Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Adobe: Click-to-Play Would Have Avoided Flood of Java Zero-days

Sigma 7 Re:Click-to-Play Would Improve Flash, Too (111 comments)

If visiting a web site implies JavaScript consent, then why doesn't it imply SWF or JVM consent?

Plugins such as SWF, JVM or ActiveX imply having better access to the system (e.g. clipboard, save files to disk, etc.) than regular JavaScript (which is supposed to be limited to the browser). Plugins wouldn't have been necessary if JavaScript can do anything the plugin could. The situation may changed since the introduction of plugins and Javascript, but the implication remains the same.

That, and because I said so.

about a week ago
top

Adobe: Click-to-Play Would Have Avoided Flood of Java Zero-days

Sigma 7 Re:also applies to flash and acrobat (111 comments)

Click to play is built into Chrome these days.

Users shouldn't have to hunt for a specific browser just to keep safe. Likewise, they shouldn't have to hunt for a specific extension to keep safe either, as those features should be built-in to the browser.

Also, the main security flaw is automatically executing anything that gets fed into the browser - and JavaScript security issues had remained unchecked for 10+ years, and still are as demonstrated by visitng a random webpage only to be directed to "Your java is outdated, please update". (Did they learn nothing from the Boot-Sector Virus era?)

about a week ago
top

Password Security: Why the Horse Battery Staple Is Not Correct

Sigma 7 !news - password security is already known (546 comments)

1) Choosing a password should be something you do very infrequently.

Choosing a password should only need to be done once per site, not "infrequently".

2) Our focus should be on protecting passwords against informed statistical attacks and not brute-force attacks.

Passwords are generally leaked because someone either got the list of passwords, tricked the user into entering the password on the wrong area (e.g as with any phishing site), .extracted them from a local store on the person's hardrive because Firefox still doesn't auto-block random plugins be default, or used the rubber-hose decryption algorithm.

3) When you do have to choose a password, one of the most important selection criteria should be how many other people have also chosen that same password.

So, don't use a single password that appears on a dictionary attack. Trivial.

4) One of the most impactful things that we can do as a security community is to change password strength meters and disallow the use of common passwords."

It's moot when the various websites come up with inconsistent password types, where your randomly generated password is rejected because it didn't happen to include a capital letter (even though it contains a punctuation mark), is rejected because it contains punctuation, is rejected because it's too long, etc.

Disallowing common passwords is as easy as downloading a list of common passwords and refusing anything with an exact match. If you have free extended strings, there's more than enough variation to kill anything statistical, leaving only the dumb users that pick something obvious that most sheeple do.

about two weeks ago
top

PETA Is Not Happy That Google Used a Camel To Get a Desert "StreetView"

Sigma 7 Re:PETA won't be happy until all animals are extin (367 comments)

PETA don't like animals having any relationship with humans.

Not quite true - PETA is okay with using animals as long as VP MaryBets Sweetland can get the insulin shot. Everyone else should avoid anything to do with animals.

about two weeks ago
top

Chrome 38 Released: New APIs and 159 Security Fixes

Sigma 7 Re:Chromium (55 comments)

Even Mozilla backed down on blocking 3rd party cookies, and it is open source.

That's because Mozilla developers need to focus on keeping their bellies full.

If Mozilla backed down, that's probably due to financial issues - where they could simply withhold funding, and instead focus on partnering with Microsoft to port Internet Explorer and Active X over to Linux.

And then I'm hard pressed to think of an open source browser which actually respects our privacy, doesn't have ads, and which runs on multiple platforms.

I haven't seen an ad-supported browser since Opera decided to shed its shareware model.

The big two browsers - Mozilla Firefox and Chromium - are close enough to these requirements. If you disagree, you'll have to find skilled developers, get a way to feed them, and keep them around long enough to write your own browser.

about two weeks ago
top

Will Windows 10 Finally Address OS Decay?

Sigma 7 Dealing with slowdowns (577 comments)

Even if Windows slows down over time, there's easy ways to deal with it.

Since Windows XP, you have a program called "MSConfig" that allows you to remove any startup programs, especially ones that are pure redundancy or are otherwise not useful.

And with modern systems - Web browsers slow down the system more than anything junk that accumulates in the OS. I've had both Firefox and Chrome running at the same time, with the resulting commit charge around 8GB, sometimes approaching 12GB. Once I stopped using one of the two browsers, the constant thrashing stopped, and everything else is much more responsive. (Firefox is still freezing, but that's a memory leak issue.)

about three weeks ago
top

Malware Distributed Through Twitch Chat Is Hijacking Steam Accounts

Sigma 7 Re:Java? (53 comments)

And guess what, it is trivial to disable Java support for browsers

Only if you know where to find the option.

In Firefox Aurora version 34.0a2, I click the three lines button to get a menu, then click on options. None of the listed tabs lead towards disabling plugins, or making them manually activated by clicking.

In general, if you have to look in more than one place to configure your software, it's not trivial even if it's easy.

about a month ago
top

Malware Distributed Through Twitch Chat Is Hijacking Steam Accounts

Sigma 7 Re:Morons. (53 comments)

1) gamers that don't run basic AV

Basic AV = not automatically executing stuff.

If you mean something like real-time protection from common AV packages, then those are technically reactive to threats and don't detect new things within the past ~24 hours or so.

2) gamers that don't run sandboxing software over their browser (Sandboxie for example, shits TRIVIAL to use and is even foolproof!)

Browsers should be self-sandboxing, which has been the case since the start of HTML, until someone foolishly added JavaScript/plugins. Those two shouldbe disabled by default, and in the event that JavaScript or plugins are required for a site, they can be made click-to-play.

3) people DOWNLOADING programs for competitions...
4) actually wanting to play CS Go. The worst sin of them all.

No objection here.

5) Twitch still hasn't word-banned people typing these messages and any variants. It's not like their servers would break, they already have filters in place.

Word-banning is a clbuttic mistake.

about a month ago
top

Why Atheists Need Captain Kirk

Sigma 7 Re:Hollywood Logic (937 comments)

There is nothing wrong in being a genious in something and not being able to explain how you do it. The common term for that is: intuition.
You ignore that someone who is doing stuff by intuition might have 30+ years in experience to do just that.

In case of the "iniuition" found in the Star Trek chess game:

  • The "less logical" is most likely a lower-strength chess player (e.g. capatin Kirk, Troi, etc), and is matched against a high-strength chess player (e.g. Spock, Data, etc.)
  • The weaker player makes a winning move, which was either "illogical", "emotional", etc. In reality, picking the winning move would be logical.
  • Games such as chess - especially on a high-rank logician such as Spock/Data (known to be able to calculate stuff to excessive significant digits), are likewise able to avoid sudden mate-in-one situations and would probably attempt to shake off mate situations in several turns. (Current computers can see 10 moves ahead, maybe more; Star Trek computers should technically see much further as long as they aren't limited by plot.)

Compare this to Babylon 5, where there was a chess paring, where the player that lost admitted to have made a mistake (e.g. didn't notice that he opened himself to a mate-in-one.)

Also, I'm not saying that intuition isn't valid. Only the cheap plastic imitation used in Star Trek is the issue, when it's used to plainly bash things like "logic".

about a month ago
top

Why Atheists Need Captain Kirk

Sigma 7 Hollywood Logic (937 comments)

"I'm pro-science, but I'm against what I'll call "Spock-ism," after the character from the TV show Star Trek. I reject the idea that science is logical, purely rational, that it is detached and value-free, and that it is, for all these reasons, morally superior.

"Spock-ism" is really a Straw Vulcan where logic is forcefully neutered.

For example, Counceller Troi beats Lieutenant Data in a game of chess, claiming that it's a game of intuition. This ignores that computers can consistently win games of chess against anyone relying on intuition, and where intuition needs to be first built up on logic. (Really, just play chess intuitively against modern AIs on their maximum setting.)

about a month ago
top

Facebook's Auto-Play Videos Chew Up Expensive Data Plans

Sigma 7 Re:Autoplay is EVIL (108 comments)

1) I suspect videos tend to be larger than Anim-GIFs by an order of magnitude

While empirical evidence: animated gifs tend to have a lower framerate (maybe sub 24 fps?) than a comparable video file, and are usually smaller than 360 pixels across.

Loading an animated gif tends to be longer/slower than the comparable Youtube video.

Additionally, browsers can't detect the difference between an animated GIF and non-animated until it starts downloading (unless there's some new HTML tags that I haven't seen.) On the other hand, browsers can detect if a plugin/video is going to be activated before downloading them, and can trivially add a click-to-play dialog to prevent sudden download surprises.

Modern browsers have options for disabling auto-play of Anim-GIF, while similar control for video might be up to a 3rd party plugin

I haven't seen an option for that in Chrome or Firefox without going third-party - and usually you've already downloaded a chunk of data.

Meanwhile, Chrome can auto-block plugins, allowing you to right-click on a plugin and run it - this occurs before the video/flash content is downloaded, saving bandwidth.

about a month and a half ago
top

Ask Slashdot: the State of Free Video Editing Tools?

Sigma 7 Re:CS2 (163 comments)

The CS2 versions tend to be depreciated - and I think you need to actually have a registered version to actually download them now (i.e. you need to pass some entitlement.)

Also, at least one of the packages required for video editing (I think it's Adobe Premiere Pro 2.0), doesn't work at all on Windows Vista or later. There may be a fix, but I couldn't find it offhand.

about 1 month ago
top

Google Receives Takedown Request Every 8 Milliseconds

Sigma 7 Re:An easy fix. (155 comments)

Obviously there should be a way to report copyright issues. However to do so there should be a deposit required, say $1000.

A.k.a. justice for the rich rather than the starving artist.

The actual fix is to require the plaintiff to sign the whole statement under penalty of perjury rather than just that they represent someone - or at the very least, put a punishment for flinging out fradulent DMCA takedown in the same way filing frivilous lawsuits is punished.

about 2 months ago
top

Oracle Hasn't Killed Java -- But There's Still Time

Sigma 7 Re:Oracle Forms (371 comments)

If its so easy then you should have it done by teatime.

"Easy" is besides the point, and said easy portion is not a bottleneck.

Let's look at MinGW/MSYS, which I discovered omits certain critical definitions (e.g. EILSEQ etc.) from a recent download. Fixing them is "easy" but not of that helps the hard portion - getting the fix into the main repository so that others don't have to keep fixing it in the build environment - especially when that bug causes a violation of ANSI C specification.

Something like that can be picked up in an easy smoke test (e.g. ensuring that MinGW/MSYS packages are self-hosting). Yet, it hasn't.

Writing software is easy. Getting it distributed, or even trying to get everyone to agree on the color of the bike shed, is hard.

Nobody in the FOSS community wants it to be ported

The alternative is to write a framework that's superior to C#, .NET or other propriatery technologies - and get it deployed so that anyone can dive in with minimal difficulty (including initial learning time.)

about 2 months ago
top

The FBI Is Infecting Tor Users With Malware With Drive-By Downloads

Sigma 7 Re:Hide behind todays popular hate-topic... (182 comments)

Download checksum are usually one or more of MD5SUM, SHA1SUM and SHA256SUM.

A simple transposition of bytes will not generate identical hashes.

From RFC793:

The checksum field is the 16 bit one's complement of the one's complement sum of all 16 bit words in the header and text. If a segment contains an odd number of header and text octets to be checksummed, the last octet is padded on the right with zeros to form a 16 bit word for checksum purposes. The pad is not transmitted as part of the segment. While computing the checksum, the checksum field itself is replaced with zeros.

The extremely weak checksum of the TCP header (or even IP header) will not detect byte transposition.

And no amount of checksumming will stop drive-by-downloads from browsers that still don't understand basic security. (Really, Javascript permissions should have been introduced in Netscape 2.0.)

about 3 months ago
top

Mozilla Doubles Down on JPEG Encoding with mozjpeg 2.0

Sigma 7 Re:Hard to get excited. (129 comments)

video is the vast majority of the internet. Seems like a better use of their time to focus on making HEVC or VP9 more capable.

Most videos (at least those linked to from meme-based image sites) are stored in GIF format, despite them taking twenty times the bandwidth/file size of the Youtube video they're based on.

Thus the best way to save space/bandwidth is to find a way to optimize compression of .GIF files.

about 3 months ago
top

How To Fix The Shortage of K-5 Scholastic Chess Facilitators

Sigma 7 Tech for a non-issue (128 comments)

Could technology like RFID-tagged chess pieces

Is this a tech-for-no-reason article?

The article gives a long example where players need to figure out things like checkmate. That's the most trivial of problems, which players need to figure out just to complete the game. Plus, average children at the K-5 (outside of tournaments) have a house rule where capturing the enemy king is a checkmate, which is the same effect.

An easy question if you are an avid chess player, but what if you are not?

If you're at a tournament for that, then you really need to play a few chess matches yourself - even if it's against BattleChess, Chessmaster, or plenty of other free computer programs that can have their difficulty significantly reduced.

about 3 months ago
top

Florida Man Faces $48k Fine For Jamming Drivers' Cellphones

Sigma 7 Re:In other news (358 comments)

In Florida, only for text messaging. They don't ban hand-helds or cell phones.

See http://www.drivinglaws.org/flo...

Also, officers don't pull you over simply because you are on the phone, they only enforce it if they catch you doing something else at the same time.

about 4 months ago
top

The Feature Phone Is Dead: Long Live the 'Basic Smartphone'

Sigma 7 Re:WTF Is A "Feature Phone"? (243 comments)

Technically, a feature phone is a class of cell phone half-way between conventional smart phones and cellphones that only allowed dialing.

It's also a back-dated definition.

As for programming software for one - don't bother. There's so many variants that it's easier to aim for an Android or iOS.

about 6 months ago
top

MA Gov. Wants To Ban Non-Competes; Will It Matter?

Sigma 7 Re:Uhm... since when are non-competes a bad thing? (97 comments)

Don't they stop employees from taking any kind of IP and running away with it, which would basically kill the industry?

That would be confidentiality agreements Non-competes are meant to prevent employees from leaving, and immediatly undercutting the employer.

As for why they're bad, I didn't find what I was looking for (a Texas software engineer sued for work before and after employment at a company), but one sample non-compete is more of a restraint-of-trade, requiring an employee to be unemployed for a period of three years (no regional limitation and no consideration.)

Such non-competes don't prevent innovation from being released into the wild, but instead choke the supply of available workers.

about 6 months ago

Submissions

Sigma 7 hasn't submitted any stories.

Journals

Sigma 7 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?