Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Re:Downloaded 1 or more bits (Score 1) 68

The plaintiff should be required to download the entire file and to ensure that the checksum of said file matches the file offered via the plaintiff's service.

They did. That's the whole point of the "direct detection" statement. They connected to the peers in the swarm and were able to download valid (SHA1 verified) chunks of the file from the defendants.

Comment Re:from the five-days-too-late dept (Score 2) 42

Unfortunately it's the only two factor authentication system that's going to work for the public at large. It's a simple system that works with any and every cell phone on the market, with no need to (re)develop applications for multiple OSes, manage syncing those applications to a master server, and then handle user support issues when those applications break.

The problem with "proper" security is that it works against the user. Long passwords that you can't remember, SecurID tokens that you never have when you need them, and finicky fingerprint readers that are too easily fooled by fakes. And in the end, all of this just gets subverted by social engineering, calling the help desk and convincing the rube on the other end to reset the account password. Unbreakable security fails at being friendly when faced with the fallibility of users, and at the same time it's only as strong as the weakest human who has control over it.

The fact of the matter is that the only real threat to PSN users is going to be criminal gangs harvesting accounts en masse. A token two factor system, properly implemented, is going to be enough to stop that. It's security that's good enough. Otherwise you'll quickly discover first-hand how perfect can be the enemy of good.

Which is not to say I advocate poor security. But so far no one has come up with a better way to do it. It has to be universally compatible and it has to handle user failures gracefully, and there are very few ways to do that.

Comment Re:Conspicuous Silence (Score 1) 93

It's a pathetic 35 magabits per second.

Unfortunately you're not going to get much better on cable, even with DOCSIS 3.1. Upstream requires valuable low-frequency spectrum, which there's only a limited amount of and there's contention with other services (cable boxes, VoIP, etc). Meanwhile it's a nosier shared environment, so you also can't use as high of a bitrate as you can on the downstream.

Fiber is clearly better in this respect. But it's the tradeoff of using the copper already in the ground as opposed to having to dig up streets to lay down new fiber.

Comment MOD PARENT UP (Score 1) 145

The parent is spot on.

And just to add to that, until their recent run of profitability, the last time the airlines as a whole were consistently profitable was in the 1990s, before the dot-com bubble popped. Between roughly 2001 and 2011, they cumulatively lost money (the one bright spot was 2006, but of course the Great Recession hit).

http://web.mit.edu/airlines/analysis/analysis_airline_industry.html (apologies for the tiny image, but historical data more than 5 years out is typically paywalled).

It wasn't until we exited the Great Recession, airlines started charging for food and bags, and airlines did more to increase the passenger load factor (percentage of seats that are filled) to historically crazy levels that they finally became profitable as they have been in the past few years. Until then, even in decently good times, the underlying costs were pulling them down. Too many pilots and attendants drawing too high of a salary, too many flights going out less than full (i.e. too much spare capacity), etc.

So you can imagine why airlines weren't in any rush to invest in high cost, risky IT upgrade projects. When you're trying to just stay in the black, any optional cost not part of the core business (flying) is a risk.

Comment Unifiedcomplete Preference Removed (Score 1) 236

Heads up, FF 48 has removed the browser.urlbar.unifiedcomplete setting. This setting was introduced in Firefox 43 to disable the annoying Unified Complete system introduced in that build. Unified Complete is what causes the first drop-down result to be "Visit/Search With [domain]" rather than the most relevant result, as was the default before Firefox 43.

Since the preference has been removed entirely, there is no current way to get this behavior back. It would need to be fixed by an extension.

Comment Re:Vulnerabilty (Score 2) 38

Why is this considered a jailbreak (a good thing) and not lauded as a remote code execution vulnerability that it actually is. If one web page can execute code, that means another web page can execute different code, installing a backdoor to your network, etc.

Because no one uses the Vita browser. It's terrible, especially by modern smartphone standards. It's hard to seriously classify this as a threat when the odds of a Vita browser coming across a malicious site sits at just a hair above 0.0%

Comment Re:Locking out open source hardware (Score 4, Informative) 440

Thus is a move to make sure Open Source software developers and individuals cannot produce Kernel mode drivers.

No. This is a move to further prevent kernel mode malware, because it turns out trusting developers wasn't good enough. That it impacts OSS is collateral damage - and something that can be dealt with, at that - as while OSS is popular here on Slashdot, it's not much more than a blip in the wider Windows world.

The whole reason we're even going this route is that trusting developer signed drivers has proven inadequate. Microsoft started requiring developer signatures (cross-signed) in Windows 7. This significantly cut down on driver based malware, but it didn't eliminate it entirely. It just raised the barrier to entry. Instead malware authors would just eat the cost and buy a certificate, or the especially crafty/evil ones would steal another vendor's keys, as we saw with the Realtek case. Either way Microsoft has had enough of it. and hence Windows 10 requires that they sign off on all drivers so that no one can just ship a (obviously) malware-infected driver.

I don't mean to be snarky/belittling here, but if you think that Microsoft is doing this as a strike against OSS, then you haven't been paying attention to the wider world. OSS on Windows certainly exists, but OSS projects that require kernel mode drivers are exceedingly few and far between. Which is not to say that OSS isn't a threat to MS to some degree, but that threat is from Linux, not OSS projects that require a kernel mode driver running under Windows. MS's prime concern is further reducing the ability of malware to hang out in the kernel space, as once malware makes it there it becomes virtually impossible to identify, contain, and remove.

And yes, this definitely makes signing harder for everyone. By all indications that's intentional, as EV Certs make it harder to hide (you have to provide more information) and are harder to steal/fraudulently use. There are ways to work with that for OSS though, just as was the case with Windows 7, so we'll be okay. As Bruce likes to say, security is a process; it takes more than just the OS vendor to keep Windows machines secure. So this is our contribution to that process (whether we like it or not).

Comment Re:What's the big problem? (Score 1) 675

Yes its beyond the reach of most attackers to clone a chip card. Stolen card is still a problem though.

But the latter is not the problem that they even set out to solve. Fraud due to stolen cards is infinitesimal; most people don't lose their cards in a way they're easily found, and most people, when presented with a card, don't commit fraud with it. Not to say that it isn't annoying when you lose a card and someone does go on a spree, but it's always about the tradeoffs.

What chip-and-sig is designed to solve are the issues involving data breaches and duplicated cards. EMV means that retailers no longer have a vast database of all the information you need to produce a card, because part of the processing takes place on the card itself. Meanwhile good luck actually making a counterfeit EMV card, never mind getting the required information off of the original to duplicate it.

Comment Re:It's a ridiculous JOKE (Score 1) 128

The whole "Hyperloop" thing is a ridiculous joke that will never, EVER be built.

Such statements are usually wrong. It will be build some time in the future, on some planet where the environment is so bad that air travel is an even worse option. It's basically another example a solution looking for a problem.

Comment Re:Linux Gaming Support (Score 1) 369

How has the way the Linux kernel is managed negatively affected proprietary graphics card drivers?

By not supporting a stable ABI and API for binary drivers. You can take a WinVista driver written in 2006 and still install it and use it today on a fully updated and supported OS. Linux doesn't offer any kind of binary compatibility remotely comparable.

Users appreciate minor OS updates not breaking their drivers. Hardware vendors appreciate not having to chase whatever direction the kernel devs are going to keep their drivers working.

Slashdot Top Deals

Mommy, what happens to your files when you die?