Follow Slashdot stories on Twitter


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:NRA Takedown (Score 1) 565

This is why the NRA really doesn't want the CDC to be able to collect data and do research on gun violence. In fact, they've successfully pushed legislation through a Republican congress that

Why should the Center for Disease control study crime? Wouldn't you rather they spent their money on researching disease? Crime research falls more into the FBI's wheelhouse.

The NRA specifically doesn't want the CDC researching gun violence because the expressed goal of the CDC, in regards to gun violence research, is to justify gun control. No matter where you fall on the 2nd amendment, research by an obviously and unrepentantly biased agency can not be trusted. In comparison, the CDC has done a lot of good work researching automobile accidents and making specific recommendations to make cars safer. But, they haven't repeatedly stated over the past three decades that their research goal is to find reasons to restrict car ownership.

Comment Re:Cue the lawsuits. (Score 1) 443

I've upgraded several machines voluntarily simply so that I could choose the timing and to do the upgrades in a sane fashion. I clone the hard drives to a new SSD and run the upgrade on that. In case of a failure my roll-back process consists of reinstalling the old hard drive. I have not had an major issues yet.

I got lucky on one of my home computers that I noticed and canceled the automatically scheduled update that MS enabled with the May patches.

Comment Re:Cue the lawsuits. (Score 2) 443

I'm familiar with the counterfeit FTDI USB to serial adapters. I have one or two floating around here at work. You can roll back the driver and then, in the Windows update window block that driver update. Or, at least you can do that in Win 10 Pro. I'm not sure about the home version crippleware. I've done the same process to fix Synaptics touchpads, who's version 19 drivers are completely broken in Windows 10.

In theory, you can sue the manufacturer who sold you the USB-serial adapter, if it's worth your time.

Comment Re:A sidenote (Score 1) 86

"Presumably you can solve this problem by using full disk encryption..."

No, you can't. If I am reading this correctly, this vulnerability is about the TLS session keys. RSA uses asymmetrical encryption, via the public/private key pair, to negotiate a symmetrical encryption key that is used for the data transfer session. That session key will be exposed in memory. DHE and ECDHE keys have capability called "perfect forward secrecy". If a man-in-the-middle attacker records all traffic between server and client and later obtains or cracks the private RSA key, he can use that to decipher the session keys and decrypt all data. DHE and ECDHE protect against that attack vector. But I don't see how they could protect against an attacker with full control of the virtual host who can manage to read the TLS session keys right out of memory.

Comment Re:Welcome to 1990 (Score 1) 260

NTFS isn't the problem. NTFS supports up to 32k character file paths as well as a number of characters that windows deems illegal. This is a problem with the Windows API's and .Net. I frequently work with long paths in windows (as dictated by necessity, not by choice) by addressing UNC paths at the command line, or by mapping drive letters or creating symbolic links deep into the directory tree.

Comment Re:Finally (Score 4, Informative) 260

There are easier ways.

Use MKLINK to create a symbolic link deeper into the path so that Explorer can work with a shorter path.

If it is a network share use NET USE to map a drive letter deep into the share path.

Use SUBST do do the same for local file systems, that is to mount a folder deep in the file path as a logical drive.

From a command line (cmd.exe) you can address long file paths with "\\?\[Drive Letter]\%File or directory path%". most commands work, but some, like RENAME will have trouble because it interprets the '?' as a wildcard.

Comment Re:Finally (Score 2) 260

At work it happens all the bloody time. We have a very large file share, around 10 TB, of files generated when we do projects for our clients . Frequently our account execs will try to organize one of our larger client folders and end up nesting files and folders so deeply that the data becomes inaccessible. It's pretty easy to do when many documents are generated by mac users, who give zero fucks about file and folder name length.

Also, I will bet that if you fire up powershell and do a "get-childitem * -recurse -force" in your user directory you will get path length errors on files and folders under appdata.

Comment Re:Finally (Score 2) 260

The limitation is also built into .NET for backwards compatibility. As a result, Powershell can't work with long file paths either. My understanding is that there are .NET libraries you can use to add the capability to your applications.

However, cmd.exe can access long paths. You can address UNC paths by using "\\?\[Drive letter]\[path to directory or file]". Most commands work. Rename is a notable exception because it interprets the '?' as a wild card.

Comment Re:RAID (Score 2) 229

I'm surprised. That was either quite a remarkable failure or your IT guys were frauds.

Loosing a raid controller is usually not so bad. I've had raid controllers crash before and never have they destroyed everything. Replaced the Raid controller with an identical model, adopted the discovered raid sets, compare data to backups to find corruption, and that was about it. It's relatively little drama compared to some failures.

Comment Re:Umm no. (Score 1) 257

Google's official policy is below. They commit to 3 years after the first day of sales or 18 months after the last day of sales on the Play store. My Nexus one stopped getting updates around 2 years after I bought it. I call shenanigans that you have Android 6.0.1 (Marshmallow), unless you flashed it manually.

Nexus devices

Nexus devices get the latest version of Android directly from Google. These devices will receive Android version updates for at least two years from when the device first became available on the Google Store. Nexus devices will also receive updates for security issues documented in our Public Nexus Security Bulletins for at least the following periods:

        Three years from when the device first became available on the Google Store
        Or, 18 months after the device stopped being sold on the Google Store

Comment Re:Umm no. (Score 1) 257

I agree this is a disgrace, and it is a failure of vision and direction from management. Google should decree that devices take updates as Google publishes them, or else it is not an "Android" phone, and they can't be sold using the Android trade marks and marketing materials.

The other way Google is failing in not securing their installed system base. I'm not talking about new versions. There should be 5 years minimum of security patches for major versions. There is no excuse for Nexus devices being fully patched and riddled with holes.

Slashdot Top Deals

Multics is security spelled sideways.