Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Data grid stability does not require per-user data (Score 2, Insightful) 249

It is the bloody same to a power plant whether 100W go to John Smith and 900W to Joe User, or whether both of them use 500W.
It is even much cheaper and more accurate to measure the power where a multitude of users are connected.
The only reason for the introduction of "smart meters" has been to collect personal data to sell and to con people into more expenses for their particular pattern of power usage.

Comment Re:You don't need a browser to run downloaded code (Score 1) 235

The first thing MicroSoft will do when WebAssembly becomes a success will be introducing additional "features"/interfaces in their Windows browser, making sure that their deciples program WebAssembly software that will run well only under Windows. It has always been like that. Doesn't matter whether the abstraction layer is called "WebAssembly" or "POSIX" or "JavaScript".

Comment Re:You don't need a browser to run downloaded code (Score 1) 235

If you are willing to limit your applications to a common subset of instructions and interfaces, like WebAssembly and every high-level-programming language does, sure.

People could have agreed e.g. on the Commodore 64 to define the virtual machine to run downloaded code in, there already are C64 emulators for all major operating systems - perfect compatibility guaranteed.
Of course, you say: "But that would have limited what WebAssembly can do to what the C64 could do!" - yes, that is true, and any other "WebAssembly" virtual machine will have the same flaw: It will restrict the possibilities by defining a VM, trading in flexibility for compatibility.
Some soon coming day, a company (like MicroSoft) will state "we enhanced WebAssembly's limited capabilities by adding feature X" - and voila! - you'll have incompatible WebAssembly environments again, just like you have incompatible environments for running x86 assembler right now.

Comment You don't need a browser to run downloaded code (Score 1) 235

It's beyond me why people confuse operating systems with web-browsers. Being able to run code from somewhere on the net and executing it locally (either sandboxed in a virtual machine or directly on the hardware) is something every major operating system has been able to do for many years.

And there have been good reasons why operating systems got safety mechanisms to not overly trust code from somewhere on the net.

Having a browser instead of an operating system do that just means to exchange the expertise and security awareness of operating system programmers with the utter lack of skill and security awareness of pixel-pushing GUI application programmers.

Comment Re:git was written when SHA-1 attacks were publish (Score 5, Insightful) 203

If you read Linus' whole statement, you will also find the part where he writes "yes, in git we also end up using the SHA1 when we use "real" cryptography for signing the resulting trees, so the hash does end up being part of a certain chain of trust. So we do take advantage of some of the actual security features of a good cryptographic hash, and so breaking SHA1 does have real downsides for us."

Regarding our use of SHA-3: We use crypographic hash-sums as keys to cached data items that are not permitted for everyone to request. Thus we need to make sure that the cache keys cannot be "guessed" (like from knowing a valid cache key for a similar data item).

Comment git was written when SHA-1 attacks were published (Score 3, Informative) 203

Both happened in 2005. And SHA-2 was published 4 years earlier. So yes, the sky is not falling, and git can be made secure, but it also wasn't really wise to use SHA-1 when git was implemented, first.

BTW: At the company I work for, we already replaced SHA-2 with SHA-3 for security reasons. Better safe than sorry.

Comment Re:How "indirect" was the use? Was SF just a proxy (Score 1) 123

Indeed, I have experienced the same with many other services.
You would not believe how creative both the writers of corporate service licences are in inventing reasons why there customers shall pay them more, and how creative the corporate users of such services are in inventing more or less plausible/legal ways to circumvent the license fees.
Just one example: Vendor writes into the license contract a higher monthly fee for "pushed" updates instead of "pulled" (requested) data. A company using that service asks me to implement a proxy service that will pull at an insanely high frequency on its input and provide real "push updates" on data changes on its output.

Comment Manufacturers intent: Collect/sell data/ads (Score 1) 142

Your statement, while true, totally fails to consider that the goal of making and selling such dolls is not to make children happy and to keep their privacy intact. These dolls are built to collect data, sell that data for profit, and deliver targeted advertisements to children.

Comment Re:Echo (Score 3, Interesting) 142

The theory about Echo and such is that those are not disguised eavesdropping devices.
Which, of course, is only partially true, as 99.99% of all adults will not have the slightest clue (or ability to verify) when Echo records something, and whether or not that recording goes to some remote 3rd-party.

Slashdot Top Deals

The best things in life go on sale sooner or later.