Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:The white flag is up for OS-level security (Score 1) 140

So this is basically saying that we can no longer depend on the OS to protect us against privilege escalation attacks. The bad guys will have to concentrate on breaking out of VMs or, at least in this case, attacking through the access that the Edge VM has to system resources.

No modern OS is immune to privilege escalation attacks. Even a formally verified OS would probably still be susceptible to them due to unexpected interactions. Never mind hardware based attacks such as race conditions and rowhammer. If someone is dedicated enough, and has enough resources, sooner or later they'd find a chink in the armor.

Instead you try to do the best you can, and then you layer on defense in depth on top of that. If someone is going to break in, then you can at least slow them down and force them to fight another kind of complexity.

Comment Seen it First Hand (Score 1) 45

It's a shame the Cisco blog is linked second, because it's a great (yet short) read.

Since the end of last month one of my very low volume email accounts has been on the receiving end of a new spam campaign trying to give me malware. The emails I've received exactly match the emails in Cisco's graph So it's neat to see what's behind it - in this case the Necurs botnet running at full tilt.

Considering this account was receiving virtually zero spam before, it's definitely a major uptick in spam.

Comment And Thus the Reason for Swift 2.3 (Score 4, Informative) 148

What TFS doesn't do a good job of explaining is that with Swift 3, Apple has essentially forked the project into two parts. Besides the newer version 3, Apple is also continuing to develop/support Swift 2.x. The already-released Swift 2.3 is Swift 3's counterpart for developers who would like to stick with Swift 2.x code.

Swift 2.3 is a minor update from Swift 2.2.1. The primary difference between Swift 2.2.1 and Swift 2.3 is that it is intended to be paired with Apple's macOS 10.12, iOS 10, watchOS 3, and tvOS 10 SDKs. It also updates the underlying LLVM and Clang versions to match with those in the Swift 3 compiler.

I don't imagine Apple will support Swift 2.x forever. But for the time being, Swift 3 is only as source-breaking as you want it to be. Developers who need Swift 2 compatibility can roll on with 2.3.

Comment Re:WTF??! (Score 1) 125

Emacs users have more time for commenting on slashdot.
What else are they going to do while waiting for Emacs to load?

Meanwhile vi users have to post multiple times to make up for their small user base. Otherwise no one would remember that poor vi exists.

Comment Re:Trial and Then Pardon (Score 1) 343

One of Snowden's complaints (and the chief reason, according to him, that he has not returned to the US to stand trial) is that he has been charged on two counts under the Espionage Act, which prevents him from defending himself in open court. Presumably you, too, would prefer that he was allowed to make a public interest defense?

My preference is to follow the letter of the law. If that includes charges under the Espionage Act, then so be it.

A pardon is the executive - the leader of the people - granting you leniency for what you did. However to be excused for your actions, one should first admit to them.

Comment Trial and Then Pardon (Score 2, Insightful) 343

As someone who is displeased with how Snowden went about this, I'm not opposed to the idea of a pardon. However I don't believe a carte blanche pardon is appropriate, or sets good precedence.

What I'd like to see is Snowden return to the US of his own volition to stand trial. And then, once the trial is complete, a pardon can be issued if necessary. Even if what Snowden did was ultimately a good thing, I believe there still needs to be repercussions for it - that he needs to take responsibility for his actions. A trial to firmly establish the facts of the case and whether he did anything against the law, even if it can only end in not-guilty or a presidential pardon, is something I think would be a reasonable compromise.

Comment Re:Old People (Score 1) 629

If that happens, that's why we have VP and a predetermined order of succession.

Sure, there's an order of succession in the system. But you never want to actually have to use it. It's like fire sprinklers: they're a great thing that stops a bigger problem, but using them incurs a ton of collateral damage as well. In this case having a president die induces a lot of political uncertainty both domestic and abroad, it causes productivity to drop as everyone stops to watch CNN and/or the funeral, and the markets drop as well. It's not a good outcome for anyone (except maybe the VP).

As you get old, you develop medical conditions. Both Trump and Clinton are older than the average main party candidate. Presidents aren't immune to aging- and *gasp* could die in office.

Which is why even before all of this political nonsense I've been mulling over whether both candidates are too old for the job. The presidency is notoriously stressful, and since the age of TV we've seen just how physically hard it is on the presidents. Poor Obama looks like he's aged 15-20 years in the span of 8. Now we want to put people who are old enough that they'll be in their late 70s if they serve a full 8 year term?

With age comes wisdom, which is essential to this job. But I can't help but feel the major parties erred on this one. Both candidates have the age (the wisdom is debatable), but we've gone far enough down one end of the spectrum that I fear we've ended up with candidates that won't live to see the end of their potential presidencies. Which invokes all of the problems above.

Comment Congrats Short-Sighted Investors (Score 2) 108

Congratulations, investors. Thanks to your shortsightedness, you've corralled Nintendo into making what will surely be a bad Mario platformer. This is how you kill the goose...

And on a less dramatic note, I really do feel bad for Miyamoto. Just from his body language at the Apple event, he didn't look like he wanted to be there.

Comment Re:This will never take off since it is closed... (Score 1) 85

and has abusive licensing fees. My company has been talking about adding this to future products, and they want more money for this than it costs us to add an HDMI port and our profit, combined.

Are you talking about the USB-IF or HDMI LLC levying licensing fees here? The way you describe it, it sounds like you're talking about fees for USB-C, which doesn't make a whole heap of sense as there are no per-unit fees for the USB standards. HDMI on the other hand does, and those aren't very well publicized. Are you saying that the HDMI org is charging extra for HDMI-over-USB-C?

Comment Re:Downloaded 1 or more bits (Score 1) 69

The plaintiff should be required to download the entire file and to ensure that the checksum of said file matches the file offered via the plaintiff's service.

They did. That's the whole point of the "direct detection" statement. They connected to the peers in the swarm and were able to download valid (SHA1 verified) chunks of the file from the defendants.

Comment Re:from the five-days-too-late dept (Score 2) 42

Unfortunately it's the only two factor authentication system that's going to work for the public at large. It's a simple system that works with any and every cell phone on the market, with no need to (re)develop applications for multiple OSes, manage syncing those applications to a master server, and then handle user support issues when those applications break.

The problem with "proper" security is that it works against the user. Long passwords that you can't remember, SecurID tokens that you never have when you need them, and finicky fingerprint readers that are too easily fooled by fakes. And in the end, all of this just gets subverted by social engineering, calling the help desk and convincing the rube on the other end to reset the account password. Unbreakable security fails at being friendly when faced with the fallibility of users, and at the same time it's only as strong as the weakest human who has control over it.

The fact of the matter is that the only real threat to PSN users is going to be criminal gangs harvesting accounts en masse. A token two factor system, properly implemented, is going to be enough to stop that. It's security that's good enough. Otherwise you'll quickly discover first-hand how perfect can be the enemy of good.

Which is not to say I advocate poor security. But so far no one has come up with a better way to do it. It has to be universally compatible and it has to handle user failures gracefully, and there are very few ways to do that.

Comment Re:Conspicuous Silence (Score 1) 93

It's a pathetic 35 magabits per second.

Unfortunately you're not going to get much better on cable, even with DOCSIS 3.1. Upstream requires valuable low-frequency spectrum, which there's only a limited amount of and there's contention with other services (cable boxes, VoIP, etc). Meanwhile it's a nosier shared environment, so you also can't use as high of a bitrate as you can on the downstream.

Fiber is clearly better in this respect. But it's the tradeoff of using the copper already in the ground as opposed to having to dig up streets to lay down new fiber.

Comment MOD PARENT UP (Score 1) 145

The parent is spot on.

And just to add to that, until their recent run of profitability, the last time the airlines as a whole were consistently profitable was in the 1990s, before the dot-com bubble popped. Between roughly 2001 and 2011, they cumulatively lost money (the one bright spot was 2006, but of course the Great Recession hit). (apologies for the tiny image, but historical data more than 5 years out is typically paywalled).

It wasn't until we exited the Great Recession, airlines started charging for food and bags, and airlines did more to increase the passenger load factor (percentage of seats that are filled) to historically crazy levels that they finally became profitable as they have been in the past few years. Until then, even in decently good times, the underlying costs were pulling them down. Too many pilots and attendants drawing too high of a salary, too many flights going out less than full (i.e. too much spare capacity), etc.

So you can imagine why airlines weren't in any rush to invest in high cost, risky IT upgrade projects. When you're trying to just stay in the black, any optional cost not part of the core business (flying) is a risk.

Slashdot Top Deals

Somebody ought to cross ball point pens with coat hangers so that the pens will multiply instead of disappear.