In an object oriented language an object is a combination of data and behavior (methods). If you want to transfer data across the wire with an object oriented system the natural place to put that data is into an object. Not trusting object serialization originates from a lack of knowledge on what is happening and you should educate yourself. Everything you want to know about serialization is here: https://docs.oracle.com/javase...
What you are doing by designing your own data formats is adding inherent whitelisting. Your reader/parser probably does a "new" on a specific set of classes. That prevents the type of vulnerability (arbitrary class loading) being discussed in the article but also requires you to reinvent the wheel for every data format.
You could have been using http://docs.oracle.com/javase/... to serialize data since that would give you an easy way to inspect the data type before recreating. You can even setup inspection/whitelisting with traditional object serialization if you wanted to: http://www.ibm.com/developerwo... .
Nowadays JSON is a pretty universal data format for wire transfers. You can deserialize JSON to trusted data-centric classes like Map, List, String, Integer, etc. That would give you universal encoding/decoding without arbitrary class loading. Unless you are required by a 2nd party to use some proprietary wire format there is no reason to roll-your-own encoding/decoding.
The type of class loading you are talking about would only happen when using object serialization with RMI and codebase setup to allow for dynamic class downloading. Object serialization only sends the data portion of an object. If you want to know more you can look at how the format works: http://docs.oracle.com/javase/...
All three of your computers have dual monitor output. You have 2 monitors.
Put a 3+ computer KVM on each monitor, connect each computer to both KVMs.
The only drawback is you would have to press buttons on KVMs to change you modes, you wouldn't be able to use the keyboard shortcuts keys that some KVMs support.
Home ownership in a HOA area is kind of like owning the Doctor's TARDIS, you are stuck with the outside looking one way but you can do just about anything you want on the inside.
All my phone lines are cat5e. You just need to find where your POTS is wired into your internal lines and put in a switch and rewire the cables/jacks you want as ethernet instead of phone. If you don't have cat5e or better you either need to wire your house depending on the level of difficulty or just use 802.11ac.
For my house: The phones/tablets that the kids use take less power than the 2011 laptops. The lcd tvs take less power than the projection tvs. The coax line amp takes less power than the cable dvr that is gone in favor of OTA. My Netgear R6300 uses a max of 38W vs the old WRT54g at 8W max, so that is the only less efficient device.
Considering China's on/off relationship with North Korea I wonder if this is a response to the episode about Leonard dating the North Korean spy - http://bigbangtheory.wikia.com...
Wait, you're saying there was a market for C++ Linux jobs at some point? If you want to use Linux and be the most marketable as a developer you develop in Java (with a little JavaScript sprinkled in). If you want to stay more low-level have you looked at getting into the embedded space?
A gameklip gives you portable gaming which OUYA can't offer. A better comparison would be a slimport/mhl adapter to add HDMI out to your phone and the SixAxis app to pair a PS3 controller over bluetooth. If you already have a phone then buying these accessories is cheaper than an OUYA and you get a better controller and a larger selection of games.
Well CentOS is effectively a RedHat owned project project now http://www.redhat.com/about/ne.... And RedHat has screwed with their source code in order to cause pain to commercial derivatives: http://linux.slashdot.org/stor... so while there is a difference you can't exactly say either company likes 3rd party derivatives.
I don't even think licensing is the main issue. Content (and making money off of it) is the big issue. iTunes could probably be modified to support additional phone types so music and movies aren't that big an issue but the real issue is the app store. Apple makes money on all apps sold (and in-app purchases) and none of those apps would work on an android device (without a WINE type API compatibility) so your talking about Apple creating a second Apple app store with zero existing apps. They'd have to encourage android developers to submit their apps to the google play store and the apple android store. That should sound familiar because that is basically what Amazon does. And you know what, their app selection sucks. No way would Apple ever release a phone that supports the google play store.
Maybe Apple should have pushed web apps a little more... If JavaScript was a "native" development language with true phone hardware APIs then we'd have apps that could enable them to swap the underlying platform without making their app store irrelevant.
Any particular reason you've singled out device updates? Seems like you'd be want to block or QoS all large or multi-range binary transfers. You should have a transparent caching proxy server in place (which is where you'll be able to inspect and block large transfers).
Everybody keeps saying this without detailing it! What lack of streaming support bothers you? The PS4 has the standard set of NetFlix type internet streaming apps from what I can tell. Are there missing apps? If you are talking about local lan UPnP are you really even using that? I know I used UPnP for a while on my PS3 but lately all my movies that I've tried to rip and copy to my NAS haven't been playable on the PS3. They have this Cinavia piracy protection feature that automatically disables audio when play protected movies. So unless you are using the PS3's UPnP for home movies or torrents that have modified audio I'd almost consider the PS4 as supporting the same streaming options.
I'm actually curious because I'm very iffy about getting a PS4 and I'm might just go with a Steam box instead. Please provide some detail.
In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe".
Slashdot Mirror
In an object oriented language an object is a combination of data and behavior (methods). If you want to transfer data across the wire with an object oriented system the natural place to put that data is into an object. Not trusting object serialization originates from a lack of knowledge on what is happening and you should educate yourself. Everything you want to know about serialization is here: https://docs.oracle.com/javase...
What you are doing by designing your own data formats is adding inherent whitelisting. Your reader/parser probably does a "new" on a specific set of classes. That prevents the type of vulnerability (arbitrary class loading) being discussed in the article but also requires you to reinvent the wheel for every data format.
You could have been using http://docs.oracle.com/javase/... to serialize data since that would give you an easy way to inspect the data type before recreating. You can even setup inspection/whitelisting with traditional object serialization if you wanted to: http://www.ibm.com/developerwo... .
Nowadays JSON is a pretty universal data format for wire transfers. You can deserialize JSON to trusted data-centric classes like Map, List, String, Integer, etc. That would give you universal encoding/decoding without arbitrary class loading. Unless you are required by a 2nd party to use some proprietary wire format there is no reason to roll-your-own encoding/decoding.
Here is an example of how to whitelist classes by subclassing ObjectInputStream: http://www.ibm.com/developerwo...
The type of class loading you are talking about would only happen when using object serialization with RMI and codebase setup to allow for dynamic class downloading. Object serialization only sends the data portion of an object. If you want to know more you can look at how the format works: http://docs.oracle.com/javase/...
Do what exactly? You can program routes into drones and have them fly by gps.
All three of your computers have dual monitor output. You have 2 monitors.
Put a 3+ computer KVM on each monitor, connect each computer to both KVMs.
The only drawback is you would have to press buttons on KVMs to change you modes, you wouldn't be able to use the keyboard shortcuts keys that some KVMs support.
Home ownership in a HOA area is kind of like owning the Doctor's TARDIS, you are stuck with the outside looking one way but you can do just about anything you want on the inside.
Isn't that how the Doctor's TARDIS usually looks when it lands someplace? I mean he isn't exactly good a parallel parking the thing.
All my phone lines are cat5e. You just need to find where your POTS is wired into your internal lines and put in a switch and rewire the cables/jacks you want as ethernet instead of phone. If you don't have cat5e or better you either need to wire your house depending on the level of difficulty or just use 802.11ac.
http://www.datacenterdynamics....
For my house:
The phones/tablets that the kids use take less power than the 2011 laptops.
The lcd tvs take less power than the projection tvs.
The coax line amp takes less power than the cable dvr that is gone in favor of OTA.
My Netgear R6300 uses a max of 38W vs the old WRT54g at 8W max, so that is the only less efficient device.
Considering China's on/off relationship with North Korea I wonder if this is a response to the episode about Leonard dating the North Korean spy - http://bigbangtheory.wikia.com...
http://www.electronista.com/ar...
Wait, you're saying there was a market for C++ Linux jobs at some point? If you want to use Linux and be the most marketable as a developer you develop in Java (with a little JavaScript sprinkled in). If you want to stay more low-level have you looked at getting into the embedded space?
Sounds like you still want to teach so why not teach in the private sector? http://www.microsoft.com/learn...
A gameklip gives you portable gaming which OUYA can't offer. A better comparison would be a slimport/mhl adapter to add HDMI out to your phone and the SixAxis app to pair a PS3 controller over bluetooth. If you already have a phone then buying these accessories is cheaper than an OUYA and you get a better controller and a larger selection of games.
Go to http://www.reddit.com/r/Futuro...
I tried to post the list here but /. helpfully said "Your comment has too few characters per line (currently 33.9)."
http://blog.stackoverflow.com/...
Well CentOS is effectively a RedHat owned project project now http://www.redhat.com/about/ne.... And RedHat has screwed with their source code in order to cause pain to commercial derivatives: http://linux.slashdot.org/stor... so while there is a difference you can't exactly say either company likes 3rd party derivatives.
I don't even think licensing is the main issue. Content (and making money off of it) is the big issue. iTunes could probably be modified to support additional phone types so music and movies aren't that big an issue but the real issue is the app store. Apple makes money on all apps sold (and in-app purchases) and none of those apps would work on an android device (without a WINE type API compatibility) so your talking about Apple creating a second Apple app store with zero existing apps. They'd have to encourage android developers to submit their apps to the google play store and the apple android store. That should sound familiar because that is basically what Amazon does. And you know what, their app selection sucks. No way would Apple ever release a phone that supports the google play store.
Maybe Apple should have pushed web apps a little more... If JavaScript was a "native" development language with true phone hardware APIs then we'd have apps that could enable them to swap the underlying platform without making their app store irrelevant.
I don't like the beta either and hopefully every story being full of complaints will help but don't forget to complain on the survey and answer the request for email based feedback too.
Survey: http://www.surveymonkey.com/s/sdredesign
mailto:feedback@slashdot.org?subject=beta_feedback
Add comments to http://beta.slashdot.org/journal/634763/update-on-the-march-of-progress-how-slashdots-new-look-is-shaping-up
Any particular reason you've singled out device updates? Seems like you'd be want to block or QoS all large or multi-range binary transfers. You should have a transparent caching proxy server in place (which is where you'll be able to inspect and block large transfers).
Everybody keeps saying this without detailing it! What lack of streaming support bothers you? The PS4 has the standard set of NetFlix type internet streaming apps from what I can tell. Are there missing apps? If you are talking about local lan UPnP are you really even using that? I know I used UPnP for a while on my PS3 but lately all my movies that I've tried to rip and copy to my NAS haven't been playable on the PS3. They have this Cinavia piracy protection feature that automatically disables audio when play protected movies. So unless you are using the PS3's UPnP for home movies or torrents that have modified audio I'd almost consider the PS4 as supporting the same streaming options.
I'm actually curious because I'm very iffy about getting a PS4 and I'm might just go with a Steam box instead. Please provide some detail.
This is Slashdot. What do we know about GET HEAD methods?
I was going to say that they return Futurama quotes but then I checked and they are gone. When did that happen?
In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe".
Get two synology nas boxes. They support nas to nas backups. http://www.synology.com/support/tutorials_show.php?q_id=461