Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

BitTorrent Performance Test: Sync Is Faster Than Google Drive, OneDrive, Dropbox

NotInHere Re:OwnCloud? (73 comments)

Just like Bittorrent sync, its highly dependent on your setup. If you run Owncloud on your home router with 1M uplink, your speed is that small. If you run your owncloud on a server with a gigabit uplink, and use google fiber, and you have an SSD in your owncloud server, you might get faster speeds.

4 hours ago
top

Windows 0-Day Exploited In Ongoing Attacks

NotInHere Re: Only for root users (105 comments)

... and you don't need privilege escalation if you want to write an X keylogger. You only need to be abled to execute code as the user you want to track.

11 hours ago
top

Windows 0-Day Exploited In Ongoing Attacks

NotInHere Re: Yikes (105 comments)

+1

Why do we need multiple rendering engines? There should be one to rule them all. It seems that even large companies like microsoft can't fix all issues, and microsoft has to maintain multiple rendering engines, like Trident or the Office rendering engine. If microsoft would use trident for office documents, too, and all plug-ins were made in js (or NaCL if you like binary), Office could profit by the huge efforts Microsoft (and Google) puts into securing Browsers.

11 hours ago
top

The Future of Stamps

NotInHere Re:No postmark date? (123 comments)

They could post the stamps (or a merkle tree header of all stamps of the last hour) on the bitcoin blockchain, or any other (cryptographic) notary. Then nothing is "lost in the machine", and you don't have to trust the service's computers.

yesterday
top

3D-Printed Gun Earns Man Two Years In Japanese Prison

NotInHere Re:That's the way the gyoza goes (317 comments)

And legalizing weapons in america goes back to defend yourself from evil people like redcoats, slaves, or federal gvt.

yesterday
top

Google Changes 'To Fight Piracy' By Highlighting Legal Sites

NotInHere Re:Is Google Losing It? (152 comments)

Finally some judge understands how the internet works, and now you complain that he has.

2 days ago
top

JavaScript and the Netflix User Interface

NotInHere Re:Golden Hammer (193 comments)

That "somebody" is W3C. And if Microsoft doesn't implement it in their internet explorer, the fact that it is a "standard interface" is not the fault of "browser vendors", but of microsoft. and browser vendors (even microsoft) have aligned their js implementations.

So yes, there is no "generally accepted" standard interface, when you define "generally accepted" as being runnable on IE8. But when you can afford to say to your users "get a modern browser" (still don't understand why google discontinued their chrome frame), you can use that standard interface. In the meantime, you can write in HTML5 and provide a flash fallback, there are lots of good libraries that provide you with such a solution without much effort from you.

3 days ago
top

JavaScript and the Netflix User Interface

NotInHere Re:Golden Hammer (193 comments)

You are right in principle. All it takes is to make the browser a real VM environment with security guarantees, a standardized interface, etc. But that is not going to happen anytime soon,

... because the standardized interface has already happened, or is happening: https://wiki.mozilla.org/WebAP...

The fact that browsers have such a large userbase, and its incredibly easy to make browsers execute potentially evil javascript, js is one of the most secure and best sandboxed languages that exist, that is still powerful. OK there are things as canvas tracking, and webgl shaders. But show me something that supports truly secure accelerated graphics.

When I run my browser, I choose which file to upload. A program running on my computer can read every file I can read. When an application wants to access my webcam, it asks me. On the desktop the application simply accesses my webcam. On X.org you can even write a keylogger without having extra privileges.

4 days ago
top

JavaScript and the Netflix User Interface

NotInHere Re:Why the hell... (193 comments)

First JVM is not language-specific: http://en.wikipedia.org/wiki/L...
Second, javascript can be the compile target of LLVM bytecode. You can compile your favourite C program to js. See emscripten: https://github.com/kripken/ems...
Third, javascript has a very fast but still backwards compatible bytecode like subset called asm.js: http://en.wikipedia.org/wiki/A...
asm.js can be set as target for emscripten. The browsers supporting asm.js simply JIT it to bytecode, and those which don't still can run asm.js, but way slower.

4 days ago
top

Florida Supreme Court: Police Can't Grab Cell Tower Data Without a Warrant

NotInHere Re:anonymously sourced evidence? (112 comments)

Unfortunately, as long as it isn't also unconstitutional to hand out candy like candy, nobody cares.

4 days ago
top

Facebook 'Safety Check' Lets Friends Know You're OK After a Major Disaster

NotInHere Re:Oh Noes (130 comments)

You can still say you're OK.

5 days ago
top

Lead Mir Developer: 'Mir More Relevant Than Wayland In Two Years'

NotInHere Re:Site broken (225 comments)

from the archive.org headers (X-archive-orig-server), I can tell its cloudflare-nginx they use. What wonders me, as cloudflare prevents slashdotting??

5 days ago
top

Debian Talks About Systemd Once Again

NotInHere One of the worst points about systemd (519 comments)

is for me that it isn't interoperable. Please correct me when I'm wrong, but AFAIK systemd never did anything to create standards their new functionality is compatible with. Instead they only support linux APIs. I recognize that their needs exceed POSIX, but their current approach "lets make everything a hard dependency" is -to be polite- hacky. It doesn't have to be an official ISO standard, a simple document that ensures exchangeability of components inside systemd, and perhaps even makes systemd cross-platform.

5 days ago
top

Debian Talks About Systemd Once Again

NotInHere Re:Completely wrong (519 comments)

+1 Informative. That Systemd is default isn't criticised by the mail. They only want to "preserve the freedom of our users now to select an init system of their choice, and the project's freedom to select a different init system in the future.".

5 days ago
top

Microsoft's JavaScript Engine Gets Two-Tiered Compilation

NotInHere Re:Given that the mobile world has moved to apps.. (46 comments)

Browsers are the most secure and privacy preserving way today to execute programs on your computer. They maintain a clear separation between the data on your HDD and theirs, if they need access to your camera they ask you, and it has become really hard to develop an exploit to break out of this sandbox. Because of xkcd 1200, I usually avoid using closed source apps on my desktop, but inside a browser I know it doesn't steal my data, or break something else in my system. Do you remember all those "splash screens" that appeared when you have logged in, advertising some bloaty software? In the browser there are no splash screens. I know, app stores also ensure standards and such, but browsers are still better, as they ensure basic features (copy text, ctrl f etc) I need in everyday computer use.

about a week ago
top

The Great Robocoin Rip-off

NotInHere First (117 comments)

People who want to do something first should expect a bumpy ride. Having to pay $10k more is part of the word "pioneer". Pioneers clear the path for the masses.

about a week ago

Submissions

top

After Negative User Response, ChromeOS To Re-Introduce Support For Ext{2,3,4}

NotInHere NotInHere writes  |  about a week ago

NotInHere (3654617) writes "Only three days after the large public has known about ChromeOS to disable ext2fs support for external drives, and linux users voiced many protests on websites like reddit, slashdot, or the issue tracker, the ChromeOS team now plans to support it again. To quote Ben Goodger's comment:"

Thanks for all of your feedback on this bug. We’ve heard you loud and clear.

We plan to re-enable ext2/3/4 support in Files.app immediately. It will come back, just like it was before, and we’re working to get it into the next stable channel release.""
top

Firefox 33 gets Cisco's OpenH264

NotInHere NotInHere writes  |  about 3 months ago

NotInHere (3654617) writes "As promised, version 33 of the Firefox browser will fetch the OpenH264 module from Cisco, which enables Firefox to decode and encode H.264 video, for both the <video> tag and WebRTC, which has a codec war on this matter. The module won't be a traditional NPAPI plugin, but a so-called Gecko Media Plugin (GMP), Mozilla's answer to the disliked Pepper API. Firefox had no cross-platform support for H.264 before."
Link to Original Source
top

India forged Google SSL certificates

NotInHere NotInHere writes  |  about 3 months ago

NotInHere (3654617) writes "As Google writes on its Online Security Blog, the National Informatics Centre of India (NIC) used its intermediate CA certificate issued by Indian CCA, to issue several unauthorized certificates for Google domains, allowing to do Man in the middle attacks. Possible impact however is limited, as, according to Google, the root certificates for the CA were only installed on Windows, which Firefox doesn't use, and for the Chrom{e,ium} browser, the CA for important Google domains is pinned to the Google CA.
According to its website, the NIC CA has suspended certificate issuance, and according to Google, its root certificates were revoked by Indian CCA."
top

Are the hard-to-exploit bugs in LZO compression algorithm a hype?

NotInHere NotInHere writes  |  about 4 months ago

NotInHere (3654617) writes "In 1996, Markus F. X. J. Oberhumer wrote an implementation of the Lempel–Ziv compression, which is used in various places like the linux kernel, libav, openVPN, or the Curiosity rover. As security researchers have found out, the code contained integer overflow and buffer overrun vulnerabilities, in the part of the code that was responsible to process not compressed parts of the data. Those vulnerabilities are however very hard to exploit, and their scope is dependent on the actual implementation.
According to Oberhumer, the problem only affects 32 bit systems. "I personally do not know about any client program that actually is affected", Oberhumer sais, calling the news about the possible security issue a media hype."
top

Mozilla launches student coding program "Winter of Security"

NotInHere NotInHere writes  |  about 5 months ago

NotInHere (3654617) writes "Mozilla has introduced a new program, called MWoS or "Mozilla Winter of Security", to involve university students into security projects. The attending students will write code for a Mozilla security tool during (northern hemisphere) winter. Unlike GSoC, attending it involves no monetary payment, but the student's universities are expected to activlely cooperate and to give the students a credit for their work. From TFA:

MWoS is a win for all. Students get a chance to work on real-world security projects, under the guidance of an experienced security engineer. Professors get to implement cutting-edge security projects into their programs. Mozilla and the community get better security tools, which that we would not have the resources to build or improve ourselves."

Link to Original Source

Journals

NotInHere has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?