Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Yeah, not a major concern (Score 1) 60

Ok. So in order to make this work you'd need to have a WSUS server set up somewhere that has the malicious code and then change the client's update server setting. Since this is set by GPO it's going to be set back to the old value in a matter of minutes anyway if it's a corporate system.

Assuming the client is able to grab it then unfortunately unless the update from that server is signed by Microsoft the client server will refuse to install it. Is there a way around this problem? Yep, it's simple! You just need to create your own packages on the malicious server and sign them with its own code-signing certificate, and then your malware has to distribute the certificate to each and every client's code signing and root certificate stores in addition to setting another registry key that tells it to trust non-Microsoft signed code.

All of these settings which are settings normally controlled by GPOs in a corporate environment of course.

So the system was completely compromised long before you could ever set this all up. Sure, you could use this to keep your non-corporate machine botnet updated but there are far easier ways to do it and without leaving a nice trail of bread crumbs for the FBI to follow.

Comment Re:Email is expensive? (Score 1) 130

Combine this with the fact that they have all of the email infrastructure in place already to support message delivery for Hotmail and Exchange Online, and it does literally cost them almost nothing to deliver these messages which are a tiny drop in a huge ocean of mail they deal with. I'm inclined to think that email cost has anything to do with it.

Comment Re:It's just a tool I guess (Score 1) 294

I don't presume to know how close you've ever been to full-on drug addiction,

but in my own admittedly small sampling,

many an addict's confinement is the only time in their adult lives they're not using. A great friend passed last year at the ripe old age of 48, but his life was probably extended a decade by frequent periods of abstinence as a guest of the County and State.

At a cost of hundreds of thousands of dollars to the taxpayer. So tell me: Is that a better deal than rehabilitation which would not only cost less, but allow him to stay in the work force contributing to the tax base instead of drawing from it?

Comment Re:Comments (Score 1) 238

I disagree with this to an extent. Comments in the code answer an important question:
What was the author trying to do here.

From there I can answer two other questions:
Is this a logically correct solution to the problem?
Is the author's code doing what he intended it to do?

I find it much easier to analyze code if I can get inside not only the original author's head, but the heads of the two other people who came after him and spliced in updates

Comment Re:So... tell me how to be more explicit? (Score 1) 369

I really wish they had done the opposite of this. IF the filter is set to allow all then assume all searches are for explicit the it should assume you want all results. If you don't want porn (getting a lot of noise on a search, for example) then the user would include "-porn". This is how it works for all other searches, I'm not sure why they would be inconsistent like this.

Unfiltered is how I have my searches set at home because I don't want to miss results on the off chance that the search engine thinks it's pr0n and I don't mind if I see the occasional adult content.

Comment Khan Academy is a huge win for teachers (Score 1) 110

Khan Academy teaches a topic to a classroom, then tests and generates reports on who knows the particular lesson and how well they know it. The teacher can then spend time with the few students who are having trouble with it and let the 80% of students who grokked it move on to other material. Teachers can spend their time teaching to the students who need help learning, instead of a largely bored classroom of people who got it the first time.

It also tells you how good the software is. If 80% of the people are getting it, that's good. If only 25% of the people are getting it, it's time to rework that lesson.

Comment Re:an Oracle DBAs perspective (Score 2) 306

As a DBA my solution to this is first and foremost, to make sure the developer and tester are on call. If I get a call in the middle of the night because of their code, they are going to get one as well. The developer is going to check in and build the fix I create, and the tester is going to test it. Losing sleep for a few nights waiting for the build to complete and tests to finish tends to cure these kinds of issues. They also tend to be a little more dilligent about letting their DBA review their code before they check in.

Comment Re:Irony alert! (Score 1) 264

What this model fails to take into account are people who do not consume the content under the current model. For example, I will not pay a monthly cable fee for one or two channels I would watch occasionally.

Secondly, it opens up opportunities for other shows that didn't make it on CC or another major network. Couldn't get another season of Babylon 5 on the air? No problem, if you can get enough direct subscribers (and on that show, I suspect you would) you can release episodes directly to them.

This could be a great opportunity to add new revenue from people who either aren't subscribing now, or are pirating the content out of frustration.

Comment Re:NIT (Score 4, Interesting) 200

Yeah, this would go over really well in court:

Lawyer: So How did you obtain this footage?
Drone Operator: We accidentally left the camera equipment on when we took off from American soil
Lawyer: How many times has this happened?
Drone Operator: Several, in fact I think it happens most times when we launch
Lawyer: What disciplinary action have you received for leaving them on?
Drone Operator: None. I think I read something once that says we aren't supposed to, but out commander tells us to do it anyway

At this point it's pretty obvious that it wouldn't be a case of "accidental" espionage (Disclaimer: IANAL)

Slashdot Top Deals

The bogosity meter just pegged.