Become a fan of Slashdot on Facebook


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Can VirtualBox spoof this? (Score 1) 419

I only run Windows two ways:

* For gaming on my dedicated gaming computer,

* In a VirtualBox under Linux (for those few apps that are Windows-only).

For gaming, maybe I should just switch to SteamOS.

For the rest, I wonder if VirtualBox can spoof the Windows processor detection (lie and claim to be an older chip). I think in principle it absolutely can, but maybe the project doesn't want to invite trouble.

Comment Re:Looks good to me (Score 1) 235

If that is the case, that WebAssembly calls the JavaScript engine to execute calls, it can't be much if any faster than well-written "native" JavaScript

If what you want to do is make JS API function calls, like popping up an alert(), then no it won't be any faster than just using JS for the purpose. But WebAssembly runs the Unreal engine quite a lot faster and smoother than JS would. The fine article included a link to the "Zen Garden" demo which runs in a web browser:

WebAssembly will open up new use cases, like smooth 3D games running in the browser. Things like Google Apps will run much more smoothly. We'll see if that turns out to be a big deal or not; I think maybe it will be.

Comment Re:Looks good to me (Score 1) 235

Maybe I should look at compiling Forth to WebAssembly.

Should be possible. But I looked at some examples and it looks like they went for a LISP-like syntax rather than FORTH-like:

Also somewhere in the fine article or one of the videos, somebody said that the stack-oriented bytecodes would likely be translated into register-based native code for efficiency. But it seems like they should make a simple virtual machine that can directly execute the bytecodes, for debugging or whatever, and a FORTH-based language would be the perfect front end for that. For all the few, proud FORTH fans out there, including you and me.

I also saw one web page which claims that WebAssembly isn't really a virtual machine code, it's an abstract syntax tree of an assembly language. I don't know enough to really evaluate that statement but I suspect it makes little practical difference one way or another.

Comment Re:Looks good to me (Score 3, Informative) 235

the small benefit of JavaScript is that we can disable it and/or prevent certain function calls if you want to (e.g. my browser asks me if alert() is allowed to trigger or intercepts audio() and video() tags etc etc.

All I know about WebAssembly is what I read in TFA but I'll bet you that it will still be possible to block API calls exactly the same way. In fact, if my understanding is correct, WebAssembly doesn't come with any API calls; it will need to ask JavaScript to do things like pop up an alert().

Here, have a link I Googled up for you. Here's you you do an alert() from WebAssembly: you import alert() from JavaScript and call that.

So whatever you are doing right now to forbid alert() would continue to work when your browser downloads WebAssembly code.

If you're going to obfuscate calls even further into machine code and allow for code to run directly on a CPU and manipulate memory without the capacity for inspection, you've given up all control.

I've already made my position on that clear. Bytecode is less readable than minified JS but not by that much.

Plus I don't actually pick apart all the minified JS my browser is running and inspect it in advance. And I figure with GMain and such my browser is running a lot of minified JS.

Comment Looks good to me (Score 5, Informative) 235

I read through the fine articles and even watched a couple of the videos. Overall this looks like a good idea to me.

The basic idea: WebAssembly is an assembly language for a virtual machine, which is very easy to translate into native code. It was designed to be compact so it will download quickly; in particular they chose a stack-based virtual architecture so that an "ADD" instruction implicitly adds the top two numbers on the stack, so "ADD" and similar operations are always single bytecodes. Also, while JavaScript only has a single "number" type which is implicitly float, WebAssembly has multiple built-in native types including 64-bit integer.

It should be no less secure, and no more secure, than JavaScript. However almost all the overhead of an interpreted language is gone: instead of just-in-time compilation, detecting "hot spots" and optimizing, and de-optimizing when assumptions are invalidated, all the browser has to do is translate the virtual machine code into native code and run it.

For the initial release (i.e. right now) WebAssembly does not support garbage collection. This is a sensible decision given what it is and what it does, but they said they will look at giving it some GC abilities in future releases.

I like the original idea that JavaScript would always be human-readable and people could learn by studying the code from the sites they visit. However, this idea is not really active now. It's common practice to run JavaScript code through a "minifier" that packs it to make it as small as possible so it will load quickly, and minified code isn't very friendly to read. There are tools available to somewhat beautify minified JS, but I'm certain that there will be tools to "decompile" WebAssembly and produce something sort-of readable. So while in this one area WebAssembly is not quite as nice as JavaScript, I don't think it's a significant thing, and it's not even remotely enough to make me oppose WebAssembly.

Developers will be able to take existing code in languages like C, C++, etc. and compile them into this portable virtual machine language, and web browsers will be able to load and run them quickly. People will be able to write browser apps that run at near-native-speed and they will run on all the major web browsers and on whatever CPU you have (x86 and ARM for now). I don't really see a downside and I see lots of upside.

Comment Re:Sad its so expensive (Score 2) 128

I'm still shopping around for a good basic laptop for my wife.

I've had good success just buying whatever is on sale at a computer store near me, and then wiping it and installing Linux.

The last time I did this, I bought a Lenovo IdeaPad S415 for something like $350, brand new. And to my horror, Linux installation failed on it; it includes both an AMD A6 and a discrete graphics adapter, and the two graphics systems fatally confused X11. There were workarounds but I never got around to trying one.

Almost a year later, I simply grabbed the latest Linux installer, and the install Just Worked. Someone had patched whatever the problem in X11 and everything worked: the touchscreen, the WiFi, the sound, the Ethernet jack, sleep on closing the lid, everything.

The moral of this story: most of the time, a Linux install will Just Work. But if you really need to be sure it will work, I suggest doing a Google search for the name of the laptop plus the name of a popular Linux distro. When I searched for "Lenovo IdeaPad S415 Ubuntu" I immediately found discussions, by other people who had the same problem I had, and the workarounds they figured out.

At the moment, my father is using that laptop as his main computer. He's using it for hours every day. We are getting our money's worth.

Not having to pay the Redmont tax is an even bigger deal on a cheap laptop.

I'm not sure, this may be changing, but historically low-end computers are choked with pre-installed software you don't want, and the computer maker collects money for installing this bloatware. Enough money that they make more than they spent on Windows... at least in some cases, you actually would have to pay more to get a Linux computer.

So unless you are really upset with Microsoft and don't want to give them a dime of your money, just buy whatever laptop is a good value, and wipe-and-install.

Comment Re: No, because it FUCKING FAKE NEWS AGAIN (Score 1) 445

I am perfectly aware that IP address for an email server is not a secret. It's how you send email to the server.

I stand by my belief that it is unwise to say "Hey, entire Internet! Here's a Windows server that does not have all its security patches applied! By the way, it's the server of a Very Important Person."

But I don't know what the unapplied patches were. There may not have been any remote exploits among them; I can't say.

Still, I'm certain that the spy agencies of Russia, China, Israel, United Kingdom, and others had all figured out that there was a server called and that the Secretary of State was putting a lot of traffic on it. I believe it is nearly certain that at least one of the above and probably several used a remote exploit to crack the server and pull all the emails from it.

I kind of wish that the FBI had also cracked the server and pulled down all the emails. With a properly-obtained search warrant of course. Well, too late.

P.S. The above is the context of Trump's famous joke about Russia finding Hillary Clinton's emails. I'm pretty sure his joke was that they probably already have them, and he wasn't publicly requesting that they put their spy agency to work attempting to crack US servers.

Comment Re: No, because it FUCKING FAKE NEWS AGAIN (Score 1, Informative) 445

In the Clinton case it *was* determined that she had sent
- some emails where the contents was retroactively classified. This is not criminal, as Clinton the material *was not* classified at the time.
- A total of 3 emails which contained classified information at the time. However, the "classfied" markings were non-standard which could explain why Clinton did not notice them.

Try 110 emails containing classified information, including 65 "Secret" and 22 "Top Secret", as well as the spy satellite emails that any sensible person would know was extremely secret. Also, as Secretary of State, she had the power to write emails that would be classified, and she was supposed to know how to handle such emails.

Also, Hillary Clinton was required to take classes on the handling of classified documents. She was required to re-take th class each year. We know she took the class once but there is no evidence that she ever re-took the class in later years. Then she testified to the FBI that she had no idea that the mark "(c)" might refer to a document being classified.

Fun fact: Pence was hacked. Clintons email server was not.

How do you know Hillary's email server wasn't hacked? Nobody can check it, since she had it wiped (despite being under subpoena to turn over everything). We know that Microsoft Exchange Server is prone to being 0wned and we know that the IT guy Hillary had working on her server asked Reddit for help when he couldn't get security patches to apply. So there was a period where security patches were not applied to the server, and its IP address and domain name were posted on Reddit.

Microsoft Exchange, known to not have all security patches applied, IP address posted on Reddit, and the Russian and Chinese and Israeli spy organizations had to have figured out that she was running her own server. In my mind the only question is how many different people or organizations cracked her server, not whether it happened at all.

I saw a news story that said "logs from the wiped server did not show any signs that a spear phishing attack had happened" which of course means that nobody ever cracked the server ever by any means. Right?

Comment Re:Let's compare Mike to Hillary (Score 1) 445

Now, what would you expect someone that was trying to avoid scrutiny to do, at this point, when they received the first official request for those emails? I'm pretty sure the answer is anything but "promptly and immediately start handing them over."

This is a convoluted way to say "When asked for the emails, Hillary Clinton promptly and immediately handed them over." And I can only say: [citation needed]

If you are going to claim this, please provide references documenting this prompt and immediate handover.

I claim the opposite: that Hillary Clinton did not promptly and immediately hand anything over, but late and grudgingly. And I will provide references.

The gold standard is Sharyl Attkinson's timeline:

The Benghazi incident happened right before the election in 2012. Judicial Watch filed an FOIA request immediately after this, and Sharyl Attkinson filed one as well in December 2012. These FOIA requests included requests for Hillary Clinton emails related to Benghazi. So our clock starts ticking in November 2012.

February 2013: Judicial Watch sued the State Department for failing to respond to the FOIA requests.

August 2013: the Congress subpoenaed Benghazi-related documents.

2014: Judicial Watch files another FOIA request, then files another lawsuit when it gets no response.

Now, the key happened in December 2014. I'll quote it exactly instead of paraphrasing:

Dec. 5: Clinton privately turns over copies of 30,490 "work-related" emails to the State Dept. totaling 55,000 printed pages. No date has been provided as to when she deleted her "private" emails, but it is presumed to be around this time frame.

So two years after the first FOIA requests, Hillary Clinton finally turned over emails... printed on paper with minimal email header information. She and/or her team deleted literally tens of thousands of emails and then wiped the server. She claimed that these were personal emails, not work-related, but wiping the server was highly improper (actually illegal, I'm pretty sure, but nobody took action against her for it).

Note that the federal document retention laws required her to turn over copies of all work related communications on or before her last day as Secretary of State. She did not turn anything over until forced to, two years later, and she turned over printed paper. If she had simply used the government email system, the government would already have had all her emails; that's why she was supposed to be using the government email system. (She never asked for or received permission for deviating from the normal way of doing things, but those who knew what she was doing never did anything to stop her.)

And then, the FBI revealed that they had found another 15,000 work-related emails that Hillary Clinton had failed to turn over (she turned over 30,000, so that's not a small number of emails).

In the 30K emails turned over (printed on paper) there weren't any emails related to Benghazi. In the 15K emails recovered by the FBI, 30 Benghazi-related emails were found. That means Hillary Clinton deleted Benghazi-related emails rather than turn them over, and of course the original FOIA requests were specifically looking for Benghazi-related emails.

Quote from that article:

"Clinton swore before a federal court and told the American people she handed over all of her work-related emails. If Clinton did not consider emails about something as important as Benghazi to be work-related, one has to wonder what is contained in the other emails she attempted to wipe from her server," senior communications adviser Jason Miller said in a statement.

So, please explain to me how waiting two years and then handing over a pile of printed papers with minimal email headers and from which the specifically requested emails were deleted is "promptly, immediately" responding to the request.

Moreover, this is direct evidence of a massive double standard, when people give those like Pence the benefit of the doubt, but refuse to give any to Clinton.

I'm willing to give Mike Pence the benefit of the doubt, because he used AOL, rather than setting up a server under his own physical control. He had no way to wipe the server.

Also there is this quote from TFA:

Pence's office said his campaign hired outside counsel as he was departing as governor to review his AOL emails and transfer any involving public business to the state.

So if I understand correctly, you personally are fine with Hillary Clinton waiting two years and then having her staff print the emails out on paper when forced to by a subpoena from Congress, but you have a problem with Mike Pence hiring "outside counsel" to review his emails and transfer work-related ones to the state before his last day as governor. I suggest that it is in fact you who has a double standard.

Comment Re:What was the point of a $1300 ChromeBook? (Score 1) 44

Going up market never made sense

Well, only Google knows the real reasons for the Chrome Pixel, but the speculation I have seen is that it was intended as a "halo" product, to show how nifty a ChromeOS device could potentially be. It's not desirable for customers to think of ChromeOS as being the OS you have to put up with on dirt-cheap hardware. Showing off ChromeOS on hardware about as nice as a MacBook Air has some value; whether it's sufficient value to really be worth it, I won't speculate.

It's possible that making a sexy notebook for Google people to carry around was one of the reasons as well.

Keep in mind that one of its features is a colorful light strip with no functional purpose; Wikipedia claims it is there "purely for its cool factor".

Also keep in mind that Google developed the inexplicable Nexus Q. Someone at Google thought that was a good idea. The Chromebook Pixel was a giant success in comparison. (My own theory: the Nexus Q would be a pretty nifty device to set up in a college dorm room, assuming that everyone who routinely wanted to use it had an NFC-equipped mobile device. I think that's why it was made with built-in amplifier adequate for driving small speakers. For any other use case its feature mix was... questionable.)

Comment Re:Choosing Google considered harmful (Score 5, Informative) 44

It's considered dangerous to invest time and effort into much of fickle Google's software, lest it's withdrawn with only a few months' notice, and the same would appear true of their hardware lines, too.

Except that cloud services stop working when Google turns them off, while a Pixel notebook still works after Google stops selling new ones.

Also, since the Pixel uses an x86 processor, Chrome OS updates will continue to Just Work on it, or you could wipe it and install some distro of Linux like Linus Torvalds did. So I'm really not seeing the problem here.

Comment Will it be entertaining? (Score 4, Interesting) 87

I think in the early days, these races might be entertaining.

I can imagine that eventually some kind of optimum strategy may evolve and all the teams use it, and then the cars will all do the same thing and the race will be boring. But in the early days, with people trying different strategies, stuff might happen that is interesting to watch.

I remember back at my first job, we found some kind of game where you wrote a program to control a robot tank in the game, and the whole game was to have matches between people's programs. The programming language was simple and there were APIs for things like "throw out a radar ping", "turn tank", "rotate turret", "fire gun", "check to see if tank is damaged", etc. There were many different strategies available: you could write a tank that never checked if it was being damaged, but just drove around crazily all the time to be hard to lock onto; you could write a tank that, when it got a ping, would try to lock onto that tank and follow it and keep shooting it until it was dead; you could try to write a balanced tank that would check if it was damaged and evade if so, try to figure out where other tanks were and just send shots in that general direction, etc. We had great fun with it for a while, and then one of the developers (not me, sadly) wrote a tank program that was dramatically more effective than all the others. The fun died away when it became "watch Rich's tank destroy your tank and all the others".

The question is whether Rich's program was actually optimum in some sense (did the best possible according to the simple simulation rules) or whether we could have beaten it if we had been more clever. I'm not sure. I wish I had copies of the source code to all the bots from back then, now that I have a lot more experience in software development and I might get more out of the game.

This was years ago and I couldn't tell you what game it was exactly, but there are plenty of programming games around.

Comment pokey at the jewelry store (Score 2) 67

pokey at the jewelry store

There. It's my favorite Pokey strip. It's also the only Pokey strip I like. I don't really get the love for Pokey... I don't get the love for Zippy the Pinhead either.

I really do like this one. The increasing aburdity of the situation unfolds with IMHO perfect comic timing.

Slashdot Top Deals

My idea of roughing it turning the air conditioner too low.