Forgot your password?

Comment: Re:Thankfully those will be patched right in a jif (Score 2) 87

by Miamicanes (#47562723) Attached to: Old Apache Code At Root of Android FakeID Mess

Find a popular ROM at XDA derived from whatever version you want to stick with and flash it (with a compatible kernel) to your phone.

Until you have a few months of reflashing experience, DO NOT attempt to flash any ROM that requires repartitioning the flash, and don't ask the recovery manager to wipe /system unless you really know what can happen & have a plan for dealing with it. This goes DOUBLE for anybody with a Samsung Galaxy S3.

Long story short: the eMMC is kind of like a SSD controller, and there are MAJOR known bugs (and plenty of poorly-understood ones, too) in the firmware. Basically, it's as if you tried to use Linux to create a new filesystem, but a bug caused it to just make all the old directories owned by some undefined user with impossible permissions instead... and do it in a way that made the drive initially LOOK reformatted, but spontaneously resurrect those corrupted files as more and more writes occurred.

Now for the bad news (if you have a Galaxy S3) -- the eMMC firmware installed with stock roms older than 4.3 is dangerously buggy with AOSP-derived ROMs, and getting rid of enough of those bugs to semi-safely do wholesale repartitioning almost requires installing a stock-derived (but hacked so it doesn't enforce Knox) ROM first to get the eMMC firmware updated. More confusingly, the eMMC firmware is part of the radio modem firmware, even though it doesn't really have anything to do with the radio modem itself. So, if you're running a 4.1 stock ROM and want to install a 4.1 AOSP-derived ROM, tread VERY carefully, and pay special attention to any warnings at XDA that involve the word "eMMC".

Comment: Re:You can create a token but keep it off nets (Score 1) 100

by Miamicanes (#47559449) Attached to: Ask Slashdot: Open Hard- & Software Based Security Token?

Strictly speaking, a USB (or bluetooth, or whaver) device has the potential to be MORE secure... IF it meets the following criteria:

* Negotiates directly with the remote service requesting authentication credentials, and has robust logic to detect MITM situations. For the purposes of this example, the local operating system is merely a bucket-brigade dumb transport layer that facilitates the delivery of packets between the token and remote login service.

* Has its own onboard hardkeys under the exclusive control of the token, with some degree of logic to verify that the user is deliberately consenting to the login attempt... preferably, enough to implement some kind of secondary authentication. I'm totally not a fan of biometrics, but if there's anyplace where a fingerprint sensor might be appropriate as the equivalent of a residential keyed non-deadbolt lock that says 'no' to casual attackers, without even pretending it could survive a full-on attack from someone willing to do something drastic (like break the door down), it's probably HERE.

* Has its own display, under the exclusive control of the token, and logic to display an appropriate level of concern to alert the user to unusual situations. For example, being asked to authenticate to ${some-specific-server} for ${limited-purpose} might merit full-on warnings the first time you authenticate, but require little more than a finger swipe or button press for subsequent uses that don't exceed some user-defined threshold.

Unfortunately, I've never even SEEN a hardware token available to non-enterprise customers even REMOTELY in the same ballpark as the feature set I've listed. Manufacturers just can't resist the temptation to eliminate the cost of an expensive dedicated display, or multiple hardkeys, or some comparable dedicated input and output hardware that's sealed, self-contained, and has no dependencies upon the security of anything beyond the token itself. It also assumes at least minimally-savvy users who'll take the time to at least read the first-time/threshold-exceeded warnings, and won't just blindly swat them away without independently contemplating their possible implications.

Ideally, the token would also have some additional security layer that causes it to be disabled permanently if the person with whom it's associated ceases to be alive (to ensure that a robber couldn't force you to tell him your access code at gunpoint, then shoot you anyway. If he knows that his free fountain of money shuts down the moment you die, he'll have more incentive to employ heroic means to keep you alive even if he's the reason you're in danger of death to begin with.

Finally, you'll want to have the token itself be a delegate of some master token, with a reissue procedure for replacing it with a new token that has multiple layers of identity-authorization, since there's always a very real risk of loss. It's little comfort knowing a thief can't get at your money if, from your perspective, it's as gone as if it were in a concrete vault at some unknown spot on the floor of the Pacific Ocean.

Comment: Re:Best Wishes ! (Score 1) 322

by Miamicanes (#47528879) Attached to: Microsoft's CEO Says He Wants to Unify Windows

Within a year... yeah, most decent peripherals had drivers. At midnight on the day Windows 95 went on sale across America? They were basically nonexistent, From what I remember, soundcards were a MAJOR pain point for YEARS. Gravis totally dropped the ball with the Ultrasound (eventually releasing crippled win32 drivers that sort of worked, but if you wanted to play .mid files with wavetable instruments, you were stuck with realmode SBOS), and my dad's soundcard was a source of misery for YEARS until he threw in the towel and bought an AWE32. From what I remember, unlike a real SBpro (which set the port, irq, and DMA via jumpers), my Dad's stupid soundcard had to have the port, irq, and DMA set via realmode drivers at boot time. Yuck.

I seem to remember that CD-ROM drives were another source of realmode misery, but I'm not really sure *why*. I think it was because the drives themselves were IDE, but Adaptec held a patent on something and wouldn't allow Microsoft to bake support for CD-ROM drives into Windows without paying royalties, so Microsoft just left everyone to suffer with the Adaptec-licensed realmode drivers that came in the box with the drives (and began a 20-year tradition of always finding some petty way to cripple Windows' native handling of optical drives absent expensive thirdparty software).

Comment: Re: Astronomy, and general poor night-time results (Score 1) 540

by Miamicanes (#47528693) Attached to: Laser Eye Surgery, Revisited 10 Years Later

PRK also has a much higher incidence of starbursts and halos

Yes, but you're overlooking an important detail -- in the early 2000s, an average PRK (or LASEK) patient went into surgery with significantly worse vision than an average Lasik patient. Until fairly recently, the maximum amount of correction the FDA allowed for PRK & LASEK was a diopter or two HIGHER than the limit imposed for Lasik... but the maximum-allowed diameter of the ablation zone was about 2mm LESS. The net result is that patients who were disqualified for Lasik were able to get PRK/LASEK, but their blend zone was fairly steep, and was often smaller in diameter than many patients' pupils in the dark. Meanwhile, patients with milder vision problems ended up getting Lasik by default, because it healed faster & was more heavily-advertised.

In other words, the PRK/LASEK patients who had the worst problems with halos are basically the ones who wouldn't have even been ALLOWED to get Lasik back in the early 2000s. I know, because I was one of 'em (1/2 diopter more astigmatism, and I would have been disqualified from PRK/LASEK too).

The good news is that the FDA finally raised the limits allowed for both maximum correction and ablation-zone diameter, and wavefront laser surgery can now fix most of the problems caused by the old FDA limits (enlarging the fully-corrected zone so it's as big as a darkness-accommodated pupil, and eliminating the halos in the process).

Comment: Re: Astronomy, and general poor night-time results (Score 0) 540

by Miamicanes (#47528369) Attached to: Laser Eye Surgery, Revisited 10 Years Later

Tell your mother to consider scleral gas-permeable lenses. Few people have ever heard about them, and they look kind of scary when you first see them being put in, but they're actually one of the most comfortable types of contacts you can wear:

* Gas-permeable lenses are more permeable to oxygen than soft lenses

* GP lenses don't dry out

* By having the lens rest on the sclera instead of the cornea, there's less sensation of motion from blinking (and less motion, period). The "pumping" motion of normal GP lenses drove me insane when I tried wearing them 20 years ago, and my dad admitted the same motion drove HIM crazy when HE tried wearing traditional hard lenses in the early 70s.

* The layer of tears between the bumpy cornea and rigid lens optically bridges the two (tears have almost exactly the same index of refraction as the cornea and GP lens), so they can fix (or at least greatly help) problems that are untreatable with glasses or soft lenses.

Scleral lenses are actually an old design, but making them with gas-permeable plastic is a relatively recent development.

Their only real downsides are that you pretty much HAVE to go to a real opthamologist, and they aren't cheap. But they're an awesome option for people who either can't stand normal lenses, or have problems that normal lenses can't effectively fix.

Comment: Re:Customer service? (Score 1) 877

The REAL question is... why the FUCK do so many airlines seem to board planes from FRONT TO REAR? Is it just the gate crew being complete idiots, or is it an official policy dictated to them for some insane reason?

I mean, ok, fine... board first class first... then continue with passengers who'll be sitting in the rear so they won't be tripping over (and getting in the way of) passengers sitting closer to the front. The only thing I can think of is that they know they have to board first class first & they're too lazy to look up the number of rows, so they just start with first, then keep calling rows ~10 at a time until ~80% of the people mulling around near the line to board have entered the plane, then end with "all other passengers may now board".

Comment: Re:Waiting for Windows to come full circle (Score 2) 322

by Miamicanes (#47520401) Attached to: Microsoft's CEO Says He Wants to Unify Windows

What if Microsoft released a commercial "Window Manager" for Linux?

What if they made KDE for Windows to use as an alternate desktop environment and window manager?

Oh... wait a minute... (demo video of KDE running under Windows 7)

Comment: Re:Best Wishes ! (Score 5, Informative) 322

by Miamicanes (#47520347) Attached to: Microsoft's CEO Says He Wants to Unify Windows

Yes... and no. In theory, if you did a virgin installation of Windows 95 onto a pristine new computer whose peripherals ALL had genuine Win32 drivers capable of running in 386Enh protected mode, and you ONLY ran "true" Winapps that bent over backwards to have no dependencies on realmode, DOS was basically a Grub-like stage 2 bootloader invoked by the BIOS that loaded Windows, kicked the PC into 386enh Protected mode, and handed it over to Windows. And you probably had a pet unicorn living in the back yard ;-)

From what I remember, the compelling feature of Windows 3.11 that distinguished it from Windows 3.1 was native Win32 code for reading & writing (V)FAT filesystems on IDE hard drives (which gave it a HUGE performance boost compared to 3.1).

I believe that one of Win95's launch-time features was that Microsoft re-implemented the VESA BIOS extensions (and original VGA BIOS) as proper win32 drivers, so that manufacturers like Tseng and S3 only had to provide them with "miniport" drivers that did the grunt work that would have otherwise required them to fall back to realmode. I'm pretty sure the 386enh hooks for video BIOS emulation existed in 3.11, but the actual Microsoft-written code was given to vendors to distribute on their own disks & wasn't directly used by any video cards the day Win3.11 went to manufacturing. In a sense, Windows 3.11 existed to give videocard manufacturers a prototype platform so they could develop and test their protected-mode drivers on a released operating system.

Comment: Re:Secure pairing is hard (Score 3, Insightful) 131

by Miamicanes (#47504861) Attached to: The "Rickmote Controller" Can Hijack Any Google Chromecast

Canonical Diffie-Hellman is vulnerable to MITM attacks when both parties are mutually-anonymous. There are ways to reduce the risk, but at the end of the day, unless at least one party knows who it's supposed to be talking to & can independently verify the other party's identity and the integrity of key-exchange traffic supposedly taking place with it, you can never know for sure that you aren't having a securely-encrypted conversation with an attacker.

AFAIK, there's no currently known way to achieve 100% mutually-anonymous key exchange that isn't also vulnerable to MITM. Every few months, someone proposes one, and someone like Schiener usually takes one look at it and casually mentions a half-dozen ways it can be defeated in between sips of coffee.

Comment: Re:Reason I installed addblock. (Score 1) 394

by Miamicanes (#47504743) Attached to: Dealing With 'Advertising Pollution'

I honestly don't know whether it was an intentional act of stupidity on Newegg's part, or maybe a XSS vulnerability exploited by a reviewer to rewrite the page DOM and embed Google ads in his account on Newegg's product pages, but I suspect it was probably just a bad decision by someone at Newegg who failed to grasp just how obnoxious ads with sound ARE.

Comment: Re:Cost of physically implementing SHDSL (Score 1) 234

by Miamicanes (#47504705) Attached to: Verizon Boosts FiOS Uploads To Match Downloads

There's two separate problems... the VDSL2 copper loop between the house and VRAD, and the fiber between the VRAD and CO/network center.

If you have two pairs & can dedicate one to each direction, getting symmetric speeds is fairly straightforward. If you're multiplexing both onto a single pair (the norm in most of AT&T-land, at least in Florida), you'd have to sacrifice about 2-3mbps of downlink speed to gain each additional 1mbps of uplink speed.

Changing the fiber link between the VRAD and central office is more problematic. For various reasons, a service like U-verse doesn't send bidirectional traffic over single fibers... they have certain fibers provisioned for downlink, and a much smaller number of fibers multiplexed via TDMA aggregating their uplink traffic. That's the REAL reason why AT&T really HATES to let people subscribe to their fastest-advertised internet product, even though they LOVE to advertise it -- every "Max Turbo" customer enjoying double the uplink speed of his slower neighbors consumes the fiber resources of two customers (in fact, I think the outside lineman told me my line card LITERALLY occupied two slots).

To AT&T's credit, I WILL say that they're MUCH better than Comcast for both consistent uptime (Comcast used to ALWAYS have multiple outages lasting a few minutes apiece throughout the day, especially during afternoons when I was working from home & kept getting disconnected because some lineman unscrewed the coax somewhere while doing a new installation), and U-verse is MUCH better about not oversubscribing their bandwidth. If you're on their 32/5 profile, your observed throughput is going to be pretty much spot-on equal to your line rate minus ~6mbps per actively-watched/recording channel. When I had Comcast, my internet service was supposedly ~50mbps down and 7-12mbps up. In reality, the fastest 1-minute sustained throughput I *ever* saw from Comcast was about 20 down & 2 up (and if it involved a server outside the US, you could cut THAT number in half). U-verse has MUCH better international connectivity than Comcast, especially to SE Asia and Europe.

Comment: Re:Reason I installed addblock. (Score 2) 394

by Miamicanes (#47490901) Attached to: Dealing With 'Advertising Pollution'

Just wait until Comcast, U-verse, and anybody else who can make sure there's a way to send data about you back to them starts to show FORCIBLY INTERACTIVE videos that quiz you about the ad content & make you re-watch the ad until you get the answers right.

By far the most obnoxious & intrusive ads I remember, though, were the UNBELIEVABLY loud Febreze ads that were shown at for a day or two last December. I don't know WTF Newegg was thinking, but I sent them an email on the spot reminding them how many thousands of dollars worth of shit I've bought from them over the past few years... and promised them that I'd never buy another thing from Newegg again if those ads weren't gone "by tomorrow". I think they were gone by mid-afternoon.

Comment: Re:Violation Video? (Score 1) 229

by Miamicanes (#47487545) Attached to: Chicago Red Light Cameras Issue Thousands of Bogus Tickets

> There is no county in the US where a rolling turn is acceptable

Sort of.

I quote:

The traffic camera law states that "A notice of violation and a traffic citation may not be issued for failure to stop at a red light if the driver is making a right-hand turn in a careful and prudent manner at an intersection where right-hand turns are permissible.

A notice of violation and a traffic citation may not be issued under this section if the driver of the vehicle came to a complete stop after crossing the stop line and before turning right if permissible at a red light, but failed to stop before crossing over the stop line or other point at which a stop is required."

These two specific exceptions were written by the legislature to combat abusive tactics by municipalities throughout the state.

Keep in mind that there are a lot of places in Florida where you have wide roads in urban areas with buildings literally 5-10 feet from the street, and there are lots of areas where the white "stop lines" are SO FAR back from the intersection, you literally can't see far enough to the left to MAKE a reasonable judgment about whether or not it's safe to proceed with the right turn until you've moved another 10-20 feet beyond it.

IMHO, the the IDEAL solution would be for FDOT to just reconfigure most of Florida's major intersections as CFIs ( ) and render the whole concept of a right turn on red (or green, for that matter) meaningless. By definition right-turning cars in a CFI are "go at all times, then merge to the left into what would otherwise be the right lane past the point where left-turning cars cross incoming traffic".


To understand a program you must become both the machine and the program.