Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:Data needed (Score 2) 40

My experience has been that the TCP checksums are fairly useless - they can detect single bit errors only since they are just simple checksums, not CRCs or something more sophisticated. According to the article what was actually happening was that the virtual ethernet driver (veth) did not flag bad packets correctly. There's a flag that tells TCP there's no need for it to checksum since the hardware has already verified the packet. On errors, the veth driver set that flag instead of the one that says it couldn't verify the checksum.

Comment Re:Issue is more complicated (Score 1) 928

More likely it is the nature of email/online communications. It's much easier to be nasty when you don't have to see the other person. There's also tone, etc. If I call a friend a rude name when we're together they know that I'm joking. Smiley faces don't cut it, especially with people that you don't know well.

Comment So what do I want? Secure payments! (Score 1) 345

This whole fraud detection stuff is nonsense. It's just been cheaper for the banks to build this hack instead of actually implementing a secure payments system. Come on, credit card number + name + expiration date + security code? All information that doesn't change?

We're at the point where we can make a smart card that does everything with strong crypto. It could even have a USB connection or, possibly, Bluetooth, to let you make secure transactions from your computer.

Comment Annoying, but ink isn't sold by the ml (Score 1) 268

When you buy a cartridge, it's just that, a cartridge. They don't tell you how many milliliters are in it and you don't get charged by the milliliter so how much ink is left in the cartridge when it's "done" is irrelevant. There's a cost per print and that's the important metric. Obviously there's some reason why they don't drain them completely dry and it doesn't really matter since you're paying by the cartridge not by the milliliter.

Comment Re:Here we go again. (Score 1) 122

The basically stupid idea is the ability to download and run Turing-complete code from unknown sources in supposed "safety". This has nothing to do with actual applications written in Java which is a reasonably secure language, certainly more secure than C or C++ (no buffer overflows, etc.).

The broken sandbox is completely orthogonal to whether or not Java is a POS. It's a feature, a broken feature, but not one that you're required to use and a well-written application, in any language, does not attempt to run Turing-complete code from unknown sources.

Comment Re:Here we go again. (Score 2) 122

No, it's not a small program because these exploits are usually not against the JVM but against the sandbox. The problem is that the basic idea of a sandbox that lets you do almost anything and has fine-grained controls over what APIs you can and cannot call is fundamentally flawed. The attack surface is huge and the security code threads through all kinds of libraries.

Comment Re:They're bums, why keep them around (Score 5, Insightful) 743

That doesn't really help. If they print more than they produce, the currency will drop in value.

That's the whole point. Devaluing the currency means everyone in the country takes a pay cut, at least with respect to imports. but internal prices don't change (at least not immediately). This has the effect of discouraging imports and encouraging exports. Taken to extremes it will mean hyperinflation and financial collapse but used judiciously it's a good economic tool.

Slashdot Top Deals

Any sufficiently advanced technology is indistinguishable from magic. -- Arthur C. Clarke

Working...