Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Re:Thats the problem - you can't. (Score 2) 391

Now if you find a way to hack the UEFI secure boot loader....

Not quite. If you can find a security hole in the Windows kernel that allows arbitrary code execution in privileged mode (not as easy as some Slashdot readers like to believe) then it's possible to bypass UEFI secure boot by making the Windows kernel into a chain bootloader.

Comment Re:Dumping? (Score 5, Informative) 391

HP's approach was monumentally stupid. WebOS was a really nice system (I still prefer the UI on my TouchPad to my TransformerPad Infinity StupidName), but it lacked developers. They were giving them away to developers at the end (which is how I got mine), but then they killed the platform so there was no incentive to write a single line of code for it. I ported Objective-C to work on it, but then gave up on the platform when it became clear that the TouchPad was the last device ever to use it.

Comment Re:I'm observing a spike in demand right now. (Score 1) 118

I get quite frequent calls from recruiters too. Most of them find my name through Google, a few through Ohloh.net. I don't do social networking (and my mail client has finally learned that any mail from LinkedIn is spam), so it's absolutely not necessary to buy in to corporate buzzwords.

Comment Re:Congrats, Unknown Lamer... (Score 4, Insightful) 135

How on earth would a normal person figure out that printing is on port 631?

One of two ways:

  • RTFM.
  • Click on the helpful link to http://localhost:631/ that is named 'Printer Setup' and put on your desktop or in a menu by your desktop environment of choice.

Seriously, your complaint makes as much sense as asking 'How on earth would a normal person figure out that you browse the web by running iexplore.exe?'

Comment Re:Here's an idea (Score 1) 1029

Um, mostly right but with one glaring error. They didn't 'send' books to bookstores, bookstores bought books. With that correction, that's exactly how things still work today.

Bookstores buy books on a sale-or-return basis. If they don't manage to sell them, they tear off the covers and ship them back to the publisher for a full refund and destroy the rest. And the books that they buy are often the ones that the publisher has spent some money promoting.

No, it's not "now feasible and affordable to do much smaller print runs" - because that means editing and marketing and other overhead must now be spread across a much smaller number of books.

Yes it is. I've talked with some publishers that specialise in exactly this. Some of the big publishers now outsource all of their copyediting to freelancers (some are bringing it back in-house, it oscillates a bit), but for small publishers it's very easy to hire a freelancer to copyedit a book and so they're not splitting copyediting staff, they're just spreading investment, and the copyediting on a book can cost under $1000 (it's a pretty crappy market for freelancers at the moment), so it's relatively easy to scatter money across a hundred titles and hope one does really well and the rest come close to breaking even.

Marketing, you might have, but marketing costs for small print runs are pretty small. Publishers scatter a few free copies to amateur reviewers and get some blog posts, put them on their web sites, and push them in the direction of book clubs. If they sell a couple of thousand copies, they've made a profit.

Bookstores have very little incentive to stock J. Random Nobody without a reasonable expectation that he will sell

Except for differentiation: no one wants to go into a book shop that just stocks the A-list books that they can get anywhere (and much cheaper on Amazon) and which the more active readers (i.e. their best customers) will have read already. People want to go to a book shop to find a book that they've not read before, and that means having a broad selection of things.

Comment Re:Better plots? (Score 5, Insightful) 1029

You mean, unlike the young people during the recessions of the '80s?

That said, I haven't been to a cinema for years. I used to go with my housemates and some other friends when I was a student, until we realised that for the cost of us to go a few times (including food and so on) my housemates and I could buy a projector and a set of surround-sound speakers - the DVD was cheaper than the cost of two people going to the cinema - and my friends could come around and bring food and beer (generally of a higher quality than available in cinemas and for less money). When I graduated, one of my housemates bought out my share in the projector, but I bought another one on eBay for just under £200 that's lasted me 5 years (it now tells me the lamp needs replacing). My cost per film, including renting the DVDs and the cost of the equipment, is under £1 and I get to sit on a comfy sofa and watch films with people I like, not random strangers who think shouting at the screen or using their mobile phone is a good idea (oh, and I can pause it if I need to go to the toilet). How do cinemas think they can compete with that by constantly increasing prices?

Comment Re:How can that be? (Score 2) 550

I don't believe so. They use SecureBoot, with the bootloader locked to Microsoft's signing key. Unless you find a vulnerability in the bootloader then it can't boot anything that Microsoft didn't sign. You might, however, be able to find a vulnerability in the Windows RT kernel that you can exploit to inject a chain boot mechanism into the running kernel and boot Android that way, but it would require a vulnerability that allowed arbitrary code execution in kernel mode.

Comment Re:Signed integer overflow (Score 2) 151

From TFA, it sounds like the error was corrected very quickly, so it's not impossible to assume that only one person:
  • Had a negative balance
  • Was checking PayPal.com in the half hour window when the buggy software update was live (assuming that it's rolled out over everything, and they don't do phased updates for the front end like most big web companies)
  • Took a screenshot of the massive negative balance
  • Reported it to a journalist who had a sufficiently slow news day to write the story.

Comment Re:Don't tell the tax man! (Score 1) 151

92 quadrillion is about 2,000 times as much money as exists on paper at the moment (i.e. including money that is really assets, but accounted for in US dollars). Suddenly receiving that much would cause hyperinflation, so you might be happy with the amount you'd have left over after tax, but you'd probably have difficulty spending it as very few people would be willing to accept US dollars in payment. $92 billion would be a much nicer amount to receive and pay 99.999% tax on. You'd be left with about a million after tax, and it would still have about the same value as a million today.

Comment Re:How can that be? (Score 5, Informative) 550

I played a bit with a Surface (we have a good relationship with MSR, so lots of people with them are floating around the place) and it seems like a pretty nice device. The problem is not that it's bad, it's that it doesn't really have any compelling advantages. There are several things it seemed to do a bit more cleanly than iOS or Android, but nothing that it did a lot better, and if you want to write code for it you're limited to quite a restrictive environment (which probably doesn't matter to non-geeks, but it will have a knock-on effect on the availability of software).

Comment Re:Print to PDF (Score 3, Informative) 238

Stripping JavaScript isn't enough. For example, a number of 'PDF' exploits have actually been due to vulnerabilities in libpng: if your PDF contains a PNG image (a lot do), then it may have a metadata payload that triggers a bug in libpng that allows arbitrary code execution. The same can happen for embedded fonts and for embedded JPEG images.

Comment Re:Print to PDF (Score 1) 238

You need to run it through a PDF parser, and therefore potentially trigger bugs. There's nothing stopping you from doing this from a sandboxed process, so exploit code would be contained. You'd also want to make sure that it went through a simpler intermediate format that another sandboxed process could check. On the other hand, if you can do decent sandboxing, why not solve the problem properly and just sandbox the PDF reader so it can't access anything except the PDF that's passed into it?

Slashdot Top Deals

The person who's taking you to lunch has no intention of paying.

Working...