Become a fan of Slashdot on Facebook


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Consumers may not notice ... (Score 5, Interesting) 289

by 0x000000 (#44245229) Attached to: Android Co-Founder: Fragmentation "an Overblown Issue"

but I as a developer sure do notice. The biggest issue I keep running into (developing backend software for my companies frontend software) is that testing on a mix of devices means learning the quirks for every single manufacturers user interface that they have bolted on top of Android. We've also had some weird issues based upon the Android version installed, across two devices with the same Android version number (4.0 for example) with the carrier/device manufacturers changes we have a bug on one but not the other.

This is highly annoying.

One issue that Android users hail as the greatest thing since sliced bread (alternate keyboards) actually meant having to write work-arounds because some keyboard implementations were simply broken, or actually caused issues with entering text in certain situations. An alternate keyboard shouldn't be able to have that sort of an effect!

Fragmentation is real, and it is an issue. Consumers don't notice because they only use a single device, developers and power users that may switch more often than the average user will notice and it is an issue.

Comment: Re:Physical Access (Score 1) 201

by 0x000000 (#43900215) Attached to: Researchers Infect iOS Devices With Malware Via Malicious Charger

You seem to have lost the ability to read. No, I was specifically stating 100 mA, that is the max any USB device is allowed to pull from any charger or device it is plugged into, UNLESS it asks the host for more OR the D+/D- lines have specific voltages/are shorted.

Apple requires specific voltages precisely because the standard of just shorting the D+/D- lines don't provide enough information. Just how much current should an iPad attempt to pull from a charger that has the D+/D- lines tied together? It can be unsafe for a device to pull more amps than a power supply can provide for a variety of different reasons, especially with switch mode power supplies.


As for your last point, while you and I may agree on one thing, that it is is a vulnerability and it should get fixed, it isn't a classic vulnerability. It doesn't take advantage of bad coding practices, there is no buffer overrun, or null terminated string vulnerability which is what you were referring to in your original post.

Comment: Re:Inductive charging (Score 1) 201

by 0x000000 (#43896795) Attached to: Researchers Infect iOS Devices With Malware Via Malicious Charger

The biggest problem I have with my Touchpad (I own one too) is that when inductively charging it won't charge nearly as fast, and I've had plenty of times where it has been sitting on the inductive charger for a day or so, and I pick it up and 20 minutes later the battery is dead. Whereas charging it over USB seems to always charge it fully and properly.

Comment: Re:Physical Access (Score 1) 201

by 0x000000 (#43896757) Attached to: Researchers Infect iOS Devices With Malware Via Malicious Charger

Why does this guy keep getting modded up to informative? There is no Apple DRM, there is no blocking of 3rd party chargers. Apple devices while charging look for certain voltages on the D+/D- lines, there is absolutely no communication between the device and the charger. The only reason there is a requirement for certain voltages on the D+/D- lines is so that the Apple device knows it is safe to pull a certain amount of amperage from the charger...

Comment: Re:Physical Access (Score 5, Informative) 201

by 0x000000 (#43896733) Attached to: Researchers Infect iOS Devices With Malware Via Malicious Charger

This is so completely wrong that I don't even know where to begin.

1. Apple hasn't put DRM in their chargers
2. Apple devices look for a certain voltage on the D+/D- traces to know whether they can charge at 100 mA, 500 mA, or more, specifically the iPad can draw more power
3. Apple devices are also USB devices, when they connect to a USB host (such as the BeagleBone) they communicate using standard USB, that is the only ID string that gets sent back, along with a request for at least 500 mA of power to be provided by the host.
4. This doesn't actually use any specific vulnerability, rather it uses the fact that when you connect an iOS device you can using a provisioning profile side-load apps onto the phone. This is generally done during development or for example in corporate settings. These same provisioning profiles can be used to disable certain features, or set up emails accounts, wifi passwords, and all that fun stuff, you know to provision a device in a corporate scenario.

It's a shame that your comment got voted up as informative when it contains so much mis-information.

Comment: I'm interested in seeing analysis of WebKit/Blink (Score 4, Interesting) 127

by 0x000000 (#43733307) Attached to: How Maintainable Is the Firefox Codebase?

I am wondering how this stacks up to a project like WebKit/Blink, as well as seeing that project against the original KHTML. Sure it is a renderer/HTML layout/JavaScript engine only, and won't contain the browser chrome like Firefox, but I think it would be interesting to look at.

Many people have also suggested that WebKit is easier to embed into various different environments (more so than Gecko) and that it has been able to evolve faster mainly due to the code base being cleaner, and I wonder if this holds true when looking at it from a complexity standpoint, or is it more complex but simply laid out better and in a way that is easier to understand?

Comment: Re:Blizzard Casts Arcane Logic! Customer Is Stunne (Score 2) 518

by 0x000000 (#40528177) Attached to: Linux Users Banned From <em>Diablo III</em> Servers

Even if Windows were running on bare hardware I could play tricks with the clock, I could hide memory from any program that Blizzard could come up with to attempt to scan regions of memory, I still could pull all of the tricks you just mentioned. How? Using good ol' virtualisation extensions that exist within processors.

Not only that but I own the hardware, I have physical access to the hardware, there is no good way for any program to insert itself at a higher level. I control the boot process so I get to choose where the OS is loaded, I get to change the way it works and interacts. Writing kernel level modules that tamper with time like you are suggesting that would be simple with Wine are entirely possible using straight Windows as well.

Thats the biggest problem, Blizzard doesn't own, they don't manufacture and they can't guarantee that no-one has tampered with the hardware. There comes a point where the software is running on top of the hardware and it has to trust that the hardware is not being malicious. This is how cable box hacks, and satellite box hacks used to work.

Blizzard can write a root kit all they want, if people want to cheat and if there is enough incentive to do so people will find ways to defeat the rootkits behaviour and cheat. Until everything is sent over an RDP like protocol and no code executes client side this is a problem that is going to exist for the foreseeable future.

Comment: Re:In related news (Score 4, Interesting) 460

by 0x000000 (#36783946) Attached to: Lennart Poettering: BSD Isn't Relevant Anymore

This issue has been going on for a long time, and each time a BSD developer asks to see solid docs so that he/she can port the API to be used on FreeBSD they get a bunch of incomplete specs that are absolute shit.

Warner Losh asking for good specs to implement udev on top of devd which has done the things that udev now does for years.

Comment: Re:The real question (Score 1) 439

by 0x000000 (#36564040) Attached to: Power Grid Change May Disrupt Clocks

If the device/board already has 120v coming in on it, then having a device keep its time from AC is rather simple. One zener diode, a resistor and an open pin on a microcontroller are all that are required.

Take a look at some zero cross detection circuits, they are extremely simple, and the parts for them are cheaper than for a crystal that is accurate at time keeping when the power companies keep the 60 Hz in sync.

Comment: Re:Not that...please NOT THAT! (Score 1) 175

by 0x000000 (#35077162) Attached to: More Trouble Expected When Egypt Comes Back Online

I am probably missing something funny here. Egypt did not remove their top-level domain entries, that wouldn't accomplish anything. Egypt stopped announcing their ASN, and thus all of the routes for their assigned IP addresses.

Removing just the top-level domain would still allow people to use IP addresses to communicate over the network, and would still allow outgoing traffic as well.

Comment: Re:Slightly unrelated (Score 1) 214

by 0x000000 (#35077130) Attached to: Comcast Activates IPv6 Trial Users

You can do NAT on an IPv6 connection the same way you are doing NAT on IPv4. Also, instead of using NAT to protect resources you should be using a border firewall that has the same rules for IPv6 as you have for your IPv4. That way from the outside even if they scan one of your IP addresses it still has the proper ports closed.

Assign internal IPv6 addresses to your network, and then NAT on those. Simple.

Whatever gateway you have that is doing route advertisements for IPv6 is still the primary location for firewalling, and is still your single point in and out of your network.

Comment: What functionality are we BSD users ... (Score 2, Insightful) 193

by 0x000000 (#34901756) Attached to: Xfce 4.8 Released

What functionality are we BSD users going to be missing? It didn't really say in the article at all other than that apparently there is a lot of Linux only stuff out there in the open source world. As a developer I am saddened by this fact, that what I have available for use on Linux won't work the same on FreeBSD for example making my life as a developer and porter much harder.

Where does the problem lie? Is it in the library developers or in the OS developers? What can be done to change the situation? Where are some places we can start looking?

To communicate is the beginning of understanding. -- AT&T