Forgot your password?
typodupeerror

Comment: Re:It's not arrogant, it's correct. (Score 5, Insightful) 466

by Qwerpafw (#46567203) Attached to: AT&T Exec Calls Netflix "Arrogant" For Expecting Net Neutrality

Put another way:

* Netflix pays for their bandwidth
* Customers pay for their bandwidth

And yet, AT&T wants more money because they think they have the right to charge Netflix more to pass through their tollbooth.

People aren't paying for "Internet except for Netflix" and Netflix isn't paying their bandwidth costs for "Internet except for consumers."

AT&T, and other providers, should have no right to put up walls. If there are issues of peering, those should be working out at the peering level, and not at the application/service or individual business level.

The news about Apple being willing to pay for AppleTV to have a "special line" to consumers is particularly worrisome and strikes the core of the problems with anti-net neutrality positions: they create unfair markets with barriers to competition. Netflix may complain, but they can (and do! with Comcast) pay if they have to. Apple can afford to pay the gatekeepers as well.

But some new startup (Aereo, for example) or small business? They can't and won't be able to pay those gatekeeper tolls to reach consumers. And they'll be prevented from competing or disrupting.

Big business will thrive in an anti-net neutrality world. Honestly, it might even help Netflix in the long run as barriers to any competing service will be high. But it's anticompetitive and small businesses and startups alike will be prevented from innovating, and maybe even be driven out of the market by an inability to pay these tolls.

Comment: Re:Shades of WinAmp 3 ? (Score 4, Informative) 199

by Qwerpafw (#46516345) Attached to: A Call For Rollbacks To Previous Versions of Software

Apple now lets you install old versions of Apps on iOS provided that

* You installed the old version when it was available
* The developer has not opted out of this policy in iTunes Connect
* The new version is not supported on your device

If they dropped the third requirement it might satisfy a lot of what you'd like to see.

Comment: Re:Unable to go through scanners (Score 1) 141

by Qwerpafw (#46370855) Attached to: Live Q&A With Ex-TSA Agent Jason Harrington

You're not a cancer survivor if you had a benign melanoma.

Tumors can be cancerous or benign. They are not cancer if they are benign, by definition. You're the "survivor" of a benign tumor, which is unexceptional since generally everyone survives benign tumors. Sometimes benign tumors can be uncomfortable and occasionally they can press against nerves and cause issues, in which case they are removed. However, they are not cancer, and you are not a cancer survivor.

I have lipoma tumors all over my body (6-7). They are relatively small. Most cannot be seen visually, as they are beneath the skin. Some people have them removed for cosmetic reasons. I have not had mine removed since they do not bother me. They are not cancer.

Comment: NSA (Score 4, Interesting) 140

by Qwerpafw (#46313023) Attached to: Apple SSL Bug In iOS Also Affects OS X

Some bloggers and commentators online (no mainstream media news sites... yet) have suggested that this bug was introduced by the NSA based on the fact that Snowden's leaked slides showed evidence that the NSA had developed and was working on further ways of targeting and compromising secured iOS traffic.

We know the NSA compromised RSA through Dual EC_DRBG. It's not hard to imagine they wanted to compromise SSL/TLS on Apple platforms.

The bug was found via internal code review according to the credits for discovery, which means nobody else has disclosed they knew about this in the wild (so this is an exposed zero day crypto exploit on both OS X and iOS platforms).

This link is informative - the kicker is he properly indented but obviously duplicated and incorrect "goto fail;"

https://www.imperialviolet.org...

static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
                                                                  uint8_t *signature, UInt16 signatureLen)
{
        OSStatus err; ...

        if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
                goto fail;
        if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
                goto fail;
                goto fail;
        if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
                goto fail; ...

fail:
        SSLFreeBuffer(&signedHashes);
        SSLFreeBuffer(&hashCtx);
        return err;
}

Maybe this came out due to bad coding practices, but the kind of bug where the code visually looks ok on the surface, compiles and passes without compiler warnings, and works fine aside from allow the comprise is very suspect.

And at the minimum the NSA has been exploiting this rather than alerting people. Our government needs to stop weakening computer security and go back to working for the people, not against them.

Comment: MR Spectroscopy (Score 2) 23

by Qwerpafw (#45501705) Attached to: Detecting Chemicals Through Bone

The article summary is incorrect. MR Spectroscopy (MRS) is used today to measure molecules inside the brain. Resolution is not great for 3D MRS in clinical applications (due to the tradeoff between SNR and resolution, acquisition times are slow), but it's more than high enough to distinguish between different regions of the brain. And it's very common to perform single-voxel imaging and only get the spectroscopy for a given piece of tissue - for example, where a tumor is located.

MRS easily detects metabolites and ratios, like choline, NAA, as well as things like lipids, and alcohols. It requires expensive scanners, but it works and is used routinely in brain imaging today. The article mentions something that does not work clinically, and is being demonstrated in a lab with a piece of meat. The technology in the article is not a "first step" to understanding molecules in the brain, because we already have that technology today with MRS.

Comment: Qt/Trolletch (Score 4, Insightful) 136

by Qwerpafw (#41889321) Attached to: Nokia "Suspends" Its Free Developer Program

I guess I'm glad they spun off Qt before going back and regressing past the paid-commercial-development trolltech days for Qt.

Admittedly Trolltech used to offer free GPL noncommercial Qt licenses, but that sort of licensing isn't even possible with Windows Phone. Still painful to see open source transition into the most closed model of all.

Comment: Confirmation Bias - better title (Score 4, Insightful) 285

by Qwerpafw (#39783261) Attached to: One In Five Macs Holds Malware — For Windows

One in five macs where people chose to install antivirus software have (inactive) Windows malware.

Which is a bit like saying "one in five cars brought to the mechanic get serviced for something." The survey is skewed due to the sample group - most Mac users never install any anti-virus software.

The only places I've seen it installed are on computers in corporate environments where there are already viruses being passed around commonly via email attachment, USB stick, and network drives. These places install antivirus on Macs so users don't forward a virus to Windows users - and it sounds like from this survey, that's with good reason.

Apple's Mail software (and Microsoft's Outlook for Mac) cache attachments locally on the user's disk, so it's very easy to "have" malware and viruses if you just receive email (even without opening it).

It's a bit ridiculous to claim they are "infected" however, and again, the sample group is not really representative. That said, I don't think Macs are in any way immune from viruses. Apple's iOS-like sandboxing and signed-app requirements would likely help OS X considerably in this regard, but of course every decision that increases security by removing control from the user also infuriates free/open software proponents and hackers. Think of jailbreaking iOS and how Apple patches security holes - this is maddening for people who want to jailbreak, but is ultimately an attempt to fix a potential infection vector.

Comment: Citrix + Amazon (Score 4, Interesting) 29

by Qwerpafw (#39566189) Attached to: Citrix Moves Away From OpenStack For Apache

Citrix already has a close relationship with Amazon. They have testing images available, white papers on how to integrate private and public EC2 cloud "farms" with your existing Citrix infrastructure, and not only promote Amazon AWS/EC2 for corporate usage, but make it easy for admins to draw on it as a test base for learning and playing with their new software offerings.

It wouldn't surprise me if they have plans to tie in per hour or other commoditized Citrix licensing with Amazon at some point in the future.

As they do all of this they will inevitably move closer towards Amazon and further away from Amazon's competitors. I don't see this as a surprising development.

I think is less about OpenStack and its relative merits and detriments, and more about Citrix and their corporate partnerships and strategic direction.

Comment: Re:Hmm (Score 1) 265

by Qwerpafw (#30846760) Attached to: YouTube Offers Experimental Opt-In HTML5 Video
ogg is not hardware accelerated on your laptop, and if you're still using a PDA then you're a couple generations back anyways.

All modern smartphones (anything that runs android, pre, iPhone, even most of RIM's stuff) play H.264 and have hardware acceleration for it, many "dumbphones" even play H.264.

Netbooks all have H.264 hardware acceleration...

sorry that your decade old 3Com Palm Pilot doesn't play HD video, don't blame google for that one.

Comment: Re:Should be a selling feature... (Score 1) 265

by Qwerpafw (#30846700) Attached to: YouTube Offers Experimental Opt-In HTML5 Video
To clarify, from the site

Additional Restrictions (we are working on these!)

*Videos with ads are not supported (they will play in the Flash player)

Ads will still play, and will in fact inflict flash on you. There's really no good way right now to force people to watch advertisements if the whole video is H.264 (since you could just scrub past the ads), so I can understand this, even if I don't like it.

What they'll probably eventually do is break the video up into a bunch of shorter videos, with ads in between. Then they can load each part in sequence, and enforce a timer on the ad portion so even if you scrub through the ad you still have to wait for the timer.

Comment: This is fantastic news (Score 1) 265

by Qwerpafw (#30846604) Attached to: YouTube Offers Experimental Opt-In HTML5 Video
I've been using ClickToFlash with safari for a long time now, which suppresses the flash in youtube videos and plays them in H.264 (when possible) directly. This is a tremendous CPU boon on a netbook - I can't play flash, HD or otherwise, fullscreen, but quicktime plays H.264 just fine. Flash is a horrible monster, and with all the vulnerabilities and instability that it brings along with it, the faster youtube moves away from it, the better.
Security

SSLStrip Now In the Wild 208

Posted by CmdrTaco
from the not-the-marisa-tomei-kind dept.
An anonymous reader writes "Moxie Marlinspike, who last week presented his controversial SSL stripping attacks at Black Hat Federal, appears to have released his much-anticipated demonstration tool for performing MITM attacks against would-be SSL connections. This vulnerability has been met with everything from calls for more widespread EV certificate deployment to an even more fervent push for DNSSEC."

An Ada exception is when a routine gets in trouble and says 'Beam me up, Scotty'.

Working...