Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment A few considerations: (Score 1) 326

In Apple's defense, it does seem reasonably plausible that the biometric sensor widget built into the 'home' button(and quite possibly the cable connecting the home button to the logic board) is a 'trusted' element of the system, in the 'the integrity of the system depends on this part performing as expected and not being malicious' sense of 'trusted'. So, I can see why it would be impossible or prohibitively difficult to keep the biometric authentication feature secure while also allowing random people to swap random hardware in to that part of the system.

However, what is a lot less clear is why(especially when many iDevices, including current-model ones, simply lack this feature entirely) 'security' demands that the entire phone be bricked, rather than just the biometric features flushing any private storage associated with them and leaving the phone usable as though it were a model without that feature. This might involve wiping all locally stored data, if the device encryption keys are tangled up with the biometric authentication feature's private storage; but it should still be able to function as though you had just restored it to defaults.

This also raises the question of whether, with the correct incentives, it is possible to induce authorized repair services to introduce malicious components when doing these repairs, and whether doing so would allow you to extract highly sensitive information. Since Apple-blessed repairs can apparently fix home buttons without destroying the handset, and since Apple's line is that tampering threatens the integrity of the authentication system, this seems like a natural place to try to get your malicious part introduced: much more likely that an authorized repair outfit exists in your jurisdiction than that Apple Inc. does; many more low-level techs you could potentially lean on; and home button repairs are a pretty common service request...

Comment So (Score 4, Interesting) 150

Among the little people and the petty criminals; 'invoice fraud' is a classic. You just pump out a whole bunch of reasonably plausible looking invoices for suitably generic goods or services, and hope that some of the recipients pay without checking too closely. Illegal, of course. Exactly how much 'unfair billing' and how many 'errors'(mysteriously in your favor much more often than not) do you have to accrue before people stop cringing and call your practices what they are, when not pulled by giant oligopolies?

Comment Re: Net Neutrality? (Score 1) 173

They could(and, as best I can tell, they already do to some degree when planning buildouts and upgrades, at least in areas that aren't so oligopolistic that market forces simply don't apply). It just wouldn't have much effect on whether or not they are adhering to 'net neutrality' while doing so.

If you are willing to make a longer term commitment to buying some given allotment of bandwidth every month, you usually pay somewhat less per unit for it than if you prefer the flexibility of a pay as you go/no ETF/no contract arrangement. If a telco judges a given area to be a likely-reliable buyer of service, they are more likely to build out there; while if you want a remote facility or some unusual arrangement set up they may refuse or have you eat more or less the entire install cost to run a line out there.

The 'neutrality' isn't in treating different customers identically; but in exploiting your ability, as man in the middle, to distort things in your favor by billing differently depending on what they are doing with the bandwidth(or in this case, the electricity) you sell them. If they billed 'HPC kilowatt hours' differently from 'bitcoin hashing kilowatt hours'; that would be distinctly non-neutral. If their observation is "Very high density customers pay more; because they have the nasty habit of sometimes demanding enough to require expensive buildouts; and sometimes going more or less entirely dark", that's not unlike prepaid users with nonexistent credit scores paying more per minute than people on 2 year contracts.

Comment Re:Net Neutrality? (Score 5, Insightful) 173

The issue is demand volatility: when you incur a large capital cost to build a generating unit, you need to set the price such that you cover operating expenses and recover the capital cost before the end-of-life of the unit.

If your customers are 100% predictable, there is room for squabbling about how much profit you get(and added complexity because the time value of money may change depending on conditions in other markets); but it is relatively simple to set a price that meets this goal.

If there is a nontrivial risk that a source of demand may arrive, require a new build-out, and then vanish relatively quickly; you'll lose most of your initial investment unless you set rates to recover that investment over a shorter timespan.

Consider the two (largely hypothetical, but convenient) limit cases: if you want to buy a new power plant, nobody will sell for less than the amount of money it costs to build it. If you are buying power from a plant with perfectly stable demand and an unlimited lifespan, your rate would closely approach the cost of production as the initial investment can easily be recovered.

In real life, obviously, no source of demand is 100% risk free; and utility customers are not asked to pay 100% of the price of the infrastructure up front; but different sorts of customers are more and less risky(both in that they, individually, will leave unexpectedly; and more importantly that they and everyone like them might experience a highly correlated change in demand and leave all at once without replacement).

For not terribly shocking reasons, this utility suspects that bitcoin miners are (a)risky and (b) likely to enter or exit the market in large groups, unpredictably. Depending on what the price of bitcoins does, miners can either demand as much electricity as you can deliver to them, or potentially shut down everything but the emergency lights in a matter of minutes to hours if mining becomes uneconomic.

It's not that they care what you use the electricity for, it's that they care how likely you are to be a predictable customer. It's like why getting a hotel room for a night is more expensive, per hour, than getting an equivalent apartment for a year: it's not that the sellers care what you are doing with the room; but they do care about the odds that they'll have a paying customer for it on any given day.

Comment Ah, risk shuffling... (Score 3, Insightful) 173

This seems like an issue of how you want to allocate the costs of risk, not a terribly uncommon problem: Building the additional capacity will cost the utility a nontrivial amount of money, and if the demand that originally justified the buildout dries up, they won't exactly be able to return it for a refund(and, if they can't operate it profitably, its resale value is unlikely to be very exciting).

Unless one simply wishes to deny that, and pretend that this sort of capital investment is risk free, which is silly; the question is really just how the cost of the risk is paid: If you want the utility to bear the risk, giving you the ability to purchase or not purchase power from month to month as you see fit; they'll want to make up the cost of the risk by increasing the price. If you offer to take on the risk; but making a long-term commitment to purchasing a given amount of power, I'm sure they'd be happy to offer you a suitably lower rate.

This is only 'discriminatory' if, in fact, 'bitcoin businesses' are not a more volatile and hard to predict customer base than other electricity users; but the utility is just treating them as though they are. If they are in fact more unpredictable, it is only reasonable that the utility would want them to pay more: the rate you pay is basically their operating costs, plus the cost of the initial investment in building the generating capacity. If you are highly predictable, they'll be content to be paid back for that over the long term. If you might be gone in six months without a replacement, they need to be repaid faster. Not fundamentally different from paying more for credit if you are considered a lousy repayment risk.

Comment Re:Microsoft's responsibility and WHQL (Score 1) 268

I don't know how awful the situation has to get before Microsoft has an incentive to step in and write a device driver; but I would (perhaps naively) think that they would take a very, very, hard line on allowing anyone to use Windows Update to distribute drivers that make the Windows user experience look worse, especially if they are doing it intentionally, rather than being not-quite-careful-enough with some monstrously complex GPU driver or something.

FTDI can do whatever they think they can get away with on FTDI.com; but WU is something that MS operates to make its OS more appealing and pleasant for users, not to save OEMs from having to provide support pages, so if an OEM is being a bad actor, I would have expected them to get the shove.

Comment Re:Microsoft's responsibility and WHQL (Score 3, Insightful) 268

What I'd be curious to know is how FTDI managed to pull this again. I would have imagined that Microsoft would have been less than pleased with them after their last attempt and either watching them more carefully or only letting them back with some sort of stern warning. One would certainly think that it would hurt FTDI more than it hurts Microsoft if FTDI chips become 'those ones you have to manually download drivers for'.

Comment Re:I saw it coming (Score 1) 172

I'm all for charitably providing access, given the trivial cost. What rubs me very, very, much the wrong way is being shoved(with varying degrees of force) into providing uncompensated location and power for my friendly local ISP oligopoly.

Aside from being as little a matter of choice as they can make it, you'll notice that these secondary hotspots aren't being run as a public service; but with captive portals and subscriber sign-ins.

I have, and do, offer an open wifi channel(QoS ranked below anything I want to do, obviously); but I'll be damned if I get to pay for infrastructure that my ISP is too cheap to build out themselves.

Comment Re:GOOD (Score 2, Insightful) 165

There is nothing about 'java' the language that did that; but it is very hard to deny that vulnerabilities in the implementation of support for embedded java applets have been a huge source of desktop infections. Adobe might be slightly worse; but that's damning by very faint praise.

I'll leave arguing about the merits of the language and the JVM to the experts; but applet support has, quite simply, been painfully unsuitable for use on anything except fully trusted, ideally internal, material more or less forever, and neither Sun nor Oracle ever got it up to snuff for use in a mostly-untrusted web browsing environment.

Slashdot Top Deals

You can bring any calculator you like to the midterm, as long as it doesn't dim the lights when you turn it on. -- Hepler, Systems Design 182

Working...