Follow Slashdot stories on Twitter


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Stop calling every update an 'upgrade' (Score 0) 190

Win10 was a downgrade in so many ways, its hard to see how they can continue to claim it is an "upgrade".

Maybe when Win10 supports the *option* for the same features of the Win7 Desktop, and stops trying to dumb down Desktops to the level of a smartphone, it would *start* to be an "upgrade", but it really is an "upgrade" to move to Win10, it's NOT an upgrade.

Win10 has been about supporting a lower level of OS, to *rent* and never own (can you turn off ads: no) and business Win10 is only available on a 1/person/year basis.

All the functionality that was in XP -- moved to the appstore, where you can repurchase it ... again and again...

Upgrade? Ha!

Comment Conflicting base article (caught in lie?) (Score 1) 181

Um... how can this be true:

"Most American teenagers who abuse opioid drugs first received the drugs from a doctor,... and the majority of them had been prescribed opioids previously, the researchers found"

and later the pediatric report said:

"of all 188,468 prescription opioid exposures reported for youth under 20, [most] occurred among children under 5, [who got] the medication because it was improperly stored or was in a purse".

Has anyone else noticed the increase in bogus new releases, that don't jive with established facts. The above says most teen abusers got them for medical reasons from a doctor -- AND the 2nd part says most (60%) were under 5 and *took* (stole) them from someone else who was taking the medicine.

You can't claim most abusers are getting them for medical reasons and then claim that 60% are stealing them.

Comment Trumpeting threats w/o being responsible (Score 1) 202

Who said it did? However, giving extremists a worldwide platform in which to spread their alternate news is not the responsibility of a social media platform.

It seems, that if you are a social media platform, you might want not want to be a battle ground for extreme points of view. If you were, it might make many users uncomfortable and harm your ability to be an inviting social platform.

Most users don't want to be in the middle of a flamefest. Besides that, governments might have cause to restrict access to the social platform on the basis that it gives a ready platform to idiots blowing their trumpet just to bully others irresponsibly.

Now if they only had the temerity to shut down all those using the platform as a means to trumpet "jibes" without taking official responsibility for, or positions on what is said.

Comment What causes a shortage of NAND flash? (price fix?) (Score 1) 167

Shortage of NAND flash?

Did we have a bad crop this year? How can you have a
sudden "shortage" -- or is it that no one bothered to expand capacity in a growing market to meet demand? Is that normal market strategy?
(maybe it is, but having paid $60 for an optical drive that cost $40 about 5 years ago and $25 for a comparable about 5 years before that, AND seeing big BluRay drive manufacturers had to pay large fines and 10-30$? rebates to end-buyers of computer manufacturers like Dell for illegal price fixing, I was surprised to see such a large price tag on the retail market.

Maybe the price fixing remedies only address manufacturers of computers and not retail sales?

Now how long before we get a 30$ rebate for flash price fixing?>

Comment What about streaming to Nonvolatile Memory? (Score 1) 70

With SSD's getting faster, how long before SSD-type memory starts replacing memory that needs refreshing as a way to protect computers and storage against power failure?

If you stream to non-volatile memory, would that become legal under this new definition?

I've seen scenes from movies played multiple times after being streamed into my eyes -- maybe not quite the same fidelity, but if we start getting bio-electronic interlinks, that could really be interesting. You'd have to have your memories purged after watching a movie so you couldn't "remember/relive your memories", no?

Comment Re:They're noticing this NOW? (Score 1) 498

In Win7, at least if you had Ultimate or Professional, you could run "Group Policy" plugins on your machine and have it respect them. I don't know about Win10, but I have heard that only Professional versions are able to disable MS enslaving your computer to deliver you advertisements. Don't know if that is true or not, but certainly reinforces my belief that only "Professional" or "Enterprise" versions of windows should be relied on to do any "important or professional work". Windows Desktop for consumers is going the way of becoming a console (like XBOX, PS4.. etc)...

Does Win10 have the option to either 'come with' or run the group policy msc panel? If policies are applied, does Win10 honor them ? Or maybe it only honors them in the Pro/Enterprise versions?

Again, speaking from Win7, they have a section under the Administrative Templates of Group Policy, entitle "Windows update".

There you have options to:

- Do not display "Install updates an shut down" option in Windows dialog box.
- Do not adjust default option to "Install Updates and Shut Down" in the Shut Down Windows dialog.
- Configure Automatic Updates (notify before download, or before install among others).
- Turn off the upgrade to latest version of Windows through Windows Update.
- No auto-restart with logged on users for schedule automatic updates installations.
- Reprompt for restart?
- Delay Restart for schedule installations? ... and a few others. Most of those make changes under the policy key in the registry. So if you didn't have the editor, you could conceivably make those settings through regedit, if you knew which were which.

But I've never had a prob w/win-update since I started controlling my systems w/group policy.

I am a home user, BTW, but I try to make sure my machines are business capable/ least so I can turn off MS-intrusions.

Condolences to the original content-author..

Comment Re:I would restore (Score 1) 236

If the file is encrypted "data", you can restore it to yesterday. If it is binary executable, restoring it to a few months ago shouldn't be that painful. Then you checksum the executables, add in updates, and you're good to go.

For the virus to be effective it has to be executed at some point. So you restore those to last known safe date. The data, which isn't executed isn't going to be re-sourcing the virus any time soon.

Backups aren't an indivisible thing unless you are using MS's image backups -- which is why I only keep programs on my MS machines and keep the data on a separate linux machine. Sure, it's a pain to reinstall Win, but its certainly doable while saving your data.

Comment Re:Parallel construction for DEA and FBI? (Score 1) 412

It appears the DEA w/their making prescription-drug users (i.e. legal users) their next target was fallout from them being forbidden to carry out lucrative property seizure and forfeiture operations against cannabis businesses and users that were otherwise legal under state law. The law stopping campaign against the state's cannabis industry went into effect a couple of years ago (2011-12?) but they ignored the law until stopped by a federal court case where they tried to enforce a forfeiture order against against a 3rd-party property owner who didn't evict a renting cannabis business.

Their favorite tactic has become using and manipulating 3rd parties to harass cannabis users since doing so directly was not nearly so profitable. Go after a disabled person using cannabis as medicine -- no profit. Go after property owner and health care organizations (like Kaiser): much more profitable and more difficult to track as spending "enforcement dollars" against cannabis businesses and users that are complying with their state laws.

So they indirectly target users for harassment by targeting their doctors with threats and increased regulation and oversight. At medical organizations like Kaiser, this means the doctors themselves become targets for increased oversight and scrutiny, making them want to stop treating medical cannabis users. My doctor says most of their colleges have stopped prescribing pain medication, at all to disengage from DEA harassment.

They also are dictating what medications they are allowed to prescribe in conjunction w/pain meds -- including disallowing medications that allow lowering of painmed levels as well as meds that treat side-effects of stopping pain meds. This makes it more difficult for long-term pain users who use pain meds on an "as-needed" or on/off/on basis, keeping their dosage steady or dropping for years, as they don't fit the stereotype of pain med users needing 'more and more' over time.

As the DEA began enforcing their harassment guidelines, many pain patients lost treatment with a sizeable uptick of deaths involving illegal opiates as some patients lost coverage. And the war on US citizens continues with more dead lost to this cancerous organization.

Comment Parallel construction for DEA and FBI? (Score 4, Informative) 412

The idea of the NSA secretly giving spy evidence to the DEA and FBI to use in prosecuting domestic crimes was something anticipated, but still unconstitutional and illegal --- yet this corrupt rogue "lawmen" using their threat powers to force compliance with their unlawful actions.

The DEA is currently harassing all legal users of prescription pain medications in California with regular urine testing and threats to doctors of suspension if they don't comply with these non-legal requirements.

They are totally out of control and need to be stopped. Organizations like the DEA who grew out of prohibition enforcement need to be retired -- not allowed to find new frontiers to make illegal and prosecute.

Comment Re:https "evRywhr" is 4 sites, not so much, Users. (Score 1) 44

> hosts file or client-side tracking blocker extension works for HTTPS
> just as well as for cleartext HTTP.
You can't use a hosts file to selectively block content. I've already stated, that to cache or to block, you need to know the object-type and size. You don't get that w/HTTPS.

> There are anecdotal reports that HTTP/2 over TLS can have less latency
> than cleartext HTTP/1.1. So if you add HTTP/2 to your MITM, you may be
> able to mitigate some of the TLS overhead.
Interesting, but it would be highly dependent on type of traffic. HTTP/2 was supposed to help response time by combining multiple requests, including allowing for combining requests from divers sources, so it would be unsurprising if it worked under some traffic loads. This is especially true compared to uncached cleartext.

However, I doubt HTTP2 proponents would be interested in doing benchmarks where 33% of the cleartext HTTP requests had 0 latency due to being locally cached.

Maybe it goes w/o saying, but combining the requests is the opposite of what would be necessary to block or locally cache 33% of the content.

Comment Re:https "evRywhr" is 4 sites, not so much, Users. (Score 1) 44

> That's true only if your ISP is using an intercepting proxy.
Right -- they are a large corporation. You don't think they couldn't be ordered to do so and say nothing under the Patriot act? Do you disbelieve that root-ca's in the US or other monitoring countries couldn't be forced to give out subordinated CA's to install @ ISP monitoring sites?

> Blocking "by site" is still possible with HTTPS...blocking at a finer level than "by
> site" or "intermediate caching" still requires MITM.

I've always blocked by site and media type and for any unclarities, I looked at the http code. That's no longer possible unless a user sets up MITM proxying that
lowers security for all https sites (finance, et al.). While I can install exceptions to
whitelist sites that shouldn't have content cached, they are still decrypted.

One has to know content type and size to effectively cache anything. Right now, going back for the past 3500 requests, I see stats of:
(mem = in-squid-memory)
mem: 8% (313/3514), 16% (11M/70M)
dsk: 23% (842/3514), 10% (7.2M/70M)
tot: 32% (1155/3514), 26% (19M/70M)
& for double that:
mem: 5% (367/7025), 9% (12M/126M)
dsk: 21% (1523/7025), 14% (18M/126M)
tot: 26% (1890/7025), 23% (29M/126M)
without MITM caching, those numbers drop to near 0 for HTTPS sites. Those cached objects serve for multiple browsers, OS's, machines and users. Losing ability to cache 25-30% hurts interactive use and raises latency. Simply by going w/HTTPS instead of HTTP creates increased server load and increased network latencies. Sites that provide many static images can be affected more heavily. But my local network cache provides 128G of space (55% used) and can store large iso images that can be reserved months later. W/my monthly traffic, 25% space savings can easily run in the 500G range which is, by itself,
well over many ISP imposed limits before extra charges kick in.

> Intercepting proxies cache HTTPS only if the user has chosen to trust the proxy.
Which is why converting most traffic to HTTPS instead of HTTP hurts caching proxies the most and allow easier tracking by sites like google. From the time I connect to some sites, till I leave, google, et al, have encrypted connections
going. They can easily track sites and where I'm at on the site, w/o doing any special MITM interceptions using fed-provided CA's from US-based CA-authorities.

My interest has been in promoting faster browsing experience (something I've had success in, given feedback from those using the MITM proxies), as well as increasing privacy by blocking sites based on what sites they are being called or referenced from. You can't do that if the site you are connecting to is HTTPS based.

I see no benefit for HTTPS for "normal usage" -- only harm for the user and benefits for the sites -- especially large, data collection sites like google.

Comment Re:https "everywhere" is 4 websites, not so much U (Score 1) 44

cleartext HTTP .. there are no routers on the path that aren't capable of playing MITM. What do I care if they "see" what kernel version I download or open source project I download. Who cares if they see the articles I am reading/writing on slashdot.

There is no improvement as google knows all the traffic as it tied into almost every site and HTTPS doesn't help a bit. And they in turn can hand the info over to any gov agency that asks for it -- and be forced not to tell you about it.

HTTPS is a wet-security blanket.

public key pinning? No -- you can intercept the traffic at the ISP level -- I'm sure larger ISP's can get a root-cert. When you connect to an encrypted site, you really connect to your ISP's pass-through traffic decoder, which then passes another encrypted circuit on to wherever you were going.

HTTPS safety is an "illusion" to get you to use it so you can't easily be selective about what you block or cache by site.

Caching rate on HTTP sites -- 10-30 or higher %, on HTTPS -- 0%, and there's the overhead of encrypting.

Slashdot Top Deals

"The way of the world is to praise dead saints and prosecute live ones." -- Nathaniel Howe