Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:News that Matters????? (Score 1) 29

I suspect that Instagram simply realizes that 'different accounts' is a security/visibility-control model that people find easier and more familiar than various sorts of filters/tags/groups/'friends only'/etc. It's not as though they will have much difficulty correlating a user's accounts(even if the app doesn't explicitly send them 'all usernames on this device', seeing logins to certain accounts from a specific device is a pretty big clue); but switching accounts is easier than futzing with security settings when trying to maintain distinct audiences.

Comment A few considerations: (Score 1) 409

In Apple's defense, it does seem reasonably plausible that the biometric sensor widget built into the 'home' button(and quite possibly the cable connecting the home button to the logic board) is a 'trusted' element of the system, in the 'the integrity of the system depends on this part performing as expected and not being malicious' sense of 'trusted'. So, I can see why it would be impossible or prohibitively difficult to keep the biometric authentication feature secure while also allowing random people to swap random hardware in to that part of the system.

However, what is a lot less clear is why(especially when many iDevices, including current-model ones, simply lack this feature entirely) 'security' demands that the entire phone be bricked, rather than just the biometric features flushing any private storage associated with them and leaving the phone usable as though it were a model without that feature. This might involve wiping all locally stored data, if the device encryption keys are tangled up with the biometric authentication feature's private storage; but it should still be able to function as though you had just restored it to defaults.

This also raises the question of whether, with the correct incentives, it is possible to induce authorized repair services to introduce malicious components when doing these repairs, and whether doing so would allow you to extract highly sensitive information. Since Apple-blessed repairs can apparently fix home buttons without destroying the handset, and since Apple's line is that tampering threatens the integrity of the authentication system, this seems like a natural place to try to get your malicious part introduced: much more likely that an authorized repair outfit exists in your jurisdiction than that Apple Inc. does; many more low-level techs you could potentially lean on; and home button repairs are a pretty common service request...

Comment So (Score 4, Interesting) 176

Among the little people and the petty criminals; 'invoice fraud' is a classic. You just pump out a whole bunch of reasonably plausible looking invoices for suitably generic goods or services, and hope that some of the recipients pay without checking too closely. Illegal, of course. Exactly how much 'unfair billing' and how many 'errors'(mysteriously in your favor much more often than not) do you have to accrue before people stop cringing and call your practices what they are, when not pulled by giant oligopolies?

Comment Re: Net Neutrality? (Score 1) 173

They could(and, as best I can tell, they already do to some degree when planning buildouts and upgrades, at least in areas that aren't so oligopolistic that market forces simply don't apply). It just wouldn't have much effect on whether or not they are adhering to 'net neutrality' while doing so.

If you are willing to make a longer term commitment to buying some given allotment of bandwidth every month, you usually pay somewhat less per unit for it than if you prefer the flexibility of a pay as you go/no ETF/no contract arrangement. If a telco judges a given area to be a likely-reliable buyer of service, they are more likely to build out there; while if you want a remote facility or some unusual arrangement set up they may refuse or have you eat more or less the entire install cost to run a line out there.

The 'neutrality' isn't in treating different customers identically; but in exploiting your ability, as man in the middle, to distort things in your favor by billing differently depending on what they are doing with the bandwidth(or in this case, the electricity) you sell them. If they billed 'HPC kilowatt hours' differently from 'bitcoin hashing kilowatt hours'; that would be distinctly non-neutral. If their observation is "Very high density customers pay more; because they have the nasty habit of sometimes demanding enough to require expensive buildouts; and sometimes going more or less entirely dark", that's not unlike prepaid users with nonexistent credit scores paying more per minute than people on 2 year contracts.

Comment Re:Net Neutrality? (Score 5, Insightful) 173

The issue is demand volatility: when you incur a large capital cost to build a generating unit, you need to set the price such that you cover operating expenses and recover the capital cost before the end-of-life of the unit.

If your customers are 100% predictable, there is room for squabbling about how much profit you get(and added complexity because the time value of money may change depending on conditions in other markets); but it is relatively simple to set a price that meets this goal.

If there is a nontrivial risk that a source of demand may arrive, require a new build-out, and then vanish relatively quickly; you'll lose most of your initial investment unless you set rates to recover that investment over a shorter timespan.

Consider the two (largely hypothetical, but convenient) limit cases: if you want to buy a new power plant, nobody will sell for less than the amount of money it costs to build it. If you are buying power from a plant with perfectly stable demand and an unlimited lifespan, your rate would closely approach the cost of production as the initial investment can easily be recovered.

In real life, obviously, no source of demand is 100% risk free; and utility customers are not asked to pay 100% of the price of the infrastructure up front; but different sorts of customers are more and less risky(both in that they, individually, will leave unexpectedly; and more importantly that they and everyone like them might experience a highly correlated change in demand and leave all at once without replacement).

For not terribly shocking reasons, this utility suspects that bitcoin miners are (a)risky and (b) likely to enter or exit the market in large groups, unpredictably. Depending on what the price of bitcoins does, miners can either demand as much electricity as you can deliver to them, or potentially shut down everything but the emergency lights in a matter of minutes to hours if mining becomes uneconomic.

It's not that they care what you use the electricity for, it's that they care how likely you are to be a predictable customer. It's like why getting a hotel room for a night is more expensive, per hour, than getting an equivalent apartment for a year: it's not that the sellers care what you are doing with the room; but they do care about the odds that they'll have a paying customer for it on any given day.

Comment Ah, risk shuffling... (Score 3, Insightful) 173

This seems like an issue of how you want to allocate the costs of risk, not a terribly uncommon problem: Building the additional capacity will cost the utility a nontrivial amount of money, and if the demand that originally justified the buildout dries up, they won't exactly be able to return it for a refund(and, if they can't operate it profitably, its resale value is unlikely to be very exciting).

Unless one simply wishes to deny that, and pretend that this sort of capital investment is risk free, which is silly; the question is really just how the cost of the risk is paid: If you want the utility to bear the risk, giving you the ability to purchase or not purchase power from month to month as you see fit; they'll want to make up the cost of the risk by increasing the price. If you offer to take on the risk; but making a long-term commitment to purchasing a given amount of power, I'm sure they'd be happy to offer you a suitably lower rate.

This is only 'discriminatory' if, in fact, 'bitcoin businesses' are not a more volatile and hard to predict customer base than other electricity users; but the utility is just treating them as though they are. If they are in fact more unpredictable, it is only reasonable that the utility would want them to pay more: the rate you pay is basically their operating costs, plus the cost of the initial investment in building the generating capacity. If you are highly predictable, they'll be content to be paid back for that over the long term. If you might be gone in six months without a replacement, they need to be repaid faster. Not fundamentally different from paying more for credit if you are considered a lousy repayment risk.

Comment Re:Microsoft's responsibility and WHQL (Score 1) 268

I don't know how awful the situation has to get before Microsoft has an incentive to step in and write a device driver; but I would (perhaps naively) think that they would take a very, very, hard line on allowing anyone to use Windows Update to distribute drivers that make the Windows user experience look worse, especially if they are doing it intentionally, rather than being not-quite-careful-enough with some monstrously complex GPU driver or something.

FTDI can do whatever they think they can get away with on FTDI.com; but WU is something that MS operates to make its OS more appealing and pleasant for users, not to save OEMs from having to provide support pages, so if an OEM is being a bad actor, I would have expected them to get the shove.

Comment Re:Microsoft's responsibility and WHQL (Score 3, Insightful) 268

What I'd be curious to know is how FTDI managed to pull this again. I would have imagined that Microsoft would have been less than pleased with them after their last attempt and either watching them more carefully or only letting them back with some sort of stern warning. One would certainly think that it would hurt FTDI more than it hurts Microsoft if FTDI chips become 'those ones you have to manually download drivers for'.

Slashdot Top Deals

It is much harder to find a job than to keep one.