Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:I've got a crazy idea (Score 2) 295

The parent is right.

But not only that. The flash controller could be running a background process, such as offline deduplication or data block movement for static wear levelling. These processes are *not* triggered by reads or writes from the OS, so even when you are not actively writing to the disk, simply removing it without ejecting *might* cause data corruption and data loss.

Comment Please Slashdot editors (Score 1) 94

Please Slashdot editors,

      Make summaries interesting for your target readers.

      If you want to shift your target to people who, within the context of a wireless protocol, consider "advertisements" as something bad and intrusive and not some type of broadcast service announcement, that's ok. But please, in that case tell us clearly, so we can find an alternative site.

      If you want to recover the old nerdies who have long left the page, please consider that your audience has some technical background when writing the summaries. You could have highlighted many interesting points from the Ars Technica text (or even have found a deeper one), such as current size of advertising packets or the discussion on hardware compatibility via software upgrade.

      But instead, you highlighted the only part which has no interest -- the clarification about what are *not* advertising packets. Seriously, is the focus of the summary targeting your target?

Comment Re:Actually not really fixed - URL not validated (Score 1) 96

I doubt it. The binary could be unsigned, and the (fake) website provide some instructions on ignoring the UAC notification but validating the SHA-1 hash, which would be a sensible way to do when you do not have (or pay) a code signing certificate. More info, for example: http://www.excelsiorjet.com/kb...

Comment Actually not really fixed - URL not validated (Score 1) 96

When the website is compromised with a MITM attack, the attacker can provide a (fake) download link which downloads a compromised binary from the compromised website, instead of the original binary from Sourceforge. In such case, the user does not know that the file should be digitally signed by a certain author. Instead, the attacker can modify the site to provide (fake) MD5 and SHA-1 hashes which validate the (fake) binary, or provide a self-signed binary. In particular, the problem is that the URL to the download binary and the binary validation instructions also need to be validated, as well as the binary itself. This would be solved using HTTPS.

Note that this attack does not particularly target recurrent users (looking for updates; they probably know how the program security works and where it is hosted), but particularly first-time users who don't know how it works.

Comment It helps reducing expectations (Score 1) 51

When you notice that your career is poor, and that everyone else is having success while you are stagnant, sometimes it is a problem of over-inflated expectations and false perception of other people's success. There is a very, very nice discussion about the frustration of people based on their career in this post. Presenting a list of both successes and failures helps other people ignore the idealized view of your career, and avoid frustration.

Thank you!


Rights Groups Push For Strong Broadband Privacy Rules (reuters.com) 29

An anonymous reader writes: A coalition of rights groups has sent a letter to the U.S. Federal Communications Commission asking for tougher privacy regulations on providers of broadband internet services. The letter was sent by the ACLU, the EFF, Public Citizen, and over 50 other groups. "Critics say broadband providers are already harvesting huge amounts of consumer data for use in targeted advertising, the groups wrote. 'This can create a chilling effect on speech and increase the potential for discriminatory practices derived from data use,' the letter said." FCC Chairman Tom Wheeler has said such firms need to ensure their data is protected, and that consumers should know more about what data is being collected, but he hasn't addressed whether the data should be harvested in the first place. He expects the FCC to review these practices "in the next several months."

Comment Re:Not new (Score 1) 41

No, they are not doing this for publicity. Their goal is to improve the review process by attracting more people interested in the topic to the review process and make it more open.

I happened to attend the workshop last year and there was a very interesting discussion at the end about how to modify a review process to make it more open. While I didn't take part in the discussion, there were many aspects considered about the open peer-review process, both positive and negative. For example, some authors might be frightened to submit a paper when sending preliminary versions of their work. The selection of Reddit and ArXiv didn't have any publicity (or political) objective, they were just tools familiar to the people involved in the organization and the discussion.

I am some skeptical to this model, but still is a very interesting experiment so it will be nice to see how it compares to the reviews from previous editions.

Comment Re:tl;dr; (Score 1) 102

Of course the title is misleading! For a user-space programmer, the ISA is completely hidden by the compiler and the system libraries (for example, synchronization). Still, the document makes interesting points, such as different behaviour of the compiler (which apparently removes locks in ARM32 but not in ARM64) which could impact performance, especially for highly concurrent applications.

Slashdot Top Deals

Shortest distance between two jokes = A straight line