Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×
United States

Wired Cautions Would-Be Drone Photogs on the 4th 53 53

Last year's spectacular but unauthorized you-are-there video from the inside of a fireworks display has probably inspired quite a few people to try getting their own bird's-eye view this year. Wired cautions photographers, though, that many municipalities have specifically banned (and some will be looking for) unauthorized airborne visitors, and that the FAA's guidelines for legal flight are tricky to comply with during a fireworks show. This is both because it's hard to maintain visual contact with a drone amid the dark and smoke of a show, and because of the altitude at which many commercial firework shells burst. In addition, even if a drone photo mission goes under the radar vis-a-vis local authorities, if resulting footage appears on an ad-supported site, like YouTube, the FAA may be a bit more interested than the pilot would like.

Comment: Entitlement. (Score 0) 125 125

Assange's legal team says that Assange's letter has been mischaracterized, and that it is in fact not a request for asylum per se; instead, they assert, the letter merely expresses Assange's "willingness 'to be hosted in France if and only if an initiative was taken by the competent authorities.'"

"Hosted?"

How gracious of Assange to say he would willing to trade his Ecuadorian broom closet for a rent-free garden flat in Paris, if France would be kind enough to send him an engraved invitation.

There are two particularly flavorful Yiddish words that come to mind here, "chutzpah" being one of them.

Comment: Re:What baffles me is.... (Score 2) 87 87

If this scum has a history of making false claims then why are they still allowed to make claims at all? Better yet, why haven't they been banned from Youtube altogether?

Alice posts a video using music that Bob owns the copyright to. Carol posts a video that uses music Bob falsely claims to also hold the copyright for. Unfortunately Bob's false claim against Carol doesn't change the fact that he actually does have a legitimate legal claim against Alice's video. So kicking him off the system means he's going to issue a takedown against Alice. The whole point of bringing him into the system was to give him an incentive to leave Alice alone.

The problem here isn't Bob and Alice -- that part of the scenario is working fine. The problem is Bob and Carol. There's no incentive for Bob not to make false claims against Carol. That's the bit that has to be fixed.

Comment: Passwords are not the only way to authenticate (Score 1) 73 73

Both of you are wrong and so is Dustin Kirkland (whoever he is). The core of your error is in this statement:

Only secrets can be used as token for authentication.

That sentence is true, as stated, but only because it includes the word "token". Yes if you're using secret tokens for authentication, then the tokens must be secret. But exchanging secrets (or proof of possession of secrets, which is what most cryptographic authentication protocols do) is not the only way to do authentication. Not by a long shot. In fact, humans hardly ever use secrets for authentication.

How do you identify and authenticate your mom? Do you ask her for a secret password? Of course not. You use the same tools for both identifying and authenticating her, and those tools are a set of biometric markers. The same set of tools are also used in high security situations. Back when I was a security guard in the Air Force, I was trained that personal recognition is the very best form of authentication. Not only is it not necessary to check the badge of an individual you know personally, badge-checking is inferior to personal recognition for authentication (note that badge-checking may still be important for authorization, verifying that the person who has been identified and authenticated actually has permission to enter. Thus I was trained to always check the access control list before allowing someone near nuclear weapons).

With respect to user authentication in electronic contexts we generally use secrets because computers don't (or at least haven't) had the ability to use the sorts of biometric authentication that humans use quite effectively. But, when we equip them with biometric sensors, they can.

HOWEVER, this does not mean that biometrics are useful for authentication in all circumstances.

Secret-based authentication has the advantage that -- assuming the secret has sufficient entropy and can be assumed not to have leaked nor been intercepted and cannot be rerouted (note that that's a pretty long list of criteria, some of which are hard to establish) -- you don't have to worry about the possibility that the authentication could be spoofed. An attacker who doesn't know the secret can't fake knowing the secret.

Biometrics, though, are not secrets. They are public knowledge. This means that an attacker must be expected to have access to copies of our fingerprints or faces. The biometric authentication process is different, though. It does not rely on secrecy of the authenticator, but instead on non-replayability. If we can be certain that (for example) the fingerprint placed on the scanner belongs to the person we wish to authenticate, and that the stored template we match against belongs to the person we wish to authenticate, then we can perform a good authentication. The fact that the fingerprint is not secret does not matter.

Where biometrics fail is if (a) we can't be certain that the livescan data acquired from the sensor belongs to the person trying to authenticate or (b) the stored template belongs to the person we wish to authenticate. Part (a) is particularly difficult to validate in many contexts because faking the input isn't necessarily hard to do, and in some cases an attacker can even bypass the sensor entirely and simply inject a digital copy.

This doesn't mean biometrics are worthless, it just means they're only useful in certain contexts. And, again, their utility for authentication has nothing to do with their secrecy. And rotation is likewise irrelevant and silly to discuss. You need to rotate secrets because you can't be certain they have stayed secret and because if they have low-ish entropy they may have been brute forced. None of that applies to biometrics because they're not secrets and their utility as authenticators does not depend on secrecy.

Can we please kill this incorrect meme about biometrics as identifiers, not authenticators? They can be either, or both, and are used as both, by billions of people, every day, with high effectiveness and reliability. Whether or not they provide security depends on the context.

With respect to credit card payments, fingerprint and facial recognition biometrics are pretty reasonable tools. This is especially true if the sensors are provided by the retailer, and the consumer is providing a traditional electronic authentication (cryptographic challenge-response) with their smartphone or smart card. It's not quite as good if the smartphone is also providing the fingerprint scanner and camera, because in the event of an attempted fraudulent transaction that means the attacker is in control of those components.

But you also have to consider the model that is being replaced. Is fingerprint plus face recognition better than a signature which is theoretically matched by a non-expert human, but in practice never checked at all? Absolutely. Is it better than a four-digit PIN? That's debatable, but it's at least in the same ballpark.

Medicine

Common Medications Sway Moral Judgment 111 111

sciencehabit sends news that two commonly-prescribed drugs have been shown to influence how the human brain makes moral decisions. Citalopram is an SSRI used to treat depression, and levodopa is often used to combat Parkinson's disease. A new study (abstract) asked subjects to set a monetary value on receiving painful electric shocks — for themselves and for others (e.g. "Would you rather endure seven shocks to earn $10 or 10 shocks to earn $15?"). The study found that subjects on citalopram (which affects serotonin levels) were willing to give up more money to reduce shocks, both for themselves and others. Those on levodopa (which affects dopamine levels) made people just as willing to shock others as they were to shock themselves, when those on a placebo tended to be more reluctant to shock others. [Neuroscientist Molly] Crockett says those effects could suggests multiple underlying mechanisms. For example, excess dopamine might make our brain's reward system more responsive to the prospect of avoiding personal harm. Or it could tamp down our sense of uncertainty about what another person is experiencing, making us less hesitant to dole out pain. Serotonin, meanwhile, appeared to have a more general effect on aversion to harm, not just a heightened concern for another person. Such knowledge could eventually develop drugs that address disorders of social behavior, she says.

Comment: Re:A word you made up? (Score 1) 102 102

For fuck's sake.

1) You're not posting as an AC.
2) Presumably it's not a typo for a known brand.
3) You're not asking on Slashdot for some ruse to make it look like the domain is in use when it isn't really.

You don't look like a duck, he does. What the fuck don't you understand?

Firefox

Firefox 39 Released, Bringing Security Improvements and Social Sharing 150 150

An anonymous reader writes: Today Mozilla announced the release of Firefox 39.0, which brings an number of minor improvements to the open source browser. (Full release notes.) They've integrated Firefox Share with Firefox Hello, which means that users will be able to open video calls through links sent over social media. Internally, the browser dropped support for the insecure SSLv3 and disabled use of RC4 except where explicitly whitelisted. The SafeBrowsing malware detection now works for downloads on OS X and Linux. (Full list of security changes.) The Mac OS X version of Firefox is now running Project Silk, which makes animations and scrolling noticeably smoother. Developers now have access to the powerful Fetch API, which should provide a better interface for grabbing things over a network.
Software

Samsung Faces Lawsuit In China Over Smartphone Bloatware 74 74

An anonymous reader writes: Samsung is being sued in China for installing too many apps onto its smartphones. The Shanghai Consumer Rights Protection Commission is also suing Chinese vendor Oppo, demanding that the industry do more to rein in bloatware. The group said complaints are on the rise from smartphone users who are frustrated that these apps take up too much storage and download data without the user being aware. Out of a study of 20 smartphones, Samsung and Oppo were found to be the worst culprits. A model of Samsung's Galaxy Note 3 contained 44 pre-installed apps that could not be removed from the device, while Oppo's X9007 phone had 71.

Comment: Re:Most of their apps are annoying anyway (Score 1) 109 109

I tried Inbox, but wasn't impressed. It strips so much of gmail away that it is basically "Gmail for beginners". You want filters, labels, etc, then it is worthless.

Actually, Inbox is Gmail for power users, for people who have massive volumes of e-mail to manage. It takes a little bit of work to figure it out and set it up, but once you have, it's awesome. There are some features it lacks, like complex filters (simple filters are very easy to set up; you just move a message to a label and Inbox asks if you want to always do that. Click "yes" and you have a new filter rule), vacation auto-responder and the like, but you can always use the Gmail UI when you need to set stuff like that up.

The Inbox features that that make it great for heavy e-mail users are:

Snooze.

Many people use their e-mail inbox at least partially as a task list, especially their work e-mail. This results in having to keep e-mails that for you can't work on yet sitting in your inbox, cluttering it up and making it harder to process new e-mail. When you snooze an e-mail, it goes away until some point in the future. You can pick a date and time, or even a location (requires using the Inbox app on your mobile device). Heavy application of snooze with well-chosen times/locations lets you clear all of the stuff you can't do yet out of the way, knowing it will come back later when you can handle it.

Bundles.

Bundles are just Gmail labels, but with an additional setting that tells Inbox to group them in the inbox. This is fantastic for high-volume mailing lists. With Gmail you can get almost the same effect by setting a filter to apply a label and skip the inbox, but then you have to remember to actually go look at the label from time to time. With bundles, you get the same grouping effect but the bundles show up in your inbox so you don't forget to go look. The reason that grouping (by whichever mechanism) is useful is because when you have large volumes of email, most of which you don't actually need to read, it's much faster to scan through a list of subject lines and evaluate what's important and what isn't when you already know the context.

My process for plowing through a busy mailing list is to scan the subject lines and click/tap the "pin" icon on the few that are interesting, then "sweep" the rest. A single click or gesture archives all unpinned items in a bundle. Then I handle (or snooze until I can handle) the pinned items.

I also have a bundle (label) called "Me" that is applied by a filter that looks for my name or username in the To line or the body of the message. This helps me to be sure that I notice e-mails where people are mentioning me or asking me questions. It's the first bundle I look for every time I check my e-mail. Similarly, I have a bundle that extracts e-mails that reference my project's name. That's the second bundle I look at. Other high priority bundles are e-mails from the code review system and e-mails from the bug tracker.

Obviously there are many e-mails that mention both my project and me. That's fine; bundles are labels not folders, and it's perfectly reasonable for an e-mail to be in more than one of them. When I archive a message in one bundle, it disappears from the others. So, often I'll look at Inbox and see the "Me", project, code review and bug tracker bundles displayed, but by the time I've processed everything in the "Me" bundle, the other three have disappeared.

Delayed Bundles.

I think this vies with snooze as the killer feature of Inbox. By default, a bundle appears in the inbox whenever you receive new mail with that label. But there's lots of stuff, at least in my inbox, that I don't need to see immediately. Having low-priority stuff displayed instantly distracts me from my work, or obscures truly urgent e-mail. Also, it's more efficient to handle low-priority e-mail in bulk. So, you can specify that a bundle should only appear once per day, or once per week. Inbox will accumulate e-mail in delayed bundles and only show the bundle at the specified time.

When I start work in the morning I have a dozen or so bundles containing low-priority e-mail. I can quickly scan each of them, pinning the items I care about and sweeping the rest. I have a few bundles for purely informational mailing lists which are set to display once per week, so I only see them on Monday morning.

I'd like a little more granularity on this feature. Specifically, I'd really like to be able to set some bundles to show, say, every three hours. Then I'd only allow the highest-priority bundles to show immediately, giving me larger blocks of uninterrupted time but with the knowledge that I'll still get notified of truly urgent stuff immediately.

Consistent Interface

It took me a while to realize just how valuable this is, but it's really great that the mobile and web UIs for Inbox are virtually identical. I don't have to have two different flows for handling e-mail on mobile vs desktop. The mobile UI is a tiny bit better because of the gestures a touchscreen interface can provide, but my process for using it is the same.

One common complaint about Inbox vs Gmail is that Gmail's more compact; you can fit a lot more stuff on the screen with the Gmail UI. I find that isn't a problem, because the Inbox workflow mostly eliminates the need to scan through a big list of messages visually, looking for something in particular. The need to do that arises mostly (for me, anyway) when I'm keeping a lot of stuff hanging around in my inbox. With Inbox, I don't do that. I snooze it or I archive it, so my inbox is empty nearly all the time. If I need to find something that I've snoozed or archived, I search for it.

Bottom line: If you're a heavy user of Gmail, you should really take a good look at Inbox. Odds are you'll never go back.

Australia

Aussie ISP Bakes In Geo-dodging For Netflix, Hulu 38 38

New submitter ste7en7 writes: A new Australian ISP is integrating geo-blocking circumvention into its broadband service, allowing customers to access streaming services like Hulu, Netflix USA, BBC iPlayer and Amazon Prime. When Yournet launches in August, customers will be able to sign up for broadband that allows users to instantly change the country they are supposedly surfing from.

Comment: Re:Fee Fees Hurt? (Score 4, Insightful) 250 250

Well, it may interest you to know that courts judging "emotional distress" is not some new Internet fad. In the year 1348 an innkeeper brought suit against a man who had been banging on his tavern door demanding wine. When the innkeeper stuck his head out the doorway to tell the man to stop, the man buried the hatchet he was carrying into the door by the innkeeper's head. The defendant argued that since there was no physical harm inflicted no assault had taken place, but the judged ruled against him [ de S et Ux. v. W de S (1348)]. Ever since then non-physical, non-financial harm has been considered both an essential element of a number of of crimes, a potential aggravating factor in others, and an element weighed in establishing civil damages.

This does *not*, however, mean that hurt feelings in themselves constitute a crime. It's a difficult and sometimes ambiguous area of the law, but the law doesn't have the luxury of addressing easy and clear-cut cases only.

As to why a new law is need now, when the infliction of emotional distress has been something the law has been working on for 667 years, I'd say that the power of technology to uncouple interactions from space and time has to be addressed. Hundreds of years ago if someone was obnoxious to you at your favorite coffeehouse, you could go at a different time or choose a different coffeehouse. Now someone intent on spoiling your interactions with other people doesn't have to coordinate physical location and schedule with you to be a persistent, practically inescapable nuisance.

Does this mean every interaction that hurts your feelings on the Internet is a crime? No, no more than everything that happens in your physical presence you take offense at is a crime.

Comment: Re:A word you made up? (Score 1) 102 102

Are you suggesting that trademarks should extend not only to an actual trademarked name, but to all conceivable misspellings or abbreviated versions, etc.?

No I'm not. I'm saying that all the clues point to cybersquatter:
AC question, lack of desire to put anything there that would take any time to do, worried about bandwidth costs of having a site that anyone would visit, trademark misspelling.

It walks like a cybersquatter and it quacks like a cybersquatter.

Experiments must be reproducible; they should all fail in the same way.

Working...