Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Verizon Injects Unique IDs Into HTTP Traffic

cbhacking Re:HTTPS Everywhere (191 comments)

I'm signed in, have an account that's nearly ten years old (not *as* old as yours, but still six digits), have Excellent karma (and have for years), have tried multiple browsers, and still get redirected every time. I'm not a subscriber, (on any accounts; I only have the one) but if that's the difference, I am pissed.

just now
top

Verizon Injects Unique IDs Into HTTP Traffic

cbhacking Re:Ads would be mixed content (191 comments)

While that's at least an understandable argument, I still don't buy it.
1) People who want to block ads - a significant portion of the site - just block them. I don't imagine the intersection of "people bothered by /. being unsecured and
would also block mixed content" and "people who aren't subscribers, Excellent karma, or just using an ad blocker anyhow" is that big.
2) I have Excellent karma and disabled ads. I still can't use HTTPS. That's a really easy thing for them to check, if they wanted to support HTTPS at all (and this was their reason not to).
3) Some ad networks don't support HTTPS (or at least, don't have a valid cert for their domain name because their content all comes from Akamai or similar), but some (as you point out yourself) do.

There really aren't any valid excuses.

8 minutes ago
top

Verizon Injects Unique IDs Into HTTP Traffic

cbhacking Re:HTTPS Everywhere (191 comments)

Wow, really? That's several kinds of BS, that right there. Neither security nor privacy should cost money.

Also, that's not mentioned on the FAQ under subscriber perks. In fact, the string "https" doesn't occur anywhere on the FAQ at all. Is it documented somewhere else that I just didn't see?

21 minutes ago
top

Verizon Injects Unique IDs Into HTTP Traffic

cbhacking Re:HTTPS Everywhere (191 comments)

a) is already taken care of; they have a signed cert in place and set up.
b) is probably the main reason, but you would think that they would be more wise to what their user demographic wants. (But then, there's beta, so...)
c) is not a valid reason. Leaving aside the fact that IE6 traffic has got to be absolutely miniscule on this site - which serves HTML and CSS than IE6 has no idea how to handle - those people could just go on using HTTP. We're not asking them to mandate HTTPS, just to allow it.

As you say, the server load is pretty trivial. Even if you aren't using the new CPUs with hardware accelerated crypto, the vast majority of the CPU time to serve a web application over HTTPS is spent parsing requests and building pages, not doing crypto... and unless you have really excellent caching, the I/O time to do things like database access dwarfs the CPU time altogether. Using TLS typically imposes less than 5% overhead, often much less.

43 minutes ago
top

Verizon Injects Unique IDs Into HTTP Traffic

cbhacking Re:Filthy Ingrates (191 comments)

... I have this sudden urge to write a browser extension. I'm not sure *how* I want it to render <sarcasm> tags, but I think I do want it to do so. Just in case.

yesterday
top

Verizon Injects Unique IDs Into HTTP Traffic

cbhacking Re:HTTPS Everywhere (191 comments)

TLS (or lack thereof) is, or at least should be, completely transparent to the Perl-based web application powering the site. In fact, the HTTP request itself doesn't even specify anything about the protocol. The request line has the path and stuff after it, and the Host header has the domain name, but doesn't mention the protocol. The absolute minimum they should do would be to return *exactly* the same content over HTTPS that they do over HTTP for a given request (remember, the HTTP traffic is the same whether it's tunneled through TLS or not).

In fact, I just checked: the site already uses protocol-agnostic URLs. For example:
<a title="" class="read-more" href="//hardware.slashdot.org/story/14/10/24/2320227/microsoft-now-makes-money-from-surface-line-q1-sales-reach-almost-1-billion"><span>Read More</span> </a> (random link off the home page, note the href="//hardware.slashdot..." URL, which doesn't specify HTTP or HTTPS). Your browser handles such URLs by using whatever protocol the page itself was served over.

They wouldn't have to change a damn thing except to remove the stupid rule that redirects users out of HTTPS. That's a pretty damn minor change.

yesterday
top

Verizon Injects Unique IDs Into HTTP Traffic

cbhacking Re:Verizon Fios (191 comments)

Of course not. It's added to your requests when they reach the ISP gateway. Why would you expect to be able to see them on anything between you and that gateway?

yesterday
top

Verizon Injects Unique IDs Into HTTP Traffic

cbhacking Re:which Verizon services (191 comments)

Where did you check from? You don't see the headers on your end; they're only added at the ISP gateway. Unless you were able to bounce a request off an external web server and see the headers that it *received* - which don't have to be the ones you sent - then you don't know. Oh, and don't use HTTPS for the test, since they obviously can't modify those requests.

yesterday
top

Verizon Injects Unique IDs Into HTTP Traffic

cbhacking Re:Is there a way to prevent this? (191 comments)

USA, so more like every two years for the federal government (this is an election year for congress, though not for the presidency) and it lasts a lot longer than a fortnight (which, it should be mentioned, is a word only very rarely used on this side of the pond) due to the degree of campaigning that people do here (though it's definitely a bigger deal on the presidential years).

No argument on the "tell you what you wanted to hear anyway" part, though! Something so far removed from the few very carefully controlled Major Issues as corporate misuse of licensed bandwidth is going to be completely ignored by both sides (and there *are* only two sides; the media won't even report on any other parties or permit them at the debates). Occasionally some congressthing ("critter" isn't sufficiently derogatory for them) will make some statement (and maybe actually introduce / support some legislation) about such topics, but generally only when pandering to local interests in their districts.

yesterday
top

Verizon Injects Unique IDs Into HTTP Traffic

cbhacking Re:Could be worse (191 comments)

Does that unique identifier get passed down all the way to the server you're trying to connect to, even if you go through a proxy server or reset your router? This is significantly worse than MAC or IP addresses.

yesterday
top

Verizon Injects Unique IDs Into HTTP Traffic

cbhacking Re:Wonder if a chaff approach would help (191 comments)

This plan. I like this plan! Put a random value in the header on every request. If you're not on Verizon, it'll look like you are (but as a different person every time). If you *are* on Verizon, you may just confuse the software that is adding those headers, or that is logging them. Poison their tracking data with meaningless garbage, and make it *cost* Verizon money to try and track us.

Well, that and use HTTPS everywhere possible, of course. But that requires that the sites you use allow people to do so (*AHEM* Slashdot, looking at you...)

Oh, and don't use Verizon. That's the best way to hit them in the pocketbook, by far. I like the idea of sending the header even when you don't use Verizon though, as a general-purpose "fuck you!" to them.

yesterday
top

Verizon Injects Unique IDs Into HTTP Traffic

cbhacking Re:HTTPS everywhere (191 comments)

No, it's actually much worse than that. Slashdot supports HTTPS just fine. They simply force you back to HTTP (using a redirect *out* of HTTPS whenever you request an HTTPS page)! Total bullshit; there's no legitimate reason for such behavior. Even without dedicated TLS hardware, the overhead of HTTPS is pretty trivial for modern servers.

yesterday
top

Why is Apple installing outdated and vulnerable 3rd party libraries with iTunes

cbhacking Re:Attribute sources and research the scope (5 comments)

Thank you! Editors, this is a good topic but is a terribly-written submission; with a little cleanup it would be a good front-page item.

Even if the libraries are only used internally, the program using them (presumably iTunes and/or "AppleMobileDeviceSupport" stuff) are vulnerable. OpenSSL 0.9.8d actually has 33 vulnerabilities, according to http://www.openssl.org/news/vu.... It's an over-eight-year-old version, and has vulnerabilities ranging from bypassing certificate validation (permitting man-in-the-middle attacks on the traffic) to memory corruption potentially leading to arbitrary code execution.

yesterday
top

Why is Apple installing outdated and vulnerable 3rd party libraries with iTunes

cbhacking Wrong in so many ways (5 comments)

1) XP is obsolete; if Microsoft doesn't support it anymore then why the hell should Apple bother? Apple doesn't support their *own* operating systems for anywhere close to seven years! (BTW, Vista is much closer to eight years old than seven.)
2) The up-to-date versions of both of those libraries run just fine on modern Windows versions, so your explanation doesn't even make sense for stupid reasons.

yesterday
top

Fusion and Fission/LFTR: Let's Do Both, Smartly

cbhacking Re:Fission = bad, but not super-bad (218 comments)

I'm going to assume you meant to say "hundreds of thousands" and that English is not your first language. I'll give you the benefit of a doubt that far.
You're going to have to provide a citation for the actual value, though. According to the estimates that I've read, you're off by two orders of magnitude (that is, it's a few thousand deaths, not tens much less hundreds of thousands). http://en.wikipedia.org/wiki/C... (Estimates of human deaths due to radiation from Three Mile Island and Fukushima - neither of which killed anybody directly - are in the single digits.)

How do you justify the claim that mining accidents don't count, by they way? The extraction of the fuel is certainly a part of the cost - both in money and in lives - of running a power plant.

You sound like somebody who has made some assumptions, decided they are facts, made more assumptions based on them, and continued on until you have an entire encyclopedia of "knowledge" that has no basis in reality. For example, you appear to believe that mining, refining, and transporting uranium is dangerous. None of those are really true. Uranium mining per unit volume is comparable to coal mining for the same volume, but the volume of coal used by a single commercial power plant in a day is more than the volume of uranium fuel used by all the world's reactors in a year. Refining and transporting uranium is *expensive* (because people are so cautious about it, and so afraid of terrorists getting ahold of it) but not actually unsafe; until combined into fuel rods for insertion in a reactor assembly, fuel-grade uranium is safer to transport than, say, natural gas or gasoline (petrol). It's already obvious you didn't look up any statistics about Chernobyl, either; you appear to have just decided that "lots of people died" -> "lots" of deaths must mean hundreds of thousands -> "hundred[s of] thousands dead after [C]hernobyl..." May I recommend using facts based on observations instead of guesses in the future?

about a week ago
top

Fusion and Fission/LFTR: Let's Do Both, Smartly

cbhacking Re:Fission is Dead (218 comments)

The other thing to remember about those reactors is they assume the availability of the ocean as an effectively limitless source of reasonably cool water. This influences aspects of their design from basic operation to last-ditch emergency measures in ways that just don't apply on land. Sure, you could build a bunch of them along the coast, but offshore construction on that scale is not cheap (and then you still need to get the power to the cities that need it). Worth investigating, but not an obvious win.

about a week ago
top

White House Wants Ideas For "Bootstrapping a Solar System Civilization"

cbhacking Re:Replace rockets with something reasonable. (351 comments)

Some of the things that would be really great to launch - say, a "Project Orion"-style nuclear pulse rocket (NPR) - aren't feasible without a tremendous mass. NPRs can actually accelerate faster the more massive they are, because they can take the impacts better.

Putting 1000 tonnes in orbit - which would be a *small* NPR - would take about as many launches to build as the ISS did... if we can use the Flacon Heavy for each one. That's ignoring the cost and risk of assembling it in space (and the cost is high, because that means you need to get the equipment and people into orbit too, plus the infrastructure they require). The pusher plate of an NPR is, by itself, probably going to be too heavy for a Falcon Heavy, so it will need to be constructed in space... which would basically mean an entire orbital foundry!

Some things just don't break down into little pieces in an economical fashion.

about a week ago
top

As Prison Population Sinks, Jails Are a Steal

cbhacking Re:great news. (407 comments)

My approach would be more along the lines of "convictions only stay on your record for a limited time". This solves the "basically serving a life sentence" problem that is so common in the US. Say you get arrested on a minor charge, convicted to spend three months in prison... and upon release if you go a year without any further convictions, your record is considered clean and you can legally claim you were never convicted at all. There might be some *specific* scenarios where the probationary term would need to be effectively your whole life, or where some things would always be present in your background (child molester trying to get a daycare job even forty years later, for example), but otherwise have the crimes simply disappear from your public record.

With that said, the system in the Netherlands does sound quite reasonable, and I'm not sure there's any need to reinvent the wheel. My approach is based more on the idea of demonstrating rehabilitation (the 1-year period in the example would probably vary depending on the sentence and possibly also on prison behavior, much as how the time behind bars itself is variable) than on strictly categorizing offenses, but either way is a lot better than what the US has right now.

about a week ago
top

As Prison Population Sinks, Jails Are a Steal

cbhacking Re:Data centers? (407 comments)

Effort... and money. Never forget the importance of the almighty buck. There's been a little bit of progress in this area - some cities have finally realized that it costs society less to provide for the people on the very bottom than it does to leave them without any (legal) means of support - but by and large if you suggest something like this then all too many people (you know who you are) will scream "HANDOUTS! WELFARE QUEENS!" even though their *own* standard of living will increase if those people are taken care of.

Honestly, it's not that hard to figure out: when every day is a struggle just to survive and you can't provide a phone number or address, getting a real job is nearly impossible. That's assuming that, by some minor miracle, you are healthy enough, educated enough, and have enough free time to job hunt. The cost of basic education, shelter, and healthcare for those people is *way* less than the benefits gained by giving them the opportunity to be productive members of society instead of a perpetual drain on public resources.

This particular idea, of having these former prisons serve as temporary housing and support for the homeless, has another benefit: those who want to employ unskilled labor for something longer than a summer job have somewhere to go and somebody central to talk to. Provide employers with a chance to find employees that have some stability in their living situation, and I bet a lot of them would take it.

about a week ago

Submissions

top

Microsoft allowing WP8 users to get updates directly

cbhacking cbhacking writes  |  1 year,10 days

cbhacking (979169) writes "In June of 2012, Microsoft announced that they would be providing a system whereby "registered [Windows Phone] enthusiasts get early access to updates" without waiting for carrier approval and broad distribution. For more than a year, that has been an unfulfilled promise, and for many users, updates have been delayed or may even still be unavailable. Today, coinciding with the release of WP8 Update 3 (a.k.a. GDR3), Microsoft is allowing "developers" (anybody who has enabled app sideloading on their phone) to opt into a "Windows Phone Preview" program to allow updating immediately.

Like the update itself, this is likely a move in response to consumer demand and comparisons to iOS and Android, as there is little in the update which specifically interests developers. However, the program does warn that participation may invalidate your device's warranty; this may have been required by the carriers to relieve concerns of high support costs in the event of a botched update. While only the Microsoft portion of the updates (as opposed to driver firmware or OEM customizations) are available through this program, participating phones will also continue to receive public updates as they are rolled out."
top

Zune 3.0: Wireless Purchase, Games, 16GB

cbhacking cbhacking writes  |  more than 6 years ago

cbhacking writes "Microsoft released the Zune 3.0 yesterday. The device firmware has been immensely upgraded: it now supports connecting to wireless access points, sampling and purchasing music through a built-in store interface, playing games, and several other new things. You can read Microsoft's blurb on what's new at zune.net.

The Windows software has also been improved, etter integrating the social features.

Additionally, zunes are now available in more colors, the 4GB flash player is being discontinued for a 16GB player, and there's now a HDD-based 120GB model."

Link to Original Source
top

CrossOver Games released for Linux, OS X

cbhacking cbhacking writes  |  more than 6 years ago

cbhacking writes "CodeWeavers, the company that supports the open-source Wine project that allows running Windows applications on UNIX-like operating systems, has released CrossOver Games for Linux and OS X. The launch includes a considerable list of supported titles, including such popular (and graphically intensive) games as EVE Online, Counterstrike: Source (and other Steam games), and World of WarCraft.

A trial version is also available for download."

Link to Original Source
top

Microsoft .NET source to be available for viewing

cbhacking cbhacking writes  |  more than 6 years ago

cbhacking writes "A post on the blog of Microsoft's Scott Guthrie has some exciting news for .NET developers: with the release of Visual Studio 2008 later this year, the .NET Framework 3.5 source code will be released for reference purposes. Most of the libraries, including System.Runtime, System.Security, System.Windows.Forms, and System.Web will be made available with the release of VS2008, with more some additional non-core libraries coming later. The code will be available for either standalone download and viewing, or as debugging symbols with associated source for integrated debugging with VS2008.

There's a catch though: although the license abbreviation used in the post, MS-RL, usually refers to the copyleft and OSI-approved Microsoft Reciprocal License (which allows modification and redistribution), the license actually explicitly mentioned and linked to is the Microsoft Reference License, which prohibits modification or redistribution. Although an open-source release of the code would be great, this is still likely to be very helpful for debugging, examining behavior of the libraries, and selecting the correct methods or algorithms for a given situation."
top

Iraq Whistleblower Imprisoned, Tortured

cbhacking cbhacking writes  |  more than 6 years ago

cbhacking writes "Forbes.com has a telling story on the fraud and corruption that has plagues the Iraqi reconstruction efforts and, more frighteningly, the harsh penalties faced by whistleblowers. Many have been vilified, demoted, or fired outright. Now, the story has come out of Navy veteran Donald Vance, who was working as a civilian in an Iraqi company. After reporting to the FBI that his company was making illegal sales of military weapons to customers ranging from State Department workers to Iraqi insurgents, Vance was held without a trial for 97 days in Camp Cropper, an American military prison outside Baghdad. During his time there, he was subjected to "that head-banging music blaring dawn to dusk and interrogators yelling the same questions over and over."

Vance is now back in the USA and, along with a colleague who helped him gather evidence and was treated similarly in return, has filed a federal lawsuit alleging they were illegally imprisoned and subjected to physical and mental interrogation tactics "reserved for terrorists and so-called enemy combatants.""

Link to Original Source
top

cbhacking cbhacking writes  |  more than 7 years ago

cbhacking writes "Previously, searching for 'Powertoy Vista' has been a quick road to failure. However, Brandon Paddock, a MS developer, has independently produced and is maintaining a very handy tool called Search++ that adds all kinds of capabilities to the built in desktop search.
Some of the standard features are things like typing 'g <search string>' to launch a Google search, or 'play[artist|album] <name>' to find and start playing music. Another, very nice for those of us who start almost all programs in Vista from the Start menu, is the ability to start programs with elevated permissions via 'sudo <Program>'.
The basic features are great and very easy to use, but Start++ is also extensible and user-modifiable. You can even import additional search tools (called 'Startlets'), and export your own Startlets.
You can download Search++ and additional Startlets here."
top

cbhacking cbhacking writes  |  more than 7 years ago

cbhacking writes "ABC News has a well-written review of the latest version of the Microsoft Office suite, which has been shipped to manufacturers. Representing the first major upgrade since 2003, Office 2007 has an incredible and instantly visible collection of new features, including an innovative new interface. For those who downloaded the public beta (all ~5 million of us), Office 2007 has already shown itself to be an amazing software suite.

The review includes overall impressions of the new version, plus ratings of the most common individual apps. It is mostly positive, from the easy learning curve for the new interface and the capabilities it offers, to the number of things Microsoft finally got RIGHT, to the good migration tools.

In addition to the many tools and tips the review mentions, I would add the ability of Word to (via plugins) read/write ODF and to export to PDF and Microsoft's new XPS format."
top

cbhacking cbhacking writes  |  more than 7 years ago

cbhacking writes "The Pentagon is currently considering options for developing "the ability to strike targets around the world within an hour." According to Space.com, there are several main options being considered: an "Advanced Hypersonic Weapon", placing weapon payloads on small space launch vehicles, fitting missile submarines with a new design of ballistic missile with a conventional payload, or placing conventional warheads on the (traditionally nuclear) Trident missiles our subs currently carry.

Aside from the coolness factor of an autonomous hypersonic vehicle which achieves suborbital altitudes but for the most part flies towards its target like an aircraft, the main advantage of the Advanced Hypersonic Weapon seems to be that it wouldn't be confused with a nuclear launch. Several prominent people, including Ted "Series of Tubes" Stevens, have suggested that using Trident missiles would be dangerous as it may cause other countries to believe we are launching nuclear warheads at them. However, it appears to be the option involving the least re-invention of the wheel, and could be operational "before the end of this decade."

The option of weaponizing space launch vehicles seems to already be facing significant opposition. The Advanced Hypersonic Weapon is receiving some funding, but re-arming the Tridents is out at least until completion of a report on — among other things — the military and political issues.

Is it just me, or aren't there any major reasons the other weapons couldn't be equipped with nuclear warheads anyhow? Do we actually need a different weapon for everything?"
top

cbhacking cbhacking writes  |  about 8 years ago

cbhacking writes "The Windows Vista Team has posted a blog about the "Express Upgrade" program. Basically, if you buy a new computer with XP, Microsoft will make the upgrade to Vista available for a relatively low price.

The edition(s) you can upgrade to through this offer vary by what edition of XP you have. For example, Media Center will upgrade to Vista Home Premium, and Professional or Tablet to Vista Business, for a nominal cost. XP Home can be upgraded to either Vista Home Basic or Premium, for a 50% discount off the normal upgrade pricing. Enterprise and Ultimate are not offered in this list. Note that the upgrade versions of Vista will already cost less than the full retail versions; this program reduces the cost further for people who purchase a PC just before Vista comes out (or shortly thereafter).

It seems that very few people actually upgrade the OS; they simply buy a new computer with the new version. Maybe this program will increase the Vista install base in its first few months?"

Journals

top

Another major music store offers unrestricted MP3s

cbhacking cbhacking writes  |  more than 7 years ago

When I started the RealNetworks Rhapsody software this morning, I discovered a cause for some celebration by anybody who supports DRM-free music purchases: the Rhapsody store is now offering some unrestricted MP3 downloads. At present only about 5000 albums (roughly 50000 songs) are available, but that is just an initial offer - I haven't even found an announcement anywhere - and they claim to be working to increase the number of MP3 tracks available.

The MP3s are encoded at 256kbps, and cost no more than the standard DRM-crippled music (which is also 256kbps) at 89c/song for subscribing members, or 99c/song for non-subscribers (the subscription gives the ability to listen to streamed music on demand, starting at $13/month). Prices are US dollars, and I don't know whether the service is available internationally.

The bad news: downloading the music requires running the Rhapsody player software (version 4, just released) and at present it's only available on Windows. Online streaming is available to other OSes through http://rhapsody.com/ (works in Firefox, via a plugin) but the cross-platform Real Player software cannot access the music store, and last I tried it wouldn't run in wine.

Slashdot Login

Need an Account?

Forgot your password?