Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment: Re:One filter = no tier (Score 1) 162

by vux984 (#49549617) Attached to: Apple Watch Launches

How do you KNOW that? There are plenty of times when I may want to take a call if it's important.

How do you KNOW that? How do you know its important until you answer it?

And if you don't know, but expect it might be important, then you'll need to check. Checking your phone to see who is calling is just as obnoxious as checking your watch. Moreso probably because after checking your watch, you have even less time to answer it so your panic answer dance will be that much more urgent.

I do that too but it's not AS EASY. Again it's the layering you are missing here.

Its pretty easy. Certainly not difficult enough nor something that occurs frequently enough for being able to do it from my watch to to even register as a "layer" of value.

.That relies heavily on services from a single manufacturer, and it fairly useless without.

As I said, it works with cyanogenmod meaning the "single manufacturer" is less critical to its continued operation or functionality. Google could vanish off the face of the earth tomorrow and android would live on.

Android Wear is every bit as pigeon-holed, in fact moreso ...[...]


there are already far more Apple Watch apps to gain non-Apple functionality.

Lol. Seeing as they are inextricably tied to itunes and ios, calling it non-apple functionality means what exactly?

The pebble has non-apple functionality, you can toss your iphone in a ditch buy and android and keep using your pebble.

Android wear at least works with android not-tied-to-google (cyanogenmod) and may work with other OSes such as sailfish etc.

The apple watch? Not so much.

Comment: Re:Possible huge win (Score 1) 162

by vux984 (#49548381) Attached to: Apple Watch Launches

For those that run down phones in less than a day they may not have to do a mid-day charge any longer. That's actually quite a huge win.

I'm extremely doubtful.

You are ignoring the tiering of notifications possible with this arrangement.

Sort of, but better tiering of notifications really should just be part of the phone OS. iOS in particular is terrible at letting you filter notifications -- android is better but only because you have more 3rd party app options, but the OS is severely lacking.

I think if our phones were better at tiering notifications, that would moot a lot of the point of a smartwatch doing it.

I guess you don't mind people wondering why you find the insides of your pants so suddenly interesting.

Meh, when my phone rings in my pocket and I know I don't want to answer it without even looking, I can easily click the side button to ignore it, through my pocket. I can't imagine spending literally hundreds of dollars to avoid this scenario.

So then you must equally hate Android Wear.

Not quite equally. Android is a single platform but not a single manufacturer, and android is a lot more open, rumor has it works with cyanogenmod for example, which might mean it could work with other phones firefoxos,sailfish, ubuntuphone, etc...

I also ordered a Pebble Time, so I'll see...

I'm not sold on the smartwatch concept, but if I were, this is the sort of product I'd be interested in.

Comment: Re:Many small solutions through a day (Score 1) 162

by vux984 (#49548153) Attached to: Apple Watch Launches

Christ, this is so obnoxious. Look, just because you don't have a use for this watch, it doesn't mean NOBODY does.

Christ, I literally suggested my own possible use for this watch.

But it's also jewellery. People wear that stuff for lots of reasons.

I mentioned that too in my post.

Do you understand how insanely dumb it is to buy a mechanical watch except as jewellery? They're not terribly accurate timekeeping devices

Accurate timekeeping for a handheld watch? If its within 2-3 minutes of being right, its good enough for what nearly everyone wears a wrist watch for.

You finish by saying that it's about the lock-in, but that's a ridiculous complaint. You think someone buying the first-gen Apple watch is the kind of person that is normally so capricious about their tech decisions?

And yet it's my complaint. As for people buying it, I think they are idiots.

What you don't like is that Apple made it and that other people like it.

Hmmm. I gave this some real thought, and no. That's not the issue. I think its a genuiely stupid product. There is an apple angle to it though... I think if anybody else had made it but Apple everyone else would agree that its a stupid product. For example if HP had made a smartwatch that only worked with Apple iphones nobody would give a shit about it. (And rightly so.) If HP had released a $10,000 version that was gold plated and only worked with the iphone it we'd be speculating what drugs their management was taking.

Remember the tablet that only works paired to a blackberry? It was a joke. This product is no different.

Buying an apple smartwatch is like buying a trailer for your car... one that can't be towed by any other car.

I think we can all safely assume by now that when Apple makes something there are a bunch of people that don't like it, so let's all pretend that you've said your piece and not use up the space from now on, hmm?

Apple has some decent products. (steadily fewer of them lately though.) But this watch is up there with the RIM playbook for stupid... except it might be successful because: Apple

But god forbid any one criticize anything apple does? Lets keep this space clear so we can just post praise and declare how badly we want one?

Comment: Re:Many small solutions through a day (Score 1) 162

by vux984 (#49547601) Attached to: Apple Watch Launches

It extends the battery life of your phone because you are not powering it on as often.

In exchange for wearing a 2nd device you need to charge every day or so. Not much of a win.

It allows you to filter notifications more than the phone does, so you can know quicker if you should pay attention to an alert.

Thereby saving you time only if you can ignore most notifications, or actually wasting more time as you first check your watch, then pull out your phone every time instead of just pulling out your phone.

It allows you to silence a call without even reaching into your pocket doing the Vibration Reaction Dance.

Lol. true, but how much is that worth, right?

It's like a fitness band you wear all the time but without the single minded pointlessness.

But retains the pointlessness of wearing a fitness band.

And yes, it also tells the time without having to reach into a pocket...

Functionality handled better by a non-smart watch. (which runs for months, even years on a single battery...) and which can cost next to nothing, or be as arbitrarily expensive as you like. Which can be a cheap throwaway you could lose, or a family heirloom worn by your grandparents ....

Or you can buy one that will be obsolete within a year or two.

If you aren't clear what it can do for you,

Separate money from wallets? Bring smiles to Apple fanbois faces? Usher in a new wave of corporate privacy invasion?

But there are many small uses which aggregate to form a model, different for each person, of how a smart watch can be useful to them.

True enough. And I'm honest enough with myself to think I'd like to be able to read texts and view alerts while mountain biking without having to stop and pull my phone out of my backpack. Then again, between the gloves and full body armor I'm wearing I'm not sure a smart watch would really be comfortable or all that usable.

Honestly my main complaint with the apple watch is the lock in to apple. I don't want a device that only works with a iphone. What if an owner doesn't want a new iphone next year because company Z has the better product. Now he has to abandon his smart watch too?

THAT is the main source of my derision for the device. If you want a smart watch fine, but have the sense to buy one that works with any phone.

Comment: Re:I call bullshit on anything from Forbes (Score 1) 132

by vux984 (#49531965) Attached to: New Javascript Attack Lets Websites Spy On the CPU's Cache

Ok, that's fair. Although the bitcoin attack amounted not to reading any data, but rather deducing the key over watching several iterations of it being used to encrypt. So they were able to get some insight into what the key must be by watching how the hashing algorithm operated using it.

Neat stuff.

A theoretical similar attack might be to watch a browser use its https session key to grab the key, and then allow a malicious user to decrypt the https stream (assuming they had a separate means to capture / record that...) and that would be pretty bad.

I was already on board with this being fixed, and it seems that preventing browser javascript from having access to high resolution timers is a "quick fix" until something better comes along.

Comment: Re:I call bullshit on anything from Forbes (Score 1) 132

by vux984 (#49531629) Attached to: New Javascript Attack Lets Websites Spy On the CPU's Cache

Oh I know it can be done; but thanks for providing the proper name, acronym, and citation.

Thus with a big enough incentive (such as getting access to your bank account) the danger is real.

But that's what I'm not seeing. The cache usage fingerprinting, at worst, knows when I visit my bank*

But it can't steal my bank account number or password. Whether my password is 1-2-3-4 or 4-3-2-1 is not going to be discernible from a cache timing side channel attack. They won't get my bank account number either.

At worst they might be able to guess how many characters it is.* (And only if I type it... which I don't... I use a password safe, and copy/paste it. So maybe they can detect a copy/paste event.... )

But the practical security risk is pretty miniscule. They can't get access to my bank account... some random website "striking the jackpot" now knows that somebody on the internet uses bank X with a password of 11 characters.

I could have told you that.

How do they get access to my bank account with that?

I could literally log onto amazon, add a credit card to my account, and have this side channel attack running the whole time... and at WORST ... some malicious website now knows that a person at my ip address... wait for it... has a VISA credit card. I can live with that.

What is the real risk here?

* Note, this attack is bad enough that YES, we ABSOLUTELY should be looking to close the holes, and disrupt or block the side channel to make this impossible in the future. But what is a real practical attack that could really actually harm me from this?

Comment: Re:I call bullshit on anything from Forbes (Score 2) 132

by vux984 (#49531181) Attached to: New Javascript Attack Lets Websites Spy On the CPU's Cache

I suspect this is the old "set up a webgl context, read back a framebuffer, maybe you will see some old shit in the framebuffer" attack that Microsoft used to attack WebGL back in the day.

No. That's not it I don't think. (And the guard for that is trivial; zero the memory in all allocations.)

Although a user process shouldn't even be able to read "someone elses cache"; it should only be able to read from the cache something cached from its own process/address space so all it should be able to see is its own old shit.)

From my skim of the attack; I think its using high resolution timers plus carefully crafted memory usage to force the cache to flush/reload etc to detect "fingerprints" for certain types of activity... e.g. I could see how maybe one could craft a "signature" for what chrome looks like when loading a particular web page. Or a signature outlook starting up... etc.

And then you could watch for that sequence of cache event / timings (ie watch for the "signature" and discover with high reliability when that event happened.)

But I fail to see how this translates into being able to log keystrokes, steal encryption keys, steal data, or anything else.

It seems to me roughly the equivalent of monitoring the energy draw of a home and being able to determine when the fridge, stove, vaccuum, TV, or microwave, or hair dryer, are being turned on and off... provided you know what make and model of each they have. And then based on durations and so forth you can make educated guesses whether they heated some soup or are roasting a turkey, or whether its the short haired mother or the long haired daughter who is drying her hair...

Comment: Re:So? (Score 1) 302

by vux984 (#49529855) Attached to: Futures Trader Arrested For Causing 2010 'Flash Crash'

There are lots of problems with this:

Arbitrage between different markets for one.

There is a lack of transparency inherent using a random generator. If it gets manipulated it would be very difficult to detect or audit that the time selected were in fact random.

The idea of a guarantee of at least 6 hours; or any other sort of timing guarantee allows for statistical optimization of timing trades etc.

Keeping the book secret, is another requirement you have, but it is impractical, and is difficult to audit or enforce. Large brokerages inherently know what orders are placed through them, and may have means to spy on competing brokerages for advantage. So even if the book is "secret" large players will need to have a good idea what it is in it, just to track their own customers trades.

Its not practical.

Comment: Re:So? (Score 1) 302

by vux984 (#49526295) Attached to: Futures Trader Arrested For Causing 2010 'Flash Crash'

Why not take orders in real time, but only execute them each hour on the hour?

Here's a counter scenario. Suppose you put in a sell order for companyX for 20,000 shares @ Y$.

y$ is say $1 above the trading activity over the last hour, and a nickle over the average price for the last month. Over the last three months its traded within a 2$ band. Long story short this is pretty reasonable trade. Your looking to unload a position at just above market rates... and over the next week odds are you will succeed.

20 minutes after you place it. Word hits the street the the company's landed a huge patent or whatever, and the value of the company is going to go through the roof.

Your sitting there with 40 minutes on a sell that somebody else is going to come along and just scoop. You'd cancel if you could, right... why does someone else get to lock in a buy based on information that came out after you posted the sale. How is that fair.

On the other hand, if you ARE allowed to cancel, then traders can spam the market with a zillion trades, and then cancel the ones they don't want at the last second, millisecond, microsecond....

A somewhat real time market is good. I think. A 1 second resolution is my preference. That eliminates a lot of HFT crap without the issues described above.

A 0.01 cent fee (tax) per trade listed, whether it closes or not also gets rid of a bunch of bogus manipulative crap.

Or simply making it such that every trade must be individually entered and confirmed by a human being responsible for the trade.

Comment: Re:lol, Rand sucking up to the dorks (Score 4, Interesting) 202

"Access without authorization" is best defined as, well, access without authorization.

Intent is frequently considered in the prosecution of crime. And evidence of intent can and should dramatically change the sentencing.

If I come home and find a note that my lock is weak pasted to my fridge, and my home otherwise undisturbed that's one thing. (And the perpetrator should be caught and punished.)

But If I come home and find you busily listing all my stuff on craigslist, while you arrange it all at the door for people to come pick up... Even if a sale hasn't actually been completed and nothing is actually missing yet.

It's still something else entirely, and we both know it.

Comment: Re:You are preaching to the choir (Score 1) 338

by vux984 (#49523917) Attached to: Study Confirms No Link Between MMR Vaccine and Autism

and they have even anecdote to boot.

I'm with you. My kids are vaccinated. I'm not an antivaxxer. I recognize the science is valid.

However, what about the anecdotes? I even have one myself.

One of our friends daughters went in for a vaccination shot, reacted badly to it, (high fever, seizures, rushed to hospital...) She was around 3, she was communicative (limited vocabulary and speech), walking, made eye contact, etc,.. came home from the hospital - massive regression to earlier state, and subsequently diagnosed as autism.

You can show me as many studies as you like. But the anecdote still sits there. I know the little girl. It happened.

The vaccination event in that childs case clearly seems to have triggered the onset of autism.

And that deserves an explanation. And a better one than "Your a crazy loon, we have a study that shows your reality didn't happen."

So I don't know. Maybe the studies aren't big enough. Can they catch a 1 in 100,000 event? Or 1 in 1 million? Maybe the risk is that small. Or maybe the child would have developed autism anyway so the vaccine as a trigger event was just that and triggered something today that would have happened anyway next month or next week or the next time the kid caught a cold so the overall autism rates aren't effected; and all the vaccine did was move the onset date to "today" instead of "some other day".

I just don't know. I believe the science. I think the benefits of vaccination are clear, and the studies show pretty clearly that autism is not a significant risk. However, I also believe the anecdotes -- not enough to let them change my behaviour with respect to vaccination, but enough that I think we haven't laid this issue to rest yet, and think it does to be explained properly.

Comment: Re:4x strategy when? (Score 1) 58

by vux984 (#49512955) Attached to: Computer Beats Humans At Arimaa

For 4X there is simple AI strategy that would incredibly piss players: Borg diplomacy. At first turn all AI players do distributed roll of dice to select borg player. Every other bot transfers all his resources to borg or makes everything for borg to win.

One of the constraints for any interesting solution is that the AIs not prioritize beating the human player over the other AIs; and that the AIs are each playing to win themselves.

Comment: Re:Technically, probably not a good move to dodge (Score 1) 153

by vux984 (#49503751) Attached to: Twitter Moves Non-US Accounts To Ireland, and Away From the NSA

Now, the NSA can do whatever they want, because they're completely
A: outside of the USA
B: totally foreign SIGINT

This is correct but also wrong.

For example, one thing the NSA can't do now is simply get a court to order the company to bend over, hand over the data, and then stick a gag order on it so the company isn't allowed to even resist.

By moving it outside the company, yes the NSA is now free to target them without restraint, but they are also free to talk about any attacks, and they are free to actively resist the NSA.


then they would be *safer* here in the USA where the NSA is not allowed to spy on them, because it's
A: in the USA (FBI territory, right?)

Not really.

B: whoever it is would need a warrant.

Which they can get, from a secret court, that rubber stamps warrants. And they can also broadly interpret various legislation (patriot act, etc) to grant them all sorts of priviledges to collect data without a warrant...

And again, if they have a warrant, with a silence gag on it, you cannot resist. In any other country, the NSA can attack you all they like - but you can defend yourself. They don't get to just order you around.

Comment: Re: For work I use really bad passwords (Score 1) 136

by vux984 (#49482157) Attached to: Cracking Passwords With Statistics

An algorithm-on-a-chip (with tiny keypad and LCD) never stores any sensitive data. It's never connected to a potentially-compromised desktop. It can't be brute-forced, since there's nothing present to "unlock".

That's fair, but its also slightly different from your original proposal as it now explicitly requires custom dedicated hardware. You originally just stipulated "hardware assist" and allowed for "trusted desktop" or other otherware (e.g. smartphone/tablet/etc..)

Its not a practical solution if it doesn't actually exist.

Although there might be a market for a such a device.

It also still requires you need to memorize a password (even an easy one) for each situation. I have well over 100 passwords; and could not remember them all even if they were "easy" -- some I don't use for over a year at a time, unless I relied on a system -- and relying on a system breaks down as soon a site is compromised as I would then need to come up with a new password that deviates from the "system".

I would suggest that perhaps a combination of the two is the holy-grail. Password safe-like functionality for the majority of relatively unimportant passwords, and then some dedicated hardware for a smaller subset of important passwords.

"But this one goes to eleven." -- Nigel Tufnel