Catch up on stories from the past week (and beyond) at the Slashdot story archive

typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

## Comment Re:TFA has no clue about orbital mechanics (Score 1)278

F=G(M1*M2/r^2)

a = F / m therefore
a =G (m1 * m2 / r ^ 2) / m1 therefore
a =G (m2 / r ^ 2)
and v1 = v0 + a * t therefore there is no relation between v1 and m1
QFT

## Comment TFA has no clue about orbital mechanics (Score 4, Informative)278

Heavy objects will pick up too much speed during the descent, making for one deep impact.

1. Speed gained during decent does not depend on weight of the craft.
When considering aero-braking/parachuting/gliding the only thing that matters is lift/drag generating surface area vs mass

2. Speed gained during decent (from mars gravity) is nominal compared to orbital transfer speed/orbital speed that needs to be zeroed.
Mars orbital speed at 200km is around 2.4km/s, total amount of speed gained from direct decent from 200km to 0km on Mars is around 1.2km/s (with no atmosphere), in real life we would see orbital speed (2.4km's) decreasing on decent due to atmospheric drag (until it reaches terminal velocity, which depends on point 1. but should be less than 1km/s for any viable design).
Prior to achieving stable orbit around mars we have to (aero-)brake from at least 15km/s (orbital transfer). So theoretical 1.2km/s from Mars gravity (which actually doesn't happen) is a really small amount of additional velocity compared to the amount we have to brake anyway.

Playing a few hours of KSP should be mandatory prior to posting articles about space flight on the internet :)

## Comment Lets reinvent the wheel! (Score 1)75

Qi has been around for quite some time. My last 3 phones have supported it and i love it

If i want to use OpenDots I have to buy a new phone (none on market atm), a few new charging plates (none on market atm) and a car that supports it (a few on market)?

OpenDots is not as safe (try spilling your drink on the pad :)) and is not supported by a single phone at the moment, while Qi has ~50 phones with built in support on sale at the moment and hundreds more that accommodate Qi via accessories (i.e. Qi enabled cover)

Qi is not open-source but its free for low wattage devices (phones) and at reasonable cost for higher wattage devices (all patents are RAND)

What is the advantage for consumer to use OpenDots vs Qi?
What is the advantage for manufacturer to use OpenDots vs Qi (considering existing Qi infrastructure)

## Comment The paper is marketing bull (Score 3, Interesting)86

Most of the advises given (if not all) are ineffective and in some cases make things worse.

Code and data obfuscation only provides false sense of security (and a large paycheck for your "security" vendor) - If i have access to binaries, have root OS access and skills to de-compile the app, obfuscation/encryption (with local key) is only a small nuisance (compared to skill required for decompilation/repackaging/on-the-fly modification)

Moving data to server-side provides a simpler attack-vector - i can MTM the (hopefully) secure connection and alter data sent to app - i don't even have to decompile the app to hack it

On-the-fly binary validation does not work (again, if i have OS level access) - i can disable/fake it.

The numbers in the paper are classic marketing bull - when are you more likely to buy an 99\$ in-app purchase?
- if you actually have to pay for it

TLDR:
You can't protect against hacking/repackaging if the hacker has access to binaries and root.
You can't protect against data modification if the hacker can install hes own CA on the device.

## Comment Re:Fantastic ROI (Score 2)275

Considering that the daily trading volume of popular exchanges is around 50k BTC / 27m\$ at the moment, and that he dumps all coins directly to market, he might lower the price by 0.5% (8/(50*31))!

Doge coin rig, built in December for 850\$ has earned 4800\$ so far and another ~1200\$ is expected before it turns obsolete (cost of power passes turnover). It has paid itself in DOLLARS many times over.

Bigger rigs, like in TFA have a bit longer lifetime and higher profit margins (assuming you use top-of-the line off-the-shelf components and won't start inventing the wheel yourself)

## Comment Re:Radiation shielding not feasible (Score 1)374

Unfortunately space elevator would have to extend quite far above GEO in order to be stable. It's center of mass would have to be on GEO orbit (or a little below it) for the elevator to be stable.
This is probably the reason why rail-gun type launch systems have attracted more research in last few years.

## Comment Radiation shielding not feasible (Score 3, Informative)374

Using the elevator for transfer of goods - will work but the goods will get a huge dose of radiation

Using it for transfer of organic matter (i.e. humans) above LEO is not feasible due to the speed/shielding needed

The worst part of Van Allen belt is about 19000km wide and starts at around 7000km high. Apollo moon missions passed trough it at roughly 15km/s, spending roughly 2*21 minutes in it.
That is 1/5 of the yearly the limit in US for people working with radiation.
At reasonable speed (~200m/s) the elevator would take ~26h to pass through the belt, meaning it would need at least 75x more radiation shielding than Apollo did and that the lift would need 15m thick aluminum honeycomb walls (using 70's technology).

Even with todays technology the shielding will be way too bulky/heavy for elevators to be viable alternative to rockets for above LEO human transfer.

## Comment This is Machinima deal, not Microsoft (Score 3, Informative)128

Full contract at http://pastebin.com/vec6vjv5/

Machinima lives of these kind of promotions (all Machinima affiliates get multiple offers per month)

The total cost for this promotion for Machinima is 3750\$ (promotion ends when this CPM target is met)

It is likely Microsoft entered into a deal with Machinima to increase it's visibility and Machinima did the promotion on it's own (like it has done with a lot of brands before)

## Comment All of it - So you can loose all of it (Score 1)187

Why should I store any of my media (or other data, for that matter) anyplace else? Storing it in the cloud only works for as long as your cloud provider stays in business, and what I store is my business and nobody else's.

Storing it locally works as long as you don't get robbed...
and your house don't burn down...
and you don't get hit by major disaster (i.e. flood)...
and your storage medium doesn't fail...

I keep mine locally (2 redundant systems) and in cloud

## Comment Insecure by design (Score 5, Insightful)242

The point of the article wasn't to crack it, it was to show that if something sounds insecure by design, it is insecure...

DropBox allows you to "log in" to it's website via click in the application -> no credentials required. Therefore it must either store user credentials or some other secret(s) on client side (host_id and host_int in this case).

Any process running under privileges accessible to you can be cracked (albeit sand-boxing, in which case you need system privileges) and it can't hide data from end-user / other processes in same privilege space (albeit sand-boxing....).
They can make it more difficult though (extracting Bluray key from windows media player will take anyone at least a few days)

More and more big companies think they can hide data on client side and be secure. Dropbox, Windows Live (LiveConnect) and numerous others are now relying on fast exchange of nonces in addition to client-side secret storing to make it secure "enough".. But breaking the nonce handshake and authenticating in programmatic fashion will add maybe 10% more cracking/programming effort on top of the regular cracking effort.

TLDR: If it is insecure by design, it is insecure and no amount of obfuscation will help you....

## Comment Any assembly encryption can be broken in 5 minutes (Score 1)245

You run the executable...
You ask kernel to stop executing it...
You dump the memory...
Voila - you have the unencrypted executable...
This process, including writing the tools for it, will take a person who knows what hes doing around 5 minutes... (if the program is large, it might take longer due to disk write speeds)...

Yes, they can obfuscate the assembly, but it still will be the assembly - perfectly human readable.
It might be pain to reverse engineer the whole program, but it can be done. But in most cases I've seen the hacker doesn't want to reverse engineer the whole program, he just wants to alter it a little / extract some crucial information from it (i.e. private keys). Obfuscation doesn't make this harder at all - You find some interesting OS level calls (i.e. socket creation - you cant obfuscate that...) and using debugger/stack traces/assembly/hooks you poke around a bit to find the part that is interesting to you...

From security point of view, assembly encryption (no matter how good it is) is comparable to covering your house with packing paper to prevent thieves from entering...

## Comment Re:So what does it cost in USA? (Score 1)298

Estonia here

35 euro for 150/10 (146/10 on speedtest.net) uncapped, including cable (basic, 70 channels) and landline

40 euro for 100/50 4G LTE (91/44 on speedtest.net) uncapped, including unlimited calls and texts

3 euro for 5/1 3G (5/1 on speedtest.net), uncapped, no calls/texts included

## Comment Missing option: not installed (Score 1)201

Not installed at work (on 20 pc's in my department)
Not installed at home on 3 pc's and 2 macs
Installed on my old Droid and s60 phones, but not installed on any phones my family is using at the moment (2xW8, 1xIOS)

Can't find any "killer apps" that would compel me to install Java and *try* to keep it up-to-date/secure

## Comment Fixed line in IM/Mobile :) (Score 1)445

We have few hundred employees and 2 actual physical fixed-line phones (at reception)
But we do have "fixed line numbers" for pretty much everyone

All is done over VOIP with intelligent back-end,
when someone calls me on my fixed number (or some call is redirected to me):
* If I'm behind my laptop, company IM rings in laptop with options to redirect/hold/answer via headset/answer via mobile/etc.
* If I'm away from my laptop (IM status auto changes after 5 min of inactivity), my phone and laptop ring at the same time (laptop silently), so i can answer it from my phone or do whatever from laptop
* If my Outlook/IM status is "DND" or my workday is over then i get a e-mail notification and the call is redirected to reception / help-desk (depending on caller)

Having and actual physical phone on my desk would mean that i miss 70% of calls (i have to move around the office quite a lot) and it would take up valuable desk space (where would i put my Chuck Norris motivational picture then :))

Marriage is the sole cause of divorce.

Working...