Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Sounds reasonable (Score 4, Insightful) 204

If cops are personally liable for illegal searches and got prosecuted and jailed, then they would be thinking twice themselves. As it is, they can even jail you on bogus charges without any repercussions - "you may beat the rap but you won't beat the ride". Unfortunately, cops are not even prosecuted for straight-up murder very often, so thinking that prosecutors would bring charges for illegal searches is just fantasy right now.

Comment Re:Data needed (Score 2) 40

My experience has been that the TCP checksums are fairly useless - they can detect single bit errors only since they are just simple checksums, not CRCs or something more sophisticated. According to the article what was actually happening was that the virtual ethernet driver (veth) did not flag bad packets correctly. There's a flag that tells TCP there's no need for it to checksum since the hardware has already verified the packet. On errors, the veth driver set that flag instead of the one that says it couldn't verify the checksum.

Comment Re:Issue is more complicated (Score 1) 928

More likely it is the nature of email/online communications. It's much easier to be nasty when you don't have to see the other person. There's also tone, etc. If I call a friend a rude name when we're together they know that I'm joking. Smiley faces don't cut it, especially with people that you don't know well.

Comment So what do I want? Secure payments! (Score 1) 345

This whole fraud detection stuff is nonsense. It's just been cheaper for the banks to build this hack instead of actually implementing a secure payments system. Come on, credit card number + name + expiration date + security code? All information that doesn't change?

We're at the point where we can make a smart card that does everything with strong crypto. It could even have a USB connection or, possibly, Bluetooth, to let you make secure transactions from your computer.

Comment Annoying, but ink isn't sold by the ml (Score 1) 268

When you buy a cartridge, it's just that, a cartridge. They don't tell you how many milliliters are in it and you don't get charged by the milliliter so how much ink is left in the cartridge when it's "done" is irrelevant. There's a cost per print and that's the important metric. Obviously there's some reason why they don't drain them completely dry and it doesn't really matter since you're paying by the cartridge not by the milliliter.

Comment Re:Here we go again. (Score 1) 122

The basically stupid idea is the ability to download and run Turing-complete code from unknown sources in supposed "safety". This has nothing to do with actual applications written in Java which is a reasonably secure language, certainly more secure than C or C++ (no buffer overflows, etc.).

The broken sandbox is completely orthogonal to whether or not Java is a POS. It's a feature, a broken feature, but not one that you're required to use and a well-written application, in any language, does not attempt to run Turing-complete code from unknown sources.

Comment Re:Here we go again. (Score 2) 122

No, it's not a small program because these exploits are usually not against the JVM but against the sandbox. The problem is that the basic idea of a sandbox that lets you do almost anything and has fine-grained controls over what APIs you can and cannot call is fundamentally flawed. The attack surface is huge and the security code threads through all kinds of libraries.

Slashdot Top Deals

"Ask not what A Group of Employees can do for you. But ask what can All Employees do for A Group of Employees." -- Mike Dennison