Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Akamai Warns: Linux Systems Infiltrated and Controlled In a DDoS Botnet

smartr Re:JAVA (230 comments)

Nope... A vulnerability in a library is not a vulnerability in the underlying programming language. Just because the JRE *is* an execution environment, does not mean that the execution environment being run by a malicious user is a vulnerability in the JRE. That's like saying, there's a vulnerability in C, because Flash is written in C and there's a Flash vulnerability. The point is there is a **critical** vulnerability in older versions of the Struts library, which is used to escalate privileges to the JRE. Once you have rights to the JRE, you can copy files and have the JRE execute system commands using the rights given to it by the OS which should not be a root user(honestly, if they wrote the payload in Java this step would not be needed, a server environment is entirely capable of performing DDoS attacks). Also, I'm calling BS on this exploiting a known Tomcat vulnerability. There are no known "critical" vulnerabilities in any version of Tomcat : ...
Basically, people need to patch Struts 2 because of this fucker:
which was fixed in July 2013:

about 1 month ago

News Aggregator Fark Adds Misogyny Ban

smartr Re:Sigh (748 comments)

The belief that homosexuality is not a choice is one I generally concur with. What assumptions and definitions I make about the world are pretty arbitrary. Obviously, every individual has a choice about who they choose to fuck and marry. What defines the start of your life, your sexual identity, and your sexual preference are as arbitrary as those who think God is self evident. Not being shitty tribal jerks over queer ideology would be nice, but I don't really blame the tribe for being feeling vengeful for the way they're generally treated.

about 2 months ago

Google Will Give a Search Edge To Websites That Use Encryption

smartr Re:Why? It's not always necessary (148 comments)

hear hear! Sure, encryption is great and has its uses... But also comes at the cost of processing, configuration, maintenance, and low cost 3rd party providers. GoDaddy is about a to get a shitload of extra customers. When the products in the market are comprable, the well known low cost one is frequently the winner. Thanks Google.

about 2 months ago

FBI Concerned About Criminals Using Driverless Cars

smartr Re:don't drive with nobody in it? (435 comments)

Not needing a passenger happens to be one of the more awesome features of driverless cars... People can effectively have valet drop off for wherever they go. Cars can be shared because you're staying put at a given location for a period of a time. Cars can drive themselves to maintenance. Cars can make delivery runs. Sure, it's another attack vector, but so is putting salt in your eyes. The danger is imminent, don't put salt in your eyes. I think the more eminent threat is that automated cars are going to result in lots of sex happening on the road. I mean really, what do you think happens when you put people in a close quarters private 15 minute outing, with a virtual guarantee of no interruptions and no need for any person to be paying attention to what's going on outside of the car?

about 3 months ago

Google Engineer: We Need More Web Programming Languages

smartr Re:Why? (309 comments)

GWT is just a normal server-client web architecture with the bonus of a component architecture that makes everything like Swing, which is kind of to say you're avoiding Javascript and the DOM, when it's actually your primary presentation layer. Why not just use Ruby on Rails, Struts 2, or Django? In theory, local storage with ECMA might bridge the gap some. CouchDB theoretically supports this so called always online-offline architecture, where you sync everywhere eventually and could run chunks of the system offline (assuming you get everyone to install their own instance of CouchDB). Node.js at least keeps you in mostly one language set... Of course, then you're in a mess of figuring out to use things like Backbone.js and Angular.js...

about 4 months ago

Cable Companies Use Astroturfing To Fight Net Neutrality

smartr Re:Ah so that explains it (142 comments)

I'd recommend asking the libertarians:
A. Do you think Comcast sucks, not just for terrible quality support, but for extorting money from the people you already paid them for the privilege of communicating with a la Netflix? If you desire access to the fastest connection available, Comcast is your provider in most of the country. Should not paying for the highest bandwidth access contractually cover your connecting with whoever you damn well please without Comcast extorting money from the endpoint you are communicating with?
B. Comcast is given exclusive rights to use those lines through local governments. This is the case with pretty much all the cable companies. How do you feel about this collusion?
C. The wires and airspace frequencies are given a free pass through private property. Why shouldn't private property owners use the wires on their land how they wish?
D. Do you think Comcast sucks? Do you have any actual plans that have a chance in hell of working besides telling people to move across the country or swap to a slower connection?

about 5 months ago

Seattle Approves $15 Per Hour Minimum Wage

smartr Re:basic economics (1040 comments)

I imagine the more successful businesses will hire quality employees who they can demand more productivity from. Less productive employees and the unemployed will have less work opportunities. Workers who keep their jobs will be better off but will face a higher level of competition. Prices will increase slightly. Profits might decrease slightly. The gradual phase in will smooth things over. It seems like a pretty clear win for the short term. Getting a job in the long term will be harder and might solidify an underclass that does not earn minimum wage.

about 5 months ago

Seattle Approves $15 Per Hour Minimum Wage

smartr Re:Since when is everyone guaranteed a lifestyle? (1040 comments)

Saying that employers should be the guarantors of the welfare of their employees outside of work sounds a lot like slavery, especially if jobs are scarce due to a high minimum wage.

about 5 months ago

What qualifications should the 'driver' of a fully autonomous car need?

smartr Re:The human is just a passenger (301 comments)

It's an automated car, not a babysitting service...

about 5 months ago

Melbourne Uber Drivers Slapped With $1700 Fines; Service Shuts Down

smartr Re:A Solution (255 comments)

The ride-shares are additionally insured through Uber. Using Uber also causes the rides to be tracked, and removes the handling of cash out of the scenario. Your arguments are some of the exact reasons why you should use Uber over a Taxi company...

about 5 months ago

Report: Comcast and EA To Stream Games To TVs

smartr It's like DRM met killing Network Neutrality (52 comments)

Why do I get the feeling this is going to be one of those things where Comcast degrades other internet traffic because they EA wants DRM you can't break?

about 6 months ago

How 'Fast Lanes' Will Change the Internet

smartr Re:Finally (192 comments)

Netflix is a perfectly good example to look at. There's no reason Netflix's media should be getting privilege over Amazon media, AT&T media, Google media, Comcast media, or some guy in Delaware's media. If I want to use a less popular service or run things over a corporate network linked through the internet, it should not be throttled so that Netflix gets priority. The two main problems seem to be:
1. The internet service providers don't want to upgrade their infrastructure.
2. The internet service providers are unwilling to meter the activities that would actually make them upgrade their network because they can make more money degrading service, not upgrading the network, and not fixing their peering arrangements. ...
How do you "meter" Netflix? ICANN has the root addresses to blocks in networks that can very easily be used to calculate an abstract "distance". If a customer exceeds a certain amount, say X gigabytes from a "long distance" provider, you need to "meter" it and bill them more. This would be neutral and a way of fairly charging customers for their usage. Shady backroom deals with Comcast and Verizon are no way to do honest business when the wires have a right of way through my property.

about 6 months ago

'weev' Conviction Vacated

smartr Re:To the point... (148 comments)

In no way shape or form is a "Browser agent" a security measure. Identifying a user's browser agent is not, never was, and never will be a security or authorization method. If you do any web based testing, you can change your browser agent. It's the equivalent of telling another machine what kind of clothes you are wearing. "Hi! I'm wearing firefox 1.0 today." Then AT&T says, "Neat! Since you said you're wearing firefox, you get data we're legally not supposed to give you." Replace Firefox with your browser environment of choice.

Explain to me how any part of changing a browser agent is, "Accessing a system without authorization", when it is not a method of authorization?

I'll assume you can tell the difference between black and white and move on to what the docket describes as a "brute force attack". A brute force attack means sending a massive amount of data to find collisions with a ***SECURE*** piece of information. For example, a randomized 64 bit number has over 10 quintillion possibilities. To brute force a 64 bit secure number and get 100,000 results, you would need to try on average 100 trillion numbers for each of those results. In this case, the information in question was an incremental number. For example 1 is a number. 2 is the number after that. 3 is the number after 2, and so on. Counting in a visible parameter is not, never was, and never will be a security or authorization method. If you can see a number, and increment it, that does not give AT&T permission to give data they're legally not supposed to give to you.

Explain to me how any part of counting is, "Accessing a system without authorization", when it is not a method of authorization?

about 6 months ago

Navy Debuts New Railgun That Launches Shells at Mach 7

smartr Re:So... (630 comments)

I found it interesting to describe by calculating kinetic energy. A stabbing ~ 185 joules. A gunshot of 45 caliber ACP round ~ 702 joules. A 1 ton vehicle going 100mph ~ 1 megajoule. A giant truck about to hit a series of tubes ~ 30 Megajoules. The kinetic energy of this railgun as it leaves the muzzle ~ 30.9 Megajoules.

about 6 months ago

Brendan Eich Steps Down As Mozilla CEO

smartr Re:I think this is bullshit (1746 comments)

its not wrong to be intolerant of intolerance.

How Tao...

It all depends on your social norms. Are you tolerant of recreational use of crack cocaine? Do you tolerate people openly masturbating nude in the streets? What is your particular stance on bestiality? How about having children participate in sexual acts as part of a cultural practice, even if it was a new cultural practice? Other people's participation in these acts does not affect you any more than other people's participation in marriage. What part of marriage is a basic right? I personally think we should allow same-sex marriage because it's generally proper from an equality perspective, but intolerance is pretty natural and the government generally already favors particular groups...

Brendan Eich might be a bit of a religious bigot. It still doesn't mean that singling someone with different cultural views who is largely tolerant of your cause actually helps your cause. By ostracizing opposing viewpoints, you are likely causing your viewpoint to be ostracized in other less tolerant circles. I don't think targeting Brendan Eich was a sensible move.

about 7 months ago

Massachusetts Court Says 'Upskirt' Photos Are Legal

smartr Re:A new law in not what is needed (519 comments)

I admit this is a bit pedantic, but the judge was right because there is no ambiguity about the meaning of "partially nude". In the same light, secretly taking up-skirt photos does not make you guilty of committing murder.

about 8 months ago

MtGox Files For Bankruptcy Protection

smartr Re:"...and the bitcoins have disappeared." (465 comments)

And who is going to internationally track where all those stolen bitcoins landed downstream? Is some international organization going to go and recover those bitcoins and return them to their proper owners? Actually... this sounds like really good news for actuaries.

about 8 months ago

Interview: Ask Richard Stallman What You Will

smartr Medium of exchange (480 comments)

rms, I recently read you were interested in developments for anonymized digital currency. Currency in its current form is the primary rational for restricting the sharing of information. All currencies I am aware of are based on the currency being scarce, which encourages artificial scarcity of information. Have you seen any attempts at creating digital currencies that are not scarce, but reflect value based on usage and distribution? Search engine tracks ratings of websites. Users get more individual value out of certain information. Perhaps this is all just a pipe dream, but philosophically speaking, what do you think about creating a better carrot as opposed to relying on sticks like the law?

about 8 months ago

Gmail's 'Unsubscribe' Tool Comes Out of the Weeds

smartr Misdirected ham (129 comments)

A lot of the mess I get in my inbox is related to companies not validating email addresses. I've got people doing business transactions with my address and doing things like registering a twitter account. So, in a sense, it's spam but not spam.

about 8 months ago



Songbird 1.0 Released

smartr smartr writes  |  more than 5 years ago

smartr (1035324) writes "The Pioneers of the Inevitable have recently released Songbird 1.0. Sadly, Songbird lacks iPod Touch and iPhone support to be a real iTunes killer. With any luck, the libgpod library will get around Apple's obfuscated hashing algorithms to allow for GPL software to talk to these devices. Regardless, the latest release of Songbird is a great cross platform open source audio player and organizer worth checking out. Here's a cnet review."
Link to Original Source


smartr has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?