Become a fan of Slashdot on Facebook


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:Analogue vs Digital, and DRM (Score 2) 360

Wasn't this the big bugaboo of Windows Vista? I'm also curious how you think the media industries will re-introduce DRM in the billions of DRM-free songs that all the major online stores have already sold and are still selling.

No, I'm pretty sure this is just about space savings and a minimalistic design fetish. Not everything is a conspiracy, and we already won the DRM war for audio.

Comment Re:Headphone Jack is Pretty Crappy (Score 2) 360

So far, my objection is that they don't work well. I got a BT hands-free headset, and had the idea of listening to audiobooks on my commute. Nope - after a while, my Android phone somehow borked the volume. It plays so soft I can't hear the thing. Until this tech gets much more reliable, it's too early to kill the analog jack.

Comment Re:Headphone Jack is Pretty Crappy (Score 5, Insightful) 360

Indeed, I've never had a modern 3,5mm headphone port wear out. I've had a lot of micro-USB ports wear out. : And it's only logical that would be the case, the electrodes on the headphone port are far more robust than those on a micro-USB port.

I know that the standard response to "3,5mm port removal is the feature that nobody requested" is "it'll be painless and we'll be able to use the extra space to more useful internal hardware without having to make the phone bigger". But just ignoring the "painless" thing... how much more "capability" can you add in such a little space? That's enough for what, maybe 5% more battery time?

Maybe I'm wierd, but I couldn't give a rat's arse how thick a phone is... I just want it to be robost and not a big headache.

Comment Re:Headphone Jack is Pretty Crappy (Score 2, Insightful) 360

what you describe is most of the china crap that you buy today.

that does not mean that in-spec jacks and plugs are a problem. in fact, they are not!

so, complain about buying dollar buds. but don't say all jacks and plugs are bad, since that's just plain out WRONG.

its not my fault that you buy crap and complain about the format.

Comment The Verge is 100% wrong (Score 2) 44

The Verge's advice focuses on value in a packed market, and explicitly recommends against attempting novelty. This is crap advice, the kind of numbing pablum that Walmart gives to reps with a new product. "You want to make jeans? Sure, you have to make them in a way that fits on the existing shelving and matches the existing pipeline of ass-coverings, and don't come to us in the spring without lighter weight stuff and shorts." The message is that innovation doesn't sell, which is completely wrong, you can still sell the hell out of yoga pants (high volume/moderate margin) and utilikilts (high margin low volume) if you are careful. Innovation doesn't sell in volume right away. Was Tesla thought to be a competitor to the big automakers? Puhleez. But they put out an innovative niche product and did it goddamn well, and now as they ramp production and solve nontrivial production problems, they are becoming a serious threat to a super-defined market dominated by a few big players.

Also, the Verge article mixes up the use of the word "value" between low-cost+performant product vs premium product, and implies you must choose one end of the spectrum or you are fools. This is also complete BS; it's entirely possible to put out a mid-market device that eats the premium product's lunch (with the exception of the 1% of the market that buys Kardashian-style gold-plated iPhones just because of the logo and the gold). This is how Samsung arrived at its current market position. Let's not forget that along the way to it's current dominance, Samsung put out versions of the Galaxy phone that had stylii, projectors, card slots, display adapters, etc etc. Some of those are still highly profitable products at high volume today, and there's certainly room for improvement -- particularly with respect to flexibility. To dismiss as "high school science fair" and unaware of the global market is profoundly ignorant of the history of this market.

Not only is this a viable play-book for Moto, it's exactly what they should do in order to not become part of the "value" market on the clearance shelf.

Comment Re:BREAKING NEWS (Score 1) 99

The weren't "practically" secure before the test, and given the extreme lack of protection, probably weren't even aware of it. Now they are aware of it, and can start pursuing better options for protection. The servers and networks haven't changed, but the improvement in awareness puts them in a much better position. Now they can improve.

Again, a consultant's job really boils down to the terms of the contract. If the contract says to evaluate the company security, that's what you do. If the result of that evaluation is to simply say "your company is horrifyingly insecure", then sometimes that's the job. To that end, it's rather silly to spend a week deeply probing Apache vulnerabilities or zero-day injection attacks when executives are broadcasting their passwords in plaintext. Attackers don't care if their exploits are inelegant or obvious. Low-hanging fruit is still fruit.

Security is not a checklist, despite what managers might think. You can't just hire a security consultant to run a test, then stick on his list of band-aid fixes and be done with it. Rather, every employee, vendor, contractor, and visitor must have the appropriate training and controls to ensure that the company is secure, and that diligence must continue even when the contractor's gone. From the manager's perspective, a consultant who's done a thorough investigation and turns in a textbook for a report has done impressive work... but a consultant who brings clear attention to an endemic problem of security negligence has done better work.

If I'm a manager, that kind of concise finding is something I can elevate and focus on fixing, rather than having it buried inside a report of a thousand low-exposure vulnerabilities.

Comment Re:This confirms my previous speculation (Score 1) 439

Personally, I agree. But I know too many people who are willing to take the risk of Trump just to stick a finger to Clinton and DNC. I think it's foolish, but nevertheless, if there are enough of them, it may just add up.

Of course, the other side has a similar problem. Which is why I think that it's basically a contest of who can motivate more to show up to vote against the other guy. And given the potential consequences, I'd rather not take chances, even when small quantities of votes are at stake. Brexit should be a lesson to us all.

Comment Re: as someone who is suffering from this... (Score 1) 237

Libertarianism is not just any limited government. It's government limited to those functions that are necessary to maximize individual liberties (or individual negative rights, to be more specific).

Libertarians also believe that all people, not just those that happened to be born in a "right" country, have said rights.

Now, go ahead and explain how government-sponsored economic protectionism (which borders are, at least in the context of this discussion) maximizes individual rights and liberties.

Comment Re:BREAKING NEWS (Score 3, Insightful) 99

So in other words, they did their job and got paid.

They were contracted to find vulnerabilities, and they accurately determined that user credentials were easily compromised with a basic attack. If they were not pentesters, but rather actual attackers, they would have everything they need to access the company servers and start wreaking havoc. Even if they only sniffed users' personal credentials, they still have enough access to start social engineering or coercion attacks against the employees.

Depending on the terms of the contract, the consultants may not be allowed to test passwords they find. They may only be allowed to report that they found something that looks like it should be a password.

Of course, it may also highlight some other key details, like company devices automatically connecting to known SSIDs, or a lack of encryption on the legitimate wireless network. If their attack went undetected by the company's security team, a suitably-paranoid company may want to install systems to detect rogue access points.

A colleague of mine once was hired to do a week of pentesting. The first morning, he tailgated through a locked door by carrying some boxes, found an unlocked network closet, and connected to the client's network and started sniffing unencrypted traffic, including plaintext passwords for the admins. Those let him access every server he tried, and he ended up cutting the test short by lunch. He delivered a brief report in the afternoon, essentially saying that the general approach to security was so bad that further testing wouldn't be productive. His recommendation was to cancel the security testing contract and move the budget to basic security training.

Comment Re:So what? (Score 1) 99

Avast conned more than 1,200 people into connecting to fake wi-fi hotspots set up near the Republican convention and the Cleveland airport

...meaning they caught a lot of non-Republicans in their little "sting operation". All in all, a non-news story. I'm sure they were really hoping that they'd find 10% of the people looking at porn, or something more salacious. Why call out porn and dating apps in the first place?

All this proves is that we really need encryption everywhere, and that we need to make sure it's turned on by default, so that ordinary users don't have to think about it too much (because let's face it - that will never happen). Eventually, anything that's NOT encrypted should signal a warning to the user, although the transition will need to be gradual. Services like Let's Encrypt are slowly eroding any excuses not to make everything secure by default.

Comment Re:Anything for work (Score 3, Insightful) 215

The single return rule makes sense in some circumstances. I like early outs, but then tend to the single return rule. If you're breaking apart your logic to that degree that you need a return in the middle of a long function, then you may want to consider breaking apart the function. Still, I think it's best to consider it a *guideline* rather than a rule. The moment you declare something a rule, someone will find a valid reason for breaking it.

As for other "optional" code, I tend to put parentheses around any C/C++ code that depends on operator precedent. The only one *everyone* knows is * or / before + and -, otherwise, it gets parentheses, just to be clear.

I see a lot of programmers try to cram as much as possible into one line, which I'm not a fan of. As one example, I'm not a fan of assigning a variable inside an if statement. It's harder to read than several short, clear lines, and it likely compiles to the same assembly in the end. So, I'll occasionally leave a formula as several steps and explicitly declare some of the intermediate variables, even if I could have stuffed it all into one line. It's easier to debug, since you can examine the intermediate values, and it helps others to understand what's going on, since the intermediate variables have an actual name as a hint. I'm sure it bugs some people who think it's too verbose or my variable names are too long and descriptive. I don't go crazy, but neither do I stick to single letters when a word or two works better.

Comment Re:Anything incriminating? (Score 1) 439

Take this email, for example:

If this were two Hillary campaign staffers discussing it, it would be very sleazy, but not blatantly wrong.

The problem is that it's two DNC staffers. Since DNC effectively organizes the primaries on federal level, they're supposed to be neutral. Instead, we see people not only expressing a clearly non-neutral opinion on one of the candidates, but they are actually plotting to do something that would benefit one candidate by hurting another.

Contrasted with the official DNC claim that they were, indeed, neutral, this is pretty damning. Not illegal, most likely, but as far as reputation goes, it's going to hurt. And Clinton will be affected by it as well, simply because she was the beneficiary of it.

Slashdot Top Deals

You know you've landed gear-up when it takes full power to taxi.