Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Comment Vivaldi is Opera (Score 1) 140

Vivaldi is built by the same people as the original (before it became a "skin" for Chrome) Opera was, so the design and features are not really surprising.

I wonder what will we have to sell to be able to use this browser, though. Aka, how is Vivaldi going to make money with this "free" (as in beer) browser?

Comment Re:lesson learned? (Score 1) 183

I am not sure how this post got moderated "Informative".

Sorry, but you are seriously ignorant about how Linux package repositories work. There is not GPG signature "audit trail". Only the packages uploaded to the repositories are signed. The distros only package the code - do you really believe (and trust) that the person who has compiled and signed the package has actually verified that it is malware free? Or that everyone who posts whatever code to Github or wherever else where the distro gets their software from is required to GPG sign it so the changes can be verified? Where did you get that idea from? AFAIK, only very few projects do this - e.g. Linux Kernel requires maintainers to sign off on every patch. However, that is not common at all and most projects don't even sign even code releases!

And how would you actually imagine the "free of malware" verification being done with the thousands of packages that are in an average Linux distro? A good example of this was the NSA weakened RNG that would up in pretty much every single Linux distribution. Or bugs like Hearbleed - the only difference between a bug and a malware is that the latter was created intentionally. Technically there is little difference and the impact can be very much the same.

So no, cryptographically signed Linux repositories are certainly not immune to malware. There has been modified code distributed through these in the past - usually because the upstream source code repository got hacked and modified code inserted there.

The only thing the Linux signed packages ensure is that the package that ends up on your machine is the same as the one released/uploaded by the repository maintainer. Nothing else. That protects only against stuff like the various crapware being bundled in the installers. If there is a hidden malware or a nasty bug in the actual code, you are screwed equally well. That it doesn't happen so often with Linux is mainly because Linux is not an interesting target for this type of criminals and scammers yet, not because of some impenetrable security.

So get off your high horse, please. You have no clue.

Comment What is that project for? (Score 1) 437

If it is just for fun, go ahead and play with Rust. You can write C-compatible libraries with it no problem.

If it is for work, however ... Stay with your C.

Rust is nice and everything, but the ecosystem is incredibly small. There are few libraries for it, many are already unmaintained and/or not working. Also the tooling (IDEs, compiler, the cargo build tool, etc.) are fairly immature. I have been looking at it recently with the goal of writing some extension modules for Node.js & .NET, but I went back to regular C for this reason.

Comment Re:They made the disclosure (Score 2) 229

They have been at this for a while. AVG was autoinstalling extensions into all Windows browsers that automatically redirect your browsing through an AVG proxy (supposedly to keep you safe from viruses, ehm) for a long time. So this was only a matter of time.

BTW, AVG is not really a Czech company anymore. They have moved to the US and in the Czech republic is only their R&D centre now (Czech programmers cost 1/10th of what an US one would).

Comment Re:What kind of post is this? (Score 1) 43

I suggest that you broaden your horizon before you go ranting. You wouldn't make a fool of yourself.

First, that card doesn't work well with *any* Linux drivers, open source or not. Even their Catalyst driver is horrible in Linux.

Second, OpenGL in Linux is much more important for the professionals than gamers - large portion of virtual reality image generators (machines that render the landscapes, vehicles etc. depending on the instructions from the simulation system) used by all sorts of simulators (military, flight, driving, etc.) run Linux, because it is much easier to develop for, to keep it stable and the latest bells and whistles are not required.

Unfortunately, thanks to the boneheaded AMD management that had only a *single* developer working on Linux drivers (it used to be that way, maybe it has changed since then) and their poor OpenGL performance, driver stability (and bugs!) this is pretty much an Nvidia market now.
The same story for CAD and 3D modelling in Linux - again an Nvidia market.

So saying that this is somehow acceptable, because you are not playing games is really not helpful.

Comment Re:Yeah right... (Score 1) 76

More like the gizmo will never get made unless they have money from elsewhere and are using Kickstarter only as a marketing campaign

You seem to think that's a bad thing. It's the purest form of market research there is - not only did you get people interested in your thing, but you got them to put money behind it.

I don't have a problem with market research, but then please mark it as such. This is just dishonest and it does a disservice to everyone else by giving the impression to the general public that an actual product can be made for that ridiculous budget and timeline. Then campaigns with genuine products and realistic budgets will never get financed because people take this sort of thing as standard and realistic. At least these guys have some real prototypes and aren't just selling hot air there.

Also, doing a "market research" Kickstarter as a mean to convince VCs and/or angel investors to give you funds is pretty much a suicidal gamble - now you have 20k people who have put down their money for your gizmo and you still have no real funding to produce it. And you may not be able to get it - 20k people wanting a $200 gizmo is not that much interesting from the investment point of view by itself (that's just $4million) and it is pretty much the worst project size possible when it comes to manufacturing - too big to build in a garage and not big enough to actually give you access to the manufacturing facilities you will need. Also, few projects reach that sort of size on Kickstarter, most get much less. So unless it is something really groundbreaking, truly visionary that will make the VCs go gaga and pull out the checkbooks, you will have trouble attracting investment (heck,it is a stupid touchpad like the one Apple sells already ...). However, you are stuck with the commitment to build and ship those 20k units already ...

I more inclined to say that these people are an idealistic startup trying to bring their first project to the market, with no real past experience doing so. The completely BS time line shows that as well - they budgeted one month only for tooling and production - just the injection molding tooling production takes several weeks for every iteration (and costs thousands of $$$ a pop) and it is pretty much granted they will not get it right the first time.

So my bet is that this will ship a year or two late, over budget and probably drive the company to bancruptcy in the process.

Comment Re:Yeah right... (Score 2) 76

More like the gizmo will never get made unless they have money from elsewhere and are using Kickstarter only as a marketing campaign. The $60k they are asking for won't cover even the materials. Just the mandatory FCC/CE/UL certifications will take a third of their budget, assuming that they actually pass on the first try.

This article gives a good breakdown of how much it does actually cost to build and ship a hardware product:

Comment Re:Most people won't care (Score 1) 107

Yeah, right. So it only took a decade to get serious OpenSSL bugs discovered and fixed - despite the project being open from the start. And that is most likely an order of magnitude smaller project than something like even moderately complex CPU core, written in a language that many more people are familiar with.

Yes, if it wasn't open, the bugs probably wouldn't have been found, but that's speculation - we simply will never know. If you hope to find a "backdoor" (which could be simply so subtle as intentionally weakening some crypto support instructions or random number generator if some flags are set) in a ton of Verilog/VHDL code where you need to understand both the hardware *and* the crypto, you are seriously delusional. Even the vendors themselves have only a fairly small team of people that actually understands this type of code. It is so ultra specialized niche. You will probably not see the weakness even if you were looking straight at it unless you are a specialist in exactly this domain and familiar with the implementation.

Anyhow, it is a moot point - the mainstream CPUs are never going to be "open sourced", because it is the core intellectual property of these companies.

Comment Re:Most people won't care (Score 1) 107

Sorry, but you need to get real here.

First, these FPGAs don't quite have enough power to run a design comparable with an Intel/AMD CPU as most people know them. So this effort is pretty much irrelevant for dealing with backdoors in mainstream hardware. Their goals are quite different, mostly to do with on the fly reconfigurable computation - something that is hard or impossible to do if you cannot generate the bitstream using your tools.

Second, even if you had a fully open sourced design somehow, how many people do you think would be able to actually understand it to the degree that they would be able to verify that there is no backdoor? Or even verify that the design is complete and the backdoor part is not withheld? It is not possible to build these without the in-house tools companies like AMD or Intel use (they don't use off-the-shelf FPGA tools, those are too small/slow to handle these large CPUs). Most people wouldn't be able to understand even the Verilog/VHDL for the tiny microcontroler implemented in the article.

I am all for openness and open sourcing as much as possible but that is not a panacea and in cases such as these it would only give false sense of security.

Comment Re:We need better legislation (Score 2) 102

Except it is regulated as one. In fact, most countries don't make any distinction whether the RC model is fixed wing, heli, multirotor or whatever. Once it is unmanned and falls into the "model" category, it is regulated the same.

That most owners don't know that there are *gasp* laws and rules that apply to their toys is not the problem with the laws, unfortunately.

Comment Re:We need better legislation (Score 3, Insightful) 102

"Drones" - aka small multirotor helis - are regulated as RC model aircraft in most countries already. Not sure where you are, but perhaps make sure that you actually know what laws are on the books already before calling for more regulation.

The problem is not lack of regulation but the fact that 99.9% of the owners of these things have no clue about the rules that actually apply to their hobbies. RC model flyers have been rarely caught doing similar stupidities before because:
a) it is hard to do with a fast moving fixed wing plane,
b) traditional model helis are tricky to fly and very expensive, few people would risk their toy like this after they have finally mastered it,
c) few RC models were computerized to the degree that they essentially "fly themselves", including GPS waypoints and what not. RC flying was always about the flying skills, not taking videos for Youtube.
d) the enforcement was caught flatfooted, the few RC model owners around have newer posed problems but now every yahoo has a gizmo that requires no skills to fly and don't give a shit about any rules (if they are even aware of them).

As I see it, unless the police is allowed to take these things out by force, then things aren't going to change. Tracking down an owner of a drone hoovering somewhere high in the air autonomously is pretty much impossible unless you are very lucky. They don't need to emit radio signal continuously, the gizmo can navigate by GPS so unless you literally run into a guy with the controller you will not find him.

And as regulation is concerned - that could actually use to be relaxed quite a bit. E.g. in most of Europe if you want to record video using an RC plane/heli/drone for commercial purposes, the rules are very draconian - you need essentially a full private pilot license as if you were flying a full sized plane, you must always have a spotter next to you, are not allowed to fly beyond line of sight, etc. And this applies regardless of whether you are recording over a crowd of people (which requires additional permits) or only some fields for a local farmer ...

Comment This isn't really surprising .. (Score 1) 129

Considering that even an app like HTC's "Kids Zone" (a vendor preinstalled, unremovable app with activities for kids to keep them occupied) requires permissions like: "In-app purchases", "Phone calls", "Contacts", "Calendar", etc - aka everything that could run up an enormous bill or exfiltrate your monetizable personal information while your offspring are playing - it doesn't surprise me at all that someone tries to scam the advertising douchebags too ...

Today's smartphone is a device for siphoning personal data and money, whether the owner's or the advertisers, nothing more. Any other functionality that it happens to have is starting to become only a side effect and coincidence (even more if the functionality is actually useful). It is starting to be so bad that soon we will use the smartphones only to access Internet on the go and have a second device to actually perform calls, text and keep any other personal info on.

Comment Re:Missing the point again... (Score 1) 25

It is more likely that none of them will be dominant, because when you have 2-3 players that refuse to talk to each other to even establish common APIs to handle the basic tasks like tracking or renderer integration, many game studios will just say "Meh, screw it". And they will remain sitting on the fence instead of pouring money into a niche product that requires very significant technological and content investment. And with little reasonable content beyond bite-sized demos nobody will buy the HMDs neither. That's the real issue.

And yeah, of course, the rush to claim possible walled gardens so that they can play Apple and extract toll from both developers and users - Valve with Steam, Oculus with their Market or what it that thing called, Samsung has its own, Sony for sure is preparing its own for their PS4 platform, Google with Google Play, etc.

Without at least some sort of standardization and simplifying the integration of the HMDs into graphic engines this is a nonstarter and could bury the technology before it even had a change to take off. The direction e.g. Oculus is going in is pretty terrible - every release of their SDK is more closed than the previous one, more invasive and complicated integration-vise. Guess why only is it that only Unity and Unreal have somewhat usable Rift integration - and good luck making things actually work with Unreal. It feels very much like unfinished alpha with tons of problems and issues, despite Oculus engineers actually working on it.

I have told John Carmack that they have blown a huge chance to establish a defacto API standard for interfacing to these HMDs with their SDK. And that was before it was announced that they are abandoning the non-Windows versions and taking the code completely proprietary.

Comment Re:X3D ?? (Score 1) 25

None of which actually addresses any of the needs these companies have.

Even COBOL is standardized - and that is about as relevant as X3D or WebGL to supporting a Rift-like HMD or some sort of interaction device that isn't a keyboard/mouse.

MSDOS is not dead, it just smells that way. -- Henry Spencer