Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:Spot the Fed comments in TFA were pretty tame (Score 1) 67

by tlambert (#49634383) Attached to: FBI Releases Its Files On DEF CON: Not Amused By Spot-the-Fed

Looks like typical bureaucratic language. I think there is some kind of law that says all reports must be written in in passive voice and with no humor at all. I'd bet some of the Feds found Spot the Fed humorous...

Passive voice effectively disclaims responsibility, and disclaims chain of responsibility, by making a statement without anyone owning it. It's also frequently used as an argument-without-evidence technique.

Comment: Re:U.S. government is EXTREMELY CORRUPT. (Score 4, Insightful) 67

by tlambert (#49634367) Attached to: FBI Releases Its Files On DEF CON: Not Amused By Spot-the-Fed

We are seeing many extreme examples of U.S. government corruption.

Uh... what other governments in supposedly non-corrupt jurisdictions respond to "Freedom Of Information Act" requests with ... actual information?

Try getting information on e.g. "Pussy Riot" out of the Putin government.

Comment: Re:Sort-of-worked. (Score 2) 49

by Bruce Perens (#49633129) Attached to: SpaceX Launch Abort Test Successful

What I am getting from the videos is that this test was a success but that there was indeed an engine failure and the system recovered from it successfully by throttling off the opposing engine. There was less Delta-V than expected, max altitude was lower than expected, downrange was lower than expected, and that tumble after trunk jettison and during drogue deploy looked like it would have been uncomfortable for crew.

This is the second time that SpaceX has had an engine failure and recovered from it. They get points for not killing the theoretical crew either time. There will be work to do. It's to be expected, this is rocket science.

It sounds to me like the launch engineers were rattled by the short downrange and the launch director had to rein them in.

Comment: Re:Vaginosis/Vaginitis Plus (Score 3, Informative) 468

by tlambert (#49630475) Attached to: The Medical Bill Mystery

This is trivial, given that there are only a couple of federated diagnostic testing services in her area.

Looks like a bacterial infection of some kind, although they also checked for Pappilomavirus, two other STDs, and a fungal yeast infection, BVAB2, and strep.

87481 SureSwab ®, Vaginosis/Vaginitis Plus
87481 SureSwab ®, Bacterial Vaginosis/Vaginitis

87491 SureSwab ®, Vaginosis/Vaginitis Plus
87491 SureSwab ®, CT/NG, T. vaginalis
87491 Chlamydia/Neisseria gonorrhoeae, T. vaginalis, Qualitative, TMA and HSV 1/2 DNA, Real-Time PCR, Pap Vial
87491 Chlamydia/N. gonorrhoeae and T. vaginalis RNA, Qualitative, TMA, Pap Vial

87798 SureSwab ®, Trichomonas vaginalis RNA, Qualitative, TMA
87798 SureSwab ®, Vaginosis/Vaginitis Plus
87798 SureSwab ®, CT/NG, T. vaginalis
87798 Trichomonas vaginalis RNA, Qualitative, TMA, PAP Vial
87798 Chlamydia/N. gonorrhoeae and T. vaginalis RNA, Qualitative, TMA, Pap Vial
87798 Chlamydia/Neisseria gonorrhoeae, T. vaginalis, Qualitative, TMA and HSV 1/2 DNA, Real-Time PCR, Pap Vial

105 Chlamydia trachomatis
127 Group B Streptococcus (GBS)
164 Bacterial Vaginosis Associated Bacteria 2 (BVAB2)

These are probably not test codes that she should have published, given their sensitive nature.

I do agree with her assertion that medical billing is kind of terrible.

On the other hand, they intentionally make billing and coding as difficult as possible so that the doctors office has to correctly code it to the insurance companies liking before they are obligated to pay. Usually a medical office will try a couple of times, and then give up if they don't hit pay dirt, and just send the bill to the patient, and let them argue with the insurance company long enough to damage their credit for non-payment, or pay it out of pocket to save their credit.

HMOs are absolutely the worst for this, followed by PPOs.

I would have much preferred a single payer system, like Richard Nixon wanted (he was the first president to propose a national health care system), rather than the TARP III bailout for the insurance companies which we ended up getting with the ACA.

Comment: They pretty much requires a commercial policy. (Score 1) 255

by tlambert (#49628137) Attached to: Uber Forced Out of Kansas

They pretty much requires a commercial policy.


"Insurers writing automobile insurance in the state are allowed to exclude any and all coverage under the driver’s or vehicle owner’s insurance policy for any loss or injury occurring while the driver is logged on to a TNC’s digital network or providing a prearranged ride."

So basically, it's requiring that Uber carry the insurance on their drivers, rather than the drivers self-insuring, and gives insurance companies an "out" if they want to exclude insurance while the driver has the app running (i.e. is "on call") and while the driver is actually driving.

What insurance company is going to pass up being paid double for what would otherwise be a single policy?

Comment: Re:Is this Google's fault? Yes. (Score 1) 399

by tlambert (#49627609) Attached to: Google Can't Ignore the Android Update Problem Any Longer

Couldn't they leave the crapware and drivers alone and still provide critical security updates we expect and need on computers since well, the Windows XP SP2 days?
Instead of updating the whole OS, Google would better provide say monthly security fixes for three years on the Android 4.4 OS, the 5.0 OS, the 5.1 OS etc.

This is not going to end well, I guess fragmentation hampers malware somewhat but what if some powerful piece of malware manages to get installed on say 10 million of Android computer phones and starts doing something really nasty?

I'm fairly certain that the biggest security threat is unverified and unmoderated software packages in the various web stores, and the ability to side-load applications. Most of the malware probably comes through the app installer, rather than a security exploit.

Although there have been issues with untrusted parties signing domain certs -- the latest was China's CNNIC root certificate removal -- and there are the heartbleed and other SSL exploits -- those are mostly untrusted public hotspot access or governmental eavesdropping attacks.

Malware is a much bigger problem.

Note that Apple is starting to have this same problem in China: there are unauthorized app stores which pirate apps (at best) or pirate them, and bundle them with malware, and then use an enterprise enrollment to let you install from their "enterprise app store", which is actually a pirate/malware site. But it's not nearly as widespread or fragmented as the Android marketplaces, and it's pretty easy to avoid -- unless you are going there because the app you want is not legally being sold by the app vendor in China. In which case: you take your chances.

Comment: Re:Is this Google's fault? Yes. (Score 3, Interesting) 399

by tlambert (#49626541) Attached to: Google Can't Ignore the Android Update Problem Any Longer

In other words, it's a lose for everyone involved, due to the way the Android/OEM/Carrier relationship is structured, and there's no product continuity upsell like you have with the various iPhone models.

This is only true as long as consumers don't prioritize upgrades at point of purchase. If we could get OEMs to begin making binding upgrade and update support commitments, and get consumers looking at and comparing devices on that basis, then OEMs would be motivated to provide updates.

They can prioritize all they want, but no one wants to pay for the carrier certification of thee modified SDRs, particularly when using a T-Zone on a Snapdragon chip in order to run the baseband, and the FCC demands that the SDR be certified as a unit (software + hardware). That's a carrier certifiiation per carrier, per country, per device, per version update.

Also no carrier using a contract lock-in revenue model is going to provide an update that doesn't lock you into a new contract, and a version update won't do that unless there's a charge for the update, based on FAS (Federal Accounting Standard) rules, since without an exchange of consideration, there is no contract. This is why Apple charged for the WiFi software update on iPods, and non-cellular network iPads, but didn't charge for cellular connected iPads and iPhones. It had to do with realization of revenue over time, versus a one time sale, and adding features to the device via software.

You should also be aware that the image that's shipped by the OEM is often not even buildable by Google engineers; apart from the fact that the devices used during development are generally signature neutered, and it's impossible to cryptographically sign the image for the given device without it either being neutered like that, or signing code that they device manufacturer generally does not share due to it containing a signing key they don't want out there... they entirety of the board file is generally not committed back to the Google maintained Android source tree. Nor is it maintained going forward so that it's up to date, nor is the remainder of the OS productization standardized across all the OEMs. They are trying to differentiate their products, after all, and my Samsung device looking and feeling exactly like a non-Samsung device is not in Samsung's interest: it makes them into a commodity, which is a quick race to the bottom on margin.

Google has significant dictatorial powers when it comes to Chromebooks, which are not available to the Android folks, even if they had the ability to code sign, and could dictate a code cut, the Android in the tree is pretty raw, and never productized.

Finally, Android lacks a uniform app ecosystem; this is a more or less direct consequence of having allowed third party stores, without a strong compatibility for the apps across all devices.

Seriously, one of the smartest things that Apple did was keep the baseband processor separate from the application processor so that there was no telecom recertification required, unless they were explicitly hacking the baseband for some reason (e.g. the carrier lock they did by re-doing the SIM/IMEI handshake when doing a hand-off between cell towers in order to intentionally break SuperSIMs and similar techniques for hardware carrier unlocks).

Without the app ecosystem and the continuity of app and other content going forward on Android -- which it doesn't -- I don't see a means of enforcing carrier lock-in to support that economic model, particularly if you started supporting software updates.

Comment: Re:Is this Google's fault? Yes. (Score 4, Interesting) 399

by tlambert (#49625241) Attached to: Google Can't Ignore the Android Update Problem Any Longer

This has nothing to do with Google. Maybe Google is at fault for not making updates mandatory, but that would have been a completely different set of issues.

Actually, it does.

The Android partner model is to snapshot the tree, and then the OEM productizes the snapshot, adding hardware driver support, their own apps and UI changes, and then they do a deal with the carrier for badging and more apps -- like pointing by default to the OEM or carrier's app store, in order to monetize the device further.

This model exists to avoid disclosing information between OEMs and different carriers, since Google does not do the actual productization.

Because of this, pretty much every Android device, other than the ones which were Google-badged as "buy them from Samsung, resell them under the Google name", is a one-off with a one-off version of the OS. In order to update the OS, it'd be necessary to (effectively) re-do the port of the OS to the device for each new version.

On top of that, there's really not a lot of incentive for the carrier to have the versions of the OS an Android phone is running changing on them, since each new one requires recertification, and, depending on the degree of changes made to things like the baseband and changes in electronic noise due to changes in the software, FCC recertification, or whatever the local equivalent happens to be in your home country.

It's like building a whole new phone, except you're not getting paid for it, and theres no upsell to get you back under contract for the next 18 months.

In other words, it's a lose for everyone involved, due to the way the Android/OEM/Carrier relationship is structured, and there's no product continuity upsell like you have with the various iPhone models.

Comment: No, they are categorically NOT doing that... (Score -1) 152

by daveschroeder (#49622049) Attached to: How the NSA Converts Spoken Words Into Searchable Text

...and your comment represents the absolutely fundamental misunderstanding that pervades this discussion.

The truth no one wants to hear:

The distinction is no longer the technology or the place, but the person(s) using a capability: the target. In a free society based on the rule of law, it is not the technological capability to do a thing, but the law, that is paramount.

Gone are the days where the US targeted foreign communications on distant shores, or cracked codes used only by our enemies. No one would have questioned the legitimacy of the US and its allies breaking the German or Japanese codes or exploiting enemy communications equipment during WWII. The difference today is that US adversaries -- from terrorists to nation-states -- use many of the same systems, services, networks, operating systems, devices, software, hardware, cloud services, encryption standards, and so on, as Americans and much of the rest of the world. They use iPhones, Windows, Dell servers, Android tablets, Cisco routers, Netgear wireless access points, Twitter, Facebook, WhatsApp, Gmail, and so on.

US adversaries now often use the very same technologies we use. The fact that Americans or others also use them does not suddenly or magically mean that no element of the US Intelligence Community should ever target them. When a terrorist in Somalia is using Hotmail or an iPhone instead of a walkie-talkie, that cannot mean we pack our bags and go home. That means that, within clear and specific legal authorities and duly authorized statutory missions of the Intelligence Community, we aggressively pursue any and all possible avenues, within the law, that allow us to intercept and exploit the communications of foreign intelligence targets.

If they are using hand couriers, we target them. If they are using walkie-talkies, we target them. If they are using their own custom methods for protecting their communications, we target them. If they are using HF radios, VSATs, satellite phones, or smoke signals, we target them. If they are using Gmail, Windows, OS X, Facebook, iPhone, Android, SSL, web forums running on Amazon Web Services, etc., we target them -- within clear and specific legal frameworks that govern the way our intelligence agencies operate, including with regard to US Persons.

That doesn't mean it's always perfect; that doesn't mean things are not up for debate; that doesn't mean everyone will agree with every possible legal interpretation; that doesn't mean that some may not fundamentally disagree with the US approach to, e.g., counterterrorism. But the intelligence agencies do not make the rules, and while they may inform issues, they do not define national policy or priorities.

Without the authorities granted by the FISA Amendments Act of 2008 (FAA), the United States cannot target non-US Persons who are foreign intelligence targets if their communications enters, traverses, or otherwise touches the United States, a system within the United States, or, arguably, a system or network operated by a US corporation (i.e., a US Person) anywhere in the world. FAA in particular is almost exclusively focused on non-US Persons outside the US, who now exist in the same global web of digital communications as innocent Americans.

Without FAA, the very same Constitutional protections and warrant requirements reserved for US Persons would extend to foreign nations and foreign terrorists simply by using US networks and services â" whether intentionally or not. Without FAA, an individualized warrant would be required to collect on a foreign intelligence target using, say, Facebook, Gmail, or Yahoo!, or even exclusively foreign providers if their communications happens to enter the United States, as 70% of international internet traffic does. If you do not think there is a problem with this, there might be an even greater and more basic misunderstanding about how foreign SIGINT and cyber activities fundamentally must work.

If you believe NSA should not have these capabilities, what you are saying is that you do not believe the United States should be able to target foreign intelligence targets outside the United States who, by coincidence or by design, ever utilize or enter US systems and services. If you believe the solution is an individualized warrant every time the US wishes to target a foreign adversary using Gmail, then you are advocating the protection of foreign adversaries with the very same legal protections reserved for US citizens -- while turning foreign SIGINT, which is not and never has been subject to those restrictions, on its head.

These are the facts and realities of the situation. Any government capability is imperfect, and any government capability can be abused. But the United States is the only nation on earth which has jammed intelligence capabilities into as sophisticated and extensive a legal framework as we have. When the intelligence committees of both houses of Congress, multiple executive agencies under two diametrically opposite Presidential administrations, armies of lawyers within offices of general counsel and and inspectors general, and federal judges on the very court whose only purpose is to protect the rights of Americans under the law and the Constitution in the context of foreign intelligence collection are all in agreement, then you have the judgment of every mechanism of our free civil society.

Or we could just keep laying our intelligence sources, methods, techniques, and capabilities bare to our enemies.

âMany forms of Government have been tried and will be tried in this world of sin and woe. No one pretends that democracy is perfect or all-wise. Indeed, it has been said that democracy is the worst form of government except all those other forms that have been tried from time to time." - Winston Churchill (1874-1965), Speech in the House of Commons, November 11, 1947

"The necessity of procuring good Intelligence is apparent and need not be further urged â" all that remains for me to add, is, that you keep the whole matter as secret as possible. For upon Secrecy, Success depends in most Enterprises of the kind, and for want of it, they are generally defeated, however well planned and promising a favourable issue.â â" George Washington, our nation's first spymaster, in a letter to Colonel Elias Dayton, 26 July 1777

Comment: So Is Mac OS X. (Score 4, Informative) 59

by tlambert (#49621669) Attached to: The BBC Looks At Rollover Bugs, Past and Approaching

So Is Mac OS X.

I converted time_t to 64 bits on 64 bit systems (which include the most recent iPhones) as part of the changes for 64 bit binary support on the G5 when I wrote the 64 bit binary loader support into exec/fork/spawn, and again as part of UNIX Conformance. It's basically been fixed since Tiger.

Weekend, where are you?