Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Slashdot's subscription page is broken (Score 1) 78

Then why do you not have a little star next to your name on slashdot?

Because Slashdot hasn't sold subscriptions for well over a year. From subscribe.pl:

Please Note: Buying or gifting of a new subscription is not available at the moment. We apologize for the inconvenience.

During the Dice Holdings era, Slashdot instead experimented with giving a "Disable Advertising" checkbox to users with Excellent (25-50) karma to encourage them to provide and moderate comments. After Slashdot and SourceForge were sold to BIZX six months ago, this ended as well.

The subscription page for the red site, on the other hand, is up and running:

Your subscription ends 2017-07-03 UTC.
Thank you for supporting SoylentNews! We appreciate your contribution very much.

Comment X.509 certificates defeat DNS hijacking (Score 1) 78

For one thing, I do most of my shopping on smile.amazon.com so that Electronic Frontier Foundation. A source is somewhat less likely to attack that vector.

But even if it does, security is a process of which the hosts file is one layer and PKI is another. The server will have to present an X.509 certificate for names smile.amazon.com or www.amazon.com (as appropriate) when my browser connects to port 443. A fake server's certificate won't be issued by either A. a CA certified by Mozilla or B. a self-signed CA that the Perspectives extension reports as consistent.

Comment Re:Malvertising's nullified by this (Score 1) 78

Windows itself is proprietary and requires admin privilege to run.

But seriously: On Windows, writing to %windir%\system32\drivers\etc\hosts requires administrative privileges. You can instead have APK Hosts File Engine generate the hosts file in your own profile and then use File Explorer to copy it to %windir%\system32\drivers\etc\hosts.

Comment How should a small site find advertisers? (Score 1) 78

So what should they do? Go back to the past. Sell static banners/small animated gifs. No javascript, no flash, no tracking, no malware. Simply sell static ad space for X amount of money per Y amount of time.

Sell ad space to whom? Your "no tracking" rule appears to rule out ad networks and ad exchanges in favor of each publisher* having to run its own ad sales department. So what can the publisher of a smallish site do to find enough advertisers to buy most of its inventory? And how can this publisher assure advertisers that the view and click statistics that it provides are accurate?

* Operator of an ad-funded site

Comment Re:The answer to malvertising (Score 1) 78

I support the sites I visit through memberships

Would you be willing to purchase a month's membership to a site for $4 just to be able to view one article past its abstract?

and services like Patreon

I've read reports in comments to an adtech blog that "please put some coins in our cup" isn't enough to fully fund a site's operation unless it puts donation nags in your face like Wikipedia does: "If YOU do not donate, this site will have to SHUT DOWN."

Comment Re: We knew this (Score 1) 78

If you disable JavaScript, you can no longer run web applications. Instead, you'll be limited to running only native applications made for your particular operating system. Want to use an app on your Windows PC, but it was made for a Mac? Too bad. Want to use an app on your Mac, but it was made for a Windows PC? Too bad.

If you disable JavaScript, you can no longer petition the government for the redress of grievances.

Comment You can't advertise on "the Internet" (Score 1) 78

Bring advertising in-house. Its not 1997 anymore, there is no reason to rely on 3rd party platforms for advertising. Everyone knows the internet is a thing now

How do advertisers know which particular sites are "a thing", especially smaller sites that are too big to be run as a pure hobby but not yet big enough to be household names?

and wants to advertise on it.

But without an intermediary, you can't advertise on "the internet". Instead, you would have to advertise on individual publishers' sites, which is much more time-consuming for both advertisers and publishers.*

Say you have 30 publishers, each of which wants to find relevant advertisers, and 30 advertisers, each of which wants to find relevant publishers. If there is an intermediary, this means 60 contracts to review and sign. If there is no intermediary, there are 900. How does a change from O(n) with an intermediary to O(n^2) without one improve the market?

And even then, how will an individual publisher be able to reassure its advertisers that view and click statistics are accurate and not inflated? All other things being equal, an intermediary such as Google is considered more trustworthy because it has more to lose should a claim of fraud end up substantiated.

* In the advertising market, a "publisher" is the operator of a site that carriers ads.

Comment Ad blocker blocker blocker? Eat DMCA. (Score 1) 78

There was a post two weeks ago on an adtech blog suggesting that some publishers* are about to go full DMCA/CFAA on developers of ad blockers that include an ad blocker blocker blocker. By this legal theory, an ad blocker blocker is an "access control" measure, and an ad blocker blocker blocker is a "circumvention device".

Learning about this plan has led me to think of ways to provide a better experience on a metered Internet connection without specifically blocking ads. One is to set a cap on how much data an individual page loads, with a "Load More" button after each megabyte. Another is to block video content types, script content types, and things loaded from third-party domains. If this becomes common, advertisers will at least have to start making their "creative" leaner.

* Operators of websites that carry advertising.

Comment Re:For those who may have forgotten (Score 1) 57

That certain was an important decision, but the Bell System was still requiring customers to have expensive coupler equipment installed for many years afterwards (that article was from 1974). Those couplers involved transformers that would have made even 56k modems impractical, much less DSL.

For sure, where I lived, the Bell breakup was the dividing line, after which we were allowed to buy phones from someone other than the phone company. I still remember when we got our first non-Bell telephone, though I was a young kid at the time, and it was after Bell broke up. More amusingly, we weren't even in Bell territory; we were served by GTE. That's how wide-ranging the implications of the breakup were. It rocked the industry, and changed things pretty dramatically for the better.

Comment Re:Yes, deleted files are (sometimes) recoverable (Score 1) 59

For spinning rust that works just fine, most of the time. Flash is another story entirely. It's likely that your overwrites will get put into _other_ free cells, and the flash controller will mark the cells you're trying to overwrite as free, rather than overwriting them. Depending on your usage patterns, they might _never_ get overwritten. Aaaaaaand we're back to the problem we were trying to solve... just one layer lower. :(

There actually is a way, but it involves creating a file that's as big as the remaining space on the volume, to ensure that there are no flash pages that don't get rewritten. And even then, that doesn't quite guarantee that it will get overwritten because the flash page you're trying to overwrite could get spared and replaced with a free page. Obviously if you do that enough times, it will eventually get overwritten, but you'll also drastically shorten the life of the flash disk.

A better solution, of course, is to have a flash controller that supports TRIM properly and guarantees that overwritten pages get zeroed in a timely manner. If you have that, then overwriting the data once is sufficient, because the data will eventually get zeroed. And frankly, there's no good reason for a flash controller to not aggressively erase pages that are no longer tied to the filesystem (the old version of the data), because they are unlikely to ever be used again.

Comment Re:Not a SQLite problem (Score 1) 59

In SQLite, you can do "PRAGMA secure_delete=ON;" and it will subsequently overwrite all deleted information with zeros. This is turned off by default because it does more disk I/O. Alternatively, one can run "VACUUM" at any time to ensure that all deleted content has been purged from the database file.

The concern goes deeper than just disk I/O. On flash, there's a limited number of writes per flash erasure block, and using it in a mode that continuously overwrites everything you delete significantly increases the rate at which you burn through those write cycles. The OS is likely to coalesce a lot of those writes if they happen close enough together, but you're still abusing the hardware pretty badly by doing that.

The right approach is to come up with a reasonable policy for retention, e.g. "Guaranteed to not retain data more than n hours" and then vacuum the database every n hours, or when the OS tells you that your app is about to get terminated (assuming you can safely do it in such a short time), or when your app gets backgrounded (if you can't). Either way, vacuuming constantly is bad for the hardware, and never vacuuming is bad for security. The key is to find the right balance, and that pretty much requires your programmers to know that this issue exists, which most SQLite users no doubt do not.

And a couple of aspects of the design of iOS contribute to this problem negatively. If this were on a real computer:

  • You'd probably have a MySQL or PostgreSQL instance holding that data, and it would scrub periodically in the background. You can't do that you iOS, because you can't have a background daemon running when your app isn't running, so everybody ends up using SQLite, which is just barely enough of a database to be usable.
  • You wouldn't have the OS killing your app randomly while it is backgrounded, making it impractical to guarantee that you'll get n seconds to scrub every so many hours.

I'd love to see iOS add a centralized SQL database running on it at all times, with periodic scrubbing, with the ability to selectively share tables across apps, etc.

Slashdot Top Deals

The road to hell is paved with NAND gates. -- J. Gooding