Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment: Re:Compelling? (Score 3, Interesting) 243

by plover (#49728439) Attached to: Why Apple Ditched Its Plan To Build a Television

The TV market is bad, but the watch market is not great.

What they should be trying to crack is the in-car nav/infotainment systems - the iCarStereo. Current nav systems are somewhere between total-suckage and so-distracting-they-cause-accidents. Bluetooth pairing is painful when it even works, calling systems don't integrate with smartphone phonebooks, there is no way to share contact addresses, and the voice controls are no better than someone reading a "Car navigation is attempting to quit, cancel or allow?" dialog box. And the interfaces are so poor as to command the driver's full attention for seconds, looking for touch-screen items or clicking the right button, taking focus off the task of driving.

People would trade their old cars in for one equipped with an Apple iCarStereo if it solved those problems. A watch? It will take a lot of luck for it to be more than a fashion item that falls off the radar in a few years.

Comment: Re:His viewpoint is staggeringly ignorant (Score 1) 616

by plover (#49710859) Attached to: Editor-in-Chief of the Next Web: Adblockers Are Immoral

I think adblockers are great - for the end user to own and maintain. I've been running filtering proxies of one type or another since the last millennium. (And nothing will teach you the nuances of regex like the challenge of stripping out unwanted HTML tags.) It's for me to decide what I want my browser to display.

But just as it's wrong for my ISP to inject their own ads, it's also not the place of my ISP to censor them out of my data stream. That's my decision, not theirs.

Comment: Re:How can this be? (Score 1) 190

Good point. I would not assume that flight information is from the nav and control systems. But it could be, in which case they could use one-way data isolation devices to eliminate the possibility of anything on the entertainment system negatively impacting navigation controls. That would technically be a "tie", but not one that could be exploited.

Yes, they *could* have used some kind of special 'data diode' isolation device, but then the researcher probably wouldn't have been able to jump networks in the lab, or, as stated in TFA, "He told WIRED that he did access in-flight networks about 15 times during various flights but had not done anything beyond explore the networks and observe data traffic crossing them".

Car networks (CAN bus) have a similar weakness in that the infotainment systems have previously been breached, allowing attackers access to cross over to security systems and unlocking the doors.

Comment: Re:How can this be? (Score 2) 190

There's no way that entertainment/wifi/anything-accessible-to-a-passenger could in anyway be connected to those critical there?

There should be no tie between the control and entertainment networks. I would be surprised if there aren't regulations that forbid it. My guess is this simulated system was not like the real ones. It certainly isn't clear what really was done.

If there is no tie between the entertainment and nav systems, then it becomes difficult to explain the seatback display of the current flight information. At some point the data has to move from one system to the other. That takes a lot more than "no tie".

Comment: Re: 23 down, 77 to go (Score 3, Informative) 854

by plover (#49680759) Attached to: Religious Affiliation Shrinking In the US

I'm fairly certain humanity would find plenty of reasons to wage war if religions were not around to blame it on.

Religions were created as the first rudimentary forms of government or control over other people, and are still remarkably effective at that task. They only require an ongoing group of leaders to ensure obligations are continually felt by the members, as it's difficult to create a new religion quickly with a large enough number of committed adherents to wage an effective war.

The entire process is well understood and practiced worldwide.

+ - Smart Grid Meter Homegrown Security Protocol Crushed By Researchers

Submitted by plover
plover writes: According to this article in ThreatPost,

Two researchers, Phillip Jovanovic of the University of Passau in Germany and Samuel Neves of the University of Coimbra in Portugal, published a paper exposing encryption weaknesses in the protocol.

The paper, “Dumb Crypto in Smart Grids: Practical Cryptanalysis of the Open Smart Grid Protocol” explains how the authenticated encryption scheme used in the OSGP is open to numerous attacks—the paper posits a handful—that can be pulled off with minimal computational effort. Specifically under fire is a homegrown message authentication code called OMA Digest.

Comment: Re:The best thing Keurig can do is die (Score 1) 369

by plover (#49657267) Attached to: Keurig Stock Drops, Says It Was Wrong About DRM Coffee Pods

Arthur Anderson was primarily an accounting and auditing firm. The entire reason that firm existed was to be trustworthy. If people can't trust the auditors, they blame it on instructions coming down from the top that said "anything for a buck comes before an accurate audit." So there was no way to trust the rest of the firm wasn't uninfected with the same corruption that led to Enron.

At Green Mountain, the decision to put DRM into coffee came from the top. While it doesn't translate the same way to the line workers, the trust in the company was similarly lost by their clients.

And yes, people might lose their retirement savings. Employees often have a lot invested in company stock. And if Green Mountain has a pension plan, those employees are at risk as well.

What would be ironic is if Green Mountain collapsed, but other players in the marketplace continued to thrive while using the K-cup (1.0, of course) as a de facto standard.

Comment: Re:Least common denominator (Score 1) 161

by plover (#49563093) Attached to: Has the Native Vs. HTML5 Mobile Debate Changed?

Connectivity is huge, but it's only one of the ingredients in making this decision.

If you want the app to work for them outside of the corporate WiFi, you have to host it on the public internet, where all attackers are equally welcome without regard to skillz or skripts. Are you sure that server is secure? What about tomorrow? Are you patching it? Are your users securing their devices properly? Uh oh, it's the new version of Heartbleed, go back three spaces.

You also have to consider performance. Is this something that your users will use constantly for their jobs, or occasionally for some rare piece of info? If it's going to add one second to every screen, and you're asking people to tap their way through 600 screens a day, the inefficiency is going to cost you 10 minutes worth of payroll per user per day. Maybe you make that up in hardware costs if you force your users to bring their own smartphone to work. Maybe the sluggishness just makes your users miserable throughout the day. Or maybe it simply costs you a lot of money.

On the other side, if it's used perhaps once or twice a day by 2000 people, poor performance and connectivity issues won't be nearly as important as savings on developer costs and time to market, Or if you have only a half dozen heavy users, perhaps you're willing to eat the payroll cost of an hour per day instead of spending them on development.

It's a question best answered by the money.

Comment: Re:But it doesn't work (Score 1) 64

Manning would almost certainly have been caught regardless. All those State Department cables could only have come from someone with access to the entire database. That's a reasonably short list of people, and everyone on it would have been grilled and inspected from head to toe.

His (her) talking about it just made the inevitable happen faster.

Comment: Re:danger vs taste (Score 1) 630

by plover (#49562133) Attached to: Pepsi To Stop Using Aspartame

I'm much more cynical, and I don't think Pepsi is giving in to anyone. I think they're trying to exploit people's fears that "OMG chemicals bad". It's more like they're advertising "We're the only brand that dares to print arsenic-free on our products."

I think the real problem with Diet Pepsi and Pepsi Max is that they taste more or less like regular Pepsi. Their advertising slogan may as well be "Pepsi - for when you can't afford actual Coca-Cola."

Innovation is hard to schedule. -- Dan Fylstra