Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Comment This Is The Authoring Tool, Not The Plugin (Score 5, Informative) 117

They're renaming the authoring tool, which is currently known as Flash Professional CC. It appears that the Flash Player will remain just that.

This makes perfect sense, as Flash Professional CC is increasingly being used to generate media that targets HTML5, not Flash, as output. Renaming Flash Professional CC to Animate CC eliminates the whole need to do the song and dance of "we're talking about Flash the authoring environment, not Flash the plugin" to non-technical audiences.

Comment Re:Is this really as typical as it seems? (Score 2) 118

New technology market deployments go in stages, including the following:
  1) The underlying technology becomes available and financially viable. The window opens.
  2) An explosion of companies introduce competing products and try to capture market share. They are in a race to jump through the window.
  3) There is a shakeout: A handful become the dominant producers and the rest die off or move on to other things. The window has closed.

We've seen this over and over. (Two examples from a few decades back were the explosions of Unix boxes and PC graphics accelerator chips)

IoT applications recently passed stage 1), with the introduction of $1-ish priced, ultra-low-power (batteries last for years), systems-on-a-chip (computer, radio peripheral, miscellaneous sensor and other device interfaces) from TI, Nordic, Dialog, and others. It's in stage 2) now.

In stage 2) there's a race to get to market. Wait too long and your competitors eat your lunch and you die before deploying at all. So PBHs do things like deploy proof-of-concept lab prototypes as products, as soon as they work at all (or even BEFORE they do. B-b ) They figure that implementing a good security architecture up front will make them miss the window, and (if they think that far ahead at all) that they can fix it with upgrades later, after they're established, have financing, adequate staffing, and time to do it right - or at least well enough.

So right now you're seeing the IoT producucts that came out first - which means mostly the ones that either ignored security entirely or haven't gotten it set up right yet. Give it some time and you'll see better security - either from improvements among the early movers or new entrants who took the time to do it right and managed to survive long enough to get to market. Then you'll see a shakeout, as those who got SOMETHING wrong fail in competition with those who got it right.

If we're lucky, one of the "somethings" will be security. But Microsoft's example shows that's not necessarily a given.

In this case, though, the POINT of the product is security, so getting it wrong - visibly - may be a company killer. (I see that, in the wake of the exposure, the company is promising a field upgrade with this issue fixed in about a month. If it does happen, and comes out before the crooks develop and use an exploit, perhaps this company will become another example for the PHBs to point at when they push the engineers for fast schlock rather than slow solid-as-rocks.)

Comment Re:The HELL they can't! (Score 1) 74

Being in the industry, the reason I was given was (1) the electrolyte is very expensive right now

Vanadium pentoxide (98% pure was about $6/lb and falling as of early Oct and hasn't been above $14 in years) and sulphuric acid?

and (2) investors need a demonstration of return.

Always the bottom line. B-)

Comment Re:Source Code (Score 1) 48

The ransomware gets its name from the fact that the "DecryptorMax" string is found in multiple places inside its source code.

They distributed the source code with the ransomware?

Or the strings in the source code ended up generating strings in the object code and something like the "strings" tool found them.

Comment Re: Because backups are important (Score 1) 48

We can only assume they are too cheap, lazy or distracted with other things to keep frequent backups.

Or they think they ARE keeping backups, because they ARE - on a different part of the same disk, using automated processes provided and touted by the vendor - but the ransomware disables the tools and deletes the backups. Oops!

There's a difference between "backups" and "adequate, off-machine, backups".

Comment Looks to me like an oversight. (Score 1) 48

Why would you need a random .png from the Internet? Can't they just keep whatever part they need (header?) as part of the binary?

I'd guess:
  - The authors wrote the tool to use enough of the start of an encrypted/clear file pair to generate / sieve the key and deployed that.
  - Some used discovered, after the tool was deployed, that the invariant header of a .png file was long enough that any .png file could function as the "clear" for any encrypted .png (or at least that many unrelated pairs could do that.)

I'd bet that, if the authors had thought there was a nearly-universally-present file type the ransomware would chose to encrypt, with a large enough header to pull off this trick, they'd have included a canned header and the option to use it in the tool.

Comment The HELL they can't! (Score 3, Interesting) 74

That's something conventional flow batteries can't do.hat's something conventional flow batteries can't do.

The hell they can't. Industrial-scale Vanadium Redox flow batteries are doing that right now, in utility companies, and have been for a couple years. (In New Zeeland, if I recall correctly.)

I think the reason they're not more widely used already is that they're under patent protection, the company is small, and its owners don't want to license the technology or dilute their equity, so the supply is limited to their ramp-up and funding sources.

Comment Re:battery vs capacitor (Score 4, Insightful) 74

When does the battery become capacitor?

When the voltage across it is directly proportional to percentage of charge.

And they already did, many years ago. That's what "supercapacitors" are: Electrochemical cells where the charge is stored by migrating, but not ionization-state-changing, ions in a solution (rather than by migrating electrons within two conductors (one metal, the other metal or conductive liquid) separated by an insulator, as in a conventional or electrolytic capacitor, or ionization-state-changing ions in the cells of a conventional battery,where the voltage only changes slightly with state of charge until nearly full discharge.

Comment Re:Can't Carbon be nuclear? (Score 1) 354

Details matter. You are looking to build a fusion reactor, and this reaction is far more difficult than the DT reaction that the fusion community is focusing on.

They're also working on the substantially harder p-B reaction (which only has a trace of neutron output due to impurities/side reactions). That's substantially harder (and worth it!) but still not in the ballpark.


C.H.I.P. vs Pi Zero: Which Sub-$10 Computer Is Better? (makezine.com) 122

Make Magazine weighs in on an issue that's suddenly relevant in a world where less than $10 can buy a new, (nominally) complete computer. Which one makes most sense? Both the $9 C.H.I.P and the newest, stripped-down Raspberry Pi model have pluses and minuses, but to make either one actually useful takes some additional hardware; at their low prices, it's not surprising that neither one comes with so much as a case. The two make different trade-offs, despite being just a few dollars apart in ticket price. C.H.I.P. comes with built-in storage that rPi lacks, for instance, but the newest Pi, like its forebears, has built in HDMI output. Make's upshot? The cost of owning either a C.H.I.P. or a Pi is a bit more money than the retail cost of the boards. Peripherals such as a power cable, keyboard, mouse, and monitor are necessary to accomplish any computer task on either of the devices. But it turns out the $5 Raspberry Pi Zero costs significantly more to operate than the Next Thing Co. C.H.I.P.

Comment Consumer ignorance (Score 1) 481

It's beyond me in this day and age of ubiquitous information available at one's fingertips that anyone can walk into a dealership and NOT know what they want to buy (or at least have it narrowed down to one or two models and/or trim levels). You should do all your research BEFORE going to the dealership. The only point of going to the dealership should be to actually drive the car and confirm or refute what you already know about it.

Dealerships HATE informed customers because it basically removes the need for a salesperson. I don't WANT some smelly guy in a bad suit trying to tell me what I want. I already KNOW what I want. The only reason I'm even there is because I can't order one from the factory directly. I have my financing worked out with my credit union before I set foot in his doorway. The salesperson's total interaction with me ought to be "Here is a filled-out build sheet for the car I want along with all options I would like. Here is the price I'm willing to pay which ensures a modest profit for you and your dealership. I will not negotiate one penny above and beyond that, nor do I want to be sold on additional options or extras I have not already specified. Please locate the car in your database. If you have one on the lot that matches it, I'll take it today. If not, please have it delivered here and let me know when it arrives. Thank you. Goodbye."

Why in the hell can't we just ORDER these things from the factory??? Oh, right...car dealerships have local politicians blocking that sort of thing. Land of the free, home of the brave-but-not-so-brave-that-we-want-actual-competition.

It is easier to change the specification to fit the program than vice versa.