Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment Re:Stupid design (Score 2) 134

This is design 101. We've been Poka-yoke-ing connectors in other industries for decades.

In fact, if you look through the datasheets for most components you will quickly realize that being able to survive reverse voltage is actually somewhat rare

Because you're supposed to build it in Most components only do one thing and do it well. You build your own protection circuit. The ECMs we use at work will take 1000V on any pin. Could you imagine how far your car would make it without any protection circuits built in?

Poka-yoke illustrates this connector pefectly - USB-C works either way so it doesn't matter which way you plug in the cable and which way it goes.

In fact, USB-C to USB-C cables are not the issue. It's USB-A to USB-C cables which cause the issues.

As for your ECU - you build them to those specs, but you pay a lot more money for an engine computer. Try to build your ECU for $5 and make a profit and you'll probably compromise a lot of things.

Comment Re:Stupid design (Score 1) 134

All power supply input pins should be protected against reverse voltage. It's simple, and comprises a single FET. See here, for instance. There's not really any excuse for failing to protect internal components against reverse voltage, other than being cheap. I think we can thank the endless race to the bottom that consumer electronics is infamous for.


Two reasons.

Cheap is one - save on reverse polarity protection, save a few cents. When making millions of devices, it makes sense. It makes even more sense when the connector standard pretty much gives you the power you expect - e.g., a USB cable. The pins on USB are very well defined and power and ground appear on two very well known pins. Since a reverse-polarity USB plug is extremely rare, it seems reasonable to omit the protection.

The second one is the device is dropping voltage and consuming power. In standard USB with 500mA at 5V, if the MOSFET takes 1V, that's half a watt of power you're losing in the transistor. (And really, you just use a diode). USB-C with up to 100W, you're looking at losing a lot of power in your reverse protection components.

The USB plug is a pretty standardized plug with voltages appearing on specific pins. Reverse polarity connections are extremely rare since in general, the USB devices plugged into it will not work. So eliminating reverse polarity protection isn't the worst sin that could happen in a plug whose pinout and power pins are well known. Short of maliciously made devices, you should get power where you don't expect it.

Comment Re:Revoke it (Score 1) 39

I agree that they may not immediately suspend/revoke it immediately, but they should have opened an investigation. And in *two whole years*, they should have been able to establish that it was validating malware. That by itself should have been enough to revoke a developer cert, even if he also signed legit software too with it too.

So the developer has written malware for two years. How many times has Apple ran across it? None? Just because an app's been signed for two years and does bad things doesn't mean it's even on Apple's radar. Perhaps it only tickled security researcher's Macs and Apple hasn't run across it in the wild.

These certificates are used to sign apps for the developer to distribute in some way. They could be open-source apps, for commercial apps, they could be sold in stores, or given away for free online. Apple doesn't get a copy of every app signed with every certificate so there are plenty of apps Apple doesn't know about. Heck, there are probably thousands of Mac apps that users use all the time that Apple doesn't know about.

Comment Re: Revoke it (Score 1) 39

Except that Apple has been rejecting apps in the app store and delaying apps for simply competing against their apps.

So something clearly isn't right here. They have enough resources to screw over legitimate developers, but not to verify this crap?

That's only for for developers who submit apps through the app store. Using the signed certificate means you don't have to get your app approved, and you can do whatever the heck you want. It's why it exists - it allows for apps to be developed outside of Apple's reviews.

Apple could revoke the certificate, but they shouldn't use it as a way to impose an app store review by proxy.

And this app isn't distributed through the app store - it's distributed by the developer - Apple doesn't enforce that developers who buy a cert actually use some sort of store or other mechanism to distribute their software. A developer buys a certificate and is free to sign whatever the hell they want and distribute it the way they want.

So no, Apple can't review the app if it doesn't attract their attention.

Comment Re:Revoke it (Score 1) 39

No, it tells you how worthless Apple are. This is not a certificate failing, it is a management failing. Certificates themselves have all sorts of issues, but this is purely an Apple problem.

And Apple probably wants proof that it is malware. The whole reason for the certificates is so developers don't have to go through the Apple Mac App Store review - for whatever reason. Which can include shady but perfectly legal apps. Apple may reject it in the MAS, but they probably want extraordinary proof that the app is malicious over just revoking the certificate because they're not supposed to be reviewing signed apps. Otherwise it turns into a Mac App Store review by proxy.

It's likely this developer is smart and only infects a small subset of Macs so Apple doesn't have a sufficiently big sample to verify that it's bad.

There has to be a balance - and the design of gatekeeper is such that developers don't have to have their apps approved by Apple for whatever reason, but at the same time, Apple should take great care in which certificates they revoke.

Comment Re:Whatever happened to the do not call list? (Score 2) 248

Why hasn't the Do Not Call list worked? Seems there was too many loop holes and ways around the law I guess.

Because... technology.

The same technology that enables you to call home and long distance for cheap is the thing telemarketers use to bypass the DNC list. Basically, telemarketing has been offshored.

The telemarketers call using VoIP from places like India, ensuring that they do not have to follow the DNC laws (because they're not subject to US laws).

And it doesn't matter if you go after the US company responsible - they're almost always scams run by two-bit fly by night companies, so at the end of the day, they take down their company sign and hang a new one up on the van. (They almost always advertise some service, like "air duct cleaning" and they universally do a poor job of it. Or it's a real traditional scam).

So it's not a case where they're bought a loophole, it's more a case where they're using modern technology to do a run around the law.

For me, the most obvious sign is they always re-use the first 3 digits of the 7 digit number - (e.g., in 523-555-1212, the caller ID will always be 523-555-xxxx), so that's almost a dead giveaway it's a scam call.

Comment Re:Context On the Issue (Score 2) 401

This error occurs if the repair involves the TouchID sensor. Sense this stores data required for the fingerprint authentication, the device will refuse to function for security reasons if it thinks it's been tampered with, which seems to be a reasonable precaution for a device component that can authenticate you across the device and also external services including financial transactions.

A better option would be to instead disable TouchID if tampering is suspected, but this isn't a case of Apple just arbitrarily making iPhones not work if you get a third-party repair like the story suggests.

And I'd argue Apple did the right thing by bricking the phone - because hardware was tampered with. Who knows what else was modified?

Perhaps just the sensor was changed, but perhaps it was replaced with something designed to overload the secure enclave and exploit bugs? Once the secure enclave is compromised, the entire device is compromised including all data. By bricking, you ensure the user's data is not accidentally revealed through a hack via a trusted part.

Basically the trusted part has gone from trusted to untrusted state. The part is no longer trustable, and the secure enclave has some of the highest access available in the system. If the enclave cannot trust the trustable fingerprint reader, it should dump all the system keys to prevent accidental exposure of user data through a bug in the enclave.

Remember, Apple's doing a privacy thing now - it's the one advantage they have over Google.

Comment Re:Consumerist stories about Comcast (Score 1) 175

When stories like this exist, one has to wonder why they are still legally allowed to be in business. What fucking good is the Better Business Bureau when shit like this rages on for years? Seriously.

Customer service is not a requirement for a business.

Seriously, it isn't. If you take a business at it's core to sell a product or service for a profit, customer service is not part of that. (Neither is handling returns, etc).

Of course, the reason businesses do a lot of things that are optional is competition - customer service is something if you neglect, your customers might go to your competitor, so you offer it. Likewise, you handle returns even though you don't have to (there is no legal requirement for a customer to be able to return a product), because otherwise customers again will prefer to use a competitor

Comment Re:Require that patents be defended (Score 1) 134

The thing is, IP needs to realize that software is special.

There are three traditional domains of IP. You have trademarks, which are protections used in the conduct of trade, copyrights used to protect creative works (used by humans and enjoyed by humans) and patents, of which you have utility (things used to make other things) and design (things with a decorative touch).

Software is none of these - it is both a creative work - done and enjoyed by humans, as well as thing used to make other things. This means it fits poorly with copyright and patent laws, which means it really should be its own category of protections with its own time limits.

Comment Re:ownCLoud (Score 1) 52

Then I hope your backup solution works because the day one of those disks shits itself, odds are you'll lose the entire array. Rebuilding large disks with a parity count is long and brutal on the spindle, and those 5 drives you bought are quite possibly coming from the same manufacturing batch and are exposed to the same environmental conditions as the one who failed. You're playing with fire.

DIsks are cheap, there's no reason to use anything but RAID-10.

Yeah, RAID5 is cool, but when the array goes non-redundant, the rebuild is the most stressful thing in the world.

RAID10 is somewhat wasteful - you just move to RAID6, which is RAID5 except now you have to lose two disks before you go non-redundant. Which means when one disk dies, you can rebuild it and still have room for losing a disk.

Of course, good systems will have hot/cold spares at the ready to start rebuilding the instant a drive goes offline.

Comment Re:Selection bias (Score 1) 220

While you're absolutely correct that this is a real factor, it is not the only factor. Older equipment is simply made of more material. It doesn't matter if you're talking about machine tools, or hand tools, or sewing machines or toasters or basically anything else, they used to make stuff with very little regard for weight. Materials science has advanced substantially, but sadly many things are built far more flimsily now than they used to be because shipping costs are a significant percentage of the cost of typical items as a result of the distances that they travel before appearing on a shelf someplace.

Yes, they used a lot more material. Plus they cost a lot more, too.

I mean, an old TV, say, 19" ("big screen") would've cost the equivalent of a year's salary around the 1970s or earlier. Nowadays you can get a 42" TV with far clearer picture and sound for a month's salary, if not less. And a smaller TV can be had for under a couple hundred bucks.

And not all old stuff is good. Old microwaves aren't better than new ones. Sure they cost a year's salary back then, but their performance is often worse (and especially as seals degrade) their RF emissions are probably way worse than even the $99 one at Walmart. Sure your 1950s one may last through the next nuclear war, but given wear and tear and especially microwave leakage, the $99 will probably last until you need to replace it for safety reasons.

Actually, come to think of it - no one's really nostalgic about old-timey microwaves now, are they? I mean, you see people using old stoves, old fridges, but never old microwaves.

Comment Re:Bring back Woz (Score 1) 428

Yea Woz who'd rather tinker on stuff than make products. Despite what the IT lifers think, Woz wasn't the key to Apple's brilliance.

Or the engineers in the crowd who thing "build it, and they will come".

Apple with BOTH Steves ended up brining the holy unity together. There's a reason why there's a concept of yin and yang, of opposites forming the whole. Apple was formed like that - you had Woz the engineer, designed brilliant stuff, but had zero business sense, nor would he be someone you would want to be spokesperson of your company in any form other than symbolic and as an icon. You can argue that he's that way today - still somewhat awkward when out in a social situation.

Then you had the other Steve, who was very business minded. He knew what he had, and knew what the technology could do, and cooked them together to produce a product. He had some minor technical skill, but he was brilliant enough to be able to take Woz's device and puppet it around. Self-confident and extroverted, he was able to handle the social situation with aplomb.

You need both in business - far too many technology companies fail because they see this brilliant technology they're creating, without being able to have the business acumen of being able to sell it - they want to let the technology speak for itself, when the rest of the world is still asking "what is it?".

Comment Re:It was the first standard for video? (Score 1) 406

That.. is the single most misguided reason I've ever heard for choosing a laptop over a desktop. My desktop PC was built with quiet components If I push the graphics really hard (games, not HD movies) I can hear the fan on that start up.

Yeah, you probably spent a while choosing those parts too. Because any random assortment of desktop parts isn't likely to generate a quiet build.

It's a lot of work choosing the right combination of power supply, CPU cooler, GPU, etc., to end up with a computer that's quiet. Especially when you're presented with the wide assortment of parts available online at say, Amazon or other retailer.

I built a quiet PC, but it took me 3-4 weeks of choosing components to ensure a quiet system. I had to abandon some parts because they didn't work (fanless PSUs have very specific orientation requirements, for example, something you need to make sure your case gives you), and swap out a bunch of fans with even quieter ones.

And in the end, I still had parts I ordered wrongly, to which was a PITA to return so they sit on the shelf waiting for me to come up with some use.

Quiet? Yes. Not cheap, though. I needed it as a desktop, so I couldn't buy a laptop to do the job.

And in the end, some things still didn't work (it won't work with a modern GPU - it just beeps about video error...).

Comment Re:At this point, I think I'd avoid FTDI hardware. (Score 1) 268

When you have to do research and development ... and your chinese counter parts don't have to do anything other than run the fab process, you're going to have a non-trivial time lowering your price past those who are stealing your designs.

Actually, here's the odd bit - the counterfeit chips aren't stolen designs. They implement the FTDI protocol in a completely new fashion!

FTDI's chips are controller-less - there's no microcontorller inside it handling USB to serial communications. The knockoffs use some generic 8051-class microcontroller that emulates an FTDI chip most of the way and do the same thing. But all in all, the clone chips someone had to go and reverse engineer the protocol and write all the custom firmware for it.

So the bigger question is... why? Someone has gone through a lot of work making their FTDI clones, which are completely different inside than a real FTDI chip.

It's not a case of stolen design. It's a case of reverse engineering to produce a knockoff. Someone put real time and effort making these knockoffs - time and effort that they could've done making their own stuff.

Comment Re:I want every ballot to have a "none of the abov (Score 1) 171

Declined ballots are counted in Canada, you can even request a count for declined from Elections Canada. In Federal elections all counts are done by hand, some provinces use a machine to quick scan the ballot but also do a hand count as well.

Actually, you're confusing federal, provincial and municipal elections. in Canada, the three types of governments (federal, provincial and municipal) have their own election body with their own rules and timing.

Elections Canada runs the federal elections. For this, the rules are set out in law with a paper ballot with circles that you put a simple X or check into. These are almost always hand counted, by law.

The next kind of elections are provincial elections, and those the province has their own election body (e.g., we have Elections BC) who follow provincial rules - how the ballot looks, what is on it, etc. In BC, the ballot is designed to look like the federal ballot on purpose, but in other provinces, it can be held by whatever means they want.

The last is municipal elections and those are generally the biggest and most complex ballots, and those are done by the city you're in, and you select the mayor, city counselors, educational board, etc. and the rules again for them depend on the city or town government. For the places I've lived, it's usually a Scantron type system. but others are valid.

And sometimes, it also means we have three elections in a year - none of this massive voting day thing you Americans have. Sometimes 4, if you had a by-election.

It also means there's a potential for a variety of voting systems - first past the post is common, but each body is independent, so a province could use another system.

And anyhow, this isn't new - I've heard about someone doing this over a decade ago running in the federal election.

Slashdot Top Deals

Power corrupts. And atomic power corrupts atomically.