Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Good Hosting Service For a Parody Site?

timothy posted yesterday | from the just-keep-backups dept.

The Internet 104

An anonymous reader writes "Ok, bear with me now. I know this is not PC Mag 2014 review of hosting services. I am thinking of getting a parody website up. I am mildly concerned about potential reaction of the parodee, who has been known to be a little heavy handed when it comes to things like that. In short, I want to make sure that the hosting company won't flake out just because of potential complaints. I checked some companies and their TOS and AUPs all seem to have weird-ass restrictions (Arvixe, for example, has a list of unacceptable material that happens to list RPGs and MUDS ). I live in U.S.; parodee in Poland. What would you recommend?"

iFixit Tears Apart Apple's Shiny New Retina iMac

timothy posted yesterday | from the good-work-if-you-can-get-it dept.

Desktops (Apple) 106

iFixit gives the new Retina iMac a score of 5 (out of 10) for repairability, and says that the new all-in-one is very little changed internally from the system (non-Retina) it succeeds. A few discoveries along the way: The new model "retains the familiar, easily accessible RAM upgrade slot from iMacs of yore"; the display panel (the one iin the machine disassmbled by iFixit at least) was manufactured by LG Display; except for that new display, "the hardware inside the iMac Intel 27" Retina 5K Display looks much the same as last year's 27" iMac." In typical iFixit style, the teardown is documented with high-resolution pictures and more technical details.

Apple's Next Hit Could Be a Microsoft Surface Pro Clone

timothy posted 2 days ago | from the they-have-the-technology dept.

Input Devices 242

theodp writes "Good artists copy, great artists steal," Steve Jobs used to say. Having launched a perfectly-timed attack against Samsung and phablets with its iPhone 6 and iPhone 6 Plus, Leonid Bershidsky suggests that the next big thing from Apple will be a tablet-laptop a la Microsoft's Surface Pro 3. "Before yesterday's Apple [iPad] event," writes Bershidsky, "rumors were strong of an upcoming giant iPad, to be called iPad Pro or iPad Plus. There were even leaked pictures of a device with a 12.9-inch screen, bigger than the Surface Pro's 12-inch one. It didn't come this time, but it will. I've been expecting a touch-screen Apple laptop for a few years now, and keep being wrong.

Google Releases Android 5.0 Lollipop SDK and Nexus Preview Images

Soulskill posted 2 days ago | from the progressively-sillier-names dept.

Android 73

An anonymous reader writes: As promised, Google today released the full Android 5.0 Lollipop SDK, along with updated developer images for Nexus 5, Nexus 7 (2013), ADT-1, and the Android emulator. The latest version of Android isn't available just yet, but the company is giving developers a head start (about two weeks), so they can test their apps on the new platform. To get the latest Android 5.0 SDK, fire up Android SDK Manager and head to the Tools section, followed by latest SDK Tools, SDK Platform-tools, and SDK Build-tools. Select everything under the Android 5.0 section, hit "Install packages...", accept the licensing agreement, and finally click Install. Google also rolled out updated resources for their Material Design guidelines.

FBI Warns Industry of Chinese Cyber Campaign

samzenpus posted 3 days ago | from the protect-ya-neck dept.

Security 105

daten writes The FBI on Wednesday issued a private warning to industry that a group of highly skilled Chinese government hackers was in the midst of a long-running campaign to steal valuable data from U.S. companies and government agencies. "These state-sponsored hackers are exceedingly stealthy and agile by comparison with the People's Liberation Army Unit 61398 ... whose activity was publicly disclosed and attributed by security researchers in February 2013," said the FBI in its alert, which referred to a Chinese military hacker unit exposed in a widely publicized report by the security firm Mandiant.

Adobe: Click-to-Play Would Have Avoided Flood of Java Zero-days

Soulskill posted 3 days ago | from the of-pots-and-kettles dept.

Java 111

mask.of.sanity writes: Oracle could have saved mountains of cash and bad press if Click-to-Play was enabled before Java was hosed by an armada of zero day vulnerabilities, Adobe security boss Brad Arkin says. The simple fix introduced into browsers over the last year stopped the then zero day blitzkrieg in its tracks by forcing users to click a button to enable Java.

Drupal Fixes Highly Critical SQL Injection Flaw

samzenpus posted 4 days ago | from the protect-ya-neck dept.

Security 53

An anonymous reader writes Drupal has patched a critical SQL injection vulnerability in version 7.x of the content management system that can allow arbitrary code execution. The flaw lies in an API that is specifically designed to help prevent against SQL injection attacks. "Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks," the Drupal advisory says. "A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks."

Ask Slashdot: Handling Patented IP In a Job Interview?

samzenpus posted 4 days ago | from the what's-mine-is-mine dept.

Businesses 223

ZahrGnosis writes I'm in the midst of a rather lengthy job interview; something I haven't done for some time as I've worked as a contract employee with a much lower barrier to entry for years. Recently, I've started patenting some inventions that are applicable to my industry. One hope is that the patents look good to the prospective employer on a resume, but I don't want them to take the existing IP for granted as part of the deal. I'm worried I have the wrong attitude, however. My question is, how should I treat licensing of the patent as a topic with respect to the topic of my employment? Should I build the use of my patented ideas into my salary? Should I explicitly refuse to implement my patented IP for the company without a separate licensing fee? If I emphasize the patent during the interviews without the intent to give them the IP for free, is that an ethical lapse — a personal false advertising? At the same time, when I work for a company I feel they should get the benefit of my full expertise... am I holding back something I shouldn't by not granting a de-facto license while I work for them? I perceive a fine balance between being confrontational and helpful, while not wanting to jeopardize the job prospect nor restrict my ability to capitalize on my invention. Thoughts?

Oracle Database Certifications Are No Longer Permanent

Soulskill posted 5 days ago | from the you're-now-allowed-to-forget-things dept.

Oracle 108

jfruh writes: It used to be that you could get an Oracle database certification and declare yourself Oracle-certified for the rest of your career. That time is now over, causing a certain amount of consternation among DBAs. On the one hand, it makes sense that someone who's only been certified on a decade-old version of the product should need to prove they've updated their skills. On the other, Oracle charges for certification and will definitely profit from this shift."

Google Finds Vulnerability In SSL 3.0 Web Encryption

Soulskill posted 5 days ago | from the another-day-another-vuln dept.

Security 68

AlbanX sends word that security researchers from Google have published details on a vulnerability in SSL 3.0 that can allow an attacker to calculate the plaintext of encrypted communications. Google's Bodo Moller writes, SSL 3.0 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue. Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response (PDF) is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.

Can the Sun Realistically Power Datacenters?

Soulskill posted 5 days ago | from the nobody-needs-wyoming-for-anything-important dept.

Power 235

1sockchuck writes: A massive solar array in central New Jersey provides the daytime power for a server farm delivering online financial services for McGraw Hill. The 50-acre field of photovoltaic solar panels symbolizes a new phase in the use of renewable energy in data centers. Massive arrays can now provide tens of megawatts of solar power for companies (including Apple) that can afford the land and the expense. But some data center thought leaders argue that these huge fields are more about marketing than genuinely finding the best approach to a greener cloud.

Confidence Shaken In Open Source Security Idealism

Soulskill posted 5 days ago | from the with-many-eyes-something-something dept.

Open Source 264

iONiUM writes: According to a few news articles, the general public has taken notice of all the recent security breaches in open source software. From the article: "Hackers have shaken the free-software movement that once symbolized the Web's idealism. Several high-profile attacks in recent months exploited security flaws found in the "open-source" software created by volunteers collaborating online, building off each other's work."

While it's true that open source means you can review the actual code to ensure there's no data-theft, loggers, or glaring security holes, that idealism doesn't really help out most people who simply don't have time, or the knowledge, to do it. As such, the trust is left to the open source community, and is that really so different than leaving it to a corporation with closed source?"

ISPs Violating Net Neutrality To Block Encryption

timothy posted 5 days ago | from the connecting-pipe-a-to-tab-q dept.

Communications 149

Dupple writes One of the most frequent refrains from the big broadband players and their friends who are fighting against net neutrality rules is that there's no evidence that ISPs have been abusing a lack of net neutrality rules in the past, so why would they start now? That does ignore multiple instances of violations in the past, but in combing through the comments submitted to the FCC concerning net neutrality, we came across one very interesting one that actually makes some rather stunning revelations about the ways in which ISPs are currently violating net neutrality/open internet principles in a way designed to block encryption and thus make everyone a lot less secure.

Dropbox Wasn't Hacked, Says Leaked Credentials Are From Unrelated Services

timothy posted 5 days ago | from the effect-is-the-same-to-users dept.

Privacy 29

An anonymous reader writes Dropbox has denied that they have been hacked, and that the login credentials leaked by an unknown individual on Pastebin are those of Dropbox users. "Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox," Anton Mityagin from the Dropbox security department noted in a post.

Windows Flaw Allowed Hackers To Spy On NATO, Ukraine, Others

Soulskill posted about a week ago | from the hand-in-the-cookie-jar dept.

Windows 97

An anonymous reader writes: Reuters reports that a cybersecurity firm has found evidence that a bug in Microsoft's Windows operating system has allowed hackers located in Russia to spy on computers used by NATO, Ukraine, the European Union, and others for the past five years. Before disclosing the flaw, the firm alerted Microsoft, who plans to roll out a fix on Tuesday. "While technical indicators do not indicate whether the hackers have ties to the Russian government, Hulquist said he believed they were supported by a nation state because they were engaging in espionage, not cyber crime. For example, in December 2013, NATO was targeted with a malicious document on European diplomacy. Several regional governments in the Ukraine and an academic working on Russian issues in the United States were sent tainted emails that claimed to contain a list of pro-Russian extremist activities, according to iSight."

Tiny Wireless Device Offers Tor Anonymity

Soulskill posted about a week ago | from the fits-discreetly-in-left-nostril dept.

Open Source 68

Lucas123 writes: The Anonabox router project, currently being funded through a Kickstarter campaign, has surpassed its original $7,000 crowdfunding goal by more than 10 times in just one day. The open source router device connects via Wi-Fi or an Ethernet cable making it harder for your IP address to be seen. While there have been other Tor-enabled routers in the past, they aren't small enough to fit in a shirt pocket like the Anonabox and they haven't offered data encryption on top of the routing network. The device, which is being pitched as a way for consumers to securely surf the web and share content (or allow businesses to do the same), is also being directed at journalists who may want to share stories in places where they might otherwise be censored.

VeraCrypt Is the New TrueCrypt -- and It's Better

Soulskill posted about a week ago | from the not-that-anybody-cares-about-your-tax-returns-and-old-school-papers dept.

Encryption 220

New submitter poseur writes: If you're looking for an alternative to TrueCrypt, you could do worse than VeraCrypt, which adds iterations and corrects weaknesses in TrueCrypt's API, drivers and parameter checking. According to the article, "In technical terms, when a system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1,000 iterations. For standard containers and other (i.e. non system) partitions, TrueCrypt uses at most 2,000 iterations. What Idrassi did was beef up the transformation process. VeraCrypt uses 327,661 iterations of the PBKDF2-RIPEMD160 algorithm for system partitions, and for standard containers and other partitions it uses 655,331 iterations of RIPEMD160 and 500,000 iterations of SHA-2 and Whirlpool, he said. While this makes VeraCrypt slightly slower at opening encrypted partitions, it makes the software a minimum of 10 and a maximum of about 300 times harder to brute force."

Slashdot Login

Need an Account?

Forgot your password?