Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Mediacom Are Full of Shit (Score 1) 126

Once again, we have an entrenched, meritlessly entitled incumbent trying to get you to pay attention to the wrong thing. In this case, it's an insultingly laughable analogy that any moderately aware shopper will see right through.

To illustrate this, here's a tray of regular Oreos(TM), and here's a similarly sized tray of double-stuf(TM) Oreos(TM). And if you were to consider the per-cookie cost, as Mediacom is clearly hoping you will, then yes, double-stuf(TM) Oreos(TM) cost more than regular Oreos(TM).

But foodstuffs such as cookies are not sold by the cookie. They're sold by unit weight (or unit mass if you want to be pedantic). Considered this way, the per-ounce cost of the regular and double-stuf(TM) Oreos(TM) is virtually identical (in this case, about $0.26/oz from this retailer). So if Nabisco(TM) has no reason to charge a premium simply because you consume the cookies in larger units, Mediacom has no such reason, either.

So Mediacom are full of shit.

Comment I Knew There Was Something Fishy... (Score 2) 135

A couple years ago, I set up a FreeNAS box to solve the problem of, "the file I want to work with is not on the machine in front of me." Once set up, I also wanted a media server so I could watch stuff on the TV in the living room. Many of the comments in the FreeNAS discussion fora spoke well of Plex, which is available for FreeNAS as a plugin jail. So I installed it and gave it a spin.

I immediately knew something was fishy when I tried to connect to the local server, and the login page didn't work. I run Firefox with NoScript installed. I had the local server IP whitelisted, but the page ignored all button clicks. I click on the NoScript icon... And discover that it's trying to pull in boatloads of JavaScript from Plex.tv.

"WRONG!" exclaimed I. The whole point of a local media server such as Plex is for all media-serving code and resources to be hosted locally on my server hardware. The moment you start reaching outside the LAN to do anything, you are no longer a local server.

This discovery basically shattered any alleged positive value Plex may have had, since its primary function -- the basis on which it was sold to me -- turned out to be a lie. I promptly uninstalled it.

Now, it seems Plex has dropped the pretense altogether, and are just another disk farm outside my control. Good luck with that, guys; I'm sure you'll be able to beat Apple, Google, and Amazon at that game.

Submission + - OpenSSL Patches Bug Created by Patch From Last Week

Trailrunner7 writes: Four days after releasing a new version that fixed several security problems, the OpenSSL maintainers have rushed out another version that patches a vulnerability introduced in version 1.1.0a on Sept. 22.

Last week, OpenSSL patched 14 security flaws in various versions of the software, which is the most widely used toolkit for implementing TLS. One of the vulnerabilities fixed in that release was a low-risk bug related to memory allocation in tls_get_message_header.

The problem is, the patch for that vulnerability actually introduced a separate critical bug. The new vulnerability, which is fixed in version 1.1.0b, only affected version 1.1.0a, but it can lead to arbitrary code execution.

Comment Re:Current Exchange quid to buck (Score 1) 194

Well, not quite. You see, before decimalization, there were pence, shillings, and pounds. 12 pence made one shilling; 20 shillings made one pound (also referred to by the slang term "quid"). However, there was also another informal unit composed of 21 shillings, called a guinea.

Tom Lehrer explains all this very clearly.

Comment Re:Can we knock-off the data mining now? (Score 1) 129

How many people are using DirectX 9 vs 10 vs 11. Which rendering functions are used most often, and thus should be optimized. Are they running in an environment where power usage should be conserved or where there is effectively limitless power?

I can think of dozens of questions with legitimate engineering purpose which are not clear at the point of sale. Don't pretend there is no legitimate use for this data. [ ... ]

Pure sophistry. NVIDIA already has this information, either directly via relationships with game developers and publishers, or indirectly via Microsoft's crash reports. Demanding a cloud login provides them no technical information they didn't already have.

Comment Bad Manners (Score 4, Interesting) 129

I wrote about this last week, when I installed the latest update, and found myself unable to access any of the additional features without creating a cloud-based login -- to access locally-hosted features. Apparently someone at NVIDIA with severe cranial intrusion injuries took a look at what Razer did with their Synapse 2.0 software, and thought it was so fabulous they had to do it, too.

The only vaguely useful feature GeForce Experience provided was ShadowPlay, NVIIDA's own screen capture video recorder. However, there are plenty of third-party offerings that accomplish the same thing. I could create a fake ephemeral email address or hack the registry to make it work, but frankly the features it provides do not merit the effort. I have since uninstalled GeForce Experience 3.0, leaving just the drivers.

Now that they've (unnecessarily and gratuitously) made the cloud login mandatory, I would also be interested to see some security researchers dig in to GFE3 to see how well NVIDIA is protecting people's login credentials...

Submission + - Slashdot ads compromised (imgur.com)

An anonymous reader writes: The Slashdot ad network is potentially spreading malware through malicious redirects as part of what's at the very least a phishing campaign and at worst a drive-by malware delivery network.

This was reproduced on a fresh, fully patched device.

Comment Dumping the Headphone Jack: My Theory (Score 1, Interesting) 551

Some years ago, I was privileged to engage in a discussion on headphone detection with some Apple engineers, who had clearly worked on the issue for some time, and I learned something surprising:

The 3.5mm headphone jack standard... isn't.

Even after you set aside the issue of cheap manufacturers releasing shoddy products, you're still left with the fact that there is no actual standard dictating dimensions, number of contacts, location of contacts, size of contacts, separation distance between contacts, etc. Different manufacturers can and do make them slightly differently. More crucially, there's also no validation authority to check that your products meet all the specs.

Let's just take the most obvious dimension: 3.5mm. For ages, those phone plugs were advertised not as 3.5mm, but as 1/8 inch (3.175mm). So if you wanted to make something compatible with a "1/8 inch" plug, you might get your dimensions wrong. Apply this principle to every other contact's position and size on the plug, and you can see where this is going.

Moreover, some phone plugs have five contacts (Apple's own, for example). The "meaning" of each contact is not standardized -- that ring in the middle may be microphone input, or the contact switch (answer/hangup) on the cable, depending on who made it and what it was intended to be plugged in to. Further, if the rings in your cheap knock-off aren't lined up with the socket contacts, then bumping the plug could cause the socket contacts to short across the rings, which would get interpreted as a button press, and your call gets dropped.

The result of all this mish-mash was the Apple engineers found designing a (cost-effective) headphone jack that worked reliably with all headphones and headsets one might encounter in the world was simply impossible. You couldn't position the contacts in such a way that they would never short across two rings (some idiot may have placed their rings very badly). You couldn't know ahead of time which contacts did what, and probing at insertion time was fraught with other perils, especially if your contacts created a short across two rings. Despite their extensive research and massive efforts, they still got tons of support calls about how someone's cheap-ass headset didn't work in what has long been assumed to be a standard phone jack.

So my theory is: They declared the problem insoluble, yanked the phone plug, and designed a new digital interface.

An adapter for "3.5mm" stereo headphones will almost certainly be made available. Yes, you still have the compatibility problem with other "3.5mm" devices, but now the problem is in a $30 adapter, and not a $750 phone. It will be interesting to see how liberally Apple licenses their connector so that third parties can also furnish adapters.

Comment Re:How is this possible? (Score 3, Informative) 96

The TrendMicro article off-handedly mentions that this malware is installed manually, suggesting physical access to the victim machine is required. This isn't so ridiculous an idea if the victim's machine doesn't have their screensaver set to lock the console (by default, xscreensaver doesn't do this); and if the victim's 'sudo' timeout is sufficiently long (default: 15 minutes).

Slashdot Top Deals

It is surely a great calamity for a human being to have no obsessions. - Robert Bly

Working...