Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:I actually feel for NATO (Score 1) 134

As i recall, still ads were shown from the auditorium opened, usually 20-30 minutes before the movie. At 5 minutes before the movie, the lights dimmed, and motion ads started. Anyone arriving then were considered late, and were shown to their seat by an attendant with a torch. At the set time for the movie, the doors closed, and the lights went all the way out including the exit lights, the volume turned up, and then the feature started. At the end of the feature, the exit lights would come on, then ambient lights would slowly increase during the end credits, and afterwards, an admonition to remember to not leave anything behind, and to leave the theater orderly, letting those sitting close to the exit leave first. Followed by more still ads.

Interesting - my recollection is slightly different (AU theatres, so ... could be regional differences).
Everyone leaves, theatre is cleaned. There might be a static screen showing, but more than likely curtains are closed. People start to file in.
At the start time for the movie, the lights dim halfway and the ads start playing (static ads). Anyone arriving can still see, no flashlight needed - but at least we had batteries rather than flames.
At ten minutes in, the lights dim and video ads started. At this point the kids behind you start kicking the seats.
At fifteen minutes in, the previews started and the kids are running around the theatre bored out of their minds.
At anywhere from twenty to thirty minutes in, the film is cued.

Of course by that time, the crowd is completely pissed off and Homer's "Start The Movie" chant is live.

And that's why I can't stand going to the movies.

Comment Re:A single domain was silenced. (Score 2) 207

Well, since the figures I've seen bandied around are that protection from this level of attack would be about USD100-200K per annum, this effectively means that unless you have a lot of money or a company willing and able to pay what amounts to protection money, you potentially won't be permitted to speak - doing so with an uncomfortable topic for someone gets you knocked offline. Pay the wrong mob and you get to pay again, and again, and again.

One potential outcome may be that truly personal sites will become impossible to support and host; especially if you have any content that could be seen as controversial. You will have to pay someone to host it for you. If they agree, and it doesn't cost THEM too much, and it's not controversial - fine. Want to promote a social cause? Sorry, you can't afford to. Get back into the bit mines, peon. And this fits nicely into the whole cloud thing too, where you don't need anything in your own datacentre, host it on someone else's computer.

I'm waiting for the first wave of destruction to hit the major cloud providers - if this network supposedly of DVRs can deliver 1-1.5Tbps, and you factor in another dozen of similar size, you're talking 15-20Tbps directed at a target. I doubt even Google and the CDNs can withstand that for very long without service impacts, and that's not even factoring in attacks that actually have a little brainpower behind them.

Comment So basically ... the attack wins? (Score 5, Informative) 212

Seems to me the attackers win, at least in the short term, because the caching and CDN provider (who I expect was probably contracted and paid, although it's entirely up to Brian how he handles his business affairs, it does seem likely) takes the site off the air anyway. That being the case ... what's the point of having that contracted relationship, if they dump you anyway?

Comment Re:Stop whining! Httpv2 is good (Score 1) 86


- If you run a webserver, go get yourself letsencrypt, use cloudflare or namecheap has cheap ssl.
- Enable http2 on nginx (if you are using it, use it well)
- Enjoy faster loading time.

Your welcome.

- The argument against https is pointless.

Let me rephrase that:


- If you run a webserver, install this software, just trust us it's fine; redelegate your DNS to this company with-whom-I'm-totally-not-involved so they proxy all your connections and know who's visiting your site (and can sell or hand it over to whatever TLA you like); or pay money to another organisation for a set of we-promise-they're-unique-and-secure-numbers and we would totally never be compromised or behave unethically [cough] Symantec [cough] DigiNotar [cough] Verisign [hack] [cough];
- Do it my way because spinach and everything supports enforced HTTPS, and the peons can do without
- Don't worry that your data usage just doubled for HTTPS, it's only $50 a month extra for the upgraded plan and everyone can get gigabit fiber anyway.

You'rE unwelcome here.

- The argument against https is my-way-or-the-highway so screw you.

There, I think I covered it all.

Comment Re:Rant: REBOOT the WEB (Score 2) 243

Because everyone has perfect sight, wants the same size browser window as the developer, browses at 100% zoom level, with the same fonts, on the same screen resolution, with the same sub-pixel rendering, right? Sure, we're all machines.

Those silly users with their 4K screens should just set them all to 1366x768 like the crappiest notebook LCDs! Jaggies forever! Screw mobile users, damn hipsters can get stuffed.

You're right. Fuck screen readers, accessibility, personalization and anyone with even the slightest disability (colourblind? Sure, we've got burnt umber on light green for you!). Because the designer's view of perfection is what everyone should see, dammit, even if they can't read a word. Design over function.

Of course, if you're being sarcastic, then sure. But you might want to make it more obvious.

Comment Re:As with so many "is it time" questions... no. (Score 2) 566

They're not that non-standard. Lots of them are USB3 nowadays, and the prices aren't THAT insane (e.g. $100-$300 depending what you need).

I've had a comparable one for my notebook and work notebook, it's two cables to be up and working with the high-res screen, mouse, keyboard, anything else USB and a GbE. It's almost easier than a model-specific dock because you don't have to work out where the locating pins go (but you do need to deal with the 4-dimensional USB connector). It's a short step from that to USB 3.1 single cable, with the dock delivering power and connectivity, and I fully expect Targus or their ilk to produce a "one size for all" - an adapter for the notebook power into the dock, and a single USB to the notebook.

Comment Re:Why conceal it? (Score 1) 740

Then where, exactly, should the information be provided? Does each product need to come with a paper leaflet? Do you assume all consumers have ubiquitous Internet access such that they can hit the company website to see what's in a product? Or should they all register all product recipes with a central government agency? In my experience if a company isn't forced to toe the line like this, the ingredients will be listed on the back of a tomato sauce sachet in 1pt yellow on white type, which can be found "on display in the the cellar, in the bottom of a locked filing cabinet, stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard." [Douglas Adams, paraphrased].

Comment Re:When is it going to be free (Score 2) 84

It's called LetsEncrypt. You only have to turn over appropriate access to your server to client software (even though to trust it you'd have to review the code or write it yourself). And your web server has to be able to access the LE servers, so you (currently at least) have to permit outbound access from a device providing the website (there are larger configs where you could mitigate that somewhat but this is the simple case).

The client hits the LE servers, gets a string to write to a server-specified location (/.well-known/acme-challenge/URI). Oh, and that retrieval by LE is done over HTTP, so there's NO chance that could ever be subverted.

Comment Re:Google knocks Apple, Bing and Microsoft (Score 4, Insightful) 84

And because we need to ~double the amount of data used by all the hamster forums, cat videos and aircraft curation guides, especially when a lot of the world's users are on slow or data-limited connections?

Look. I get that it's good to ensure that there's no injected content, and that you know you're connected to the site you want - but that's only true for 1% of the population. The rest of the world wouldn't know the difference between https://www.example.com/member... and https://www.example.com.member.... Both "secure" because they're HTTPS, right?

Factor in all the browsers deciding that privately-signed sites are worse than plain http, that no-one needs to actually SEE the protocol, or the URL, that all the certs are issued by a cabal of companies who just see the benefit of charging for a NUMBER, but barely doing validation ... but sure. "Adding security". Right.

Slashdot Top Deals

Put not your trust in money, but put your money in trust.