Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - Researcher Uses Valve Security Bug to Upload Paint Drying Game on Steam (softpedia.com)

An anonymous reader writes: A security researcher found two bypasses in Valve's game review process that eventually allowed him to publish Steam Trading Cards and a full game on the Steam Store called "Watch Paint Dry" (reference to this case from last month involving the British film censors).

The game was supposed to be an April Fools' Day prank, but the researcher forgot to set a release date, and was published on the Steam Store last weekend. Valve has fixed the security bypass in the meantime. These were extremely dangerous since it allowed anyone to publish games on the Store (possible containing malware) without a Valve employee ever taking a look at them, or knowing they went through the review process.

Submission + - Torvalds' Secret Sauce for Linux: Willing to be Wrong

An anonymous reader writes: Linux turns 25 this year(!!). To mark the event, IEEE Spectrum has a piece on the history of Linux and why it succeeded where others failed. In an accompanying Q&A with Linus Torvalds, Torvalds explains the combination of youthful chutzpah, openness to other's ideas, and a willingness to unwind technical decisions that he thinks was critical to the OS's development: "I credit the fact that I didn’t know what the hell I was setting myself up for for a lot of the success of Linux. ...The thing about bad technical decisions is that you can always undo them. ... I’d rather make a decision that turns out to be wrong later than waffle about possible alternatives for too long."

Submission + - Network Time Foundation got more funding, but has more work to do (informationweek.com)

dkatana writes: The Network Time Foundation is responsible to keep all computer clocks synchronized through the Network Time Protocol (NTP).

The nonprofit Network Time Foundation, which Harlan Stenn launched in 2011, saw its funding increase by $90,282 in 2015 for a total of $192,282 to support the NTP project. But there's still much work ahead to ensure the system works smoothly.

The NTP, as other widely used technologies on the internet, such as OpenSSL and DNS, are based on open source code. The means that anyone can use it, but their maintenance falls mostly on volunteers submitting changes to a handful of engineers.

VMware, the biggest contributor, donated $60,000 last year, and others contributed the other half. Services such as cloud computing rely on NTP to keep their servers in sync.

Donations may be may be made via the Network Time Foundation website, or sent to stenn@nwtime.org through PayPal.

Submission + - NSA Hacker Chief Explains How To Keep Him Out Of Your System. (wired.com) 1

An anonymous reader writes: Rob Joyce, the nation’s hacker-in-chief, took up the ironic task of telling a roomful of computer security professionals and academics how to keep people like him and his elite corps out of their systems.

Joyce himself did little to shine a light on the TAO’s classified operations. His talk was mostly a compendium of best security practices. But he did drop a few of the not-so-secret secrets of the NSA’s success, with many people responding to his comments on Twitter.

Comment Re:"Linux Command Line Tirckery" HA! (Score 1) 642

Well, you are being sarcastic of course, but strictly speaking... you are right...

Are not huge efforts put into alternative input devices, which should be "more direct" - like brain-computer interfaces, eye-computer interfaces, body-motion-computer interfaces etc?

Yes, the computer should know what I want to do, and just do it. That's the whole point of this AI idea; if the computer can think itself (himself?), then you don't need to break everything up into step-by-step instructions.

As for electricity: it's just because we don't know how to put the needed energy into the computer otherwise, in a more convenient way. Well, if the computer had adequate AI and a little chemical plant inside, it could forage for energy, just like humans... or, previous generations dreamed of putting atomic batteries inside, which would go for thousands of years...

Comment Re:I believe him, but (Score 1) 297

As a native: This is all true. Now, if you're learning German, please forget it again.

I believe the way we natives handle this is by associating each common phrase with the correct pattern, not by going through rules and lists of prepositions. So, if I want to express that we are going into something from outside, I recall the pattern "in [den Wald] (hinein)gehen". Walking around inside something is "im Wald (herum)gehen". So, you have bits of meaning, and associate them with language patterns, including the cases. When you learn a language, you have to memorize the patterns anyway ("how do I say XYZ?"). Just also memorize the suitable cases.

Oh, did I mention that in my native Austrian dialect, we don't have a dative at all? :-) Walking into the wood is "I geh an Woid (ei)" (Ich geh inn' Wald hinein). Walking around the wood is "I geh an Woid umanond" (Ich geh inn' Wald herum)...

Comment Re:PHP is an ugly programming language (Score 1) 519

stristr( $haystack, $needle ) for checking if one string is contained in another versus in_array( $needle, $haystack )

Netbeans, PHP support, Alt+Space. Problem solved :)

Generally, PHP all the way for me, without web frameworks or anything. Some things that I find helpful in PHP:

  • Heavily use the object-oriented features (e.g. use classes with static methods for lexical scoping).
  • Liberally add comments in the source code (makes the Netbeans autocompletion/help work nicely).
  • Make one central database access library in your project (based on PDO), and use that library throughout your project.
  • Define central configuration in a config.php file.
  • Separate presentation-oriented PHP files (to be treated as "templates") and back-end (which have a starting php tag at the beginning, and no ending tag throughout the file).
  • Use AJAJ (with JSON) if needed. Both PHP and Javascript can do it natively, and it's faster and much simpler than XML.
  • Consider REST-style interfaces if your project is big.
  • Use sane parameter semantics: POST parameters in forms, GET parameters only very rarely.
  • Use the PHP session to store context.
  • Do not trust user input; check string lengths, options, and run all inputs through regexes to validate the allowed characters. Put this string/number/option checking code into a separate backend library, and use that everywhere else.

Comment Re:No (Score 5, Informative) 601

The main problem with OpenPGP on mail for me is that due to the unique key per recipient, if you add more than one recipient or cc, you have to encrypt the mail for each and every one of them. If you add some attachments it's pretty sure that you will hit the maximum allowed mail size of some mail server along the way.

Uh, no. It's called "session keys". The content is encrypted with a random number (the session key), and this random number is in turn encrypted with the recipients' private keys. As the content is usually compressed too before encryption, the result may even be a smaller e-mail than without...

Electronic Frontier Foundation

Submission + - Google Surrenders in the "Nymwars" (eff.org)

derGoldstein writes: According to the EFF blog: "Proponents of pseudonymity scored a major victory today, when Google executive Vic Gundotra revealed at the Web 2.0 Summit that social networking service Google+ will begin supporting pseudonyms and other types of identity."

Submission + - Facebook malicious link protection already broken (blackhatacademy.org)

mepholic writes: To be honest, this vulnerability is not anything that is actually new. Facebook was informed about it months ago (July 31, 2011 to be exact.) They really just started using WebSense to brush this vulnerability under the rug and make their users feel a bit more safe. Blackhat Academy released a Proof of Concept exploit on October 4th, the day after Facebook enlisted WebSense for link protection.

Submission + - Netherlands introduce mandatory alcohol lock on ca (volkskrant.nl)

vikingpower writes: "Although the link is, alas, in Dutch, the news is pretty much that: news. From December this year on, drivers caught with more than 1,3 parts per thousand alcohol in their blood get a mandatory alcohol lock on their vehicle. The lock will ask them to breathe into it several times per ride, and will block the vehicle's operations if and when measuring more than 0,2 parts per thousand alcohol. The measure is to be inflicted on top of judicial measures ( hefty fines )."

Submission + - Iphone 4 Case Made 100% from Trash! (miniwiz.com)

An anonymous reader writes: Who said that Eco-Design product could be not good looking?

MINIWIZ is a Taiwanese firm that is a globally recognized innovator dedicated to eco-solutions through practicing the 3Rs – Reduce, Reuse and Recycle.

Their new product is an Iphone Case Made 100% from Trash! Yes Trash!

Basically, they use a new type of materials called POLLIBER, a post-consumer thermoplastic and semi-carbonized waste fiber composite.

Their Iphone Case is called Re-Case! RE-case’s design was inspired by the Japanese INR, a carrying case for identity seals used in the Edo Period which also served as a worry stone. Instead of a seal, RE-case holds an RFID (radio frequency ID, such as those for office security or public transit) or wave-able credit card between itself and the user’s iPhone. The graduated design improves grip and texture while retaining the aesthetic qualities of the INR.


Slashdot Top Deals

I am a computer. I am dumber than any human and smarter than any administrator.