Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Re:It's also Facebook itself (Score 1) 31

"image may contain: trees, house, sky" or "image may contain: one or more people". Oh! The horror! As though those are things that might offend me, I guess.

Those descriptions are just alt text put there for accessibility reasons, to help out users such as those who use a screen reader or other assistive technology, and your browser displays it to you when it can't load the image itself. If the image contains text, Facebook will also include their attempt at transcribing it. The "Image may contain" phrasing isn't meant to serve as a "trigger warning" or anything, it's just a reminder that the caption is generated by Facebook's AI (notoriously less-than-perfect) and may not always accurately reflect what's actually in the image.

Comment Re:Same problem that affects many businesses (Score 1) 135

* Offer Linux support.

Dropbox already has Linux support, and they have for the entire time I've used their service. It's running in the system tray right now on my Linux desktop, and while I don't do it any more, years ago I used to run their client headless on some Linux servers as well -- I was doing that before Google Drive even existed. There's no mounting involved, it works just the same as the normal desktop client. You have a folder full of real files, and their client keeps everything synced.

Comment Re:Why? Its not like the users care. (Score 1) 26

Google can say all they want about how they're trying to protect users against malicious extension updates, but I won't believe a word of it until they change the fact that Chrome still won't:

- Show you what extensions of yours have recently updated
- Show you when a particular extension was last updated
- Allow users to disable automatic updates for an extension

These are pretty basic features, and they're all things the Play Store has done on Android for years. It boggles the mind that they would develop a platform for shipping updates to one of the most important pieces of software many users run without giving the user any real control or insight into the process.

Submission + - Stack Clash Linux Flaw Enables Root Access; Patch Now (threatpost.com)

msm1267 writes: Linux, BSD, Solaris and other open source systems are vulnerable to a local privilege escalation vulnerability known as Stack Clash that allows an attacker to execute code at root.

Major Linux and open source distributors have made patches available today, and systems running Linux, OpenBSD, NetBSD, FreeBSD or Solaris on i386 or amd64 hardware should be updated soon.

The risk presented by this flaw, CVE-2017-1000364, becomes elevated especially if attackers are already present on a vulnerable system. They would now be able to chain this vulnerability with other critical issues, including the recently addressed Sudo vulnerability, and then run arbitrary code with the highest privileges, said researchers at Qualys who discovered the vulnerability.

The vulnerability was found in the stack, a memory management region on these systems. The attack bypasses the Stack guard-page mitigation introduced in Linux in 2010 after attacks in 2005 and 2010 targeted the stack.

Comment Re:Good and bad about 5X (Score 2) 208

4 hours of life in 10 minutes, and in general, is just way, way faster to charge. Wireless is nice, but it's always super sloooooooow.

It's 7 PM right now, and the battery on my Nexus 5 is at 86%. The last time I gave any conscious thought to charging my phone was weeks ago. That's just not possible without wireless charging. Who cares that your phone charges slower when your battery never drops below 50%? USB-only means that I would go back to forgetting to plug in my phone when it needs it, and having to scramble to find a (new, not yet common) charger. That's a step backwards, and it's a deal breaker for me.

Comment Re:juvenile vandalism (Score 1) 36

While normally correct, this attack is more noteworthy when combined with the news of Superfish. This was a DNS hijack, which means the attackers would have been able to point *.lenovo.com at the server of their choosing. While I don't believe Superfish was actually running its requests through a subdomain of lenovo.com, this particular type of simple "vandalism" could have just as easily been used to take advantage of Superfish's automatic MITM and intercepted all manner of sensitive data.

Submission + - Google Announces "End-To-End" Encryption Extension for Chrome

Nexus Unplugged writes: On their security blog today, Google announced a new Chrome extension called "End-To-End" intended to make browser-based encryption of messages easier for users. The extension, which was rumored to be "underway" a couple months ago, is currently in an "alpha" version and is not yet available pre-packaged or in the Chrome Web Store. It utilizes a Javascript implementation of OpenPGP, meaning that your private keys are never sent to Google. However, if you'd like to use the extension on multiple machines, its keyring is saved in localStorage, which can be encrypted with a passphrase before being synced. The extension still qualifies for Google's Vulnerability Reward Program, and joins a host of PGP-related extensions already available for Chrome.

Slashdot Top Deals

2.4 statute miles of surgical tubing at Yale U. = 1 I.V.League

Working...