Please create an account to participate in the Slashdot moderation system


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:It depends (Score 1) 485

by Ronin Developer (#49337293) Attached to: No, It's Not Always Quicker To Do Things In Memory

All else being equal, I am betting that they coded in a language that:

1) Uses the heap to allocate/reallocate memory (ie. 1 million times).
2) Uses non-mutable strings.

This will be significantly less efficient (i.e painfully slow) than writing each byte to a buffer in the HD and then committing the buffer to disk.

Snap...just read the article. They used Java and Python...need I say more.

Comment: Re:The App Store stuff is more interesting (Score 1) 269

by Ronin Developer (#49335457) Attached to: Developers and the Fear of Apple

The "race to the bottom" is a reality when developers flood the market with cheap knock-off versions of other apps and there is no enforcement to check that behavior (i.e copyright law). This results in a large number of non-original, low quality apps. being created by a developer sitting in a hovel and with no original ideas of their own prospering from a lack of integrity. There are ways large corporations, such as Google or Apple, could address this problem just as they go after clones of their products.

Unless you create the next "Angry Birds" or equivalent, the age of $0.99 apps making a developer rich (or even possessing a living wage) are long over without enforcement against clones.

As for a company strong-arming journalists with negative reviews - while we appreciate their candice as consumers, they are not in the best interest of the corporation. While a single bad review might be frowned upon, I would suspect multiple product or company bashing articles would result in a ban. They are corporations, not gov't. and transparency is not required.

Lastly, when you agree to be a developer for a platform, you do agree to their terms. If you don't like the term, develop for another platform. Apple, if memory serves me correctly, has over 47% of the market (vs 46% for Android). Apparently, people still prefer Apple's products (despite it being a single vendor vs the many of Android). You can say it's not as good. Millions will say otherwise. And, that is where they are willing to spend their money 47% of the time. The demographic of those willing to spend money on apps and having larger affluence still leans in Apples favor. As a result, this is where larger corporations will spend their money and Apple knows they can call the shots for now. So, they do. If and when Android devices become the products of choice by not only consumers but large enterprises, (things big pharma, EHR, eDetailing, etc) the tables will turn and there will be changes in how the new underdog approaches the world.

Comment: Re:Can't have it both ways (Score 2) 337

by Ronin Developer (#49301557) Attached to: German Vice Chancellor: the US Threatened Us Over Snowden

No, they would just go into a prestigious hotel room, get caught, and resign.

What planet are you on? Espionage and counter-espionage have been going on since the dawn of time. It knows no party limits. Without it, we'd be a pile of nuclear rubble by now or launching attacks into countries on a belief. Oh...wait.

Comment: Re:Know what's worse? Cleartext. (Score 1) 132

by Ronin Developer (#49282533) Attached to: Researchers Find Same RSA Encryption Key Used 28,000 Times

Of course systems continued to support the older mode at first.

That being said, the regulations regarding key length were relaxed starting in 1998. By 1999, all restrictions on key length were removed for import and export to all countries not on the terrorist state list. Risk analyses had already been done by any company that had requested a license to export cryptographic products. So, when the restrictions were lifted, the dangers of the export key length restrictions were well known.

In particular, use of longer key lengths were approved for use in key industries such as banking and medical and online commerce. That was 15 years ago.

Interoperability isn't the issue here - it's all about cost and profit. Privacy and protection of data (especially, personally) were not a priority provided the costs of compromise didn't break the bank (pun intended).

Found an interesting link that explains the timeline and legislation regarding crypto laws for many different countries. The listing is alphabetical.

Comment: Re:Know what's worse? Cleartext. (Score 1) 132

by Ronin Developer (#49277117) Attached to: Researchers Find Same RSA Encryption Key Used 28,000 Times

Weak encryption is infinitely WORSE than none.

The illusion of security is more likely to cause people to divulge information that they wouldn't do in plain text.

I remember when the export key laws were in place. Once the regulations were changed doing away with them, software and equipment should have been required to remove the obsolete code or be taken off the market.

My question is how could OpenSSL still have had this potential backdoor? Why was this not removed at first opportunity?

Comment: Re:Aren't these already compromised cards? (Score 1) 269

by Ronin Developer (#49276535) Attached to: Fraud Rampant In Apple Pay

I disagree. The banks and card issuers should have performed a risk analysis and identified the yellow path authorization as a problem. It has become Apple's problem because of bad press caused by the institutions not doing their job adequately. Thankfully, in most cases, the card holder is not responsible for unauthorized CC use without a valid signature or PIN involved with the purchase.

What I am unclear is what happens to the original card after it is imported into Apple Pay. Perhaps, when a card is imported into Apple Pay, use of that card outside Apple Pay should not be possible until unlinked by an action taken by the Apple Pay user (or, issuer if phone was lost). This could be a temporary measure for one-off uses with automatic or manual Apple Pay reactivation if a separate card (and number) is not issued by the institution.

Something a simple as having an SMS sent to the card-holder's phone alerting them to use of their card outside of Apple Pay could be the solution.

While some of these issues could be resolved by Apple, it is the banking and card issuing institutions that need to step up and improve their process. What happened here is their desire to get in on the deal and not be left behind as an excuse for inadequate processes.

Comment: Re:Aren't these already compromised cards? (Score 5, Informative) 269

by Ronin Developer (#49274911) Attached to: Fraud Rampant In Apple Pay

I read another article on this. As the article tries to expose, the fault lies not in Apple Pay, but rather in (as the article suggests), the process by which cards are authorized for use with Apple Pay during the onboarding process. There are two paths, the Green Path and the Yellow Path when authorizing a card. The difference is the types of information collected and passed. Most cards go down the Green path. But, when a card has incomplete information, it goes down the Yellow path and is subject to less stringent and, sometimes, manual intervention. It is down this pathway where the fraud occurs.

While a card is being approved during the Yellow pathway, the card can be used using the card number, expiration date and, not always, the security check value.

It is up to the banks and card issuers to secure their onboarding process. Apple (via Apple Pay) is not responsible for ensuring this takes place. Thankfully, the fraud is easy to detect and remedy. Next year, when our cards all have chips in them, the exposure via the Yellow Path will all be eliminated.

Apple supporters were right to call out Mr. Abraham - he is biased and attempting to create FUD against Apple and Apple Pay. The real fault and finger pointing needs to be directed to the banks and they need to get their houses in order.

Comment: Going to be a noob (Score 1) 213

Please...serious answers only...I don't care if you hate/love Apple or Android.

But, what is the likelyhood of the following:

1) Malware running on your non-jailbroken iPhone?
2) Malicious scripts running in the browser talking to other apps on the device?
3) Potential for your SMS traffic to be intercepted on a non-jailbroken iPhone?
4) Ability of an app to access SMS traffic on an iPhone?

Now, apply the same questions as they apply to latest incarnation Android?

My understanding is that sandboxed nature of iOS would/should prevent malicious apps from being run (assuming, you don't download one from the store or have allowed someone to physically compromise your device). iOS does not allow one access to received SMS traffic (unlike, Android). This means a user would have to manually enter the received token. To gain access to pushed traffic, something like APNS (on iOS) or GNS (Android) might be a better solution. Dumb phones can use SMS.

I would not suggest accessing your email from the same device as your token receiver, but can iOS' sandbox architecture provide enough of a firewall?

Are there exploits in the wild for iOS and/or Android making this a serious threat?

Comment: Ah...Time Zones...Such tricky things. (Score 0) 129

by Ronin Developer (#49235285) Attached to: New Evidence Strengthens NSA Ties To Equation Group Malware

From the article: "Assuming they worked a regular 8 to 5 workday, the timestamps show the employees were likely in the UTC-3 or UTC-4 time zone, a finding that would be consistent with people working in the Eastern part of the US."

Neither UTC -03:00 nor UTC -04:00 are associated with the Eastern US.

UTC -03:00 is associated with: Buenos Aires, Montevideo, São Paulo

UTC -04:00 is associated with: Santiago, La Paz, San Juan de Puerto Rico, Manaus, Halifax

UTC -05:00, however, is however, associated with Eastern US.

Yes, timestamps could be altered.

And, the existence of a particular keyword does not imply NSA ties. It implies that somebody typed a known NSA keyword into the file.

I think Kaspersky likes to read about his brilliance in the pubs. Where's the selfie?

Comment: As an Apple product owner and developer.. (Score 3, Insightful) 529

by Ronin Developer (#49218587) Attached to: Apple's "Spring Forward" Event Debuts Apple Watch and More

I was underwhelmed by the watch. Frankly, I nearly coughed up a lung when they mentioned / confirmed the price of the gold model. A few will buy it simply because it's Apple. To me, it's not a something I'd drop the equivalent of a few months rent or mortgage on. The Sport model will sell quickly among the fans.

Battery life still sucks. Personally, one should not have to charge their phone once a day. A week should be the minimum between recharges.

Lastly, as a critique item, it's pretty hard to justify why one should pay almost as much for an accessory as the device it extends. The iPhones will be relegated to the back pocket just begging to be sat upon and requiring a new phone be purchased....Wait a minute....

Does the concept have promise? Perhaps. It will be initially be a success among the health AND selfie conscious. Some interesting and useful apps will be developed ( I can think of a few ). But, it will take about a year for people to decide if its worth having. That's when the general population decides it is or isn't useful. At that time, I may break down and buy one if it looks like the market for Apple Watch apps holds potential (financial) as anything other than a fad.

Comment: Thank You, NSA!!!! (Score 2) 538

I am sure, after the Snowden revelations, that she felt that using her personal email for conducting official business was the safest and most prudent way to backup her email. It required absolute no effort on her part and it was guaranteed to be retained. A Win Win for sure!

Comment: Re:So live underground (Score 2) 135

by Ronin Developer (#49149235) Attached to: Adjusting To a Martian Day More Difficult Than Expected

This is no different that what submariners experience - with no natural light, they move to an 18 hour day (6 on 12 off). Contrast this to driving across the ocean in a ship and traversing the various time zone. The would adjust things on the ship so as to try to minimize the effect. However, it still sucked.

BTW, the moon is also tidally locked with the Earth with it's rotation period and orbital period matching almost exactly 1:1. That's why the moon never seems to rotate from our perspective.

Comment: Re:Same error, repeated (Score 1) 309

by Ronin Developer (#49137329) Attached to: Moxie Marlinspike: GPG Has Run Its Course

True. You can't stop spammy content from being inserted into an email. However, being able to identify the source of the email as being from a trusted source or not makes it pretty easy to identify and classify potential unwanted email. Other techniques still would need to be applied on messages that pass the first round of filtering to determine the likelyhood they are or not real spam.

Time-sharing is the junk-mail part of the computer business. -- H.R.J. Grosch (attributed)