Please create an account to participate in the Slashdot moderation system


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Ah yes... (Score 2) 94

An SQL injection attack is the easiest thing to close the loop on though. It is the low hanging fruit of security. At least start with that... then we can talk encryption...

Or hashing.

SQL injectable website, passwords in plain text...I'm sure there's a third "security best practice" that's not being followed.

I mean, geez, plain text passwords hasn't been in on any "industry best practice" since never. If there's any reason to make yourself completely vulnerable to being sued, this would be it.

Comment Re:It's the cost of the labor, stupid (Score 1) 146

Companies are already restricting selling spare parts and using nonstandad screws and bolts. Apple and Jura for example.

That's a basic intelligence test for repair and preventing warranty fraud, actually. Far too many people go to YouTube and see how to fix something, then actually try to do it, without realizing they don't have the proper tools (no, a butter knife is NOT a screwdriver), or even skill/dexterity to repair (use a tool to lift the flap on the connector - do not rip the cable out or you may tear the cable, rip off the connector, or break both to the point both parts need replacing).

If you're handy enough to go online and buy the proper tools, you probably at least have the necessary skill not to screw it up worse than it already is.

And some of the worst people to deal with are warranty fraudsters. Hell, try denying a warranty claim because the device has water damage. They'll deny it left right and center, ask for managers, etc., even though the device is clearly dripping so much water it's making a huge puddle on the counter that's dripping onto the floor. Nope, it wasn't water damaged!

Comment Re:Do we have to let the winner out of the arena? (Score 1) 51

Kind of boggles my mind that the google thinks they made $22 billion profit on $31 billion revenue from Android. Talk about magic money? Some kind of projection of the effects of Android's success on their stock prices? Already we're dealing with fantasy here.

However, my two primary reactions were sadness and amusement.

The sadness is at the loss of the google's innocence. I used to think they were sincere about the "Don't be evil" thing, but now they are just another giant EVIL company and the corporate motto has become "All your attention are belong to us." I can't decide whether I was a gullible fool or if the transition was just inevitable under the rules of the American business game as encoded into law by the most cheaply bribed politicians.

You have to remember the reason for Google buying Android then.

Remember, iOS just came out and it was doing fairly well. Google was also doing fairly well - the default being Google for everything meant every iPhone user was using Google and making Google a lot of money.

This did concern Google because Google realized that Apple could cut them off from their golden mobile goose egg at any time, so they needed something to ensure that even if Apple did that, they'd still have fingers in the mobile advertising business. And that's where Android comes into play - it was an OS Google acquired in order to secure mobile advertising profits without Apple.

That's why Android is offered with generous terms to OEMs - as long as Google apps come first, Android was practically free, thus locking in Google's grip on mobile.

Comment Re:How is this different from any university? (Score 1) 316

But there is absolutely no doubt that a college education on average is an economic benefit. The lifetime earning of people with a bachelor's degree are 1.66x that of someone with high school diploma -- again on average. Someone who starts out as a tradesman and ends up with a successful contracting business can do very well for himself, obviously.

Actually, it's not college. Or university. It's any post-secondary education automatically gives you can economic benefit over a high school diploma.

Your skilled tradesman has post-secondary education - in their trade. Be it electrician, plumber, welder, carpenter, etc. There's post-secondary education attached to it. Even the journeyman status is still education - many other professions have a residency or practicum part of the training.

Because the jobs for high school diplomas is very limited - and the supply is wide, so they pay very little. Think janitor or housekeeper, and even then, you're doing minimum wage. There's also retail. All these jobs are unskilled.

Oh yeah, it's possible to make a lot of money as an unskilled labourer - but that's because the job has an element that makes it less appealing - usually a danger element. Crab fishing, say, an industry with a practically 100% injury rate, nasty weather, 60+ hour workdays, etc. But you can easily earn $50K in 3 months. Then there's oilman, working on oil rigs in terrible conditions, but you can get high 5 digits or 6 digits.

But there are plenty of post-secondary education opportunities - college, university, trade school, etc.

Comment Re:What I don't understand. (Score 1) 56

What I don't understand is why you are not allowed to air mail a battery by itself in a sealed container, while you are allowed to air mail the same battery inside a device. I am not that familiar with battery technology, but I would expect that a battery connected to a circuit to have additional ways of catching fire compared to a battery by itself. I mean if a fault happens inside the battery you are screwed whether it is in a device or by itself, but AFAIK there are cases where the problems were caused by the electronics connected to the battery, so you get an even higher chance of something going wrong. Maybe they are afraid the density, i.e. shipments with just batteries which would make more batteries per volume than say a shipment of laptops? But still, there would be rules about density then.
What am I missing?

Problem is battery density. If you're sending batteries, the amount is far more dangerous per unit volume than if the battery was in a device.

Shipping lithium batteries in bulk is what caused the downing of a UPS cargo plane a while back which is why they're no longer allowed - one battery caught fire, which then caused other batteries in the same container to catch as well.

Whereas if it was in a laptop, it may destroy the device and the pack, but the density of cells is lower and its less likely to catch more packs on fire.

It's why hoverboards are particularly dangerous - their packs of 10 or 20 cells wrapped tightly together - when one goes off, it will more than likely cause the rest to off as well.

Also, raw lithium and aluminum don't mix - which means the sprayed lithium can damage structural aircraft components as well.

Comment Re:Apple needs side loading / 3rd party app stores (Score 1) 97

You can easily side load a lot of stuff yourself using the free personal developer accounts. The apps expire after 30 days though so you have to keep re-adding it every month. I've got a couple apps on my phone that apple would never approve on the store, no jailbreaking.

Even better, Apple generally wants you to do this with apps with source code - the developers of f.lux tried it, but they released it as binary only and Apple called them out over it.

It's one of those things you really wish you could ask RMS about - a commercial closed-source OS that allows open-source to be loaded on, with enforcement of the "source" part - no releasing of binaries that may or may not match the source, but an OS that requires you to build the app from source code.

Comment Re:Am I trolling? (Score 1) 97

Lock him away and take all this data and hardware and when he submits the bugs to Apple, make Apple pay him the bounty and let him go with a nice clap on the back.

Well, or trust him not to sell the exploit to someone else or have it stolen. This must be worth a lot of money, much more when it is not submitted. People have been stolen from, killed or tortured for less.

Exploits are the new plutonium. You can prepare for war with stockpiling and weaponizing them.

Well, given there are three parties who would pay for it. First is Apple, as part of their bug bounty. He'd probably get a cool quarter million out of it.

The second party is pirate app stores for iOS - they often sell access to their pirated apps and do have some money to spend. The Pengu jailbreaks were basically this.

The third party is state-sponsored agencies. If you were in it for the money, you WOULD do this because they really pay - a cool million dollars or more for something like this.

It's traditionally why Apple doesn't pay for bug bounties - Microsoft, Google, their vulnerabilities sell for around the same price as the bug bounty - typically a 10-20K. But an iOS bug is big-time, easily $1M+.

Comment Re:And its getting worse! (Score 1) 84

Have you seen the "<iframe allowfullscreen>" tag? Seems to be a marketeers wet dream. And every web users nightmare.

They probably implement that like full screen video - it has to be a user-requested action for that to actually happen and browsers have the ability to block a site from going full screen (as well as doing the overlay that says "site is now full screen" with "allow" and "cancel". And which is NOT overridable - the browser throws it up and the user can cancel it.

Comment Re:What's our take away on this supposed to be? (Score 1) 86

What's our take away on this supposed to be?

(A) These evil scoundrels are cheating on the government tests

(B) The people who are designing the government tests epically suck at their jobs, should be fired, and have competent people hired in their places

I'm going to have to vote "B" here, folks.

Or maybe the test is designed so comparisons can be made between years, models and history?.

I mean yes, you can design the test to be different and updated every single year, but then you lose the ability to compare models from this year versus models from last year - and while you can run it under both tests, no one wants to pay for that. Perhaps the TVs take 40W this year. Last year's test had those TVs taking 30W. Was it the test that changed that caused all the new TVs to take 10W more? Or are this year's models less efficient?

That's the reason why tests are standardized - they're designed to emulate real-world use, but be scientifically repeatable so there's a consistent basis to which comparisons can be made.

It, just like the VW scandal, can result in cheating because of this - the test is standardized so if you detect the test you can game it. No way to avoid it

Comment Re:Fuck the spec (Score 2) 84

This is absolutely the case. Autoplay is a static attribute to the HTML5 video tag and can be set to be ignored by browsers, but there is also a Javascript API for HTML5 video playback and it is trivial to start playback from there. Technically that is not "autoplay", it is just, "play" that happens to be triggered on page load via Javascript.

And what happens is that the play command gets lumped in with the popup blocker commands that get ignored on page loads, which lets the play command work AFTER the page loads, but it doesn't start if it's part of the page load.

An alternative is to ignore the play command if the tab isn't visible. And just in case, we can have a right-click menu option to send the play command as well in case someone tries to be tricky and assume the video start playing immediately.

Comment Re:"Bonus Internet" Story: (Score 1) 57

Around 2006/7 I had a used Tmobile Dash with a voice/text plan and no data. At the time, my university ran a 28kbps dailup internet service that students could use for free. It was a relic of another time, but it was still there.

On the Dash/Excalibur (and presumably other Windows Mobile devices) you could dial into these services with the built-in modem, and since I rode the bus a lot (at least two/three hours a day), I used that service.

It was hilariously slow, but it worked. I could visit websites, read articles, and chat. By turning off the images, it could be done with reasonable comfort.

Don't underestimate the value of being able to log on at any speed.

Actually, you could do it on practically any 2G device that supported data with a facilitating carrier. It's called Circuit Switched Data (your usual GPRS/EDGE/3G/4G/LTE is packet switched data) and it establishes a traditional modem connection, using a voice channel.

It's slow because the voice channel is 9600kbps or there abouts. When you establish a CSD connection, the cell modem tells the network to use one of its modems to dial the number and establish a modem connection. The data is then sent over the voice channel as raw data (the modulation itself wouldn't survive the GSM coding, so it's just data). You phone then opens the virtual serial port and accesses the data, which is probably just a PPP session. In those days, the connection was identical whether it was CSD or GPRS/EDGE - it's just the endpoint is different - in CSD, the PPP data goes over the air to the number you dialed, while in packet, the PPP session goes to the modem to interface with the packet data hardware.

Incidentally, GPRS/EDGE use unused timeslots and frequencies and combines them to get data connectivity so the less busy the cell, the faster the data connection.

Comment Re:Tin Foil Conspiracy! (Score 1) 91

The problem with tinfoil is it grows all spiky really quickly. You brush it off and all those spikes go everywhere, killing everything electronic you touch, and making it hard to plug stuff in and out without getting shocked.

Al foils, though, doesn't have that problem. Hell, even tin cans are steel these days.

Comment Re:What device can use 1Tb? (Score 1) 98

All of our phones and digital cameras have a maximum SD card limit, most 64Gb.

There are two known limits to SD cards.

First is the standard old SD card - FAT16 formatted, up to 2GB. Then there's SDHC, FAT32 formatted, up to 32GB.

For larger cards, there's SDXC, which uses exFAT and has a 2TB limit. 128GB cards are common today, and if you can take 64GB, you can take this card as your device is SDXC compatible.

Some SD cards were 4GB using the SD method, which was a very creative way of interpreting the standard - as such, they may work in some devices but not all. If you're curious, the SD storage medium used a signed 32 bit integer for byte-level storage access. SDHC turned that integer into block-level access and that's why it was pretty trivial to add SDHC support.

Comment Re:Epipen cost: $30, regulatory costs: $30 mil+ (Score 1) 326

The issue here isn't the materials cost of the epipen. You don't even need an epipen to deliver the medicine, just a syringe and an epinephrine vial. Any school nurse worth her salt will know how to use a needle. If school districts wanted to give a fat middle finger to the pharma industry on this they could go and purchase them.

The issue here is that Mylan (the makers of the pen) lobbied the FDA and government to require its purchase be done by school districts and then jacking the price up to gouge the taxpayer (ie you and me). Now school districts have to purchase the pen instead of going the route I outlined above.

The only way to hack the regulatory process is to donate a retarded sum of money to "charity" of a specific presidential candidate and various other lobbying groups. Though that isn't really hacking. Just, "business as usual" in the fairy tale land known around that stretch of highway known as the beltway.

The cost of it was around $50, then it got jacked to $150 and now $600+.

Epinepherine is cheap - an EpiPen contains about $1 worth of the drug.

Mylan basically created an auto-injector that made it possible for anyone to administer it - remove a cap and jab, which is why it was popular - because anyone nearby can go grab it. Just like an AED, it can be put in a lot of places and be ready when needed. So there was a lot of demand to have it everywhere, especially in schools where an anaphalactic shock can mean you have only a minute. And because it's easy to use, anyone can administer it.

The problem is after getting everyone to demand they be made readily available, Mylan jacks the price up. They've been on the market for years the cheap price. In fact, that's why they're sold as a two-pack - the FDA found one injection wasn't necessarily enough of a dose, so instead of redesigning it to accommodate twice as much drug (at the price of going through the whole approval cycle again), they just sell them as a two-pack. And this was a decade ago. (The patent's actually expired) The only reason they did this was simple - the competition generic brands were actually having difficulty with their products and thus are down for the count for a few years.

Slashdot Top Deals

It is surely a great calamity for a human being to have no obsessions. - Robert Bly