Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: Re:Religious Freedom (Score 2) 545

by Rosyna (#49694297) Attached to: California Senate Approves School Vaccine Bill

The funny thing about this... there is no mainstream religion that actually bans vaccinations. Religious dogma predates the germ theory and therefore couldn't have possibly included vaccinations as anything banned.

In fact, it's the exact opposite. Most religions (at least Abrahamic religions) dictate that personal health is a paramount concern. Even if something required for good health would violate some religious law, good health overrides the religious law. For example, Judaism and Islam declare pigs as unclean animals. They are not to be consumed. However, if a pork derivative is used in a vaccine, the rule of good health means that not getting the vaccine would actually be violating religious law.

The "religious exception" was added in there so idiotic anti-vaxxers could deny their children necessary vaccinations without ever getting questioned, because asking a person about their religion is considered discriminatory.

Comment: Re:Good enough to criticize the mechanisms (Score 1) 130

I'm not sure how this differs from the ability to set dyld environment variables to get dyld to search other paths for loading libraries (very useful for debugging). Of course, doing that requires the ability to set environmental variables (which any user can do with the Terminal). And dyld environmental variables are cleared for apps that run as root.

To me, this presentation looks like an overview of Mac OS X management and debugging features and an ad for "knockknock".

Comment: Re:Poor Design... (Score 1) 73

by Rosyna (#49532393) Attached to: Networking Library Bug Breaks HTTPS In ~1,500 iOS Apps

The sensible way would be to do what every Linux distro has been doing for 20 years now. The "APP" includes a manifest of its dependencies. When you install it from the App store (remember Apple does not make side loads easy, unless you are developer in which case you can solve deps issue by having the required packages available) it simply goes an fetches the required libraries at the same time if you don't already have them.

So then every developer would have to submit all the libraries they use separately so that they can be indexed and maintained? Who signs the libraries? How do they know Library A doesn't have a backdoor from Developer B when used in App C?

Comment: Re:Poor Design... (Score 2) 73

by Rosyna (#49526195) Attached to: Networking Library Bug Breaks HTTPS In ~1,500 iOS Apps

Non system libraries are statically linked .a files in IOS. Apple insists on this, although I'm not entirely sure why. I guess its to avoid DLL hell.

It saves them money; they don't have to spend the time developing a robust system for DLL registration, signing, updating, etc...

But it is still a really bad engineering decision, because it means what could have been patched once has to push security updates in *fifteen hundred statically linked applications*. It's their marketplace and their walled garden; they should be subsidizing the expenses which make it more secure for everybody and reduce total developer time for publishers. Push the update to developers a little in advance in case it breaks an app, then auto-push the update either to everyone or with a held-back copy for any apps that specifically flag no-security-update.

It's not rocket science, it's just good engineering.

So what are you suggesting? That every single library every single third party app uses all be installed into one location? And that every single application submitted to the app store break out their libraries separately?

iOS apps are meant to be completely contained within a single bundle.

(and yes, iOS supports dynamically linked libraries, of course it does)

Comment: Re:Poor Design... (Score 2) 73

by Rosyna (#49526109) Attached to: Networking Library Bug Breaks HTTPS In ~1,500 iOS Apps

The fact that a library cannot be updated simultaneously with a security patch in all apps in the app store with a change that does not change API or in-app behavior is kind of absurd.

Disclaimer: I am guessing this is the case, or else why would 1500 apps still be vulnerable?

Maybe because it's not a library or a framework? AFNetworking is a set of classes/source code that you add to your project. It is not meant to be used as a separate library.

And yes, bug fixes always change behaviour

Comment: Re:Data transfers (Score 4, Informative) 184

by Rosyna (#49255083) Attached to: Why Apple Won't Adopt a Wireless Charging Standard

It bugged me when Apple dropped USB cable syn(hronization) feature in Mac OS X 10.9. Lots of iDevice users were angry and made Apple add it back in the later versions.

Something that never happened bugged you? Apple never removed cable syncing from Mac OS X and iOS devices.

What did change, in Mavericks, was that SyncServices was removed. SyncServices was only responsible for syncing calendars and contact information and without it iCloud was required to sync calendars and contacts. iTunes still synced everything else.

SyncServices was added back in Mac OS X 10.9.3. But at no time did they remove the ability to sync music, photos, videos, apps, or anything other than contacts and calendars from iTunes.

Comment: Re:Yes. What do you lose? But talk to lawyer first (Score 2) 734

by Rosyna (#49192777) Attached to: Ask Slashdot: Should I Let My Kids Become American Citizens?

You're not required to file tax returns if you fall below a certain limit or otherwise don't owe taxes. Of course, if you don't file and do owe taxes, you get punished. (And if you don't file, you can still be audited, which is fun if it turns out the IRS owes you six years of refunds)

Comment: Re:Wait ... (Score 5, Informative) 196

by Rosyna (#49094011) Attached to: A123 Sues Apple For Poaching Employees

A123 has had a number of problems, from their bankruptcy in 2012, their massive layoffs and executive bonuses, to later being purchased by a Chinese company and selling off their assets

Also, non-compete agreements are not valid in California. Even out-of-state NCAs are invalidated if the employee is to work at a CA company, (Exceptions if the employee is a stakeholder/partner/owner, which doesn't apply here).

Comment: Re:Strongly Worded... (Score 5, Informative) 62

by Rosyna (#49093093) Attached to: Samsung Takes On Apple Pay By Acquiring Mobile Wallet Startup LoopPay

Correct, LoopPay only works with existing magnetic swipe readers. LoopPay works by basically cloning the credit card. The LoopPay devices sends out a magnetic field that is picked up by the magstripe reader in the POS terminal.

LoopPay does not use NFC or RFID. Which also means it's great for those that want to commit credit card fraud since there is no verification or executable code to copy. Just load up the LoopPay device with multiple CC numbers, and see which ones work.

LoopPay also does not work unless there is a magstripe reader in the POS device. In October 2015, retailers in the US will start being liable for fraud committed via the magstripe reader, meaning retailers likely won't be willing to accept magstripe cards, such as those the LoopPay copies.

Comment: Re:Remember the down side (Score 1) 190

by Rosyna (#49032173) Attached to: Smartphone Theft Drops After Spread of Kill Switches

Remember the primary concern when these laws were proposed. As soon as criminals discover a way to maliciously activate the kill switch on a non-stolen phone, there will be serious fallout. Imagine the ransomware. There are similar concerns with law enforcement, who have demonstrated a desire to be able to wipe or forever disable a phone they've confiscated (usually one documenting their misdeeds).

And how would that work? The iPhone's activation lock is removed by entering the Apple ID/password that set up Find My iPhone on the device. You cannot change the username/password combo online (because the iPhone's activation lock doesn't use network access when triggered)

Comment: Re:well duh... (Score 1) 190

by Rosyna (#49032019) Attached to: Smartphone Theft Drops After Spread of Kill Switches

At least on iOS, it's not so much a "remote kill switch". That is, it cannot be triggered remotely. For iPhones, if you opt in, a setting is set on the phone that if the iPhone is erased a username/password is required to activate the phone again. While you can initiate a remote wipe, that wipe just causes the iPhone to respect the initial offline setting.

For users, it's better if the iPhone is not wiped because then it can still be tracked with Find My iPhone.

Good day to avoid cops. Crawl to work.

Working...