Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment: Tip of what sunk the Titanic (Score 1) 1

by niftymitch (#49616979) Attached to: Researchers Detect Android Apps That Compromise Your Privacy

This may be the tip of what sunk the Titanic.
It is darn difficult to place an auditing proxy service or other auditing resource
between a cell phone and the globe.

Worse the connections to scripts and sites that trigger additional links
and fetches. Some are common prefetch and may never run except
the prefetch itself contained all the info needed to track an individual.

Since http and https are stateless the tricks of passing an interesting hash code
establishes a unique user profile tag...

It is too much like the Jedi mind control trick: This is not the Droid you
are looking for" becomes that is not the URI you are looking for. The entire
world is offered this or that DNS server that then connects to others
to translate a name to number. There is little in the system to validate
the answer. https almost helps but there are rogue SA hosts and depending
on the one you connect to you get what you expect or what Lenovo wanted
you to get. Packet injection tricks trigger errors that then trigger a second connection
that may be hacked.

Too much security legislation is theater and increasingly legislation moves
to punish white hat researchers or even random typing errors that uncover
foolishness.

A child in school that changes the background of an ill secured computer system
gets a felony warrant. A child that has a note sent home because a couple Oreo
cookies were seen in his lunch -- the world has gone mad. OK I am getting
mad at the fools that tell me my SO can swallow a camera to check for uterine
cancer or prenatal care: To which Barbieri responded: "Can this same procedure
then be done in a pregnancy? Swallowing a camera and helping the doctor determine
what the situation is?"

Comment: Immortals are corrupting.... (Score 1) 302

Immortals are corrupting much of our law and have in the past.

In the past dynastic power bases ruled clashed with each other and crushed common people.
Kings, Queens, Caliphates, Dynasty, Emperors, Pope, Pulpit all are the sharp end of immortal government
systems that devolved in many social ways and were eventually upended.

Today we have some ill begotten immortal legal frameworks that have many
of the rights that citizens have. Their immortality allows them to gain power and move from
a part of society to controlling society.

This copyright issue is one symptom of an immortal (Mr. Mouse by way of example)
that wields power and attempts to dominate part or all of society. When these
immortals gather together as a group and throw their weight around, interesting
and perhaps troubling things happen.

Consider that immortals do not pay inheritance or death taxes. If one group of
legal entities never pays a tax no group should pay that tax. There are more
issues one of which is citizenship....

"end-two-cents"

Comment: Re:Good for them (Score 3, Interesting) 148

I'm tired of these security experts holding these sites hostage. They should disclose these vulnerabilities to build a safer Internet, not to line their pockets.

If they really wanted to line their pockets, they'd sell them to ......

Groupon could hire people themselves to find the vulnerabilities, but they chose not to, instead they offer a bounty for security bugs, which apparently is very cost effective when they don't pay up, so it's a double win .......

I'm sure they do have their own people looking for vulnerabilities, but if outsiders also find vulnerabilities ....

Interesting...
Vulnerability testing is sometimes difficult from inside.
Companies have security policies that could make testing by employees quite difficult.
Testing from home is often excluded by company rules.
Network and hardware management also adds to this issue.
Laws are making it harder and harder for White hats to operate.

The issue of script rich "experts" hunting bounty is interesting.
First the bounty needs rules and pre disclosure rules need to be bounded in time.
Fixing it when I darn well want to is not no a working answer.

Script discovered flaws are likely industry standard flaws most with well known solutions.
A list of script triggered flaws that is as long as this tells me that the engineering
staff and management need to have their bonus packages reviewed. It seems
like a flawed culture. Non payment of the bounty is a symptom if the report
was held private for a fair length of time.

Some companies have "sat" on bugs and faults. The most famous list of faults
are enumerated in the security book written by Robert Morris. Almost none were fixed then
his son coded the Morris worm. That should have been the clue to the
industry but it was not. The response was mostly legal not technical which
is an inversion of the needs of national security where the laws of a nation
cannot protect from predators in other nations.

There is an astounding cognitive failure when a nation passes laws and fails to
to address the technical reach of those outside the reach of the law. Predator drones
are not an answer ...

This flawed protectionist mind set by many US TLAs is a problem.
Other nations have the same issue and should be filing bugs with vendors
left and right. Some nations might need a proxy for this but again
national laws could find these people acting as agents of a foreign government
to their loss of freedom.

Kafka is giggling.

Comment: Re:Obvious (Score 1) 350

That's not "not clear", that's just an engineering problem. ......

Quite so... yet in this tenth of a penny pinching engineering world
it becomes a cost and a decision. In this case the resultant degradation
of the EBS seems to be unmanaged or over managed at much greater
expense and complexity.

Not all engineering problems have known solutions yet this one does
and that puts us in agreement.

+ - GCC 5.1 Released->

Submitted by kthreadd
kthreadd writes: Version 5.1 of GCC, the primary free software compiler for GNU and other operating systems, has been released. Version 5 includes many changes from the 4.x series. Starting with this release the default compiler mode for C is gnu11 instead of the older gnu89. New features include new compiler warnings, support for Cilk Plus. There is a new attribute no_reorder which prevents reordering of selected symbols against other such symbols or inline assembler, enabling link-time optimization of the Linux kernel without having to use -fno-toplevel-reorder. Two new preprocessor directives have also been added, __has_include and __has_include_next, to test the availability of headers. Also, there's a new C++ ABI due to changes to libstdc++. The old ABI is however still supported and can be enabled using a macro. Other changes include full support for C++14. Also the Fortran frontend has received some improvements and users will now be able to have colorized diagnostics, and the Go frontend has been updated to the Go 1.4.2 release.
Link to Original Source

Comment: Never toss a phone... (Score 1) 1

by niftymitch (#49530263) Attached to: Wi-Fi Attack Breaks iPhones By Locking Them Into an Endless Loop

It seems that this is a reason to never toss a phone.
If the iPhone can be abused the need to keep the old
Android or Win or Nokia phone in the closet seems valuable.

By the same token it seems important to keep an old iPhone
wrapped in tin foil sealed in a mayonnaise jar because it
is silly to think that any vendor is immune.

N.B. despite the strong push to collect old phones, all cell phones are required by law to have access 911 emergency
services in the US. Keeping an old phone and auto charger with no plan in the boot/trunk/glove box seems prudent.
BTW the credit for my last phone was $4 and it makes a fine Pandora server to a bluetooth speaker...

Comment: So my FB number is 555-1212 as of 5 min ago. (Score 2) 1

by niftymitch (#49530183) Attached to: Facebook Hello tells you who's calling before you pick up

This seems to be too desirable to hack.
There is a service and the implication is that someone calling you
is someone you know. That seems fragile. With a reversed hack the phone could
ring and that person could know a gosh darn lot about you and
extract more info to attack you, your home or your valuables (bank credit).

FB should have this service under a full security review like no other service
and have a serious audit process to discover and squash use anomalies.

Comment: Re:Obvious (Score 1) 350

It is also not clear what the regulations domestic and international are for testing the
FM radio for unwanted interference and matching the national band allocations.

Oh that is clear. There's very little. FM must not transmit (and I don't think any mobile chipset does), and it just has to receive in a certain frequency band which is mostly common throughout the world with no further consideration to interference. An analogue radio receiver is about the least regulated radio device you can build.

It is still not clear.... the FM block has a local oscillator. The bluetooth, the WiFi 2.4&5GHz, The Cell system, many bands... as well as the display, processor, memory etc... interact. Part 15 is almost easy in isolation but the RF complexity of turning on a tuner that sweeps the FM local oscillator and that might interact with passive traces, as well as other active systems is "interesting".

Having said this Motorola has it on two of the phones I have owned. Thus, It is possible and to me it is a reasonable expectation for this system to be enabled and active.

I feel strongly that the emergency context has been ignored. It is astoundingly easy to overspend or underspend on emergency systems. Emergency system managers have apparently missed this erosion of a worthy component. Combined this with the demise of plain old telephone services with its legal framework for battery power (etc.) that the cell system and internet does not have and Houston we have a problem.

These are systems and interconnected in poorly understood ways. Changes have consequences some good some bad most unintended. Media coverage wants to reduce important issues to a two team sporting contest and this is just wrong for understanding systems.

Programmers know how difficult "make" rules can get and some know
why "makedepend" gets it wrong at times (this is after all a /. geek centric forum).

+ - Wi-Fi Attack Breaks iPhones By Locking Them Into an Endless Loop-> 1

Submitted by Anonymous Coward
An anonymous reader writes: Researchers from Skycure demonstrated a novel attack at the RSA 2015 conference that affects iPhones and other iOS devices. The attack, which takes advantage of new and previously announced vulnerabilities, locks iPhones into a never-ending reboot cycle effectively rendering them useless.

Developing a Denial of Service Attack
Skycure CEO Adi Sharabani explained that this attack began when Skycure researchers bought a new router and were messing around with its network settings. In doing so, they discovered a particular configuration that caused apps in iPhones connected to that router to crash whenever they launched.

Link to Original Source

Comment: Re:what is Arimaa? (Score 2) 58

by niftymitch (#49508041) Attached to: Computer Beats Humans At Arimaa

Arimaa is a two-player strategy board game that was designed to be playable with a standard chess set and difficult for computers while still being easy to learn and fun to play for humans. Every year since 2004, the Arimaa community has held three tournaments: a World Championship (humans only), a Computer Championship (computers only), and the Arimaa Challenge (human vs. computer).

seriously, slashdice, some reference would be nice sometimes.

Given the youth of the game I suspect there is much less analysis and history in
support of the game. The difficulty that computers faces is the same one that players face and
while depth search for a computer is difficult it is more difficult for the human player.

The game was invented in about 2002... and chess has a history that spans 1500 years
and Go 2500 to 4000 years.

While difficult to test I suspect that if we restricted chess players to the same age
and tenure profile of Arimaa players a machine would romp over the novice chess
players (max experience 13 years, average perhaps 7).

Now that there are champion machines the game may well move into the
class of games only played by machines. Or, Programmers and hardware mfg
consortiums could compete little different than the America's Cup.

The game might prove the ideal context to form a man+machine or team+machine contest
where the men shape strategy and the machine carries the game to conclusion
with nudges from the man-power.

Now should I bother to learn the game at all?

Comment: Re:Stupid (Score 1) 591

The problem with using anesthesia is that organizations (the largest of which is the EU) forbids selling anything used in executions. ....

FWIW I am completely against capital punishment, .....

Capital punishment is the choice of the poor.
When society is starving for resources quick execution makes sense to me.
When society is wasting 1/3 of its food execution makes little sense (same for the waste).

As for cruel -- the decades on death row is nasty.

Comment: Re:Stupid (Score 1) 591

FFS! What is the accepted definition of execution? Does it involve pain or discomfort?
What's wrong with anesthesia?

Those that make the drugs of choice in this case are international and they refuse to
supply to this purpose and end.

A pure suffocating gas like nitrogen (but not CO2) will do the job.
Noble gasses like He, Ar, Ne might also work. He has
national security issues. It is also best extracted from natural
gas flows in Texas and Ok... other flows are fracking intensive
and He low so the anti fracking folk could help or hinder helium
as a choice. Helium would also be too funny for Saturday Night
Live to ignore.

Comment: Re:What the fuck is the point of the ISP middleman (Score 1) 48

by niftymitch (#49506389) Attached to: Google Ready To Unleash Thousands of Balloons In Project Loon

LTE isn't free, you can't use the frequencies if you're not a licensed carrier. Presumably, it is easier for Google to make a deal with existing carriers who have the license rather than seek a license themselves for each and every country.

Balloons are short lived...
At this point it is an experiment so no need to own or be part of the cell service infrastructure.

This is not a 7x24x365.24 class service.
At some point this could become an important service in the event
of an emergency. It may also be valuable over places like the Black
Rock Desert for about one week a year.

And yes some sparse parts of the world may find value long term.

Comment: Re:Obvious (Score 4, Interesting) 350

Because the article is very misleading.

Smartphones MAY have a chip in them that is capable of receiving FM transmissions [probably as part of the Qualcomm/whomever chip for processing cell phone signals].

But not a matter of 'just turn it on' and everything magically works.

You need an antennae/other external hardware that receives those signals properly. I'm not an antennae engineer,........

Since I have some phones that have the FM radio enabled all that is needed is headphones.
The antenna is the wires of the headphones.

That is not to say that the pin for the antenna is connected to the headphone connector.
It is also not clear what the regulations domestic and international are for testing the
FM radio for unwanted interference and matching the national band allocations.

But the original question is interesting. Local radio is invaluable in a disaster. The power budget
and infrastructure (transmitter towers) for FM radio are much more available. The service area of
a single FM radio tower could cover hundreds if not thousands of cell towers. Cell towers also depend
on digital backbone and data connections (routers) that also need uninterruptible power.

Local emergency management need only contact the radio station and the radio station only needs
a single generator. Radio is part of the emergency broadcasting system and disconnecting the FM radio
is disconnecting the EBS.

Having said this I recall waiting on the local FM radio station to announce school closure on one
especially nasty blizzards winter morning. There was no announcement... the school system could
not connect to the station by phone and the roads were so deep in snow that direct contact was
impossible.

Legislatures in earthquake, tornado, blizzard, hurricane disaster risk areas (the entire US) should
be paying attention to this. Because of the EBS link your representatives should be demanding internal
communications that fail to enable this important service. Disconnection and de facto dismantling
of the EBS in favor of pay for service revenue should be blocked.

Then there is: "As Radio.no notes, Digital Audio Broadcasting (DAB) will provide Norwegian listeners more diverse radio channel content than ever before. Indeed, DAB already hosts 22 national channels in Norway, as opposed to FM radio’s five, and a TNS Gallup survey shows that 56% of Norwegian listeners use digital radio every day. While Norway is the first country in the world to set a date for an FM switch-off, other countries in Europe and Southeast Asia are also in the process of transitioning to DAB." (gizmodo-dot-com)

Thus I also want DAB support in future phones...

Comment: Re:I thought we were trying to end sexism? (Score 1) 599

There is more to this narrow minded view of the testing system
than is obvious.

It makes a conclusion and presents a solution without any data that
supports the conclusion or solution.

They assert that a girls only class is the solution and the problem is boys
dominating the class.

They do not address the possibility that educators could simply be biased
and the same individual educators in a special class would imprint that same bias without
change. The result would then be identical.

Not addressed in this data is the assumption that systematic issues in education
are the reason girls do not invest themselves in STEM anything. Society also
adds to this...

Personal antidotal bias is that the smartest math and science person in my k-12 education
decided to pursue her dream as an artists. As a spouse in a traditional marriage
she could do this without concern for the finances of it. She was not alone although
another gal almost as smart ended up as a NASA outreach educator.

The other very important issue is that girls and boys do not develop on the same
schedule biologically. Moving the girls and boys into their own classes without
adjusting the schedule will also get the same result.

If educators are going to be honest they need to design an education programs that
allows biology and maturation shape the schedule of boys and girls class content.
In a K-12 school the age differences where one child can be 364 days older than another
must also be considered important.

One real issue is that standard tests are anchored on birthdays and on a calendar.
Adjusting the time for one groups tests vs. another would be seen as very unfair
yet it may be more so.

If we cold take sex out of this and substitute cognitive maturation we might get
better outcomes from the child's point of view. One clumsy attempt on this
is homogeneous grouping. Assignment into a group might be because an individual
was slow to grasp or simply unable to grasp the material.

I think the school has a bias and thinks they have a solution. Then they found numbers to support it.
There are girl and boy only schools where supporting data might live. One might be
a serious review of the famous schools and their curriculum as framed before standard testing.
These schools (perhaps 1780-1920) and their syllabus (teachers notes) may still exist
and may prove interesting.

Little of this matters -- TV sitcom and even cartoons have very rigid rolls for the sexes
to play...

It is better to live rich than to die rich. -- Samuel Johnson

Working...