Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
What's the story with these ads on Slashdot? Check out our new blog post to find out. ×

Comment Re:Nasal rinsing ... use some care (Score 1) 149

Boil water, and hold at temp for several minutes

Do we have any evidence that N. fowleri survives more than a moment at boiling temperatures? The only info I could find is a study that found N. fowleri spores survived 2.5 minutes at 65 C, but they only tested very cold and somewhat hot water. No boiling. I've been boiling water for just seconds to sanitize it. But while this study doesn't show it's immediately killed, it *does* imply that letting boiled water cool down naturally will provide enough time to kill N. fowleri spores. (Unless you drop its temperature with ice or a heat exchanger.)

Comment Re:Why is this being discussed? (Score 1) 149

Frankly I don't think someone that would do something so stupid are a big loss to the gene pool. I had never heard of a neti pot before, and now I wish I didn't.

You, sir or madam, are an ignoramus! You don't even get a pass for being unfamiliar with modern medicine, since this is very, very old medicine (that's still prescribed by mainstream doctors).

Comment Re:No, obviously (Score 1) 263

There's no way those statistics could possibly be representative. They do not include, for example, mugging victims that run away from a knife and are not stabbed. I think you are making a willfully obtuse argument. I would prefer to go against a baseball bat rather than a gun any day. (And my choice of weapon would be made by Nike, if you haven't figured that out.)

The point is that guns don't do half measures. Here's a real statistic, not some cherry-picked irrelevent percents:
"Fatalities are three times as likely in robberies committed with guns than where other, or no, weapons are used," (followed by three citations, which you can look up if you're interested).
https://en.wikipedia.org/wiki/...

Comment Re:regular old intelligence (Score 2) 50

Some people in China wear masks. The educated ones wear N95 filters, the uneducated ones wear surgical masks. A forecast like this can help you plan how you're going to protect yourself. And you probably want to cancel that Saturday hike if the air is going to be hazardous.

How is this any different than a weather forecast?

Comment Re:regular old intelligence (Score 1) 50

There is a staggering number of network-type AI-like systems that are not neural networks. Consider genetic programming: a program is generated based on simple programming primitives like less_than(input, input), not(input), and(input, input) and it evolves itself, either through individual fitness feedback or by an evolutionary strategy.

So it's not correct to say that because it's not a neural network, it must be heuristic-based.

Comment Re:No, obviously (Score 1) 263

Guns have no magical powers fists lack that cause the (mental) trauma.

Sure they do. I think this is common sense, unless you live in the land of Rubber Bullets. The reason for this is probably the same reason as the reason using a gun in a crime carries stiffer penalties. Guns don't do half measures. They inflict grievous bodily harm, every time. (Barring misfired/misses/etc.) So if you carry a gun to your robbery, there are serious chances you'll kill the victim. The same isn't true of a mugging with fists. (I read about a hugely strong man mugging a stranger with a handshake--"Give me your wallet or I'm going to break your hand". That victim never feared for his life.)

Imagine you have an argument with an acquaintance and he pulls his arm back to hit you. Now imagine you have an argument with another acquaintance and he pulls a gun and points at at you. Do these two situations really feel the same to you???

Comment Re:No, obviously (Score 1) 263

Why was the crime "worse" because a computer was used? Did the victim suffer more? Was there more physical damage?

In the same vein, why does an armed robbery in many states carry an "enhanced" sentence, or even become a different crime, because a gun was used?

Yes, that should be obvious. A gun causes more suffering. You will have nightmares about it. Every time you remember it, your heart will race and you will start to sweat. A strong man's fist is a deadly weapon. You're telling me a fighter waving his fist in your face will traumatize you equally compared to a gun under your nose? Come on.

Comment Re:Copyright? (Score 1) 187

I'm not sure either of those applies. I'm no lawyer, but I doubt a judge or jury would agree with your interpretation of "intentionally causes damage". First of all, wear and tear is not damage. When you finish an apartment lease, the landlord cannot keep your deposit to pay for wear and tear. When you rent a car, you are not charged damages for wear and tear. When you borrow something, it would be unheard of to hold you accountable for wear and tear. Furthermore, how do you prove it? Due to the way hard drives and OSs work, I doubt the amount of damage is statistically significant. If it's not statistically significant, it doesn't exist. Finally, if AT&T is sending headers that tell the browser not to cache the data, it should not be written to the hard drive anyway.

Finally, you ignored "intentionally". Do you know how high a bar it is to prove intention rather than incompetence? It's hard, even when it's true. And in this case it just isn't. AT&T doesn't want to fuck your computer, they want to fuck your wallet.

In the wire fraud definition you cited, I don't think AT&T is fulfilling the core of the definition: "defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises". Advertising, by and large, is not considered fraud (as much as we might feel that way about most ads we see).

Comment Re:That is so cool (Score 1) 61

It is, I don't know if you're familiar with that "rooting the device" actually means, but it's putting the su binary into /system/, that's it.

Once su is in the proper directory, other applications can use su somecommand, this is what "root access" is on Android, nothing more.

That's one definition. Opening a root shell (regardless of the state of /system and su) is another. I've seen this called "temproot".

I'm familiar with rooting, but not with exactly what system-level permissions entails. And whether system permissions imply root-ability or not, I agree with you that it's dangerous.

But here's another question, if you know more about this than me: Once /bin/su is installed, and the user launches a "SU" app, how does the SU app prevent other apps from accessing /bin/su? Does it simply inject itself into the OS functions that let a process execute a file?

Comment Re:your HTC One M7 was rooted within two months (Score 1) 61

I was referring to the firmware it had when I bought it. *My* M7 was unrootable from within the OS. Those HTC tools don't operate within the Android OS, so that's why they get a pass in my book. This tool isn't launched from the phone, but from a computer, and it can only connect when the phone is in a hardware debugging mode (no apps, no configurability, not even a touchscreen interface).

I think I see our disagreement. If you consider playing with chips to be part of local access, then indeed local access is full access. I meant "local user" (i.e., local account). TeamViewer in theory shouldn't be able to do things the local user cannot do. The local user cannot escalate privileges (without an exploit). Hence, TeamViewer was designed in a naughty way (with Google's permission) and has access that in theory it should not have. Otherwise it could not be a gateway for a local or remote user to escalate permissions.

I would also expect vulnerabilities from TeamViewer: unwanted remote access. And unwanted remote access can do a lot of bad things, but it should not be able to circumvent Android's security model: it should not be able to sniff keys, nor capture the screen. It should not do anything a local app can't do. The fact that it can do these things is what makes this exploit notable, and that tells us that TeamViewer is not running as a normal app (subject to Android's security model).

Comment Re:bug yes, and local access is full access (Score 1) 61

I don't believe you've understood Android's security model (though I'm not an expert myself). The local user cannot do those things, and the user does not have ultimate permission. Unless there is an exploit on the device. There have been plenty of devices that were un-rootable. My HTC One M7 was un-rootable (probably still is), unless you use HTC tools to perform operations on the device when it is not booted into Android. There was literally no way for the OS's local user to gain escalated permissions. If this new exploit changes that, it's not because "remote user == local user" or because "access to the device == complete pwned". You're simplifying it. This is only possible because TeamViewer is somehow running arbitrary commands with system permissions. Prior to this exploit, a local user could not do that.

Comment Re:"infinitesimal percentage of devices". For remo (Score 2) 61

If you install TeamViewer on Mac, people can take over your machine over the internet. That's what it's designed for. Therefore, from a security perspective TeamViewer is a very bad idea.

It's no surprise that an application designed to give someone else full control of your machine is imperfect, and therefore can sometimes allow full access by someone who shouldn't have access.

Wee difference there. On Android, nobody is supposed to get full control of the system. If someone is using TeamViewer to control it, they should not need more permissions than the local user has. After all, it's a screen sharing app. The remote user can only do what the local user can do.

It seems like the app has additional permissions to do things that normally wouldn't be possible (screen capture is what the article mentions), but somehow these extra permissions are made available to one of the users. That must be the vulnerability.

Comment That is so cool (Score 4, Insightful) 61

> Check Point researchers found an app that is actively exploiting the vulnerability. A tool called “Recordable Activator” from UK-based Invisibility Ltd is advertised as an “EASY screen recorder” that doesn’t require root access to the device. But in fact once installed from the Google Play store, the app downloads a vulnerable version of the TeamViewer plug-in from another source... "“it’s [the plug-in] considered trusted by Android, and is granted system-level permissions. From this point ‘Recordable Activator’ exploits the authentication vulnerability and connects with the plug-in to record the device screen.”

Am I the only one that thinks this is incredibly cool? It's not clear to me whether this is exactly the same thing as a root exploit, but some screen recording app developers figured out they could hijack an old version of a well-known app that can do screen recording. This is just a beautiful hack.

But I didn't think having system-level permissions was enough to root a device. And furthermore, does this hack let you do arbitrary actions, or only the actions that the plugin would do?

panic: kernel trap (ignored)

Working...