Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Battle #2, the insurance companies. (Score 1) 226

When sold in Africa, or procured by other organizations, it can be acquired for about 24 cents per pill (International Drug Price Indicator Guide).

Without getting into the dark world of drug pricing, it's clear that $18.58 a pill, which nearly a 75x markup, is probably a wee bit too high, particularly for a drug whose two components aren't exactly on the cutting edge of anti-retroviral therapies.

Submission + - Password storage service LastPass hacked. (

BitterOak writes: LastPass is a service which claims to securely store all your passwords in one safe place. According to this story, it proved not to be quite as safe as claimed. Apparently they were hacked. Hackers obtained people's e-mail addresses, password reminders, and encrypted versions of their master passwords. With these encrypted passwords, hackers could run brute force attacks to obtain weak passwords very easily. And the reminders may help them to figure out more secure passwords as well.

Comment It has "scam" written all over it! (Score 5, Insightful) 175

Beyond the obvious problems with the concept (the cost of goods sold for the coils themselves, the extreme improbability of a kerosene-powered drone built by college students being able to make intercontinental flights, the fact that there's no way in hell the FAA or the State Department would permit such a flight, etc.), there's several big red flags on this that scream "scam:"

  1. The creator of the project has put up two projects on KS before. The most recent, the "Banana Project," is either an attempt to troll or the sort of half-baked (pun intended) project I'd expect from someone who wants to get paid to buy a 3-D printer to screw around with. The earlier project, "Super Mario Bros. Z The Movie, was cancelled and pulled, presumably because Nintendo had an issue with some random guy creating what I can only imagine is an amateur animation project. This is not a good track record, especially since the more recent project is from just three months ago.
  2. The creator has no information on his bio, has not backed any other projects, and has no other real information available. Accountability seems non-existent.
  3. The photo of the putative tesla coil is a vague sketch. There's no other technical information on how they'll be built or what they'll look like. As for the drone, there's no information on how the drone will be built or how it will be controlled. There is no prototype, only hand-waving claims. This screams "vaporware." A good rule of thumb on KS is "never pledge to something unless there's at least a prototype."
  4. The submitter of this Slashdot article is an "anonymous submitter." Who wants to bet that the submitter is actually "Trevor Nestor?"

This KS is an excellent example of a KS from which you want to stay far, far away. Most of the time, the KS community is pretty wise to these sorts of things, but I suppose the combination of "North Korea," "tesla coils," and submissions to Slashdot will lure people in. Don't be a sucker.

Comment Re:It is unfair competition (Score 1) 204

As much as people complain about its occasionally byzantine bureaucracy and its sometimes lapses into small-time corruption (such as giving open terms to the politically powerful), Memphis Light, Gas, and Water (MLGW) serves over 400k subscribers, rapidly fixes outages in a major metropolitan area prone to thunderstorm damage, repeatedly wins awards for reliability of service and water quality, and has a AA bond rating. It offers extremely favorable terms and payment programs for low-income subscribers. Oh, yeah, and it also has .

But hey, municipal utilities can't do anything right, right?

The problem isn't municipal utilities. The problem is poor process and intentional handicapping. When you have neither of these -- for instance, because your municipal utility is run as an independent organization with elected oversight that has actual skin in the game (after all, if you live in the city and use the utility, you have a good reason to not have it suck) -- the results are positive, and there's some great examples of how this works.

Comment Re: Desparate Microsoft pulls a "Sun Microsystems" (Score 1) 525

While I'm not a lawyer, I would assume that Microsoft would have to keep that promise by the principles of equitable and promissory estoppel. Reliance upon the promise (which has been around for several years now) is reasonable, and so Microsoft attempting to revoke it and sue would immediately cause damage to those who did so. I think an extremely strong argument could be made in court that the promise more or less permanently estops Microsoft from patent actions regarding the .NET Framework.

Comment Re:Surprisingly Infrequent (Score 3, Insightful) 564

We use SCCM extensively at my office, and yes, it's entirely possible to tell it to reimage every single computer. You just need to target the deployment at "All Systems" and make it mandatory. My guess is that some admin picked the wrong collection, which is fairly easy to do in SCCM 2007 (2012 has Collection folders, which helps with that), and there's no warning messages -- just a summary of "this deployment is going to these devices, click Finish to do it." Of course, most other mass management tools assume that the admins know what they're doing, so they don't have much in the way of guard rails either.

One of the more obnoxious elements of SCCM is that there's no real way to recall a command you send out; clients pick up policy at periodic intervals, and without manual intervention, they'll just grab the policy and do what it says even if you kill the server in question. You can block deployments by taking down distribution points (if the clients can't grab content, they won't run the deployment), but you still have to be fairly quick about it to stop it.

What we do to prevent these sorts of disasters is implement process around the use of the ConfigMgr console and ensure only the people who know how to use it actually use it. To prevent an OS reimaging incident, our OS deployments go through a static set of collections by process and are always optional (requiring a manual touch, either at PXE boot or in the UI) except for a specific set of collections that are segregated in their own folder and have names and descriptions with scary words that make it clear what's going to happen. For instance, in our "Clean Reimage" folder, we have a collection that says, "Windows 7 Reimage (Clean, PXE, Forced)" with a description to the effect of, "*** A computer placed in this collection will be REIMAGED and LOSE ALL LOCAL DATA. Local state is NOT preserved or transferred. ***" If we were a larger IT organization, we'd probably use SCCM's role-based security to limit access to clean reimages to a specific group of people.

Comment Misleading summary (Score 5, Informative) 366

If you actually bother to read the Federal Register text, you can see in the second paragraph of the introduction that the JOBS Act, and this subsequent regulatory structure, only applies to crowdfunding where the reward is a security. It specifically explains that this is different from the current model of crowdfunding in the U.S., where the donors receive some "token of value" related to the project, not a share of future financial returns. The SEC isn't trying to regulate the current system, but is trying (as directed by that law) to allow crowdfunding where the donor award is a security; the current regulatory structure, based on the Securities Act, largely makes this sort of model impossible due to the various requirements of public offerings.

So, there's nothing to get up in arms about. This is just a move by the SEC to allow something that isn't currently permissible under U.S. law, not an attempt to "tax Kickstarter" or "regulate Indiegogo" or whatever other nonsense people claim.

Comment Source control (best) or Offline Files (okay) (Score 1) 238

You have programmers. You have multiple projects. They might be working offline. For this, you really need a Distributed Source Control system such as git or mercurial. I personally recommend mercurial as it's got good Windows tools (TortoiseHg and HgScc for Visual Studio integration). You can put your "pure" repository on your share, then have the programmers push to it -- or, better yet, have an "incoming" for each project to which anyone can push, then a "pure" to which only project leads have write access and into which they can push approved versions.

If, for some reason, you simply can't run source control, Windows offers Offline Files functionality that can sync individual folders if you set them up correctly. What this means is that you need to ditch this "shared drive" concept and set up your file shares correctly -- by which I mean having multiple shares, one for each project. Users then connect to the share in question and choose to make it offline, or you create drive maps and enforce offline files using group policy.

Comment Re:From the ashes into the fire? (Score 4, Informative) 253

Actually, as the people who found the first RT jailbreak noticed, the only thing keeping Windows RT from running ARM compiled applications (which you can create in Visual Studio, even!) is a policy that mandates that only Microsoft-signed executables can run outside of the WinRT environment. If Microsoft removed that restriction by changing a single registry key, all of that compatibility would suddenly appear. In fact, .NET apps distributed in PE form and compiled for Any CPU would be able to run without being recompiled at all.

Comment Re:Sounds good, But! (Score 3, Informative) 341

Yes. Turn off Secure Boot in the UEFI firmware menu (accessed through Advanced Startup), then boot off the USB Linux boot device of your choice. I expect a modern distribution of Linux will have drivers for most of the hardware inside the Pro. Alternatively, run it in Hyper-V (or VMware, or VirtualBox, or the hypervisor of your choice), since it's an x86 Windows 8 device with hardware virtualization support.

Only the RT has the "permanently locked" Secure Boot setting. The Pro is a full-fledged i5 device that can run Linux just fine.

Comment Re:Actually: Why are these needed? (Score 3, Informative) 405

No. Windows handles DST rules in the registry, so it's perfectly capable of date-dependent DST rule handling. The article discusses those recommendations as a way to avoid problems caused by issues with Outlook and Exchange 2003, both of which have their own unique ways of handling TZ changes (basically, they fail to store TZ information with dates, so TZ changes screw up the display of appointments). The problems were largely addressed in Outlook and Exchange 2007 and completely fixed in the 2010 versions, which keep the appointments in GMT-plus-offset format.

There's legitimate complaints you can have with the way Windows handles TZ changes -- personally, I'm not a fan of having to install TZ patches from Windows Update and I really dislike how Windows keeps the RTC in local time instead of GMT -- but don't blame it for the failings of antiquated and soon unsupported Office programs.

Comment Re:Hyper-V or vSphere. (Score 1) 191

Honestly, I've not found that to be the case. In most cases, you can disable the integration drivers in the guest, then move the VM to the new virtualization platform and start it back up. You may need to do a startup repair or in-place upgrade on an older version of Windows; Windows 7 (2008 R2) and 8 (2012), however, are fairly resilient.

The smoothest way to do it, though, if you've got the time, is to use the new platform's P2V tool to create a new virtualized VM based on the old one. This is how I've moved guests from Virtual Iron and Oracle VM to Hyper-V. In general, I'd say this is probably the smoothest way to move a VM running any OS to any other hypervisor, as it gives you a backup copy on the old hypervisor if needed and ensures that any special drivers are injected for the first startup.

Comment Not doomed, but in need of some help (Score 1) 737

There's lot Microsoft could do to make solid progress, starting, naturally, with getting rid of Steve Ballmer.

* Subordinate the desktop to the Modern interface. Give each program that isn't written for Modern its own virtual desktop and make them act like Modern apps in the charm bar, SideView, and the like. This whole "desktop is desktop, Modern is Modern" nonsense has got to go.
* Make a Modern version of Office.
* Remove the "Windows Store apps only" restriction on ARM so it can benefit from backwards compatibility. Backwards compatibility is the major selling point of Windows (enterprise management is the other).
* Start selling Windows to ARM device manufacturers in much the same way DOS was sold to the various 8 and 16 bit computer manufacturers. Go one step further and let people buy copies of Windows for ARM at a reasonable price to put on their own devices.
* Consider selling Windows as a subscription product, similar to Office Home Premium.
* Stop changing the API to chase your competitors. WinRT is a pain for everyone on the client side and doesn't really help drive devs to the platform. Instead, seeing JavaScript (of all things!) as one of the "key" platforms for Modern on MSDN drives away other developers. Likewise, telling WPF, WinForms, and Silverlight developers that much of what they know is useless (because WinRT is /just different enough/ to be incompatible with all of these) isn't the best way to make friends with developers.
* Correct your internal struggles by not having groups fighting with each other. If this means divesting business units or firing managers, so be it.
* Stop hiring H1B consultants and engaging in weird hiring practices, like "Interview 2.0" questions and direct out of college hires. Find the best developers for your own organization and hold on to them, rather than grinding down fresh graduates. Your developer tools group seems to understand this.

Comment Re:Secularism (Score 2, Insightful) 694

It can with a simple rule: a law is, prima facie, a violation of the separation of church and state when the only articulable purpose of the law is religious in nature. For a law to not run afoul of this, it has to have some purpose to society that isn't derived from religious principles. That doesn't mean that it can't have a purpose derived from such principles, only that that can't be the only purpose. For instance, most religions prohibit the killing of other people, but preventing murder has non-religious purpose as well. An example of a law that would run afoul of the rule would be a dictate that attempts to convert people from one religion to another is punishable by death. It has no articulable secular purpose, and therefore wouldn't be permitted. (A more recent and U.S.-specific example of a law with no articulable secular purpose is the banning of civil unions with the same rights and benefits as marriages.)

The reason why this rule works in the U.S., at any rate, is because a law that only has a religious purpose is either an establishment of religion (by granting extra rights to a religious group) or an impediment to its free exercise (by removing rights from those who follow a different religion or none at all, which is in itself a religion in this view).

Slashdot Top Deals

Loan-department manager: "There isn't any fine print. At these interest rates, we don't need it."