Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:What do you expect (Score 1) 450

If you look at financial reports for companies that are having increases in earnings you find that these corporations are either (a) hoarding cash, (b) using extra cash for acquisitions, or (c) instituting share buyback programs...

Do you actually observe the economy and research these things, or do you just get your talking points from Glenn Beck?

Excellent question. Did you? :)

My employer (a public company in the $5-10B market cap range) is most definitely increasing earnings, and hiring more workers. Oh, they also are debt-free, profitable and "(a)" sitting on a pile of cash, but that happens to work as protection against "(b)" being bought out and thus losing the workers they currently have.

No, I didn't expect you to research my particular employer, but, the grandness of your assertions aren't protected simply by accusing G.P. of lack of research.

Comment Re:So, why not? (Score 3, Insightful) 113

Might as well save the money that a lawyer would charge to cut and paste this document.

On the flip side:

A. This is results in very asymmetric lawyer costs. The recipient is going to have to spend lawyer time to defend against it that the sender didn't just to send it.

B. By not spending time on a decent lawyer to ensure the takedown is unique and covers the case law for their own jurisdiction, Commodore may have unwittingly given up any legitimate rights they might have had in this dispute.

C. Lawyers are truly valuable at convincing clients to not start legal disputes. By not vetting this by a lawyer, they may started a snowball of subsequent legal costs that could've been avoided entirely if/when they lose. A neat trick used by some defendants, when they're sure to recover most of their defense costs in the end, is to drag out the legal dispute just to teach the other side a lesson.

Comment Re:Google's in it for the long haul.... (Score 1) 89

If only the Mozilla Foundation had the balls to include an ad blocker which dealt with Google Adwords

Do I detect a non-user of AdBlock Plus? It's been featured on the Privacy & Security page of for ages now, and occasionally featured on the front-page as well.

Yes, it works just fine with Google text-based ads, too. I haven't seen them in months.

Comment Re:Comparing Apples to Rocks (Score 1) 379

Additionally, Silverlight is plain broke in some aspects that make it less useful for developers, not just users.

This week I learned Silverlight on IE8 (remember, that's its same-vendor browser), after receiving cookies from a webserver, completely fails to include those cookies in an HTTP POST request. What... the... <expletitive>?

Comment Re:Graphical Pattern Lock Usage (Score 3, Interesting) 185

However, I figured out through trial and error, that you can actually double back on buttons you've activated and activate buttons that are non-adjacent to active ones by drawing in the blank space in between buttons. This should be a criteria for a strong graphical pattern lock

I also noticed this, shortly after I got the idea to use an unlock pattern. Once you noticed those two aspects (ability to draw between buttons, and harmlessly slide over already-activated buttons), the permutations multiply.

With those in mind, here is how unique a randomized unlock pattern can be:
4 dots = 1624 permutations (as weak as a 3 number password!)
5 dots = 7152 permutations (much better, but not by far)
6 dots = 26016 permutations (at least as strong as a 4-digit bank card PIN)
7 dots = 140704 permutations (about as strong as a 5-digit bank card PIN)

As a bonus, choosing more dots reduces the ability for a smudge attack to succeed. But only if you choose a pseudo-random one. Don't kid yourself, one that you come up on your own is biased in favor of a like-minded (i.e. homo sapien) attacker.

To help, here's a quick bit of shell code to easily generate a strong unlock code for an Android phone. It numbers the dots like a telephone: top-left button is 1, top-middle is 2, top-right is 3, ...etc. Just draw the dots in the pattern indicated.

rand -N 9 -M 9 -u | perl -ane '%seen=();%bad=qw(13 2 17 4 19 5 28 5 31 2 37 5 39 6 46 5 64 5 71 4 73 5 79 8 82 5 91 5 93 6 97 8);$last=0;print map {$next=$_+1;$combo=$last.$next;if ($bad{$combo} and not $seen{$bad{$combo}}) {()} else {$seen{$next}=1;$last=$next;$next,"\n"}} @F'

Comment Re:A regular bank account? (Score 1) 242

If you never get a credit card or loan of any type, you will not have a credit history. This will be very bad later, when you need to apply for credit or a loan, you will be denied, or require a cosigner, and pay a much higher interest rate..

Bullshit. I bought a house without a credit history, without a cosigner, with lower interest rate than anyone else I know. I merely had to prove my identity, my steady income, my steady bill-paying history, and have a 20% down payment documented in a bank account.

While my loan broker had a smaller choice of banks to choose from, the ones available were falling over themselves to offer me a 15-year loan. (This is no fault of the banks, but a no-credit 30 year loan according to Fannie Mae's post-bubble rules would've been unfeasible. I didn't want a 30-year anyways.)

Comment Re:UFFSA (Score 1) 637

What law did he break? What was he accused of? Why was he detained? What right do they have to ask such questions?

Welcome to law enforcement procedures. Of course you're allowed to have an opinion. But, say, your legally allowable opinion on your neighbor's yard maintenance might be a motive for why your neighbor is dead, for example. And 12 hour interviews are completely allowed. You just need to know your rights and how to use them; for instance, explicitly saying you invoke your right to remain silent until you have a lawyer present.

Now, is it reasonable for the FBI to suspect Jacob Appelbaum is involved in the wikileak and put him in the box for 3 hours? THAT's another question...

Comment Re:Freeze Distilation != Normal Distillation... (Score 1) 228

There, fixed it for you.

No, I'm not kidding. Remember brewing is the alcohol-creation step before distillation.

The fact that this is freeze-distilled still makes it beer: unlike normal (boiling) distillation, you keep the wash, not the distillate. (How they avoid making it taste like ass is another question.)

Comment Re:Health or Politics? (Score 1) 120

And sometimes, it's about Politics in Health.

China isn't the first nation to grapple with HIV in blood transfusions. The United States' blood transfusion industry lobbied in the 1980s to suppress the issue over concerns about their reputation and revenue, and succeeded to some degree.

In this case, China's communist government is probably being lobbied, too -- and as an easily corrupted system with great powers, we see instances like this.

Fortunately, there are also top-level politicians trying to turn it it around.

Comment Re:Two reasons for SSL (Score 1) 269

Certificates don't ensure you're talking to anyone in particular, other than someone who has managed to get their hands on the certificate, which, based on prevalance of rooting and etc., could be quite a range of people.

Certificates are public information. Oh, did you really mean, private key?

Certs reliably encrypt traffic between the two endpoints. That's the entire usefulness to the two endusers.

Nope. Bulk ciphers are what encrypt traffic between two endpoints. Did you really mean certs provide key exchange?

HOWEVER: An entire deceptive financial ecosystem was created when the browser manufacturers put those "scare the heck out of the user" dialogs in there; that meant that ecommerce types *HAD* to get certs that would not raise those warnings -- meaning, buying a bag of bits from someone else, a bag you could have made yourself for free, for all the good it would do you, instead purchased for $50 (or many more) dollars.

It's all based upon one key falsehood: The idea that a cert "assures" you that you're talking to someone in particular.

Wow, you like, have no idea what root trust provides, do you? If your private key is secured properly, it provides reasonable proof that the entity at the server end is related to the domain owner.

Yup, there's problems with the human-level implementation. Like, oh, govenments "leaning" on CAs to provide them with an intermediate certficate. Or, yes, private key security.

You're paranoid about (and it's possibly Proper Paranoia®) that any site may have weak private key security, especially against, erm, "hackers". Fine, the mom'n'pop websites should probably leave their SSL handling to a professional webhost since they're just as like have bungled the security if they did it on their own. Generally, though, you can reasonably trust private key security with organizations that are likely to have professional network security staff.

I'm well assured every time someone in my organization (a network appliance manufacturer) needs to help a customer with an SSL/TLS related issue and the customer meticulously coughs up all the information needed except the private key.

Slashdot Top Deals

Premature optimization is the root of all evil. -- D.E. Knuth