Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment No remnants of dignity to be found at MS (Score -1, Troll) 39

We are used to see our weekly startup hype, touting miraculous new wonders to attract gullible-investor money.

But M$ really has enough money not to require such cheap scams. Plus they can extort as much money from their office software addicts as they want.

So I think they should really not need to go to such new lows, and leave that to the miracle startups.

Comment Indeed, this is not yet more than an idea... (Score 1) 104

... which is very very far from any practically working piece of hardware. At least the text of the university itself clearly states this is a "proposed procect":

"The objective of this research is to explore new classes of compounds that exhibit multifunctional magnetic properties of fundamental importance to high-density storage methods and molecular electronics. The scope of the proposed projects cover a broad range of fundamental topics in chemistry, including organic and inorganic synthesis, structure and bonding, electronic structure, magnetochemistry, photochromism, photophysics, and materials chemistry."

Comment Data grid stability does not require per-user data (Score 2, Insightful) 249

It is the bloody same to a power plant whether 100W go to John Smith and 900W to Joe User, or whether both of them use 500W.
It is even much cheaper and more accurate to measure the power where a multitude of users are connected.
The only reason for the introduction of "smart meters" has been to collect personal data to sell and to con people into more expenses for their particular pattern of power usage.

Comment Re:You don't need a browser to run downloaded code (Score 1) 235

The first thing MicroSoft will do when WebAssembly becomes a success will be introducing additional "features"/interfaces in their Windows browser, making sure that their deciples program WebAssembly software that will run well only under Windows. It has always been like that. Doesn't matter whether the abstraction layer is called "WebAssembly" or "POSIX" or "JavaScript".

Comment Re:You don't need a browser to run downloaded code (Score 1) 235

If you are willing to limit your applications to a common subset of instructions and interfaces, like WebAssembly and every high-level-programming language does, sure.

People could have agreed e.g. on the Commodore 64 to define the virtual machine to run downloaded code in, there already are C64 emulators for all major operating systems - perfect compatibility guaranteed.
Of course, you say: "But that would have limited what WebAssembly can do to what the C64 could do!" - yes, that is true, and any other "WebAssembly" virtual machine will have the same flaw: It will restrict the possibilities by defining a VM, trading in flexibility for compatibility.
Some soon coming day, a company (like MicroSoft) will state "we enhanced WebAssembly's limited capabilities by adding feature X" - and voila! - you'll have incompatible WebAssembly environments again, just like you have incompatible environments for running x86 assembler right now.

Comment You don't need a browser to run downloaded code (Score 1) 235

It's beyond me why people confuse operating systems with web-browsers. Being able to run code from somewhere on the net and executing it locally (either sandboxed in a virtual machine or directly on the hardware) is something every major operating system has been able to do for many years.

And there have been good reasons why operating systems got safety mechanisms to not overly trust code from somewhere on the net.

Having a browser instead of an operating system do that just means to exchange the expertise and security awareness of operating system programmers with the utter lack of skill and security awareness of pixel-pushing GUI application programmers.

Comment Re:git was written when SHA-1 attacks were publish (Score 5, Insightful) 203

If you read Linus' whole statement, you will also find the part where he writes "yes, in git we also end up using the SHA1 when we use "real" cryptography for signing the resulting trees, so the hash does end up being part of a certain chain of trust. So we do take advantage of some of the actual security features of a good cryptographic hash, and so breaking SHA1 does have real downsides for us."

Regarding our use of SHA-3: We use crypographic hash-sums as keys to cached data items that are not permitted for everyone to request. Thus we need to make sure that the cache keys cannot be "guessed" (like from knowing a valid cache key for a similar data item).

Comment git was written when SHA-1 attacks were published (Score 3, Informative) 203

Both happened in 2005. And SHA-2 was published 4 years earlier. So yes, the sky is not falling, and git can be made secure, but it also wasn't really wise to use SHA-1 when git was implemented, first.

BTW: At the company I work for, we already replaced SHA-2 with SHA-3 for security reasons. Better safe than sorry.

Comment Re:How "indirect" was the use? Was SF just a proxy (Score 1) 123

Indeed, I have experienced the same with many other services.
You would not believe how creative both the writers of corporate service licences are in inventing reasons why there customers shall pay them more, and how creative the corporate users of such services are in inventing more or less plausible/legal ways to circumvent the license fees.
Just one example: Vendor writes into the license contract a higher monthly fee for "pushed" updates instead of "pulled" (requested) data. A company using that service asks me to implement a proxy service that will pull at an insanely high frequency on its input and provide real "push updates" on data changes on its output.

Slashdot Top Deals

panic: kernel trap (ignored)