Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:But is Wayland better? (Score 1) 227

When an application is drawing stuff, there's plenty of cases where you have to wait for round trips from the application to the XServer too. Plus the application, X and window manager can all manipulate the same properties of a window, so there are plenty of cases where you can't be certain what will actually happen.

I prefer to think of wayland returning to the unix philosophy of doing one thing and doing it well. It takes over the job of rendering multiple windows on a single desktop, and forwarding mouse and keyboard events to applications. Everything else is out of scope. Is Wayland doing that job well? Maybe, but I'm not an expert.

If you want to display an application that talks X11, or connect to another server via RDP or VNC, do that with another program. If you want to innovate in this space, go ahead. Build a GTK or Qt remoting protocol or something. Having a clean separation between network protocol and display compositing should help the ecosystem in the long run. I will say that the X11 wayland client isn't that good, I've seen plenty of weird bugs when using old applications.

The big challenge to adoption is the conversion of existing applications. Even if you are using a high level toolkit, there are bound to be a few X11 library calls hanging around.

Submission + - SpaceX makes aerospace history with successful launch/landing of a used rocket (

Eloking writes: After more than two years of landing its rockets after launch, SpaceX finally sent one of its used Falcon 9s back into space. The rocket took off from Cape Canaveral, Florida, this evening, sending a communications satellite into orbit, and then landed on one of SpaceX’s drone ships floating in the Atlantic Ocean. It was round two for this particular rocket, which already launched and landed during a mission in April of last year. But the Falcon 9’s relaunch marks the first time an orbital rocket has launched to space for a second time.

SpaceX CEO Elon Musk appeared on the company’s live stream shortly after the landing and spoke about the accomplishment. “It means you can fly and refly an orbital class booster, which is the most expensive part of the rocket. This is going to be, ultimately, a huge revolution in spaceflight,” he said.

Comment Re:Devil's advocate (Score 1) 202

Yes, you are giving the CIA way too much credit. However, this is exactly what the FSB would do in order to 1) discredit the CIA, and 2) cover their own tracks. The data dump came through a source known to be associated to, and supportive of Russian interests, so we should actually assume that any misdirection is on the part of the FSB, or other Russian interests. Maybe the CIA, or the NSA, or some other U.S. TLA, has capabilities beyond what are exposed in the Wikileaks data dump, but we should assume that the actual action is elsewhere.

That said, we should all be using strong encryption: no need to make things easy for the bastards.

Comment Re:Fucking interns (Score 2) 169

We have modified this tool to remove capacity more slowly and added safeguards to prevent capacity from being removed when it will take any subsystem below its minimum required capacity level

Yeah, they have apparently made this screw up much harder to repeat.

Comment Re: In other news (Score 1) 167

In SVN a commit is final. This encourages developers to leave unfinished work in their work folder without creating a commit until they are "done". So you need a separate backup process for your work folder for any changes that take time to complete. Plus you often end up with a monolithic commit with a bunch of changes. Then how do you review those changes before pushing upstream?

git rebase gives you a solution to this problem. Whenever I think I've made progress towards solving a problem I can create a commit. If I discover that one of those changes isn't right, I create a new commit with the fixup. Then when I'm "done" with the change, I can rebase in order to produce a series of patches that someone else can more easily review. At any time, if I encounter a bug that I want to push upstream. I can rebase my entire branch first to push the bug fix to the bottom, then push that commit without needing to create a new local branch.

At any time I can use git to push my incomplete work to a private server or my own work branch on a team server. Both for backup purposes and for collaboration.

Comment Re:Here's what it means (Score 5, Interesting) 167

This is why git is not vulnerable in this specific instance. In git all objects are prepended with their type, in this case "blob". Of course if you had $100k (-ish) to burn, you could repeat this attack on a file that does start with "blob" to break git.

However you don't need to do this. This attack depends on reaching an intermediate state with specific properties in order to massively reduce the search space. Any attempt to hash a file that reaches one of these states can be detected and rejected. If you swap to using for all SHA-1 calculations, every instance of this attack can be detected and rejected.

Also I mis-spoke slightly and spotted my error after checking the paper again. The first pair of blocks have half of the same bytes, but produce an internal state with only 6 bytes of differences. The second pair of blocks, again only differ in half of their bytes, and exactly cancel out those 6 bytes of differences. See Table One on page 3 for the actual byte values.

Comment Re:Here's what it means (Score 5, Informative) 167

Google produced two pdf's that differ in some binary data near the beginning of the file. The SHA-1 hash routine processes data one block at a time, updating its internal state. There are two consecutive blocks that differ between the pdf's. The first pair of blocks produce an internal state where half of the bytes are the same. The second pair of blocks then produce an identical state. The remainder of the pdf files is the same.

So you can use these two pdf prefixes and append whatever data you want to them to produce your own pair of files. Pdf includes a programming language for rendering content. Within this language you can inspect the earlier bytes of the file to detect which version of the file you are rendering, and make some visual changes. So while there are only a few bytes that are different, you can make two pdfs that display different content.

Nobody has invested the time to produce a new hash collision, but someone has already automated the production of duplicate pdf's based on this work.

Comment Re:Ad hoc (IBSS) != Wifi-Direct (technical details (Score 2, Interesting) 75

(If you run git blame on serval mesh's source code, you'll find my name on about 80% of the code)

Serval mesh uses Wifi and Bluetooth to share files and communicate securely. But it can't bypass google's removal of IBSS from Android. We've kept the code that turns on IBSS on some Android handsets version 2.3.3 or lower. If you really want a mesh network between phones, you can still get your hand on some old ones...

Android's bluetooth & Wifi-Direct stack are a buggy mess. It's far too easy to stumble over a bug that prevents you from getting any data through. Plus both API's are built around having the user confirm each and every connection. Almost completely useless for building a self organising network.

Then there's Wifi. Sure you can turn most phones into a hotspot... If you use reflection to call a hidden API. The carrier hasn't done anything to disable it. And in some cases, only if you have a functional cellular data service. But there's no easy way to tell if there are other nearby devices waiting to connect to you....

The main problem with this new weather app is that nobody will have it installed when they need it. Getting emergency weather information is not going to motivate people to use this app day to day and form the adhoc networks that are needed for it to work. Also this article and the summary is crap, IBM did not invent mesh networking.

Slashdot Top Deals

"Card readers? We don't need no stinking card readers." -- Peter da Silva (at the National Academy of Sciencies, 1965, in a particularly vivid fantasy)