Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment Re:Maybe a good thing (Score 1) 363

The sensor does not do the decryption or authentication. The attack vector would be a sensor that has been replaced with a mechanism that replays a snapshot of the phone owner's fingerprint and sends that down the wire to the mainboard. Apple is attempting to curtail that type of attack by authenticating the physical sensor to the mainboard.

Comment Re:More developers? (Score 3, Insightful) 53

If they're open sourcing it to get more active development, I expect they've got a tough row to hoe.

I don't think they're putting the source code out there so people will improve these libraries. They've got the payroll to hire armies of people to work on this. I suspect Microsoft wants to see greater adoption of this code by seeding an ecosystem of projects that are utilizing it. Kind of like how they've posted Windows 10 iOT for free. Different, though, because it's not open source, but they want people to use it so their platform stays relevant in a quickly evolving technological landscape.

Comment Re:For research, this seems invaluable (Score 1) 44

Like you, I'm outside my discipline trying to comment here....

Sure, but taken far enough this solution would mean the attackers would need to write a whole new thing.

I'm thinking one really big wrench that can be thrown into algorithmic detection is if a randomly selected salt is used in each permutation of the malware. That could force this type of analysis to require dramatically larger resources with little architectural investment on the part of the malware creators.

Comment we're using something called 'APK' over here (Score 4, Funny) 62

Two weeks ago, my boss had us all download and install a few files described as 'APK'. She assured me it would protect our desktop machines from any and all potential malware threats. So far, I can't say she's wrong.

The weird thing is that when I try to search for reviews of this product, everything that turns up in Bing seems to be written by people with mental disorders. I guess it's probably anti-astroturfing by commercial competitors.

Comment Re:Time Efficiency is the answer (Score 1) 123

Turn off the TV. Go into online learning fast & hard.

I've been thinking about this comment all day. I can't endorse the sentiment more. Especially when machine learning is looming on the horizon.

Everyone reading this now better be continually expanding their skill set and experience. The promise of machine learning is to make those who aren't doing this obsolete in the workforce. If you think domain knowledge makes you irreplaceable, that's exactly the target of machine learning.

Udemy has really well-produced online classes available for ten bucks. Go enroll now and thank me when you have a job in ten years.

Comment Re:Can you lock the IP address? (Score 1) 136

You're assuming that an attacker can't compromise any routers, NATs, firewalls, or other systems in between.

Yeah, because the people who break into houses don't have those skills or they would be committing less-risky crime that doesn't involve broken glass, guns, dogs, pepper spray, and pawn shops.

Comment Re:IP matching (Score 1) 136

@Laird is 10000% on target here. The OP is attempting to introduce unnecessary, unwieldy complexity into a scenario that absolutely does not need it. The indication here is that the OP heard about VPN and thinks it's the holy grail of secure.

The right tool for the right job.

VPN is an ideal solution when remote users need unfettered access to an unlimited range of devices and ports on a secure, firewalled network. In this use-case, the video feed is delivered from one single aggregation server responding to HTTPS requests on a single port. The monitoring company does not need to access a bunch of devices on the internal network.

All of this is ridiculous, anyway. The type of criminal who is breaking into a house does not possess the technical skill set to defeat SSL security or even figure out a home address from an IP address and vice-versa. If they did, there is a whole swath of crime opportunities available to them that doesn't risk being shot, cut on broken glass, and in most cases even arrested.

Just NAT the SSL-secured port through the firewall to the video streaming server and be done with it. Thank you, please drive through.

Comment Re: "anonymous" and "secure" what a joke (Score 1) 57

I think the goal they are trying to provide is sincere and valid. But, looking over their company, I don't see a reason to trust their implementation. Check the 'about' page and you'll see no description of anyone being a true data scientist with a Masters or Phd. To be credible, they would need to have a third-party security audit performed on their source code. No mention of that anywhere.

Because it's closed-source, you have no assurance the client and server are not juggling SSL keys and allowing a MITM attack to be performed at the request of a subpoena.

An easy step to credibility would be to publish their server's API and allow third-parties to implement their own mail client apps. Then they become a cloud service provider and leave the app development to others (in addition to a feature-poor POC app developed in-house).

Finally, not to beat a dead-horse here, but this phrase isn't confidence-building--

"By using open source encryption libraries, we can help guard against back doors designed to compromise your privacy."

No guarantee against back doors. They're just helping to guard against them.

Comment brick and mortar is an assett (Score 4, Interesting) 203

As the summary suggests, Walmart does have an advantage in its distribution network and storefront locations. At a greatly-reduced cost, Walmart could very quickly compete with Amazon for Same-Day delivery service if that proves to be lucrative.

Additionally, in the not-so-distant future, when autonomous vehicles become the norm, consumers could order online and send their own car to the Walmart distribution center to be loaded up with the groceries, etc. to reduce the cost of deliver.

Comment not a pool of geniuses (Score 1) 492

To some degree, the fact that nearly everyone else who's a hotshot in the tech industry is there means it's easier to find the talent you want there.

I think there's a widespread misconception that San Fran is this big mingling party of 'hot shots.' That talent pool is filled with clueless millennials as much as geniuses. Both groups of recruits think they are geniuses and will attempt to leverage unrealistic salaries.

As easy as it is to recruit from that genius pool next to the Bay, so too, is it easy to lose your genius back into the pool. Might make more sense to get them stranded out in Biloxi...

Comment Mercedes probably isn't cheating (Score 2) 323

I strongly suspect every German brand is doing the same thing in the US...

You know, Mercedes doesn't really sell many of their diesel passenger cars in the US like they do in Europe. I suspect the obstacle is the stringent EPA regulations limiting their ability to deliver a vehicle in the US with compelling gas mileage AND performance.

Mercedes management needs to be scrutinized by shareholders right now. While Volkswagen has been selling dozens of thousands of diesel vehicles in the US, Mercedes management should have been demanding their engineers create similar products. When the engineers shrugged their shoulders saying, "It can't be done without cheating the tests," Mercedes management should have conducted independent tests on Volkswagen TDI cars and alerted the EPA of the fraud. Where's the competitive research?!?!? Mercedes really has dropped the ball here.

Comment Re:And what, pray tell, is a "digital agenda"? (Score 1) 109

Supporting Sycraft's observations, let's just take one segment-- cellphone SOCs. Little-known-fact, the team at Samsung working on the next iteration of the ARM processor intended to power their next cellphone-- they're based in Austin, Texas. Sure, ARM is a British company, but strangely, they have offices in Austin, Texas, also.

If this CISCO genius was speaking the truth, Apple would have Chinese engineers near the FOXCOM factories designing the hardware for all its mobile devices. Oh, wait- Apple has several hundred electrical engineers who happen to have (512) area codes programmed into their prototype iPhones.

Comment Also- preventing oversaturation of service (Score 1) 471

Everything rjstanford is saying is accurate and true. I'd like to add on that these regulations serve the interest of preventing the streets from being clogged with taxis. Most cities limit the number of taxis that can operate on city streets. This is valuable because:
  1. Too many providers lowers pricing making it unsustainable for providers to make a living wage.
  2. Creates congestion (traffic)
  3. Reduces incentive for people to use public transit

Slashdot Top Deals

An engineer is someone who does list processing in FORTRAN.