Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Re:WTF are they proposing to improve exactly? (Score 3, Informative) 92

When they talk about the "user experience" they mean someone who is buying ads, not the person who is posting "Look what Hillary Trump said last night" every day. Think in terms of Facebook's customers.

Knowing who is talking to whom is an important part of Facebook's marketing. Look at how Facebook targets and consider item #19 in that article. It's not just about who you are, it's about who you know. Whether you think this is a good idea for Facebook or not, it is what they do.

User A and user B are friends in real life, use Whatsapp, and have Facebook accounts -- but they're not "friends" on Facebook (maybe they only use Facebook for work, or something like that). (Or maybe they don't have Facebook accounts, but Facebook has profiles on them gathered by "like" buttons, and has some way to deliver ads to at least one of them.) They communicate with each other using Whatsapp. This lets Facebook connect the two profiles, even though within Facebook alone, they are unconnected. The result: Now user A can see shopping ads for user B's upcoming birthday.

The advertiser has a good products experience.

Comment Re:What is it that you say? (Score 1) 445

No, they're not dropping that veneer.

Saying you compete with someone, isn't the same as saying you're the same kind of business. e.g. courier bikes, courier pigeons, telegrams and email can all compete with one another, but work differently and might have really good reasons for being regulated differently.

(BTW, I'm not taking a position about how Uber should or shouldn't be regulated; I'm just saying that there is nothing about their reaction which implies they're admitting anything.)

Comment Re:Microsoft broke my scanner once... (Score 1) 220

More people need to be made aware of VueScan. Cross platform, acceptable price, unbeatable scanner support. My father has a SCSI Minolta Dimage with APS support. Drivers up to Windows 2000, XP worked with a bit of hacking. SANE doesn't want to know about it.

VueScan? Just works.

I have no stake in this. I am just a happy customer.

Comment Re: Do they really ignore them? (Score 2) 124

Oh, so you're manually inspecting the self signed certificate every time you visit your website? If not, then how do you know nobody is intercepting your communication, making your self signed certificate as useless as having no encryption at all.

No, and he didn't imply that. Here are several situations, in increasing order of security.

1) The connection is not encrypted or signed. No certs exist. Nobody knows who they're talking to. An active attacker on the network between the two parties, can proxy and impersonate each side. A passive attacker, someone who just gets copies of the traffic, while they can't impersonate, can at least read what everyone is saying. No warning.(?!)

2) The connection is encrypted, but with unknown parties' public keys. Certs exist but are essentially worthless. An active attacker on the network between the two parties, can proxy and impersonate each side. A passive attacker, someone who just gets copies of the traffic, can't read anything. DANGER! DANGER! FREAK OUT!!

3) The connection is encrypted, and if you believe certain faceless parties who are totally unaccountable to you and who you don't know anything about, you think you probably know the other side's identity. Active attackers can't do anything, unless they're active enough to coerce or trick the CA. Passive attackers can't read anything. No warning.

4) The connection is encrypted just like above, but the CA pinky-swears that they really tried hard to make sure. Green URL bar.

5) As case 3 or 4, but multiple CAs, which might be hard for a single attacker to simultaneously coerce or trick, have all signed the cert. We don't have this in our browsers yet; it's early 1990s level tech that we're still waiting for.

6) As case 3 but the user has verified the identity through a different channel. No trusted introducer was needed. The cert need not be signed at all, or might be signed by the user himself. No warning, but also no green URL bar. (Yet, this is the very best-possible case, definitely more secure than any other.)

See anything wrong here? Scenarios 1 and 2 have their warning severities reversed. (And there's also a UI defect at high degrees of security, too, but that's less important.) This trains the use to think of warnings as not necessarily meaning increased severity or risk. A user will adjust to this by ignoring warnings. This is bad communication, and it's making us all a little stupider.

What you should do is add your known self signed certificate to your local certificate store, which means that the warnings will stop

He's talking about a situation where it's not known. Adding it to the local store would be inappropriate. That would be an attempt to treat scenario 2 as scenario 6, just to get around a UI bug. It'd be much better to just fix the bug.

Comment Payoff table shows whose guys they are (Score 1) 272

Maybe they're our guys, maybe they're not.

Country A is full of citizens, businesses, and government orgs which routinely depend on working computers and networks. Country B is similar, but a little behind, because they're not as wealthy.

Both countries' citizens, businesses and government orgs pretty much run the same code. Same OSes, same big applications, etc.

For the most part, everyone's computers run pretty badly, and outages and various fuckup are frequent. Criminals in both countries are very happy with the situation. Both countries have a pretty easy time with espionage, but a nearly impossible problem with counter-espionage. Everyone can attack, but hardly anyone seems to be able to defend.

Well, they're about the same, but not exactly. In Country B, due to the lower tech, more people use cash, more things are done low-techy, etc. Computer crime isn't quite as easy there. Fewer government systems (both civilian and military) are vulnerable to cyber-attack simple because they're not as computerized. Fewer businesses depend on networks. The airlines' schedules in Country B are run by a guy who has a big notebook, but Country A has an airline schedule that's run in some datacenter.

A group of nerdy people figure out part of the problem with everyone's fucked up computers. Turn out, there are bugs in popular software. Sometimes the symptoms just happen (bad luck) and sometimes they are exploited by adversaries.

The nerds have to make a decision: "Do we tell software industry about the bugs and have them fixed, so that everyone (both our country and the other country) get a defense advantage? Or do we not talk about the bugs, thereby preserving everyone's attack advantage?"

The group of nerds chooses the latter, opting to not have the bugs fixed.

Tell me this: judging from the nerds' actions, which country do you infer they working for? Who has more to win or lose from the computers continuing to work so badly?

Comment Leprechaun at Rio (Score 1) 180

I wish they still made those Warwick Davis Leprechaun movies. They could totally have an olympics one, where he dissolves some gold thief in the pool. OMFG, gold thief! The Leprechaun could be in the olympics, and he's pissed that other contestants are winning "his" gold medals. It's perfect; the movie writes itself.

But the last two (no, the last three, but especially the "Hood" ones) totally sucked, so I understand why they don't make 'em anymore. My friends and I were so pissed that the "Hood" ones sucked; within just a few minutes of trying to get over our disappointment after watching the first one, were were making up limerick-raps way better than anything in the movie. Those bastards put in so little effort in the end, and why they made "back 2 tha hood" I can't begin to imagine. Sigh.

So anyway, Warwick, tell your agent that you're up for doing another, but only if they'll do a good job, like in Leprechaun 3 (total classic, best of the series!).

Comment Re:It was a terrible deal for Britain anyway (Score 3, Informative) 170

"All the problems with wind" is a bit of an overexaggeration. In fact, the video nicely shows how resilient it is. For instance, the first clip is of a wind turbine on fire. Notice how the rest of the wind farm is not on fire. The wind farm would have perhaps lost 2% of its capacity, but it has resilience in numbers.

To start with, yes, I think the UK needs new nuclear capacity - we need *something* that's not coal that is good at doing baseload.

But on the other hand: from the point of view of the National Grid, wind does have certain advantages:

* Each generator is small and there are an awful lot of them. A generator or two going offline doesn't cause sudden capacity problems. However, a large nuclear generating plant going offline suddenly can cause a huge power shortage that can be solved only by shedding load (in other words, blackouts).

* The wind, over a period of the next few hours, is pretty easy to predict. The wind doesn't just suddenly and unexpectedly stop blowing. You can pretty much say the wind will be doing in 10 minutes time what it's doing now, and if it's not going to do that (e.g. due to the passage of a frontal system) you can at least know what it's going to do. Not so with a large powerplant which may suddenly go offline with no warning.

Comment Re:Lots of citites still run windows (Score 1) 166

It's been a while since I did any Java programming. Actually, it's been over 7 years, but that does mean I was around the 1.5 days. I was one of the few who used Linux, and boy did I find bugs due to assumptions that you shouldn't make when working on cross platform applications. At typical one was using a hardcoded "\" as a path separator instead of the System.getProperty("file.separator") value.

Maybe the underlying libraries now catch these things, but back in the day it didn't. Even with Java, writing platform independent code does require some care.

Slashdot Top Deals

Serving coffee on aircraft causes turbulence.

Working...