP Host header attacks

An anonymous reader writes: Trusting HTTP_HOST and its cousin SERVER_NAME has long been regarded as risky behavior. Nonetheless, plenty of popular web frameworks and applications still implicitly treat these user-supplied variables as entirely dependable. Practical HTTP Host header attacks introduces and illustrates two techniques that exploit such mistakes in Django, Joomla, Gallery and Varnish to poison caches and password reset emails alike. If only there was a canonical solution...

Submission + - FreeBSD Core Developer Charged With Terrorizing Tenants (theregister.co.uk)

An anonymous reader writes: Prominent FreeBSD developer Kip Macy has been charged with waging a campaign of terror against people renting apartments in a six-unit building he owns. He stands accused of cutting out floor supports to retaliate against a tenant who went to court to keep from being evicted. Macy also shut off the tenant's electricity, disconnected his phone and had workers saw a hole in his living room floor. Other tenants claim the programmer-turned-landlord and his wife broke into their apartment and stole $2,000 worth of belongings. The couple was arrested Tuesday and charged with multiple felonies, including burglary, stalking, grand theft and shutting off service. Macy has been a prolific contributor to the FreeBSD project. He helped kick-start the porting of FreeBSD to Sun's UltraSparc, did early work on the Xen/FreeBSD port and has mentored younger programmers.

Submission + - Who is the best bleeding edge FOSS hosting provider?

An anonymous reader writes: For many of us our hosting providers are a way to hone our skills as well as run a business. Which provider out there gives the best bang for the buck for a FOSS developer? Virtually everybody provides Perl, PHP, Ruby, MySQL / MariaDB etc. but where can one get easy and cheap access to a stuff like NodeJS and Big Data?

Companies such as Pair Networks are great but not quite on the mark with any of their service offerings for somebody looking to test out real world scenarios with these technologies from a hosted stance. Obviously hosting from home is always an option but that has the penalty of administration, backup, DR planning, bigger security footprint etc. and for those of us whose time is balanced between making money and friends / family time that's not very appealing.

Slashdot Top Deals

To be is to program.

Working...