Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment: Lets reinvent the wheel! (Score 1) 75

Qi has been around for quite some time. My last 3 phones have supported it and i love it

If i want to use OpenDots I have to buy a new phone (none on market atm), a few new charging plates (none on market atm) and a car that supports it (a few on market)?

OpenDots is not as safe (try spilling your drink on the pad :)) and is not supported by a single phone at the moment, while Qi has ~50 phones with built in support on sale at the moment and hundreds more that accommodate Qi via accessories (i.e. Qi enabled cover)

Qi is not open-source but its free for low wattage devices (phones) and at reasonable cost for higher wattage devices (all patents are RAND)

What is the advantage for consumer to use OpenDots vs Qi?
What is the advantage for manufacturer to use OpenDots vs Qi (considering existing Qi infrastructure)

Comment: The paper is marketing bull (Score 3, Interesting) 86

by nomaddamon (#49427707) Attached to: Ask Slashdot: How Serious Is Hacking In Mobile Games?
Most of the advises given (if not all) are ineffective and in some cases make things worse.

Code and data obfuscation only provides false sense of security (and a large paycheck for your "security" vendor) - If i have access to binaries, have root OS access and skills to de-compile the app, obfuscation/encryption (with local key) is only a small nuisance (compared to skill required for decompilation/repackaging/on-the-fly modification)

Moving data to server-side provides a simpler attack-vector - i can MTM the (hopefully) secure connection and alter data sent to app - i don't even have to decompile the app to hack it

On-the-fly binary validation does not work (again, if i have OS level access) - i can disable/fake it.

The numbers in the paper are classic marketing bull - when are you more likely to buy an 99$ in-app purchase?
- if you can do it for free (Apple MTM bug)
- if you actually have to pay for it

You can't protect against hacking/repackaging if the hacker has access to binaries and root.
You can't protect against data modification if the hacker can install hes own CA on the device.

Comment: Re:Fantastic ROI (Score 2) 275

by nomaddamon (#46591655) Attached to: Operation Wants To Mine 10% of All New Bitcoins
Considering that the daily trading volume of popular exchanges is around 50k BTC / 27m$ at the moment, and that he dumps all coins directly to market, he might lower the price by 0.5% (8/(50*31))!

Doge coin rig, built in December for 850$ has earned 4800$ so far and another ~1200$ is expected before it turns obsolete (cost of power passes turnover). It has paid itself in DOLLARS many times over.

Bigger rigs, like in TFA have a bit longer lifetime and higher profit margins (assuming you use top-of-the line off-the-shelf components and won't start inventing the wheel yourself)

Comment: Re:Radiation shielding not feasible (Score 1) 374

by nomaddamon (#46344599) Attached to: Report: Space Elevators Are Feasible
Unfortunately space elevator would have to extend quite far above GEO in order to be stable. It's center of mass would have to be on GEO orbit (or a little below it) for the elevator to be stable.
This is probably the reason why rail-gun type launch systems have attracted more research in last few years.

Comment: Radiation shielding not feasible (Score 3, Informative) 374

by nomaddamon (#46343345) Attached to: Report: Space Elevators Are Feasible
Using the elevator for transfer of goods - will work but the goods will get a huge dose of radiation

Using it for transfer of organic matter (i.e. humans) above LEO is not feasible due to the speed/shielding needed

The worst part of Van Allen belt is about 19000km wide and starts at around 7000km high. Apollo moon missions passed trough it at roughly 15km/s, spending roughly 2*21 minutes in it.
The astronauts received roughly 1rem of radiation through 3 layers of thick aluminum radiation shielding.
That is 1/5 of the yearly the limit in US for people working with radiation.
At reasonable speed (~200m/s) the elevator would take ~26h to pass through the belt, meaning it would need at least 75x more radiation shielding than Apollo did and that the lift would need 15m thick aluminum honeycomb walls (using 70's technology).

Even with todays technology the shielding will be way too bulky/heavy for elevators to be viable alternative to rockets for above LEO human transfer.

Comment: This is Machinima deal, not Microsoft (Score 3, Informative) 128

by nomaddamon (#46024935) Attached to: Microsoft Paying for Positive Xbox One Coverage on YouTube
Full contract at

Machinima lives of these kind of promotions (all Machinima affiliates get multiple offers per month)

The total cost for this promotion for Machinima is 3750$ (promotion ends when this CPM target is met)

It is likely Microsoft entered into a deal with Machinima to increase it's visibility and Machinima did the promotion on it's own (like it has done with a lot of brands before)

Comment: All of it - So you can loose all of it (Score 1) 187

by nomaddamon (#45725231) Attached to: How much of your media do you store locally?

Why should I store any of my media (or other data, for that matter) anyplace else? Storing it in the cloud only works for as long as your cloud provider stays in business, and what I store is my business and nobody else's.

Storing it locally works as long as you don't get robbed...
and your house don't burn down...
and you don't get hit by major disaster (i.e. flood)...
and your storage medium doesn't fail...

I keep mine locally (2 redundant systems) and in cloud

Comment: Insecure by design (Score 5, Insightful) 242

The point of the article wasn't to crack it, it was to show that if something sounds insecure by design, it is insecure...

DropBox allows you to "log in" to it's website via click in the application -> no credentials required. Therefore it must either store user credentials or some other secret(s) on client side (host_id and host_int in this case).

Any process running under privileges accessible to you can be cracked (albeit sand-boxing, in which case you need system privileges) and it can't hide data from end-user / other processes in same privilege space (albeit sand-boxing....).
They can make it more difficult though (extracting Bluray key from windows media player will take anyone at least a few days)

More and more big companies think they can hide data on client side and be secure. Dropbox, Windows Live (LiveConnect) and numerous others are now relying on fast exchange of nonces in addition to client-side secret storing to make it secure "enough".. But breaking the nonce handshake and authenticating in programmatic fashion will add maybe 10% more cracking/programming effort on top of the regular cracking effort.

TLDR: If it is insecure by design, it is insecure and no amount of obfuscation will help you....

Comment: Any assembly encryption can be broken in 5 minutes (Score 1) 245

You run the executable...
You ask kernel to stop executing it...
You dump the memory...
Voila - you have the unencrypted executable...
This process, including writing the tools for it, will take a person who knows what hes doing around 5 minutes... (if the program is large, it might take longer due to disk write speeds)...

Yes, they can obfuscate the assembly, but it still will be the assembly - perfectly human readable.
It might be pain to reverse engineer the whole program, but it can be done. But in most cases I've seen the hacker doesn't want to reverse engineer the whole program, he just wants to alter it a little / extract some crucial information from it (i.e. private keys). Obfuscation doesn't make this harder at all - You find some interesting OS level calls (i.e. socket creation - you cant obfuscate that...) and using debugger/stack traces/assembly/hooks you poke around a bit to find the part that is interesting to you...

From security point of view, assembly encryption (no matter how good it is) is comparable to covering your house with packing paper to prevent thieves from entering...

Comment: Re:So what does it cost in USA? (Score 1) 298

Estonia here

35 euro for 150/10 (146/10 on uncapped, including cable (basic, 70 channels) and landline

40 euro for 100/50 4G LTE (91/44 on uncapped, including unlimited calls and texts

3 euro for 5/1 3G (5/1 on, uncapped, no calls/texts included

Comment: Missing option: not installed (Score 1) 201

by nomaddamon (#42624775) Attached to: The status of Java on my machine:
Not installed at work (on 20 pc's in my department)
Not installed at home on 3 pc's and 2 macs
Installed on my old Droid and s60 phones, but not installed on any phones my family is using at the moment (2xW8, 1xIOS)

Can't find any "killer apps" that would compel me to install Java and *try* to keep it up-to-date/secure

Comment: Fixed line in IM/Mobile :) (Score 1) 445

by nomaddamon (#42202447) Attached to: Ask Slashdot: Do You Still Need a Phone At Your Desk?
We have few hundred employees and 2 actual physical fixed-line phones (at reception)
But we do have "fixed line numbers" for pretty much everyone

All is done over VOIP with intelligent back-end,
when someone calls me on my fixed number (or some call is redirected to me):
* If I'm behind my laptop, company IM rings in laptop with options to redirect/hold/answer via headset/answer via mobile/etc.
* If I'm away from my laptop (IM status auto changes after 5 min of inactivity), my phone and laptop ring at the same time (laptop silently), so i can answer it from my phone or do whatever from laptop
* If my Outlook/IM status is "DND" or my workday is over then i get a e-mail notification and the call is redirected to reception / help-desk (depending on caller)

Having and actual physical phone on my desk would mean that i miss 70% of calls (i have to move around the office quite a lot) and it would take up valuable desk space (where would i put my Chuck Norris motivational picture then :))

Comment: Welcome to the world of advertising (Score 1) 299

by nomaddamon (#41977707) Attached to: Mark Cuban: Facebook Is Driving Away Brands — Starting With Mine
This makes sense.. really...
If I'm a true fan, I have liked the page and am liking a lot of updates from the page... therefore FB sees that I am interested in the content provided by the page and i get 100% of hes updates
If i have liked the page by accident (or just don't really care about what it has to say), then i don't "like" the updates of the page and soon enough i will stop getting them... (except for really popular ones)
So if I'm not getting the updates, i DON'T CARE about them and its perfectly fair for FB to charge him for spamming my news-feed.
I understand that he has invested in advertising but hes got the return from that... a lot of users who liked the page and got temporary exposure to he brand.. expecting this to go on forever is like expecting that if you publish a TV ad, then every person who has seen one of your ad's is committed to see all your other adds (multiple a day) for the rest of eternity....
Also he forgets to mention that by doing a sponsored post, he will get exposure to users who have not yet liked hes page...

The world is not octal despite DEC.