Forgot your password?

Comment: But disabling GSM when possible is still smart (Score 1) 17

by IamTheRealMike (#48207581) Attached to: Deutsche Telecom Upgrades T-Mobile 2G Encryption In US

GSM (2G) encryption did not authenticate the cell tower, whereas UMTS (3G) and above do. Cell tower authentication should break devices like the Stingray and other forms of fake base station, unless/until governments start forcing cell carriers to hand over the signing keys for tower identities. But as devices like Stingray exist more or less exclusively to get around the warrant requirement and no carrier would assist in that way without a court order, that places the police in the awkward position of asking a judge to write an order than can only be for avoiding the same judges authority....

Comment: Re:Bad for Biz (Score 1) 414

by Andy Dodd (#48206429) Attached to: FTDI Reportedly Bricking Devices Using Competitors' Chips.

"This is because if you accidentally get a bad shipment of clone chips, and put them into your devices, your devices will be subject to bricking, creating returns and bad PR."

Not if you actually test your product before you ship it.

Not if you perform ANY sort of inspection/testing of incoming components.

Comment: Re:It's risky and unlikely to succeed. (Score 2) 414

by Andy Dodd (#48206403) Attached to: FTDI Reportedly Bricking Devices Using Competitors' Chips.

Yup. And now they've got a surefire test for genuine chips.

Seriously - these people using counterfeit chips have to be testing the final product. If that final product dies with an official FTDI driver, they can sue the crap out of their supplier for selling them counterfeits.

Comment: Re:Classic Samsung... (Score 1) 99

by Andy Dodd (#48204403) Attached to: Samsung Acknowledges and Fixes Bug On 840 EVO SSDs

Um, it's not 5 products out of several thousand. These are all screwups by a single division that refuses to learn from their mistakes and repeatedly makes the same kinds of mistakes over and over again.

They KNEW that the VYL00M/MAG4FA/KYL00M fwrev 0x19 was faulty, and they kept on shipping it for MONTHS in devices even though they had a newer fwrev (0x25) that didn't cause these problems.

They KNEW they had a track record of secure erase issues, and a year after becoming aware of a device-bricking bug, they were STILL shipping products vulnerable to that bug (the 840 Pro secure erase mess).

You simply don't see this sort of crap occur with eMMC chips from other manufacturers like Toshiba. Yeah, some of them have quirks, but none of them have such severe bugs that they render the device they're installed in unrepairable without a motherboard replacement.

Comment: Re:More specific (Score 2) 135

by Andy Dodd (#48203225) Attached to: Ask Slashdot: Aging and Orphan Open Source Projects?


"under a corporate aegis"

Depending on how the company manages the open source project, this can strongly discourage community members. Even if the company TRIES to encourage community development, a combination of licensing and other behaviors of the company might cause issues.

See - I once saw another article (can't find link) where one of the MariaDB guys said that with the new org structure of MariaDB, they have FAR more community contributions than MySQL ever did, even before getting purchased by Oracle.

Another example was the Cyanogen Focal relicensing incident. Cyngn's founders tried to use their CLA to obtain MySQL-style dual licensing (and the founders cite MySQL's business model as their inspiration despite the fact MySQL never had a vibrant community behind it) caused a nasty forking event, and also caused other community projects in the AOSP-derivatives space to reduce their cooperation with CyanogenMod. I keep on hearing/seeing evidence that implies numerous people on the "community" side of things that stayed with the project are pretty unhappy, only staying because it's still (for now) the dominant and most well known project in that space. Cyngn leads have even found themselves having to bribe people with devices to get them to stay.

(Disclaimer: I was one of those who left CM after the Focal relicensing dispute.)

+ - China performing SSL MITM attacks on iCloud

Submitted by IamTheRealMike
IamTheRealMike (537420) writes "Anti-censorship blog GreatFire has published a story claiming that SSL connections from inside China to Apple iCloud are being subject to a man in the middle attack, using a self signed certificate. Apple has published a knowledge base article stating that the attacks are indeed occurring, with example screenshots of the SSL cert error screens used by popular Mac browsers. Unfortunately, in China at least one natively produced browser called Qihoo markets itself as "secure", but does not show any certificate errors when presented with the self signed cert. Is this the next step towards China doing systematic SSL MITM attacks, thus forcing their population onto Chinese browsers that allow the surveillance and censorship to occur?"

Comment: Re:I never ever commented on the SCO issue in any (Score 1) 187

We knew what was going on when you ran your anti-IBM campaign, sometimes even positioning yourself as arguing on behalf of our community. It was a way to lend credence to IBM and MS arguments during the SCO issue. To state otherwise is deceptive, perhaps even self-deceptive.

Florian, you would not be devoting all of this text to explaining yourself if you didn't feel the need to paint your actions in a positive light. That comes from guilt, whether you admit it to yourself or not.

Go write your app, and if you actually get to make any money with it you can give thanks, because it will happen despite what you worked for previously. Keep a low profile otherwise because your credibility is well and truly blown and you can only make things worse. And maybe someday you can really move past this part of your life. But I am not holding out much hope.

Comment: Classic Samsung... (Score 4, Informative) 99

by Andy Dodd (#48198863) Attached to: Samsung Acknowledges and Fixes Bug On 840 EVO SSDs

Couldn't write a proper wear levelling algorithm if their life depended on it.

First the MAG4FA/KYL00M/VYL00M data corruption bug that affected the Galaxy Nexus - https://android.googlesource.c...

Then (actually BEFORE it, Google found it during Galaxy Nexus development but Samsung kept it hush-hush - but it became a public issue much later) - the infamous Samsung Superbrick fiasco (If you fired a secure erase command at the chip, it had a chance of permanently corrupting the wear leveller data to the point where the chip's onboard controller would crash until you power cycled it any time you accessed that region of flash). -

Then pre-release 840 PRO devices suffer from the SAME DAMN BUG SAMSUNG HAD BEEN AWARE OF FOR OVER A YEAR - - While this only affected review devices, the fact that this was a known bug since before the release of the Galaxy Nexus (a year earlier) is inexcusable.

Then there was the Galaxy S3 "Sudden Death Syndrome" issue in late 2013... -

Then there were a few other issues -

Now this...


NPR: '80s Ads Are Responsible For the Lack of Women Coders 711

Posted by Soulskill
from the advertisers-driving-culture dept.
gollum123 writes: Back in the day, computer science was as legitimate a career path for women as medicine, law, or science. But in 1984, the number of women majoring in computing-related subjects began to fall, and the percentage of women is now significantly lower in CS than in those other fields. NPR's Planet Money sought to answer a simple question: Why? According to the show's experts, computers were advertised as a "boy's toy." This, combined with early '80s geek culture staples like the book Hackers: Heroes of the Computer Revolution, as well as movies like War Games and Weird Science, conspired to instill the perception that computers were primarily for men.

Comment: Re:Irrelevant. Comes down to users. (Score 1) 104

by Andy Dodd (#48194837) Attached to: Which Android Devices Sacrifice Battery-Life For Performance?


I've had so many devices that people claimed had shitty battery life, when I had no issues whatsoever. Like the Nexus 4.

(The N4 DID have some issues on initial release with the GPU frequency governor and broken wifi ARP offloading, but once these were fixed the device was great.)

Same with the Nexus 5. Google had some nasty power management bugs that killed battery on some wifi networks, but they had commits on AOSP within days that fixed the issue on the next OTA.

We want to create puppets that pull their own strings. - Ann Marion