Forgot your password?
typodupeerror

Comment: Something of note: (Score 1) 824

by alostpacket (#46597171) Attached to: Some Mozilla Employees Demand New CEO Step Down

Not sure about behavior, but as a 501c3, Mozilla is not allowed to donate to candidates and has limits on lobbying. But I do not know what exactly the limits are.

https://en.wikisource.org/wiki...

Something in there...

The lobbying ceiling amount for any organization for any taxable year is 150 percent of the lobbying nontaxable amount for such organization for such taxable year, determined under section 4911.

Hopefully someone has a greater interest in deciphering that.^ It does not seem related to anything decided in Citizens v United as far as I can tell.

Google

Google Glass Signs Deal With Ray Ban's Parent Company 125

Posted by Unknown Lamer
from the you're-not-cool-enough dept.
sfcrazy (1542989) writes with news that fancier Google Glasswear is coming soon "Google has signed a deal with The Luxottica Group, the world's largest eyewear company (controlling 80% of the eyewear market). Luxottica owns Ray-Ban, Oakley, Vogue-Eyewear, Persol, Oliver Peoples, Alain Mikli, and Arnette. The deal shows how serious Google is about Glass, contrary to the skepticism raised by high-profiled users like Robert Scoble who spelled doom for the device."

Comment: Re:Nope (Score 4, Informative) 117

by alostpacket (#46557929) Attached to: One Billion Android Devices Open To Privilege Escalation

I wonder, though. When you buy a new Android phone and sign in to Play, it downloads (or at least offers to) all the apps you had on your old phone. Does the same thing happen there

No, this particular exploit requires the malicious app be on a phone prior to an OS update. Additionally these apps would never* make it on the Play store as they have detectable characteristics (such as trying to use the same "Shared UID" of another app). In order to upload an app with the same Shared UID, you would need the same keystore to sign your app. Basically the way this bug works is exploiting the reverse of how the package manager grants precedence. The package manager give precedence to what is on the device first. So anything "updated" from the Play store, even if they spoofed the Shared UID and signature, would fail to install. The bug is that an app can "steal" the ability to control the permission completely, AND install itself or block the install of the legit version of an app.

So TL;DR: This definitely is a rather nasty privilege escalation bug in the package manager (if the paper is correct and I am reading it correctly), but one would likely need to side-load (or use a different app store) the malicious app prior to an OS update to get caught by it.

Agreed about permissions in general though. Personally I try not to give out contacts to any app unless they happen to be a type of "contact manager/replacement". Most apps can request a user use the default "contact picker" to add a contact, or share, or the like. No permission is required for this. The only reason apps request this is to prefill those "share with a friend" fields and to spam. This is similar to READ_PHONE_STATE, there are few legit reasons for an app to need this anymore. Apps can launch the dialer and prefill the number sans the permission, just not complete the call. They also have other ways to generate a UUID for the device without the IMEI, or the other info provided by READ_PHONE_STATE.

The USB storage permissions are antiquated, but not as sensitive. Apps do have private storage but this used to be quite limited in the earlier days of Android. The Nexus S was one of the first to come with a single, large internal storage (although even that was still partitioned). Prior to that you had a limited protected storage and an SD card. Nowadays they are adding better "Read" file permissions.

Finally, I think much of this stuff could be requested at time-of-use, rather than install. But they have to balance the "Are you sure you want to allow X?" disaster that was Windows UAC vs. sensible permissions. It is not as easy as it looks.

* (Well maybe not never, but very close to never...)

Comment: Star Trek DS9 (Score 1) 914

This was actually an episode on Star Trek DS9. O'Brien was punished by some alien culture and served a ~20 year sentence in a matter of ~hours (iirc). They claimed it was more humane and economical than prison. However I think the moral of the episode is that it really scarred him mentally (and he was innocent, again iirc).

Could there be a humane way to use something like this? Personally I highly doubt it, but I can't completely rule it out as just barely plausible (Kinda like Star Trek in general). I just can't imagine how this would be used without causing mental instability.

Crime

Time Dilation Drug Could Let Heinous Criminals Serve 1,000 Year Sentences 914

Posted by Unknown Lamer
from the miles-was-never-the-same dept.
Hugh Pickens DOT Com (2995471) writes "Like something out of the movie Inception, Rhiannon Williams reports in the Telegraph that Dr. Rebecca Roache, in charge of a team of scholars focused upon the ways futuristic technologies might transform punishment, claims the prison sentences of serious criminals could be made worse by distorting prisoners' minds into thinking time was passing more slowly. 'There are a number of psychoactive drugs that distort people's sense of time, so you could imagine developing a pill or a liquid that made someone feel like they were serving a 1,000-year sentence,' says Roache. Roache says when she began researching this topic, she was thinking a lot about Daniel Pelka, a four-year-old boy who was starved and beaten to death by his mother and stepfather.

'I had wondered whether the best way to achieve justice in cases like that was to prolong death as long as possible. Some crimes are so bad they require a really long period of punishment, and a lot of people seem to get out of that punishment by dying. And so I thought, why not make prison sentences for particularly odious criminals worse by extending their lives?' Thirty years in prison is currently the most severe punishment available in the UK legal system. 'To me, these questions about technology are interesting because they force us to rethink the truisms we currently hold about punishment. When we ask ourselves whether it's inhumane to inflict a certain technology on someone, we have to make sure it's not just the unfamiliarity that spooks us,' says Roache. 'Is it really OK to lock someone up for the best part of the only life they will ever have, or might it be more humane to tinker with their brains and set them free? When we ask that question, the goal isn't simply to imagine a bunch of futuristic punishments — the goal is to look at today's punishments through the lens of the future.'"
The Almighty Buck

Gates Warns of Software Replacing People; Greenspan Says H-1Bs Fix Inequity 516

Posted by samzenpus
from the man-with-the-plan dept.
dcblogs writes "Bill Gates and Alan Greenspan, in separate forums, offered outlooks and prescriptions for fixing jobs and income. Gates is concerned that graduates of U.S. secondary schools may not be able stay ahead of software automation. 'These things are coming fast,' said Gates, in an interview with the American Enterprise Institute 'Twenty years from now labor demand for a lots of skill sets will be substantially lower, and I don't think people have that in their mental model.' Meanwhile, former Federal Reserve Chair Alan Greenspan believes one way to attack income inequity is to raise the H-1B cap. If the program were expanded, income wouldn't necessarily go down much, but it would go down enough to make an impact. Income inequality is a relative concept, he argued. People who are absolutely at the top of the scale in 1925, for instance, would be getting food stamps today, said Greenspan. 'You don't have to necessarily bring up the bottom if you bring the top down.'"
Government

Snowden Says No One Listened To 10 Attempts To Raise Concerns At NSA 273

Posted by timothy
from the in-violation-of-the-go-along-to-get-along-directive dept.
As reported by the Washington Post, Edward Snowden denies in no uncertain terms the idea that he failed to go through proper channels to expose what he thought were troubling privacy violations being committed by the NSA, and that he observed as a contractor employed by the agency. The article begins: "[Snowden] said he repeatedly tried to go through official channels to raise concerns about government snooping programs but that his warnings fell on the deaf ears. In testimony to the European Parliament released Friday morning, Snowden wrote that he reported policy or legal issues related to spying programs to more than 10 officials, but as a contractor he had no legal avenue to pursue further whistleblowing." Further, "Elsewhere in his testimony, Snowden described the reaction he received when relating his concerns to co-workers and superiors. The responses, he said, fell into two camps. 'The first were well-meaning but hushed warnings not to "rock the boat," for fear of the sort of retaliation that befell former NSA whistleblowers like Wiebe, Binney, and Drake.' All three of those men, he notes, were subject to intense scrutiny and the threat of criminal prosecution."
Android

Android Beats iOS As the Top Tablet OS 487

Posted by Unknown Lamer
from the gnu-feeling-left-out dept.
sfcrazy writes "Linux is on a roll. After conquering the smartphone space, Android is now dominating the tablet space. According to a new study by Gartner, 'the tablet growth in 2013 was fueled by the low-end smaller screen tablet market, and first time buyers; this led Android to become the No. 1 tablet operating system (OS), with 62 percent of the market.'" Also, everyone is buying tablets.(~200 million sold in 2013 vs ~115 million in 2012). Microsoft still only has 2% of the tablet market.

Comment: Re:Innovation? (Score 1) 264

by alostpacket (#46390411) Attached to: Apple Launches CarPlay At Geneva Show

And if they do a good job, they will push competition. This seems like a common theme with Apple. They come into a fractured mess of a product sector and make a good show of it. This is good news, car infotainment is terrible.

Plus maybe cars will be able to launch actual angry birds at each other to express road rage.

Comment: Re:Programming is not about rote memorization (Score 1) 627

by alostpacket (#46329331) Attached to: Does Relying On an IDE Make You a Bad Programmer?

Not sure if trolling but that's not really what trivial means in this context.

adjective: trivial
1. of little value or importance.
synonyms: unimportant, banal, trite, commonplace, insignificant, inconsequential,

Think "the average airspeed of an unladen swallow". "The atomic weight of cobalt"

Programming

Does Relying On an IDE Make You a Bad Programmer? 627

Posted by samzenpus
from the speak-up dept.
itwbennett writes "Writing about his career decisions, programming language choices, and regrets, Rob Conery says that as a .NET developer he became more reliant on an IDE than he would have with PHP. Blogger, and .NET developer, Matthew Mombrea picks up the thread, coming to the defense of IDEs (Visual Studio in particular). Mombrea argues that 'being a good developer isn't about memorizing the language specific calls, it's about knowing the available ways to solve a problem and solving it using the best technique or tools as you can.' Does using an IDE make you lazy with the language? Would you be better off programming with Notepad?"

Comment: Re:If Comcast were Exxon (Score 2) 520

by alostpacket (#46319465) Attached to: Netflix Blinks, Will Pay Comcast For Network Access

ISPs are not peers though, they are endpoints. The "equal data" argument only works between two backbone/transit providers. ISPs are requesting that data be sent to them. they don't get to request the data be sent to them and request that they also be paid to receive it.

Also what makes you think you only pay for upload? That makes no sense. Though I agree in that bandwidth caps are bad -- though mostly because they are generally misleading advertising.

Comment: Re:Maybe Netflix is too big for peering agreements (Score 1) 520

by alostpacket (#46319409) Attached to: Netflix Blinks, Will Pay Comcast For Network Access

1) it's the ISP's users requesting 30% of the internet traffic, not Netflix. The ISPs aren't peering at all, they are the termination point. They aren't providing a service to Netflix, or to anyone else on the internet for that matter, except their customers.
2) It's the ISPs responsibility to provide enough network infrastructure to their customers. They don't get to hold hostage their users as a product to be bought by Netflix or other content providers.
3) Netflix offers Open Connect CDN

ISPs can directly connect their networks to Open Connect for free. ISPs can do this either by free peering with us at common Internet exchanges, or can save even more transit costs by putting our free storage appliances in or near their network.

https://signup.netflix.com/ope...

I think there is a fundamental misunderstanding of how peering arrangements are supposed to work that is being exploited by the PR departments of ISPs.

"Stupidity, like virtue, is its own reward" -- William E. Davidsen

Working...