Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:At what scope of time or size of output data? (Score 1) 240

The real security concern with VMs is duplication ... if you clone a bunch of VMs but they start with the same entropy pool, then generate an SSL cert after clone, the other SSL certs will be easily predicted.

Yeah, I encountered that the other day. Built a VM, took a snapshot, did some stuff, reverted, did the same stuff. I was testing a procedure doc I was writing. Part of the procedure was creating an SSL cert, and I got an identical one on both attempts. That seems a little fishy to me; I would expect the certs to be (by the standards of cryptography) very similar, not identical. With that said, I didn't actually generate the cert myself, I ran a script (which I didn't write) to do it. The script might be using the same random seed or something. Or it could be a characteristic of moznss.

Feeling good about your EC2 instances, eh?

No shit. It might be worthwhile to use your desktop or some other hardware you control to seed your VM's PRNG with higher-quality entropy. That way, you should at least be able to avoid collisions with other VMs on the same hardware.

Comment Re:U.S., cough, international pressure much? (Score 1) 166

That's a great idea, but the problem is that the cost of digital reproduction is near enough zero as makes no difference. If you publish an e-book, and I buy a copy for $5, why would anyone else buy a copy when they could get one for free from me? Some people would do it out of habit. Others would do it because they feel it's the honest thing to do. But most people would not. I've got to imagine that it would be really hard to make a living this way.

You'd probably have to switch to a Kickstarter-like model. The prospective author uploads a high-level summary of what he wants to write. People who want to read it donate a couple bucks. The author then writes something and releases it for free. This would probably work, at least in a sense, but it'd be hard to fund longer works this way. You'd get a lot of short stories, novellas, and serials. I've got nothing against those formats, but I do like to have some diversity.

Philosophically, we're both in total agreement. I really only have a problem with how it would work (or not) in practice. I think a more realistic solution would be to have copyright, just like we do now, but with a drastically reduced term. Like, one year by default, up to a maximum of five years if you apply for an extension each year. If you can't break even on your copyrighted work in less than five years, you're never going to. If people are willing to wait for your copyright to expire rather than buying now, your work isn't important enough to deserve protection.

Comment Re:This is disgusting!! (Score 1) 579

The herbicide in question -- Roundup, aka glyphosate -- kills plants that aren't genetically modified to be resistant to it. If you plant a bunch of non-GM corn and then spray the whole thing with Roundup, you will kill everything, including the corn. So yeah, I can't imagine any reason a farmer would be doing that either.

Comment Re:Daily Microsoft bitch-fest (Score 5, Interesting) 245

seriously, the bootloader on modern hardware doesn't need all that bullshit.

Yes, it does need "all that bullshit." Booting from anything except an on-board hard disk controller on a PC BIOS is a hackjob. It's just an absolutely horrible clusterfuck. The fact that it ever works at all is a testament to the hard work put in over the past 20+ years by all the bootable expansion card makers.

I'm not trying to be a dick, but your comment really makes me think that you've never used anything except a desktop PC. In the server world, you always boot from an expansion card -- note that onboard NICs count as expansion cards in this context, because the BIOS can't boot from them directly; it has to pass control to the NIC's BIOS, which handles PXE -- at least once in the server's life to kickstart it. And there are a good number of situations where you never boot from a local hard disk. That's not just PXE. It also includes iSCSI and FC HBAs, ROMs or flash devices, RAID controllers, and probably a raft of things that I've simply never encountered.

I think that OpenBoot would've been a better choice than UEFI, personally. But I don't think any knowledgeable person can dispute the need for something better than the 1980s-era PC BIOS.

Comment Re:Perfect Opportunity for Valve (Score 1) 384

Ultimately, I think the compromise that we will get is that you will be able to resell used games, and you, the distributor, and the publisher will all get a cut. It's unfair for the publisher to get anything -- it doesn't right now, with physical media-only resales -- but you know they will fight and fight to prevent resales at all. The only way they'll ever agree to it is if they get something in return. Unfair though it might be, I don't see any solution that doesn't result in them getting a piece of the action.

The great thing is that digitally-distributed games are fungible. There's no difference between my used copy and your used copy, or even between a used copy and a new one. This means that you can handle them exactly the same way we handle stocks, bonds, and commodities, all of which are fungible too. It makes pricing largely automatic. Pricing could actually be made completely automatic, although it would work better if you at least let sellers put in bids manually.

Comment Re:They're taking the right approach (Score 1) 171

I'd love to see an email app that complies with IT demands for a PIN lock, encryption, and remote wipe capabilities without turning those features on for the entire phone. I don't want to enter a goddamn PIN code just so I can play Zookeeper Battle. I don't need to encrypt the pictures of my wife and kid I have on my phone. And I don't think IT really cares if my Plants vs. Zombies achievements get stolen by a hacker.

I mean, I still wouldn't buy a Blackberry device. But that strikes me as an actual business-related value-add they could offer. All the other stuff people are talking about here -- "connect to an Exchange server" and "view Excel spreadsheets" seem to be the most common -- can already be done by every other phone in existence. Those aren't awesome things your BB does. Those are basic, entry-level features that any modern smartphone must have.


Submission + - CPS-3 Encryption Scheme Broken (

x3sphere writes: "It's taken awhile, ten years to be exact, but Andreas Naive has successfully managed to break the protection on Capcom's CPS-3 arcade system board. The CPS-3 powered less than a dozen arcade classics, including JoJo's Bizarre Adventure, Red Earth, and Street Fighter III.

The security system of the CPS-3 was rather advanced for its time. Any tampering to the game's security cartridge would result in the decryption key being erased, thereby rendering the respective cartridge useless.

So, the decryption is broken, what does this all mean? In one word: Emulation. Now that the decryption task is done, the folks over at MAME have already started work on a CPS-3 emulator."


Submission + - Group says Google the worsr on privacy

pcause writes: According to this article in the Wall Street Journal (subscription required), a study by Privacy International. While Microsoft, AOL and Yahoo were included, none came close to Google, which was said to be "achieving status as an endemic threat to privacy".

Since Google business and revenue and enhanced by systematically violated your privacy, getting you to install spyware on your Desktop (yes, that is what the toolbar and Google Desktop), and tracking your every web action (why they want you to stay logged in), I guess they don't consider this behavior "evil". As a Privacy International person is quoted as saying, "Under the microscope, it turns out that Google is doing much more with our data than we ever imagined".

Shouldn't we all be concerned about the volume of information about us that Google collects and how they use and abuse it?

Submission + - FLOSS faster than upcoming BPEL4People standard

An anonymous reader writes: It is soon going to be two years when IBM and SAP proposed their WS-BPEL Extension for People in a joint white paper together back in July 2005. Not that they abandoned their original idea of standardizing how to integrate people in BPEL processes: Indeed various companies already implemented their own solution in order to permit role based interaction of process stakeholders. While commercial ones have their proprietary realization for their respective BPEL engines, it is now partial and full open source companies like Active Endpoints or Intalio as well as academic projects that actually do set standards. After all, standards need to be open. Bringing independency to systems, it is nice to see how FLOSS projects — as in the example of BPEL4People — can take the initiative.

Submission + - Asus stuns Computex with $189 laptop (

slashthedot writes: "As if Intel's cheap laptop release last month wasn't enough, Asus sprang a surprise during Intel's Computex keynote today with the announcement of a $189 laptop.
The notebook uses a custom-written Linux operating system, measures roughly 120 x 100 x 30mm (WDH) and weighs only 900g, boots in 15 seconds from its solid-state hard disk. Asus chairman Jonney Shih claimed the 3ePC would be available in all areas of the world, not only developing nations. utex-with-100-laptop.html"

Slashdot Top Deals

Where are the calculations that go with a calculated risk?