Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment This. A judge's job is to read law, not write it (Score 3, Insightful) 205

> It's not the courts that need to side with us, it's the legislators.

Exactly. Writing law is the job of elected legislators. A ln appointed judge's job is to read and understand the law in order to apply it to a particular case.

The current law on patents, written by legislators, is that a patent controls who can "make, sell, or use" the patented invention. The "sell or use" part needs to be fixed. Judges shouldn't just ignore the law as written whenever they unilaterally decide they don't like the law.

Comment Reminds me of a certain security company (Score 2) 89

> keep on making us take require Flash - such as the one on "information security" ...
> I have to have Flash installed so I can tick off a little checkbox that says I know not to install software like Flash.

That reminds me of a certain network security company. They have all of their employees take annual security training, provided by a third-party. In order to keep track of who has done the training, employees log in to the third-party site using their Active Directory credentials - the same credentials that have access to all of the company resources, and indirectly, customer networks.

Well that's kinda stupid, employees need to be pretty careful that they don't get phished into entering their AD credentials into the wrong third-party site. They better look carefully at the URL in that email from "corporate security", right? No can do, all incoming email has URLs obfuscated by the email "security" system so you can't tell where the URL points to without clicking it.

There's literally no way for employees to know if they are sending their AD credentials to the site they are required to send them to, or sending them to a phisher.

Comment Re:Poor business (Score 1) 381

The problem is that any given reviewer wont "mesh" with what *YOU* like. Or what *I* like.


OTOH, I find that the aggregate consensus of several hundred reviewers actually gives me a really good idea of how good a movie is. That's not the same as saying it's a good indicator of what I'll like; there are some crappy movies that I like quite a lot. But if a film gets an 80% rating on Rotten Tomatoes, and it has a significant number of reviews (obscure films sometimes don't), I can be pretty much guaranteed that it will not be a waste of my time. Perhaps it won't become a favorite, but it will be reasonably well-written, well-acted, etc. In other words, it won't suck.

I do occasionally see movies with low ratings, but only when there's some other factor motivating me -- and I often walk out disappointed. I also occasionally see movies that I have no real interest in, but have high ratings (and which my wife wants to see) -- and I nearly always enjoy them anyway. There are exceptions both ways, but the RT rating is generally an excellent guide.

Comment Re:If self driving cars take off (Score 1) 199

I actually believe if self-driving cars take off, drive times will go down. The programmers of the cars can do a lot to alleviate the bad behaviors people have gotten in to that just makes heavy traffic worse.

If you then ban human-operated vehicles from (some) roads, or maybe just some lanes (which should be separated from lanes usable by human-operated vehicles), it can get even better. Vehicles in constant radio communication with each other and with sub-millisecond reaction times should be able to significantly increase highway speeds and reduce inter-vehicle distance to inches, while simultaneously increasing safety.

If you can remove human-operated vehicles from all roads, you can also get rid of stop lights and stop signs. Vehicles can negotiate appropriate gaps as they approach an intersection.

Comment if (window.changed) { window.render() } (Score 1) 221

You shouldn't be rendering a window every few milliseconds if it hasn't changed. This:

function paint {
        if (window.changed) {

function render {
      # In Windows, most screen elements are "window"s
      for child window.children {

Not this:

while true {
              for child window.children {

Comment On $400 billion investment (lost money after infla (Score 2) 76

Amazon made $2.37 billion, on over $400 billion invested. So an owner (investor) who put in $10,000 of their retirement savings made $59. Whoohoo!

Due to inflation, $10,000 in 2015 was worth only $9,700 in 2016, so they actually LOST $241.

Yeah, "making" less money than you're losing to inflation is pretty dismal.

Comment Re:Rotten Tomatoes is getting self-important (Score 1) 381

I do the same when looking for a restaurant - find a negative review and they'll tell you everything good about the place that they don't understand.

This. I use this same strategy when evaluating any product. Read a few good reviews, sure, but I need to read a few of the top negative reviews to figure out if the product actually has weaknesses that matter to me, or if it's just been purchased by a few users with unrealistic expectations.

The good thing about negative reviews is they usually aren't placed there by the business or by a sock puppet/SEO, so the dishonest reviews are at least more transparent. If some jerk with a grudge posts a 1 star review, they'll often include a whole sob story about how this company was unfair to them because they didn't immediately replace the broken thing the user dropped on a concrete floor.

Comment True. Anyone who has ever called a locksmith knows (Score 1) 75

What you've said is exactly right. Anyone who has ever called a locksmith because they were locked out of their house or car understands two things:

1) They weren't able to get in without the key - it was secure.
2) The locksmith got in without a key, probably in under 2 minutes. It was not secure.

Security is a quantitative thing, not a binary thing. You can ask HOW secure something is. Asking "is it secure, yes or no?" is folly.

Standard TLS (https) is much more secure than plain text (http).

Standard TLS connections are useful in the same way that physical locks are useful - they make it unlikely that anyone will in fact defeat your security. Both *can* be defeated by a skilled person using the right tools, given they invest enough time in doing so. Both are more secure than leaving stuff wide open for any passerby to take.

Self-signed certificates are slightly more secure than plain text on a *technical* level, but because they may create an illusion of strong security where none exists, they may be less secure in practice.

We have customers using self-signed certs (without pinning) who mistakenly think the self-signed certs prevent MITM attacks, so they send sensitive data over these connections, "secured" by TLS using self-signed certs. They'd arguably be more secure overall if they understood they have no protection on those connections, so they wouldn't use them for sensitive data (or would encrypt the data before sending it over the non-secured connection). A misunderstanding of the "protection" offered by self-signed certs leads them to do something foolish.

In this regard, there is a counterpoint to what I said above about it being folly to ask "is it secure?" as a yes or no question. It may be wise to try to create a binary secure/non-secure label in order to ease understanding. Weak security can fool users into thinking it's "secure", so it may be better to either secure something strongly or not at all, so users can easily tell that it's obviously not secured.

Comment "Signed all the way". That's just a different CA (Score 2) 75

> Can someone explain to me why domains don't just include a public key in their DNS record (signed all the way up to a root authority) ...
> Why, exactly, are we still fucking around with certificate authorities

Okay, so the DNS record would have a signed certificate. You'd have "the root authority" sign certificates? You would trust this authority for certificates, and this "certificate signing authority" would be better than having a certificate authority?

What you've suggested can be said more succinctly as follows:
Why aren't the people who run DNS also certificate authorities?

You still have CA, you've just decided that the CA needs to be the same people who run DNS, because ... well no good reason that I can think of. What does that gain you?

Slashdot Top Deals

You have a tendency to feel you are superior to most computers.