Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re: GIMP vs. Photoshop (Score 1) 166

Whenever there's a comparison between an open source product and a proprietary somebody always brings up the statement that "GIMP" is inferior to Photoshop like it's the "incontestable, revealed by Jesus Christ himself, truth" without *any* kind of supporting evidence.

Whenever someone comes up with a comment like yours, the easy answer is always CMYK. Gimp doesn't support it.

And that's just the most obvious problem.

Comment Re:In plain english (Score 1) 62

Not earth-shattering, but potentially quite useful, especially if you can pick up the car near where you are, and drop it off near your destination. That would be much more practical than the current car-rental paradigm, where you have to find a place near your destination to park the rental car, continue paying for the rental car while you're at your destination, and likely pay for parking as well.

Comment Re:Honor your screwups. (Score 3, Insightful) 303

For walk in sales, that is probably correct. A price is mis-marked, a few customers get the deal, yes you have happy customers. However it is not clear that online customers have such loyalties. They will tend to go where the low prices are, as there is little opportunity cost for doing so. That is why Amazon has what much a loss leading Amazon Prime program. To keep customers coming back not just for low prices, but other perks. Same thing for airlines.

So no, the rules for online are not to fullfill orders that have clearly incorrect prices. If I go into a big grocery store like Krogers, and some disgruntled employee has put a a 50 dollar bottle of wine on sale at $10, they are not going to sell it to me for $10 when it rings up for 50. There is a secondary check there for price, the human element. Likewise, if a computer glitch, maybe put in by a disgruntled employee, allows me to check out for half price, then this is an admitted grey area. My payment has been accepted.

I would say, however, that until a product is formally charged to a customers card, which often happens as it is shipped, and maybe even until it is delivered there the retailer has an opportunity to cancel the order. Possession is, of course, paramount. This is why I would say one the product is delivered the price must be honored. This is a grey area as well, and we have seen cases where retailers have demanded delivered products back, but this to me is clearly bad manners.

So why is Delta honoring the price? I think it is because of delivered product. When I buy a ticket, my card is charged, and I immediately get a confirmation that I am guaranteed a seat on that flight. If something happens and I do not get a seat on the flight, I at minimum am sure to get a seat on a similar flight, often with financial compensation above and beyond that seat. Also, unlike most small retailers, the airlines have algorithms that continuously adjust the price of seats to maximize the total revenue on each flight. Therefore it is harder for airline to use the 'disgruntled employee' excuse.

Comment Slow news day? (Score 0) 303

So, given that these are not small, mom-and-pop companies, have we reached a point at which online retailers are expected to just swallow such costs for PR purposes, as part of doing web business?"

Let me rewrite this headline: There Ain't No Such Thing As A Free Lunch: Fact, or Myth of Web 2.0? Because that's what you're asking: And no, there isn't. Like every other time idiotic questions like this have been asked, it is situational. Unsurprisingly, different situations yield different responses. I can only conclude that it's a terribly slow news day at Dice Hipster And Slashvertisement Incorporated... perhaps nobody bought up any article slots on the weekend after a big holiday?

Comment Re:We'll know soon (Score 2) 213

Except that they were almost certainly using ANSI PIN blocks which XOR the card number into the

You're assuming competence here when every aspect of this breach has demonstrated incompetence. I happen to know what Target considers "encrypted" PINs, and it's nothing so elaborate. They are referring to the drive-level encryption mandated by Sarbanes-Oxley. They are correct in that the keys to decrypt the drive is tied to the hardware and that the only copies are stored on a remote server. However, what they aren't telling you is that this breach didn't consist of someone walking into a server closet and absconding with the hard drives -- which is the only scenario in which drive encryption protects the data.

From what I've been able to gather, the breach targetted the POS terminals directly because they are booted over DHCP and the DHCP server is located on the other side of a WAN link. As you know, DHCP is a broadcast protocol and the first reply is assumed authoritative. All an attacker would have to do is gain access to the wifi or a hard line (accessible on the floor of the store as their IP cameras run on the same network), download the POS image, make a few modifications, and then activate their own DHCP server. For more stealth, you could write a simple daemon to reply to the DHCP sent from the real server so that the leasing database still appears legitimate.

Oh, and by the way... DUKPT isn't an encryption standard, it's a protocol for exchanging keys. It still requires a shared key, and guess where that would be stored: In the TFTP image. Which is sent in plain text over the wire every morning when the POS terminals get turned on.

Great security there. Yup. Highly secure. I'm sure nobody figured out how to hack the "super secret encryption key" (bonus: That's actually what early documentation for DUKPT referred to it as)... by simply sending a DHCP request and asking for it...

Comment Re:Missed opportunity for Linux (Score 1) 564

The lack of a well documented driver API is a serious problem itself. Part of the problem is the fact Kernel developers practice what are generally regarded as poor habits by failing to document their code and properly document interfaces. Microsoft has better driver API documentation than Linux. I have looked into the documentation myself and it is extremely hard to find any. Most companies will just throw up their arms and not continue if they cannot find clear documentation. They are clearly not going to root around some kernel hackers source code to try to backengineer the API from the source code.

The documentation is in the comments of the header files. That's a fairly common way to do it for C programmers, that way the documentation stays with the code.

If you're just trying to figure it out, this book is a good introduction.

Comment Re:iOS 7 - loss of skeuomorphism (Score 1) 116

He was about beauty as well as function - that's why we have the graphic fonts of today. No - I am not a Steve "fan" just stating a fact.

Steve was one person of many who was trying to improve fonts and typography on computers. Another was Donald Knuth.

I'm not trying to detract from the fact that Steve did successfully push fonts forward, but we certainly would have high-quality fonts even if he hadn't been around (it would have just taken a bit longer).

Slashdot Top Deals

"Of course power tools and alcohol don't mix. Everyone knows power tools aren't soluble in alcohol..." -- Crazy Nigel