Become a fan of Slashdot on Facebook


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:The market is saturated (Score 1) 97

No, not really. As long as it gets security updates and still works, why bother upgrading? I just replaced the battery in my iPhone and expect to get at least a couple more years out of it.

Anecdata: with every new iPhone release, a little less than half of my friends upgrade. The next release, the other almost half upgrade.

Most people I know are on a every-second-phone cycle that seems to suit them pretty well. There's a very small percentage (maybe 2-3 people) who always upgrade to have the latest one, and a slightly bigger group who stick with their phone until it dies.

Comment Re:Clickbaiting (Score 4, Insightful) 404

Is it though? I'm not American but share the rest of the world's fascination with the crazy shit Trump says, but I don't follow him on Twitter or read everything he says - but even /I/ know he regularly refers to the NYTimes as "the failing NYTimes".

As he's the President of the United States, whether or not he's using the 140 character limit of Twitter to say things that are trivially provably false I think is extremely important. If the NYTimes is failing then Trump is saying a true thing.

If it's not failing, then he's making a statement as if it's a fact that is at best just completely unsubstantiated, and at worst a complete lie to push some other agenda. Given his position in the world, it's important to try to establish a baseline for how useful his word is.

So far it doesn't seem to be very useful.

Comment Re: Finally, something to do (Score 1) 47

Yeh, Aussie Rules and rugby are much more interesting!

I spent a year in the US when I was a kid - I lived in SF the year the 49ers won the Superbowl. So I had exposure to it at an early age and got caught up in the excitement of our American-living family & friends, which lasted for several years.

I stopped watching it for a while - mostly because of time differences and difficulty getting access to games. I moved to the US for two years recently and was looking forward to keeping up with it, especially while in a big college football town (Columbus OH). I went to one game and left at 3/4 time because I couldn't stand it any long; we were there for like 3 hours, it was something like 40-0, and just unwatchable. Atmosphere was amazing through with so many people.

Comment Finally, something to do (Score 3, Interesting) 47

Something for people watching American football to do in between the vast amounts of waiting to see people actually playing football.

Apparently the latest Superbowl had only 16 minutes of the ball being in play.

I used to enjoy watching the game - and I see this as an Australian who never grew up watching it. I am not sure if I just finally lost patience with the downtime or if it actually changed and they started ad-stuffing like crazy.

Comment Blame (Score 4, Insightful) 17

Article is a bit weird - he says "there are many different URLs attackers can use to carry out the same attack", like this somehow wasn't a direct result of them not updating WordPress to the latest version after the most recent exploit was announced.

WordPress is low hanging fruit for attackers because of its vast install base; if you use it for anything that you care about you need to be totally vigilant because the 0dayz will be in the hands of everyone immediately.

I also like how he tries to deflect blame from WordPress with a nice general statement, when the real blame should be on whoever was responsible for installing it and maintaining it in the first place :)

You almost have to go out of your way to stop WordPress from auto-updating itself these days; whoever configured it probably thought they were being clever or more secure by, say, setting the file system permissions to read only. That seems like a good idea (& is mentioned in WordPress hardening guides), but unfortunately it will generally block the auto-update from working.

I would say that you're definitely more at risk from an out-of-date WP install than you are with a writeable filesystem (subject to how many plugins you're running, themes, etc). (Requiring a web-process writeable filesystem for WordPress is arguably one of its scariest requirements even though it enables a large amount of functionality.)

Overall though, I'd say this is a fairly typical worst-case scenario for a lot of people running WP in this kind of capacity. Your blog gets hacked, you serve malware or spam or look stupid for a bit, but (as long as your blog isn't where your core data is, and of course it isn't because you're not crazy, right!) you just restore from backup, update, and you're back on track.

Comment Re:I almost believed in WordPress (Score 2) 119

I subcontract with marketing companies so I work with some aspect of WordPress development on a daily basis.

Doing agency work in the last few years I know my colleagues struggled with the process of managing WordPress within source control. If we built a website for someone based in WordPress we'd deploy it - but then if the customer upgraded it or installed a theme or something it would instantly be out of wack with what was in source control.

Managing the site in source control from there was a bit of a pain as you'd have to download the new version, add new files, commit differences, etc - every time there was a WordPress update.

I would not be surprised if a lot of the compromised sites were in this situation - deployed by agencies who said to their clients "don't worry, we'll keep it up-to-date for you" and deployed from source control without thinking about how to maintain it, and then giving up when they realised it meant regular updates to their dev copy - thus losing all the security advantages of WP's self-updating feature. Or giving up when their clients modified their own site extensively thus making it a real nightmare to merge.

I'm sure there are many good ways of managing this process. WordPress being the "cheap" alternative means a lot of people are getting what they pay for.

Comment WP auto-patching should have mitigated this better (Score 2) 119

So I have five separate personal WordPress sites for testing/hacking/tinkering and casually look after one for a friend. Every single one of mine updated on the day the patch for this problem was fixed.

I got email notifications from each of my sites notifying me they were updated before I heard about the problem. I read the WP blog post about it and thought "shit, that would have been a huge problem if my sites hadn't auto-updated!" and forgot about it completely.

(Incidentally, the next night I had a much, much higher than normal number of brute force login attempts. Not sure if related.)

I'd be very interested to find out why these 1.5m sites did not automatically update. I wonder if they're being manually updated or what the deal is. But if auto-patching worked as it was supposed to this vulnerability would have been mitigated much more quickly.

Comment Re:If you're going to deregulate, go all in (Score 1) 292

I am an Australia so don't quite get how this works. But what power does the FCC have to enforce commercial restrictions at a state level?

I understand states' rights are a Big Deal for Americans (I lived in Ohio for two years and learned that the USA is really more of a union of states, rather than one country - just like in the name!).

I know the FCC has broad federal powers but does it have the power to step into a state and break up a state-or-city-based commercial broadband monopoly? If you're a big believer in the right of your state to make its own decision, presumably you'd object to the FCC coming in and doing this.

But without it you're never going to get a fair playing field for broadband and - as I think we see already - consumers suffer while large corporations profit. How is that resolvable without granting the federal government more power over states? Or am I misunderstanding how the FCC can operate?

Comment Re:US degraded from full democracy in 2016 ?!?! (Score 1) 277

I was going to mod your down for "typical leftist" but instead I'll be optimistic.

I get most of my insight about American politics from Slashdot as it's one of the few places I read with comments that I can stand.

In most political posts this kind of expression is really common - something is "typically right" or "typically left". But the examples are always completely fucking identical! I've lost count of the number of times that I've read here comments like "typical Republican blah blah - you're complaining about Obama and forgetting that it's the result of Bush policies".

I don't disagree that blaming Trump for Obama stuff is wrong. Blaming him for basically anything except the last week of horrors is wrong. But when you guys sit around saying "typical leftist" and "typical right wing" it is completely fucking bemusing to those of us sitting on the wings seeing the exact same behaviour from both sides.

Comment Re:Or just do this. (Score 1) 152

Certification means jack shit in this day and age.

I don't know how true that is as a general statement - maybe more so in the US than elsewhere? But I've spent most of my life in Australia where the regulations seem to have kept most bad hardware out of the way of most consumers. We have pretty strong consumer protection laws so unless you're literally buying shit off ebay in China and importing it directly you can buy most stuff pretty safely.

I'm in the UK now and it seems reasonably similar here, but I spent two years in the midwest and also didn't have any problems.

One thing I'd note though - my time in the midwest I definitely came across more of the mindset that "oh we don't need them regulations, we should just have a free market and fuck those clowns in DC trying to tell us what we can and can't do".

That mindset I think lasts precisely up until the point that you destroy your thousand dollar smartphone with a $2 shitware charger, and then it switches to "there ought to be a law".

I guess my point is: it's dead easy for me to imagine that in the US certifications have been watered down as a result of this kind of thinking. But it's just another example of regulation that, in my mind, is incredibly beneficial to the citizens and completely worth it. It's nice to know that you can buy electrical equipment and it won't destroy your other stuff - or kill you.

Slashdot Top Deals

"Engineering meets art in the parking lot and things explode." -- Garry Peterson, about Survival Research Labs