Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Again with this? (Score 5, Informative) 65

Plenty to dislike about Trump. But why keep making stuff up? He didn't call for Russia to hack Clinton's email. He made a very tired joke (it's been made here and elsewhere for weeks) about maybe the Russians, if they can find her email in the stuff they already have, could turn it over to our FBI, who couldn't find most of what she deleted. Go after him for his abundant riches of nonsense, but don't make crap up. Makes this site look sillier than usual.

Comment IAB Creative Guidelines (Score 1) 121

Two of them are easy. "Encrypted" means served through HTTPS. "Ad choice supported" means supporting the YourAdChoices control to turn interest-based ad delivery on and off.

The other two are a bit more vague, but Google iab non-invasive ads returns IAB Tech Lab Solutions with a bit more explanation. "Light" means a maximum data size, as specified in IAB Creative Guidelines. "Non-invasive" means that ads do not cover the body of the article, and ads other than an interstitial before a video body do not automatically play audio.

Comment Re:Ad blocker blocker blocker? Eat DMCA. (Score 1) 121

Present adtech delivers the text of an article through the initial HTML document and advertisements through scripts loaded asynchronously. This means the text of the article is available to the user before the style sheet, images, ad delivery scripts, and the like. A full implementation of access control would encrypt everything in the article below the abstract or lead section so that cleartext isn't available until the ad delivery script has run.

Or should I shut up and not give publishers any ideas?

Comment Depends on extent of regulation (Score 1) 121

Banks I'll grant. They're unusual in that financial industry regulations mean they have the most to lose if a script is found to be unsafe. Healthcare sites are up there as well because of HIPAA (or foreign counterparts).

For sites in less regulated industries, how should a user go about finding whether a site's scripts are safe to add to the user's whitelist?

Comment Terrible place for a solar plant (Score 1) 128

Chernobyl is at 51 degrees North latitude. That far north, the angle of the sun and the earth's tilt significantly reduces the the available solar power throughout the year. It's about the same latitude as Germany, which only manages a solar capacity factor of about 0.10 (i.e. if you have a fixed panel with 100 Watts peak generating capacity at that location, over a year it will on average generate 10 watts). Capacity factor incorporates weather, night, average angle of the sun, and less sunlight reaching the ground because it has to travel through more air due to its oblique angle through the atmosphere.

The continental U.S. sits closer to 40 degrees North latitude, and has an average solar capacity factor of 0.145. The best locations for solar are closer to the equator, and in arid environments with few clouds. Solar capacity factor in Southern California and Arizona for example is about 0.185. That is, you can get nearly double the energy production of Germany for the same surface area of panels, simply by putting them in a better location. Chernobyl sits along Ukraine's northern border. Unless there are huge differences in average cloud cover, Ukraine would be much better served by building the solar plant along its southern border.

Comment Re:This disaster is entirely of your own making (Score 2) 511

I thought the U.S. screwed up too at first. But then I read an article that in Europe, you basically can't contest fraud on your card. The reasoning is that because the chip cannot be defeated, and you're not supposed to tell your PIN to anyone, any use of "your" card must be legit. Either you made the purchase yourself, or you loaned the card to someone else and told them the PIN. So it must be your fault, therefore you are on the hook for the fraudulent purchases. Even if you're talking with the bank on the phone while sitting at home with your card in your hand, and there are transactions showing up on your account from Indonesia, they'll insist it's your fault. You are presumed guilty, and have to work to prove your innocence.

The problem is the chip isn't hack-proof. A researcher (can't find the article right now) showed that the specs for the terminals have several different protocols, one of which confusingly uses the same signal for "the correct PIN was entered" and "a PIN (any PIN) was entered." He rigged up a card which would make the terminal accept his PIN via this message (card connected to a computer in his backpack via a cable hidden in his sweatshirt), grabbed a half dozen volunteers, and demonstrated his hack allowing him to put charges on their cards at a bunch of random stores in France. Criminals have already been caught using this hack in the wild. There are probably other ways to defeat it too which we haven't figured out yet.

The chip and signature system allows an American cardholder to contest a charge simply by pointing out the signature doesn't match their signature. The system is more secure than magnetic swipe cards, but not so secure that banks and the government start to assume fraud is "impossible" and thus shift the burden of proof onto the victim to prove that s/he was victimized.

Comment Transition costs retailers lots of money (Score 2) 511

It's not that there's "no rhyme or reason" to the experience at the register - it's that the purchase of chip-capable readers doesn't mean that the retailer's point of sale system, back end accounting platform, security reviews, and everything else that comes in the wake of this have been completed. Getting chip-capable devices at the register is the easy part - they're often leased anyway, and the processing companies are simply replacing older units, as they fail, with newer units that meet the new specs. But there is a lot of behind the scenes work to do. It's easiest for mom-and-pop retailers who don't have a lot of integration, and it's relatively easy for the very large chains that have big IT departments. But the mid-sized operations, owner-operated gas stations, etc., have to take on considerable expense. And it cannot break, or they're expensively down and out.

I have indeed noticed the significant increase in processing time. Even at a bank-owned ATM, where I know the branch has a nice fast pipe back to the mothership, it's pretty shocking how long it takes the ATM to complete the extra crypto dance before it even gets down to business with you on the user interface. If nothing else, they need to have the ATMs give a better sign of life as that handshake is taking place - many users will be baffled by what doesn't appear to happening.

Comment Slashdot's subscription page is broken (Score 1) 121

Then why do you not have a little star next to your name on slashdot?

Because Slashdot hasn't sold subscriptions for well over a year. From subscribe.pl:

Please Note: Buying or gifting of a new subscription is not available at the moment. We apologize for the inconvenience.

During the Dice Holdings era, Slashdot instead experimented with giving a "Disable Advertising" checkbox to users with Excellent (25-50) karma to encourage them to provide and moderate comments. After Slashdot and SourceForge were sold to BIZX six months ago, this ended as well.

The subscription page for the red site, on the other hand, is up and running:

Your subscription ends 2017-07-03 UTC.
Thank you for supporting SoylentNews! We appreciate your contribution very much.

Slashdot Top Deals

Waste not, get your budget cut next year.

Working...