Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Businesses

Can Zuckerberg Leap the Great Firewall of China? 102

Posted by CmdrTaco from the international-hoodie-of-mystery dept.
Hugh Pickens writes "The Guardian reports that Facebook's Mark Zuckerberg is in China and has met with Robin Li, the head of Baidu, as he toured the facility of the biggest search engine in China. Zuckerberg has made no secret of his desire to expand in China, where Facebook has been blocked by the government censors' Great Firewall since 2008. On a recent global map of Facebook users, China appeared as a black spot, though it has a bigger internet population than any country on earth. 'How can you connect the whole world if you leave out a billion people?' says Zuckerberg. China already has two Facebook imitators: Kaixin, with 80 million users, and Renren, with 150 million, but these lack the economic clout and global reach of Zuckerberg's company although they do have the advantages of language and cultural awareness, as well as the protection of the Great Firewall. 'If Facebook wanted to enter China, it would not have to change its function, because netizens here are used to copycats already, but it must, like other international internet companies, obey Chinese laws and regulations,' said Hu Yong, a professor at Beijing University's School of Journalism and Communication."
Software

Getting Through the FOSS License Minefield 96

Posted by timothy from the well-it's-more-like-a-small-blackberry-thicket dept.
dotancohen writes "Here's an exercise: Write a GPLed server for solving Freecell that the graphical game would communicate with using TCP/IP or a different IPC mechanism. Easy, right? Except for that pesky licensing bit. Our own Shlomi Fish gives an overview of the various options in picking up a licence for one's FOSS project, and tries to give some guidelines choosing one."

Comment Some attack suggestions (Score 1) 175

by kent.dickey (#27057485) Attached to: Google NativeClient Security Contest

I browsed the PDF, and it seems they have some trampoline code in the first 64KB of memory that has unsafe instructions that allow that code to do more dangerous things. The idea is that the untrusted code can only interface with the trampoline code, which checks that nothing funny is going on, then it interacts with the real OS.

I see a primary weakness is that they support threads. Start a thread, and have it try to interfere with another thread calling the trampoline code. Basically, mess about with the "stack" trying to get it to jump to a non-32-byte boundary. The trampoline code seems to be a very weak spot, and attacking it seems like the easiest area to go after. It's very difficult to make the trampoline code safe from attacks from other threads in the same address space (it actually may not be possible to make it bullet proof). Try to attack the trampoline to make failing security checks into passing ones--the idea is the trampoline code has to store data somewhere--just try to modify it.

I think they may have some weaknesses in mmap, mprotect, etc.--they need to check these calls very carefully. Try to remap the trampoline code to another address (which would then be vulnerable). Try to map in a library over the trampoline code. The PDF itself said they check open() carefully, but then not read()...this shows they are probably being too clever and not defensive enough.

Another area is create races--is it possible to provide one copy of the code to the checker, and another copy actually gets loaded into memory? This is surprisingly difficult to get right, but depends a great deal on how they load code (or, rather, how the code is presented to them in the first place, I guess by a browser).

Note that any check the trampoline code makes might be bypassable by a clever thread, which changes the data after the sandbox check is complete but before the OS call is made. OS calls which take in buffers probably don't "snapshot" the data to protect it being changed by threads, so there may be a large window in which threads can break the sandbox security (the security check passed, but then a thread changes the data to unsafe values before the OS acts on it).

And of course, try to break out of the sandbox by exposing OS-level bugs or just extreme events such as opening too many files, overflowing structures, to create a way out of the sandbox.

If you have time to try all of the above, enjoy your $512.
Image

Slashdot's Disagree Mail Screenshot-sm 167

Posted by samzenpus from the crazy-is-as-crazy-does dept.
I get a lot of mail from obviously unbalanced people. Enough in fact, that I've often wondered if there was a institution that allowed their patients to only read Slashdot. We've even had a few visits from some questionable individuals. A man who tried to bribe me with a car if I let him "reverse engineer" Rob Malda's Life comes to mind. He insisted on Rob being present for the process and couldn't explain to me what it entailed, so I suggested he leave. The personal visits are rare, however, compared to the amount of mail I get. Here are a few of my favorites; let's hope these people have started to take their medication. Read below and don't be worried if you don't understand all of it.
Image

Slashdot's Disagree Mail Screenshot-sm 251

Posted by samzenpus from the sell-outs dept.
There is no shortage of comments about us selling out or running advertisements as stories. As you might expect there is no shortage of mail with the same theme. What I enjoy most about them is all the different corporate entities and sometimes political parties, that we are supposedly working for. If even half of them were true, I would have a stack of W-2s as long as my arm every year for the tax man. The truth of the matter is, nobody here sits in their Microsoft smart chair, talking on their minion iPhone, while playing in the Google money pool. (If someone knows how to get into the Google money pool, please send me a mail.) Conspiracy theories have been around as long as man, so I guess it should come as no surprise that Slashdot has a few of it's own. Read below to find out who is pulling our strings.
Book Reviews

The Ultimate CSS Reference 124

Posted by samzenpus from the read-all-about-it dept.
stoolpigeon writes "Cascading Style Sheets are now the dominant method used to format web pages. Even something as simple as modifying a WordPress blog can involve digging around a bit in CSS. A quick search at Amazon on CSS returns over 7 thousand books in the computer category alone. This book claims to be the ultimate, though, and that made me approach it with a bit of skepticism. Sure, it could be a decent reference, but is it truly the ultimate reference? I admit I was curious to see." Read on for the rest of JR's review.

Comment Re:There is a reason (Score 1) 633

by kent.dickey (#24118559) Attached to: Linguistic Problems of GPL Advocacy

This is called "clean room" engineering.

However, it is my understanding there is no settled legal basis for this extreme view. Can you cite any court cases where copying concepts from code was considered illegal even though the copy differed significantly? And where it was ruled that a clean-room technique would have been valid?

I think the closest analogy which seems pretty settled is book authorship. If I write a book about a girl, her dog, a scarecrow, and a tin man heading to Oz to meet a wizard, etc., then I have a good chance of losing a copyright infringement claim by the owners of the Wizard of Oz. Even if I didn't read the book, and if only a 3rd party told me the broad outline of the story. Unless it's funny. (Which is true--parody is an exception).

However, lots of people write books inspired by other books, even "borrowing" characters, and generally this is OK. It doesn't matter whether you read the book or not, or whether some 3rd party told you the story.

Having Your ID Stolen Leads to Job Loss, Prosecution 404

Posted by Zonk from the jobs-are-for-living-though dept.
ConfusedVorlon writes "The BBC reports on the sad case of Simon Bunce. Mr. Bunce had his identity stolen, and credit cards were made to capitalize on the theft. Some of those cards were used at sites offering child pornography, and as a result Mr. Bunce was swept up in Operation Ore. The poor man was prosecuted for his 'crime', and was eventually found innocent, but in the meantime he lost his job. It took him six months to find another at a quarter of the salary. 'The police's computer technicians take several months to examine [his computers and records], and Mr Bunce could not afford to wait to repair the damage done to his reputation. "I knew there'd been a fundamental mistake made and so I had to investigate it." Recent surveys suggest that as many as one in four Britons have been affected by it. In 2007 more than 185,000 cases of identity theft were identified by Cifas, the UK's fraud prevention service, an increase of almost 8% on 2006.'"
Science

The Rules of the Swarm 166

Posted by samzenpus from the welcome-to-the-collective dept.
Hugh Pickens writes "Researchers are starting to discover the simple rules that allow swarms of thousands of relatively simple animals to form a collective brain able to make decisions and move like a single organism. To get a sense of swarms, Dr. Iain Couzin, a mathematical biologist at the Collective Animal Behaviour Laboratory at Princeton University, builds computer models of virtual swarms with thousands of individual agents that he can program to follow a few simple rules. Among the findings are that swarm behavior has patterns common to many different species, that just as liquid water can suddenly begin to boil, swarm behavior can also change abruptly in character, and that just a few leaders can guide a swarm effectively by creating a bias in the swarm's movement that steers it in a particular direction. The rules of the swarm may also apply to the cells inside our bodies and researchers are working with cancer biologists to discover the rules by which cancer cells work together to build tumors or migrate through tissues. Even brain cells may follow the same rules for collective behavior seen in locusts or fish. "How does your brain take this information and come to a collective decision about what you're seeing?" Dr. Couzin says. The answer, he suspects, may lie in our inner swarm."
Transportation

MIT Reinvents Transportation With Foldable, Stackable Car 158

Posted by Zonk from the so-tired-of-owning-a-car dept.
alphadogg writes "Parking in a downtown area is one of the least enjoyable elements of driving. MIT researchers may have found a solution: a car you can fold up before parking. The boxy conveyance folds in half, and the plan is for the vehicle to fit eight in one conventional parking spot. 'Franco Vairani, a Ph.D. candidate at MIT and one of the original designers in the City Car project, said his team is taking a vending-machine approach to city travel. In his vision of the future, people would find a stack of electrical-powered City Cars on nearly every block in the city. When a user would want to drive somewhere in town, he would swipe a smart card or cell phone across an electronic reader and take a car out of the stack. When he gets to a business meeting across town, a shopping mall or their doctor's office, the driver simply leaves the car in a stack at his destination. The drivers don't own the cars. They simply rent them. It's fully self-service. The next person takes a car out of the stack, and off he goes.'"
It's funny. Laugh.

Submission + - Man With Missing Brain Employed As Bureaucrat

Submitted by
mbstone
mbstone writes: "In a medical story to be published in next week's Lancet, doctors say a 44 year-old French civil servant leads a normal life despite CT and MRI scans that show that his brain is 'virtually absent.' The civil servant is said to have an IQ of 75 despite his brain's grey and white matter being 'completely crushed against the sides of his skull.'"
Education

Submission + - Would you buy an OLPC, if you had to paid extra...

Submitted by VoxVeritas
VoxVeritas writes: How much would you pay for an OLPC laptop, if the extra money you paid would buy one for a worthy child? It seems to me that it would be a good way to get more machines into the hands of kids that need them by charging enough to sell them to geeks like us, so that for each OLPC sold would buy a machine for a child that needs one. Plus, imagine all the free software development that the program would get. The BBC has a pretty good article about the OLPC. http://news.bbc.co.uk/2/hi/technology/6679431.stm _ How much would you pay $200, $250, $300 or $333(if it came with a Mr. Wizard Laptop bag)?
Handhelds

Submission + - What's Keeping US Phones in the Stone Age?

Submitted by knapper_tech
knapper_tech writes: After seeing the iPhone introduction in the US, I was totally confused by how much excitement it generated in the US. It offered no features I could see beyond my Casio W41CA's capabilities. I had a lot of apprehension towards the idea of a virtual keypad and the bare screen looked like a scratch magnet. Looks aren't enough. Finally, the price is rediculous. The device is an order of magnitude more expensive than my now year-old keitai even with a two-year contract.

After returning to the US, I've come to realize the horrible truth behind iPhone's buzz. Over the year I was gone, US phones haven't really done anything. Providers push a miniscule lineup of uninspiring designs and then charge unbelievable prices for even basic things like text messages. I was greeted at every kiosk by more tired clamshells built to last until obselescense, and money can't buy a replacement for my W41CA. I finally broke down and got a $20 Virgin phone to at least get me connected until I get over my initial shock. In short, American phones suck, and iPhone is hopefully a wakeup call to US providers and customers. Why is the American phone situation so depressing?

Before I left for Japan about a year ago, I was using a Nokia 3160. It cost me $40 US and I had to sign a one year contract that Cingular later decided was a two-year contract. I was paying about $40 a month for service and had extra fees for SMS messages.

After I got to Kyoto, I quickly ended up at an AU shop and landed a Casio W41CA. It does email, music, pc web browsing, gps, fm radio, tv, phone-wallet, pictures (2megapixel), videos, calculator etc. I walked out of the store for less than ¥5000 (about $41) including activation fees, and I was only paying slightly over ¥4000 (about $33) per month. That included ¥3000 for a voice plan I rarely used and ¥1000 for effectively unlimited data (emails and internet).

Perhaps someone with more knowledge of the costs facing American mobile providers can explain the huge technology and cost gap between the US and Japan. Why are we paying so much for such basic features?

At first, I thought maybe it was something to do with network infrastructure. The US is a huge land area and Japan is very tiny. However, Japan would have lots of towers because of the terrain. Imagine something like Colorado covered in metropolitan area. Also, even though places like rural New Mexico exist, nobody has an obligation to cover them, and from the look of coverage maps, no providers do. Operating a US network that reaches 40% of the nation's population requires nowhere near reaching 40% of the land area. The coverage explanation alone isn't enough.

Another possibility was the notion that because Americans keep their phones until they break, phone companies don't focus much on selling cutting edge phones and won't dare ship a spin-chassis to Oklahoma. However, with the contract life longer, the cost of the phone could be spread out over a longer period. If Americans like phones that are built to last and then let them last, the phones should be really cheap. From my perspective, they are rediculously priced, so this argument also fails.

The next exlpanation I turned to is that people in the US tend to want winners. We like one ring to rule them all and one phone to establish all of what is good in phone fashion for the next three years. However, Motorola's sales are sagging as the population got tired of dime-a-dozen RAZR's and subsequent knockoffs. Apparently, we have more fashion sense or at least desire for individuality than to keep buying hundreds of millions of the same design. Arguing that the US market tends to gravitate to one phone and then champion it is not making Motorola money.

At last I started to wonder if it was because Americans buy less phones as a whole, making the cost of marketing as many different models as the Japanese prohibitive. However, with something like three times the population, the US should be more than enough market for all the glittery treasures of Akiba. What is the problem?

I'm out of leads at this point. It's not like the FCC is charging Cingular and Verizon billions of dollars per year and the costs are getting passed on to the consumer. Japanese don't have genetically superior cellphone taste. I remember that there was talk of how fierce mobile competition was and how it was hurting mobile providers' earnings. However, if Japanese companies can make money at those prices while selling those phones, what's the problem in the US? It seems to me more like competition is non-existent and US providers are ramming yesteryear's designs down our throats while charging us an arm and a leg! Someone please give me some insight.
Communications

Submission + - Are Mobile Phone Masts Responsible For Illness?

Submitted by drewmoney
drewmoney writes: According to a major UK study, symptoms of illness caused by mobile phone masts is "all in the mind".

Excerpts from http://news.bbc.co.uk/2/hi/health/6914492.stm

Dozens of people who believed the masts triggered symptoms such as anxiety, nausea and tiredness could not detect if signals were on or off in trials.

However, the Environmental Health Perspectives study stressed people were nonetheless suffering "real symptoms".

Campaign group Mast Sanity "http://www.mastsanity.org/" said the results were skewed as 12 people in the trials dropped out because of illness.

Slashdot Top Deals

The moon is made of green cheese. -- John Heywood

Close