Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Re:Urg. (Score 1) 43 43

Ah, there’s nothing like WWIW2FA (We Wish It Was Two Factor Auth) to improve your bank security...

See this random image we made you choose at sign up? YUP! That’s proves we’re us!!! No chance an MitM could get that!

And this extra random string you entered after that other random string? That makes it TWICE as secure!!!

I’m not without simpathy that 2FA balloons support costs from people who lack the mental facalties to understand what 2FA is, much less keep a token with them when they want to access their bank, but the time has long since passed for it to be required for “important” accounts like banks.

Comment Re:Where's the hardwired switch? (Score 3, Insightful) 157 157

Killing the receiver would disable the entertainment system. I'd agree that's a far better situation than the possibility of disabling my brakes, but a non-techy with a screaming four-year-old who wants to watch Frozen for the 300th time while driving to see grandma might feel differently. The confirmed attack on their eardrums may well be worse than the theoretical attack on their brakes...

That said, one thing that would make sense in terms of a physical lockout is firmware updates. The attack required rewriting the firmware on the radio in order to enable sending arbitrary commands over to the CAN bus. Not unlike the write-protect jumper for a BIOS update on a motherboard, it would make sense to have a physical jumper be installed before writes to any EEPROM / flash in a car would be possible.

Most writable chips I've seen have a physical pin that's required to be connected to power or else it's impossible to write to them, regardless of whatever software flaws might cause valid write commands to be sent to the chip. Ship that disabled by default, and have an access panel or something when field upgrades are necessary. Better than a jumper, maybe a momentary contact button that you have to physically hold down for the upgrade to succeed?

As far as design goes, it seems like the design included a "simple" network interface chip that was designed to moderate access to the CAN from the more advanced software running on the radio / display. Why was that chip even field upgradable? If your goal is to have a limited, controlled interface between two systems moderated by some kind of microcontroller, FFS make that uC read-only mask ROM!

I'm also inclined to wonder whether there was zero signature checking on firmware updates or whether the attack exploited a flaw in whatever checking their was. My guess would be no checking at all...

Comment Re:Really? (Score 1) 157 157

I've got a problem with splitting that particular hair (design).

I'm sure they don't design the things for the wheels to fly off when you're going down the highway at 70, but nobody in their right mind would try to call it NOT a "defect" if that did indeed happen to a vehicle.

The fact that they failed to design in adequate security is a defect in the design.

Comment Re:Oh hell no! (Score 1) 273 273

There's nothing about my example nor about Uber that's "every day that you need to be there at 5 PM." In both cases, the time & place are agreed upon between contractor & client on a per-instance basis. The client's willingness to continue doing business with a particular contractor is based upon said contractor's past reliability at meeting the agreed upon conditions, but that's the essence of any business arrangement.

Comment Re:dependent contractors (Score 1) 273 273

Or unless a third party was stirring the poop to ensure their own established business model remains unchallenged.

Have you seen what it costs to get a taxi driver's license in NYC? I can't think of any reason they might want to prevent others from driving people around with a much smaller upfront investment.

Comment Re:Oh hell no! (Score 1) 273 273

I'm not sure Uber as a middle man disqualifies the contractor status completely. (Other things might, though.)

Compare to a sub-contractor in a web design gig. UberConsultCorp contracts with the client, takes their money. They call me to do some WordPress plugin work and pay me for it, of course retaining a cut for themselves. No question I'm a 1099 contractor, but I may not have had contact with the real "customer" nor could I have done the work without UCC farming it out to me.

The time & place situation muddies the contractor status, but that's not unheard of in 1099. "I need this done by 5pm!" is still a valid 1099 gig. (You can bet you're getting my "you pissed me off and I don't like you" rate, but...) That's the time covered. Say I'm contracting to do hardware maintenance for a company, then it's, "We need you here by 5pm!" Time & place, but still clearly contractor status.

I'm not sure the negative consequences of declining a gig necessarily hurt the 1099 status either. If UCC calls me up and I decline the job, it doesn't seem unreasonable that they'd look to find more dependable subs in the future. Their choice to call someone else next time doesn't mean they "fired" me as an employee.

I'm not sure (other than nanny state, etc.) why there's such a push to re-class Uber's activities. If you could show me a rash of drivers being harmed in such a way that being "employees" would have protected them, maybe I'd feel differently. As it is, it seems like there are a large number of drivers content to work as contractors and Uber is obviously willing to pay them as such. It sounds like consenting adults conducting mutually beneficial business. (Unless you paid $1,000,000 for a NYC hack license, then I could see why you'd want to do everything you could to disrupt Uber's business model even though you're not really a party to it at all...)

Comment Re:Pipistrel did not buy the motors? (Score 1) 107 107

Let's expand that analogy a bit:

Imagine if by the act of firing up these linked cores, AcmeCo could somehow cause serious damage or death to property or people anywhere near where this computer might be. Further suppose that this possibility was a relatively common thing and regulation existed to allow manufacturers such as Intel the ability to object to particular uses of their products on the grounds that such damage or death was likely to occur with a particular (mis-)use of their products.

That's pretty much the case for aviation as I understand it. If this thing crashes into the Channel, it kills anyone it lands on, smashes any ships in its path, and probably costs lots and lots of money to recover the thing from the bottom of the ocean before it can release whatever chemicals might be inside it (batteries) and cause pollution. The component manufacturers of the parts of a plane have the ability to block use of their parts for applications which they know to be unsafe (or don't know to be safe).

Now... No argument what so ever that the timing and other business relationships (dare I say conflicts of interest?) at play here make Siemens' actions more than a bit suspect. But the underlying legal mechanism that allows them to object is probably not a bad thing.

Hypothetically, suppose they know the windings on their motors won't hold up to the salty sea air over the Channel, and they'd be likely to fail. I don't see anything to suggest that's the case, but it's at least scientifically plausible I think that there might be some limitation of their design that would make it inappropriate for Pipistrel's use. (Yes, I'm giving Siemens a huge benefit of the doubt here. "Plausible." Barely...)

Comment Re:So paying more in the long run is better? (Score 1) 53 53

You can pretty much assume that should that happen, the revenue stream from any outstanding leases would be part of the company's assets sold off in the bankruptcy.

You'll continue to pay *someone* your leasing fees for the entire term of the original contract. Might not be the same company you started with, but someone will buy the contract out for pennies on the dollar and keep on invoicing you for the dollars.

Comment Lose the bricks? (Score 1) 597 597

Question for engineer / mathy types that can do the conversion loss calculations:

Given:

  1. A lot of things geeks run have power bricks that output DC.
  2. Most of these run on similar voltages.
  3. Quite a lot of them have some "fudge" where they can actually run fine on quite a bit higher or sometimes lower voltage than what their included bricks put out.

I think:

  1. One big AC-DC converter in the basement that puts out a "good enough" voltage for most of your toys is (much?) more efficient than a myriad of little bricks strewn around the house
  2. DC power transmission losses are negligible in something the size of a single family dwelling.

Would there be anything substantive to gain by putting in a maybe 10-12v, multi-amp power supply in the basement and running it to the various places you plug things in? Big-ass USB power supply @5v would cover a lot of things, but more stuff like streaming TV players, maybe laptops, and the like might be able to run from a bit higher voltage.

Granted, the opportunities for shorts, magic blue smoke release, and general safety issues are probably way more problematic than what you'd save in power conversion, and you will still need 110v to run big motors, and the like, but...

Comment Re:But can we believe them? (Score 1) 99 99

Doesn’t matter whether the identity is linked to phone or the card. On first activation of a new subscriber, have the SIM and the carrier they’re subscribing to do a key exchange dance. DH, PFS, etc. Burn the fuse on the SIM, and the SIM can’t be rewritten, and the SIM’s private half of the key pair never leaves the card.

The SIM can still be stuffed in any other (unlocked) phone, and it continues to communicate securely with the carrier it’s subscribed to. You can never re-subscribe a SIM to a different carrier or for a different user, so you need a new $5 SIM.

Comment Re:Why paper remains supreme (Score 1) 261 261

Luddite much? I know people with original e-ink Kindles that are still reading just fine with them. They’ve been dropped dozens of times, and still keep going. They’re not terribly fragile nor is planned obsolescence an issue for them. Certainly newer versions of the hardware have more capabilities (like video playback), but you’re hardly required to upgrade if all you want to do is keep reading text.

There aren’t any ads in Kindle or iBooks books. Dunno where you got that idea.

DRM is only an obstacle if you let it be one. I agree the effort shouldn’t be necessary, but it’s really not very much effort at all.

I personally never buy a book I don’t intend to keep forever, so resale for me to others isn’t something I consider to be an issue (though I understand others do). Being able to buy used books can be a cost savings, but I really haven’t observed that wide a difference between used book prices and Kindle prices for most stuff I’m interested in. Add in the convenience / time saved factor of being able to go online and click a few buttons rather than have to search around online or brick/mortar book stores to find what I’m looking for, then wait for it to arrive via USless Post Oriface. . . The “savings” for used are pretty much nil assuming you “pay” yourself a realistic wage for your time.

Comment Not this digital native (Score 1) 261 261

As someone who modified his TI-85 calculator to be able to store and display text for reading in high school in 1997, I think I qualify as a “digital native.” I’ve no use for dead tree books. I have a stack of paper books sitting on my desk I’ll most likely never read.

I always have my phone in my pocket, usually have my iPad on my shoulder, and can pull them out and read a few paragraphs whenever I get a few minutes. Not so with a paper book, so the only time I’d read them would be at home, and generally I’ve got other things to do then. The ability to hold libraries worth of text in my pocket far out weighs (well, no, maybe under-weighs?) any value that might be had from a physical object. I’m accustomed to the interface of an e-reader, and while it takes some adaptation and learning to be able to find things quickly (no dog eared pages on my phone), I still manage pretty well. The availability wins.

As far as the screen keeping me awake? Given the number of times I’ve smashed myself in the nose with my iPad as I nod off reading in bed, I don’t think it works like that. At least not for me.

Line Printer paper is strongest at the perforations.

Working...