Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Not just WebLogic, also JBoss, Websphere, 1300 (Score 4, Informative) 30

Going one level broader, the concept that you don't keep data and executable code separate is dangerous. That's precisely what strict object-oriented approaches require, though. If you can't accept data without accepting code attached to that data, that is dangerous, and that's exactly what OOP (in the strict sense) requires. Java has this issue mostly because it's "overly" object-oriented, because simple data like a string comes with executable code attached.

This is not quite right. Serialized objects only contain data and no code. But still code is being executed when deserializing an object (but this is code that already resides on the server-side and is not sent by the client). So the exploit is a bit more difficult. The original (I think?) description can be found here: https://foxglovesecurity.com/2...

Comment Re:Where IS Java today? (Score 2) 89

Write once run anywhere failed. But we also found out it isn't important. THe fact is you don't change your backend server's OSes that often (or really ever), so the ability to port it without effort just isn't that valuable. Its an idea that would have rules the 80s (had it worked), but is pretty pointless in the 2010s.

This is just wrong. Most of the Java development happens on Windows/Linux while the backend servers run on Linux/ZOS/Cloud/whatever. So while you seldom port the backend servers themselves you always port while going from a local to a production environment. So this is really relevant and it's working and saving lots of money.

Comment Re:The liberals are in fact aiding the moslems ! (Score 1) 965

And then you can talk about how, instead of simply paving those areas over into glass, which we could do any time we want,

So this isn't about doing what is right or will lead to a better world, but being stronger and forcing everyone into submission? I got the bigger club: Do what I say. This isn't the best way to instill confidence that the "western way of living" is better or more moral.

we're instead going to as much trouble as possible to hit and limit damage to individual targets that match very specific criteria.

What specific criteria? http://www.huffingtonpost.com/... http://www.businessinsider.com... Is there a court that can be called to question drone strikes? What happens if somebody does not adhere to these "specific criteria"? Any consequences? No? So these are just arbitrary killings.
Also the words "as much trouble as possible to hit and limit damage" strike me as caustic. A proper way would be to arrest those people and give them a proper trial. But obviously that is far to much trouble.

No, they have a huge problem with immigrants who don't want to become part of French culture, don't want to do what's necessary to thrive in that economy, and who show up expecting to be handed a nice standard of living in exchange for ... showing up.

Well you could make them feel more welcome:

If you treat people like shit, it is fairly likely that they won't want to integrate.

Just like is happening across Europe generally, now. Europe has only itself to blame for allowing it to happen.

Blame ourselves whatfor? In my town we got a great new restaurant opened by a woman from Iraq which is great. I worked with a software developer from Afghanistan (which didn't make any difference whatsoever). The CEO of a company I worked for was from Turkey. Many of the people from the middle east are integrated into society without any problems.

It's about culture. The religion in question is the organizing system within the culture that's causing the problems. The voices of that religion are the motivating features of the culture, and the fundamental features of that religion spell out how the people who adhere to it are supposed to interact with those who aren't members.

Just take a look at history. Christianity has been used to justify the inquisition, burning witches, the crusades, wars between catholics and protestants. Only in the last 200 (?) years it has been more or less a religion of peace. Homosexuals have been a problem for the church for years, but now it's changing. Divorces are getting more and more accepted.
Since the bible hasn't changed in all those years, this somewhat indicates that religion is more a backwards reflection of society, than it is coining society.

Quit making excuses for medieval-minded theocratic thugs and their willing followers.

I don't really care all that much about those thugs. They are a lost cause. Most of the actual terrorists are already dead anyway. And I just hope the police catches whoever is behind this (organization/financing) and locks them up for good.
What I care about is that we (as the western world) do not response in a likewise medieval manner and start another pointless war or kill more civilians. I think you can see in Israel / Palistine what happens if fundamentalists on both sides work together to create a stable environment of mutual violence.
Also I care about the next generation of immigrants which has not been radicalized yet, and where we should try to help then integrate into our society. The people currently arriving are running away from ISIS not supporting it.

There are poor people in Appalachia, too. They're getting even more unhappy as the EPA strangles their historical way of making a living. They aren't shooting up concert halls or lopping heads off of people they don't like.
I guess the difference is, that things are ok, if you are poor, but proud. Not so much, if you are being discriminated. Of course the immigrants have to change their ways. But we have to give them all the help possible to do it, too.

Comment Re:The liberals are in fact aiding the moslems ! (Score 1) 965

Don't condemn the group, condemn the atrocities, the actual violation of human rights, and those who do the violating.

You're forgetting to condemn the millions of people amongst who the live, and who allow them to continue to operate, be funded, preach hate and recruit. The militant jihadis could never operate without the tacit approval of many millions of their less violent but none the less supportive co-religionists.

So lets condemn all Americans, because they allow the US government to operate, which is performing terrorist drone strikes all over the world.

The problem is, that the world is never that easy. Many people inside the areas occupied by ISIS will cooperate with ISIS just to survive. Can you blame them?

If you look at France: They have a huge problem integrating immigrants (or at least treating them reasonable well).If you read an article like this: http://www.theguardian.com/wor... you have to wonder, if this is really about religion or about the youth having no future and then finding a reason for getting violent.

Comment Re:Germany has reciprocal spying agreements (Score 1) 111

I agree they should not prosecute the bloggers, but exactly what the hell were these bloggers thinking? They were going to shut down or change the nature of spying? Make it respectful and transparent? What kind of quixotic cluelessness about reality is this?

The bloggers published some budget plans of the "Verfassungsschutz" indicating that they were working on monitoring social networks. This should not be secret information at all and is not about spying but about controlling the spies. Or do you think the agencies should be allowed to operate without any supervision?

Currently the Verfassungsschutz is sponsoring right wing terrorists ( https://translate.google.com/t... ) instead of doing what they are supposed to do. So there is a severe lack of supervision.

Comment Re:Germany should pay war reparations for WWII (Score 1) 743

This kind of ridiculous stunt is why the Germans are sick and tired of giving Greece money.

Germany is not giving money to Greece. See e.g. https://www.youtube.com/watch?... Germany has a balanced budget because of the crisis in southern Europe. Even if Greece is bankrupted, Germany will still have a net profit.

Also quite some of the debt of Greece comes form buying German weapon systems. The have been rumors that new credits have been tied to those deals in the past.

Comment Re:Too many secrets (Score 1) 74

Unless that is the German government has something it wants to keep secret from its own people. But in that case they become the pot calling the kettle black.

Well the parliament has the oversight over the secret service (in theory at least). So they have to be told what the secret service does. This information should be secret, because why bother having a secret service, otherwise? While I agree that most political decisions should be transparent, it makes some sense to keep things secret in this case.

Also I don't think the US would react in a positive way, if the BND published all information it has on the CIA in the parliament.

Comment Monopoly (Score 1) 365

"The profit margin for eight utilities in Germany narrowed to 5.4 percent last year from 15 percent a decade ago. "

Well, the big four utility companies had a 15% profit margin ten years ago, because they had a monopoly. So it's a good thing to see their profits drop.

You cannot move to a more decentralized model of power generation without huritng the big players, can you? And of course they are complaining about it.

Comment Re: Cancer cured! (Score 1) 175

"A cure for cancer would be a gold mine for a pharmaceutical company."

You mean 4327 cures for 4327 types of cancers would.

But a cheap vaccine preventing any cancer would not.

Please read about HPV vaccination http://en.wikipedia.org/wiki/HPV_vaccine#Vaccination_and_public_health This is a cure for some types of cancer. In many countries almost all children are being vaccinated.

Comment Re:Cancer cured! (Score 5, Insightful) 175

In medicine, innovative things happen all the time. When *you* go to the doctor, you get the same ol' thing that has been done since 1952.

That is just wrong. If you look at breast cancer 10-year survival rates (Figure 3.4): http://www.cancerresearchuk.org/cancer-info/cancerstats/types/breast/survival/

They have come up from 41% in 1970 to 77% in 2007. While cancer is not cured, survival rates are a lot better.

When talking to the doctor three years ago, when my girlfriend had a breast-cancer operation, they had the latest studies and decided for a treatment based on them. The doctor only worked 4 days a week and took 1 day "off" to keep up with current research.

The chemicals used for chemo-therapie are updated all the time and also genetical fingerprinting of the tumor cells is used to decide which treatment makes sense. So there are lots of differences even compared to the treatment 10 years ago.

Comment Re:Very limited practicality (Score 1) 282

Frankly, Germany would be better off selling excess electricity to the Swiss, who then pump their lakes full, and then buying that electricity back when needed. This is around 70% efficient, and a hell of a lot friendlier to the environment.

Most wind energy is produced in northern Germany. The current power grid is already unable to distribute the peak power to southern Germany. So storing it in Switzerland will not work. Norway would be a better place. But there is probably no single solution and having batteries helps as well....

Comment Re:Very little utility here (Score 1) 183

Except there is. We already have the technology. HTTPS with SSL/TLS using self-signed certificates exchanged via offline channels.

And it works because of the division of responsibility. Our ISP is not our client (browser in that case) provider. If we were all AOL subscribers, using AOL browser, then we'd be boned.

I am not sure I understand. HTTPS with SSL/TLS only gives you transport level security. So nobody can listen on the wire. This might be enough if you manage/truest your own server, but for most people this is not the case. Then your mail is saved unencrypted on the mail server and can be accessed by anyone with access to the server (that probably includes government agencies).

Also using an "offline channel" is more hassle than most people are willing to accept.

Comment Re:Very little utility here (Score 1) 183

Until I have some sort of assurance that the key stored in local storage, can't be sent up to the server by javascript then this gets me no where.

The NSA asks your mail service for the keys. The mail service says we don't have them... html5 local storage. NSA says ... add this line of javascript to your site. Next time I log in they have my key, and everyone else who accessed the site during that interval.

It does not get you the whole way there. But I sure makes it harder for the NSA.

So on a technological level you can simply increase the time the javscript files are cached and have some external monitoring for changes. Since the whole page is static and the only dynamic element are REST Service calls this is not a big issue. Then malicious JavaScript will have to stay on the page much longer to be effective and will more likely be spotted.

On a political level: I live in Germany. The NSA cannot tell me anything. And Germany had two of the worst terror regimes in the last century. I don't think people here would tolerate being treated like you are now. There is e-mail monitoring in Germany, but it's based on laws and courts that are not secret. While running an service like this would not work in the U.S. it certainly works in most of Europe (probably excluding the U.K.)

So to be truly safe, I have to audit it myself.

Real security from the likes of the NSA is HARD.

Well, it is. But there is still a way between not trusting anyone and auditing everything yourself and sending unencrypted mails that everybody can read. If the NSA, BND or whoever wants to see especially my emails, they will. But most of my mails are really boring for everone to read and nobody cares about them. And what I'm writing to my tax advisor isn't really secret, too. Still I don't want anybody to read them. So for me its just important to make reading my mails enough hassle for the NSA to not do it.

Getting paranoid does not help anybody. It just prevents you from acting, because there is no completely safe way to communicate.

Comment Re:Very little utility here (Score 1) 183

1.) This is not true. You can design a mail system to store the private key on the client (html5 local storage). See https://encmail.eu/ (shameless plug: Still in its infancy, but it will get there) or mega mail (if it will ever happen). Of course implementing everything on the client makes things harder. And losing the key is an issue for the user. And it will only be secure once the Webcrypto API is released and the Javscript code cannot access the keys anymore. But countries other than the U.S. usually cannot force you to hand over your keys and manipulate your server.

2.) True.

3.) Not true. See 1. If you authenticate using a private key you only need the password to decrypt the key and no username anymore.

Slashdot Top Deals

"Open the pod bay doors, HAL." -- Dave Bowman, 2001