Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Comment Re:it took 2 1/2 years... (Score 1) 145

for this to get "noticed"?

so much for open standards and open source software... 'its safe. you can look at the code yourself"... it took two and a half fucking years for someone to do just that.. and just to find an easter egg, not an embedded and obscured vulnerability.

No, it didn't take 2.5 years to get noticed. Look at the comments on the final commit, it was noticed and commented on by another team member the same day it went in.

The public didn't notice, but I'm sure many people involved in the project did... the commit wasn't in any way obscured. It just wasn't interesting enough for anyone else to notice.

Comment What is metadata? (Score 1) 54

NSLs are restricted to allowing collection only of "non-content information", or metadata. But what does that mean? In the case of telephone calls, it's pretty clear. With web history, though, it's much less clear, because a list of URLs is a list not only of which servers you connected to, but in most cases also what information you retrieved. The URL doesn't contain the information itself, but it's trivial for someone else to retrieve it and find out what you read.

Cell location information is another debatable case. While in some sense it is metadata if we consider the content to be what you talk about on the phone, the data you send/receive, etc., it's also tantamount to having a tracking device on almost everyone. Courts have ruled that GPS tracking without a warrant is unconstitutional, and it really seems that this is the same thing. The precision is lower, but it's still pretty darned good.

As for purchases, it would seem that information about what you bought and how much you paid for it would constitute "content", while the times and locations of the transactions would be metadata.

IP addresses of people you corresponded with... that seems like pure metadata, and is unsurprising to me.


HTTP/2.0 Opens Every New Connection It Makes With the Word 'PRISM' ( 145

An anonymous reader writes: British programmer and writer John Graham-Cumming has spotted what appears to be a 'code-protest' in the next generation of the hypertext protocol. Each new connection forged by the HTTP/2.0 protocol spells out the word 'PRISM' obliquely, though the word itself is obscured to the casual observer by coded returns and line-breaks. Work on the hidden message in HTTP/2.0 seems to date back to nine days after the Snowden revelations broke, with the final commit completed by July of 2013. In July 2013 one of the protocol's architects appealed to the development group to reconsider design principles in the light of the revelations about the NSA's worldwide surveillance program.

Comment Re:It's not Obama (Score 1) 385

And this is totally unlike what every other president did who had a 747 to hop on to?

Ooh, good retort! Anything that another asshole in the white house did before Obama totally excuses him, even if he's wagging a finger at us driving cars while he rides in a fucking airliner.

When did it become OK to be patriotic and yet call the elected leader of this country "that asshole" instead of The President?

Anyone who hasn't called a president an asshole isn't a true American.

I have more respect and love for the country

Do you really not understand the difference between a politician and the country?


Comment Re:Is this really as typical as it seems? (Score 2) 115

New technology market deployments go in stages, including the following:
  1) The underlying technology becomes available and financially viable. The window opens.
  2) An explosion of companies introduce competing products and try to capture market share. They are in a race to jump through the window.
  3) There is a shakeout: A handful become the dominant producers and the rest die off or move on to other things. The window has closed.

We've seen this over and over. (Two examples from a few decades back were the explosions of Unix boxes and PC graphics accelerator chips)

IoT applications recently passed stage 1), with the introduction of $1-ish priced, ultra-low-power (batteries last for years), systems-on-a-chip (computer, radio peripheral, miscellaneous sensor and other device interfaces) from TI, Nordic, Dialog, and others. It's in stage 2) now.

In stage 2) there's a race to get to market. Wait too long and your competitors eat your lunch and you die before deploying at all. So PBHs do things like deploy proof-of-concept lab prototypes as products, as soon as they work at all (or even BEFORE they do. B-b ) They figure that implementing a good security architecture up front will make them miss the window, and (if they think that far ahead at all) that they can fix it with upgrades later, after they're established, have financing, adequate staffing, and time to do it right - or at least well enough.

So right now you're seeing the IoT producucts that came out first - which means mostly the ones that either ignored security entirely or haven't gotten it set up right yet. Give it some time and you'll see better security - either from improvements among the early movers or new entrants who took the time to do it right and managed to survive long enough to get to market. Then you'll see a shakeout, as those who got SOMETHING wrong fail in competition with those who got it right.

If we're lucky, one of the "somethings" will be security. But Microsoft's example shows that's not necessarily a given.

In this case, though, the POINT of the product is security, so getting it wrong - visibly - may be a company killer. (I see that, in the wake of the exposure, the company is promising a field upgrade with this issue fixed in about a month. If it does happen, and comes out before the crooks develop and use an exploit, perhaps this company will become another example for the PHBs to point at when they push the engineers for fast schlock rather than slow solid-as-rocks.)

Comment Re:The HELL they can't! (Score 1) 74

Being in the industry, the reason I was given was (1) the electrolyte is very expensive right now

Vanadium pentoxide (98% pure was about $6/lb and falling as of early Oct and hasn't been above $14 in years) and sulphuric acid?

and (2) investors need a demonstration of return.

Always the bottom line. B-)

Comment Re:Wildly expensive (Score 1) 97

Joel covered this in one of the updates. You're failing to account for the campaign fees collected by Kickstarter, credit card processing fees, and the cost of the rewards being offered.

See here:

"At the end of the day, our goal is to make each feature-length episode of MST3K for around $250,000... And remember: that $250K isn't just to hire our writers, cast and crew, or rent equipment and space. It also includes the cost of LICENSING MOVIE RIGHTS, and that can get pretty expensive."

Comment Re:Violence! (Score 3, Insightful) 488

It was a war. Shit happens.

No, it wasn't a war. It was a series of heavy-handed, ultra-violent overreactions to minor incidents which themselves were responses to systematic oppression. Military action often does kill civilians, the so-called "collateral damage", but herding groups of unarmed women and children into a building and then deliberately shelling that building to kill them all is not collateral damage; the unarmed civilians were the target.

If you want to understand what's really going on in Israel, I highly recommend you read "Goliath: Life and Loathing in Greater Israel", by Max Blumenthal. It's a hard book to read, not because Blumenthal isn't a good writer but because the truth is so horrible. And if you doubt that it is the truth, check the included citations.

The solution of this problem is trivial and is left as an exercise for the reader.