Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Not that worried (Score 0) 123

Stagefright 1.0, however, was exploited via a specially crafted MMS message which were at the time automatically processed by Stagefright. Google’s patch means Stagefright no longer does so, especially in new versions of Google’s Messenger and Hangouts apps. With Stagefright 2.0, Avraham said the most logical attack vector would be the mobile browser where an attacker tricks the victim via phishing or malvertising to visit a URL hosting the exploit. An attacker could also inject the exploit via a man-in-the-middle attack, or host a malicious third-party app that uses the vulnerable library.

If you are really scared about MMS its pretty easy to fubar the settings to enable delivery of MMS messages. No big loss in the age of whatsapp, kik, line.

On the new variant it seems no different than desktop. Don't click links or view pages that may be dodgy. Don't download a ton of shit apps. And if someone is bothering to MITM you, problems are deeper than the exploit.

Comment More than just initials (Score 2) 118

There are really two components to this. First, is the time/effort/expense worth it to gain knowledge that may be useful in your profession or career generally. Second, will that certificate confer any additional monetary benefits or different/more advanced position in the near term.

The former is completely independent of the latter. Not everything you may know or do is assigned a tangible value by your current or future employer but having such knowledge may make your job easier to do or allow you to outperform others.

The later may often be true for all but the most specialized certifications. Rather than just list a bunch of acronyms it might be better to reference having 'a number of additional certifications in related fields' and allow the hiring firm to enquire further if they are interested. By doing so you show you continue to improve and stay current for its own sake and not to wave a bunch of letters at someone.

Comment Cyanogenmod has gone downhill a bit (Score 2) 87

As another example, in late June they promised final snapshot images of CM11 for all devices. Yet relatively few actually got an update while their build system continued to churn out nightlies. Comments on the original blog post are ignored. Sure we all know it is free but don't promise people something if you have no intention of delivering on it.

Comment Android or is it Java? (Score 1) 105

Perhaps someone with more Java/Android experience can elaborate but my quick read on serialization leads me to believe that this is a flaw in Java itself and that per the below, while steps can be taken to mitigate the risk, it can't be eliminated.

While the patches xed the specic instances that
we had found, we feel that a general problem de-
serves a general mitigation, reducing the impact of
such serialization attacks. Since Bundles are very
common in Android’s Inter-Process Communication,
we suggest changing the Bundle’s default behavior
that automatically instantiates all of its values (under
BaseBundle.unparcel, that is invoked by any ’touch’
of the Bundle) to a lazy approach, i.e. retrieving
only the values of keys it is asked for. Of course by
design the problem will still remain, but will depend
more on specic developer’s code, so less apps will
be vulnerable if another vulnerable class is found,
signicantly narrowing the attack surface.

Comment Who needs 2G? (Score 1) 107

According to Netflix CEO Reed Hastings, it won't require more than a stable 15 Mbps to stream 4K.

Even ISO's at 25MBps are done in next to no time. Instead of pumping up the volume so to speak, it would be far more consumer friendly (and valuable) to reduce the price of the connection dramatically. Of course, that will never happen as a) there is no competition and b) profits! The price of broad band is especially gualing giving how much fiber was scooped up for next to nothing during the dot.bomb

Comment Not Conveient (Score 1) 654

Unless you live inside a major city the 'cost' is not the biggest factor. Convenience is. Being able to go on your own schedule and from and to the location you desire, rather than just some approximation of those points determines us. For those outside the city (even nearby suburbs) the sprawl is far too great.

Comment Did Oracle Buy FB? (Score 1) 283

This is exactly how Oracle operates. 'We know what is best for you and shall disable XYZ'. Really FB, just go fuck yourself. Whether Flash is good/bad or something else, FB has no right to collude to deny computer users the right to use any program/plugin/interface outside of their own site.

FORTUNE'S FUN FACTS TO KNOW AND TELL: A firefly is not a fly, but a beetle.