Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment "If it ain't broke, don't fix it?" Fuck off. (Score 4, Insightful) 147

I hate that goddamn phrase. When the inevitable time comes when suddenly the old system *does* break, it's no longer under any support, nobody's left at the company who knows how it works, there's no budget for a modern replacement, and it has to be fixed in four hours or the company goes bankrupt. Been there, done that, ate the T-shirt after hours of working with no break for food.

People who say "if it ain't broke, don't fix it" are the same idiots who brag about uptime.

Pro tip: *every* system is broken. The trick is being able to repair or work around the broken parts without disruption, not to just seal it behind a wall and rediscover it years later when trying to track down what's still pinging.

Submission + - Ask Slashdot: Maintaining Continuity in Your Creative Works?

imac.usr writes: I recently rewatched the Stonecutters episode of The Simpsons and laughed as always at the scene where Homer pulls into his parking space — right next to his house. It's such a great little comic moment.

This time, though, it occurred to me that someone probably wrote in to complain that the power plant was normally in a completely different part of town, no doubt adding "I really hope somebody got fired for that blunder." And that got me to wondering: how do creators of serial media — books, web comics, TV shows, even movie serials — record their various continuities? Is there a story bible with the information, or a database of people/places/things, or even something scribbled on a 3x5 card?

I know Slashdot is full of artists who must deal with this issue on a regular basis, so I'd be interested in hearing any perspectives on how (or even if) you manage it.

Submission + - Multiple Vulnerabilities in Pocket

vivaoporto writes: Clint Ruoho reports on gnu.gl blog the process of discovery, exploitation and reporting of multiple vulnerabilities in Pocket, the third party web-based service chosen by Mozilla (with some backslash) as the default way to save articles for future reading in Firefox.

The vulnerabilities, exploitable by an attacker with only a browser, the Pocket mobile app and access to a server in Amazon EC2 costing 2 cents an hour, would give an attacker unrestricted root access to the server hosting the application.

The entry point was exploiting the service's main functionality itself — adding a server internal address in the "read it later" user list — to retrieve sensitive server information like the /etc/passwd file, its internal IP and the ssh private key needed to connect to it without a password. With this information it would be possible to SSH into the machine from another instance purchased in the same cloud service giving the security researcher unrestricted access.

All the vulnerabilities were reported by the researcher to Pocket, and the disclosure was voluntarily delayed for 21 days from the initial report to allow Pocket time to remediate the issues identified. Pocket does not provide monetary compensation for any identified or possible vulnerability.

Slashdot Top Deals

Did you know that if you took all the economists in the world and lined them up end to end, they'd still point in the wrong direction?

Working...