Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment Re:So what should we do? (Score 1) 322

If they want to change the UI for a shifter, they should make it completely different, not make something that looks, and superficially feels the same while in actuality it's quite different. What they did is akin to wanting to have a joy-stick instead of a steering wheel, but instead of just putting in an obvious joystick, they made it look just like a steering wheel.

If you look at the picture, you're supposed to "upshift" it into Park, so you'd hit up to go from D to N, then up again to go from N to R, then up again to go from R to Park.

Which is pretty stupid, since it's just a quick shove to get it into park in every other vehicle. And even in joystick shifters, they make full use of the joystick - push IN to park (from anywhere), push UP to reverse, push DOWN to drive, push AWAY for neutral. This still leaves a pull towards you for an action - low gear, for example. The beauty of this is it's the same action to go anywhere to anywhere - if I want to go park, I push the joystick in. If I want to go from park to drive, I pull it down. If I want to reverse, just push it up. And neutral is just shove it forward away from me.

But a shifter is generally assumed that slide it away from you all the way to park it - push the button, shove all the way forward, it ends up in park.

And if you really know your car, you know which shifts don't require pushing the button - park to reverse requires it (and vice versa), reverse to neutral no (try it! most vehicles will shift from reverse to neutral without the button), but obviously, neutral to reverse requires the button. Same as neutral to drive, but some vehicles don't require drive to neutral to have the button pushed. And from drive to low gears requires the button pushed, but going from low gears to higher gears and drive, no (which requires careful shifting if your car doesn't require pushing the button to go from drive to neutral!)

Comment Re:The downside (Score 3, Informative) 68

Like the HTML5 video tag, that was supposed to free us from evil Flash, but just brought forth the unblockable autoplaying autoloading multimegabyte video ad, this isn't as great a piece of news as it might seem...

Upgrade your browser or your adblock plugin - autoplay disabling has been a staple since they started. (It is after all, just rewriting the DOM). Doing the same in Flash required blocking the entire thing.

And really, any DOM editing plugin should be able to see an ad and completely nuke it from orbit.

And if there's any sites that block visitors with adblockers (Forbes, Wired), a little DOM rewrite can have it so just enough runs to get you through but not load the ads. NoScript has replacement scripts for blocked domains, so similar technology can be created.

And most ad blockers work by blocking ad javascript (used to load flash objects). They probably already work for blocking ad javascript in HTML5.

Comment Re:The stuff is just too expensive (for now) (Score 2) 79

You could see what happens on TV sets. Now almost all models are "smart". Finding a "dumb" TV is harder and harder, and normally the firmware and the SoC are using is the same of the smarter models, only the extra features aren't enabled when on the boot the harware is not found. Being normally the "dumb" TV with smaller panel they're considered low end models are priced less. but when the "smart" and "dumb" models with the same screen size are sold, the price difference is small.

You can thank smartphone technology for that - TVs need SoCs too and while they could get by with a low end SoC, a low end SoC doesn't cost all that much less than a higher end multi-core multi-GHz one used in a smartphone. (Even the low end ones are dual core 1GHz units0.

Manufacturers love having the extra power - it makes the UI more "snappy" and it can boot faster, and the video processing can be done on the GPU rather than specialized video processing hardware controlled by the CPU (with very little increase in lag - it's still roughly a frame or two).

And when you're at this point, "smart" features are really just a software thing manufacturers can do to add value to their products for basically free. After all, the processing power is there.

Using a lower end SoC with video processor on the side costs about the same price, and they lose out on the ability to run a standard high level OS like Android on their SoC.

Qualcomm was going to introduce a video chipset at one point with all the TV inputs and a low end processor - perfect for TVs, but abandoned the plans when there was little interest

Comment Re:Dumb (Score 1) 247

Who knows? Are they going to know what features they need to add in 2017, now? What if a critical bug crops up? Wait 6-8 weeks? Why do they have large backlog of features? It is a browser.

Given I seem to get Firefox update notifications every 2 weeks or so, I'm not exactly sure what's the entire point of these 6-8 week releases.

Each update is still as disruptive as ever, so is it every 4th update now is even more disruptive or what?

Comment Re:Stupid design (Score 2) 135

This is design 101. We've been Poka-yoke-ing connectors in other industries for decades.

In fact, if you look through the datasheets for most components you will quickly realize that being able to survive reverse voltage is actually somewhat rare

Because you're supposed to build it in Most components only do one thing and do it well. You build your own protection circuit. The ECMs we use at work will take 1000V on any pin. Could you imagine how far your car would make it without any protection circuits built in?

Poka-yoke illustrates this connector pefectly - USB-C works either way so it doesn't matter which way you plug in the cable and which way it goes.

In fact, USB-C to USB-C cables are not the issue. It's USB-A to USB-C cables which cause the issues.

As for your ECU - you build them to those specs, but you pay a lot more money for an engine computer. Try to build your ECU for $5 and make a profit and you'll probably compromise a lot of things.

Comment Re:Stupid design (Score 1) 135

All power supply input pins should be protected against reverse voltage. It's simple, and comprises a single FET. See here, for instance. There's not really any excuse for failing to protect internal components against reverse voltage, other than being cheap. I think we can thank the endless race to the bottom that consumer electronics is infamous for.


Two reasons.

Cheap is one - save on reverse polarity protection, save a few cents. When making millions of devices, it makes sense. It makes even more sense when the connector standard pretty much gives you the power you expect - e.g., a USB cable. The pins on USB are very well defined and power and ground appear on two very well known pins. Since a reverse-polarity USB plug is extremely rare, it seems reasonable to omit the protection.

The second one is the device is dropping voltage and consuming power. In standard USB with 500mA at 5V, if the MOSFET takes 1V, that's half a watt of power you're losing in the transistor. (And really, you just use a diode). USB-C with up to 100W, you're looking at losing a lot of power in your reverse protection components.

The USB plug is a pretty standardized plug with voltages appearing on specific pins. Reverse polarity connections are extremely rare since in general, the USB devices plugged into it will not work. So eliminating reverse polarity protection isn't the worst sin that could happen in a plug whose pinout and power pins are well known. Short of maliciously made devices, you should get power where you don't expect it.

Comment Re:Revoke it (Score 1) 39

I agree that they may not immediately suspend/revoke it immediately, but they should have opened an investigation. And in *two whole years*, they should have been able to establish that it was validating malware. That by itself should have been enough to revoke a developer cert, even if he also signed legit software too with it too.

So the developer has written malware for two years. How many times has Apple ran across it? None? Just because an app's been signed for two years and does bad things doesn't mean it's even on Apple's radar. Perhaps it only tickled security researcher's Macs and Apple hasn't run across it in the wild.

These certificates are used to sign apps for the developer to distribute in some way. They could be open-source apps, for commercial apps, they could be sold in stores, or given away for free online. Apple doesn't get a copy of every app signed with every certificate so there are plenty of apps Apple doesn't know about. Heck, there are probably thousands of Mac apps that users use all the time that Apple doesn't know about.

Comment Re: Revoke it (Score 1) 39

Except that Apple has been rejecting apps in the app store and delaying apps for simply competing against their apps.

So something clearly isn't right here. They have enough resources to screw over legitimate developers, but not to verify this crap?

That's only for for developers who submit apps through the app store. Using the signed certificate means you don't have to get your app approved, and you can do whatever the heck you want. It's why it exists - it allows for apps to be developed outside of Apple's reviews.

Apple could revoke the certificate, but they shouldn't use it as a way to impose an app store review by proxy.

And this app isn't distributed through the app store - it's distributed by the developer - Apple doesn't enforce that developers who buy a cert actually use some sort of store or other mechanism to distribute their software. A developer buys a certificate and is free to sign whatever the hell they want and distribute it the way they want.

So no, Apple can't review the app if it doesn't attract their attention.

Comment Re:Revoke it (Score 1) 39

No, it tells you how worthless Apple are. This is not a certificate failing, it is a management failing. Certificates themselves have all sorts of issues, but this is purely an Apple problem.

And Apple probably wants proof that it is malware. The whole reason for the certificates is so developers don't have to go through the Apple Mac App Store review - for whatever reason. Which can include shady but perfectly legal apps. Apple may reject it in the MAS, but they probably want extraordinary proof that the app is malicious over just revoking the certificate because they're not supposed to be reviewing signed apps. Otherwise it turns into a Mac App Store review by proxy.

It's likely this developer is smart and only infects a small subset of Macs so Apple doesn't have a sufficiently big sample to verify that it's bad.

There has to be a balance - and the design of gatekeeper is such that developers don't have to have their apps approved by Apple for whatever reason, but at the same time, Apple should take great care in which certificates they revoke.

Comment Re:Whatever happened to the do not call list? (Score 2) 251

Why hasn't the Do Not Call list worked? Seems there was too many loop holes and ways around the law I guess.

Because... technology.

The same technology that enables you to call home and long distance for cheap is the thing telemarketers use to bypass the DNC list. Basically, telemarketing has been offshored.

The telemarketers call using VoIP from places like India, ensuring that they do not have to follow the DNC laws (because they're not subject to US laws).

And it doesn't matter if you go after the US company responsible - they're almost always scams run by two-bit fly by night companies, so at the end of the day, they take down their company sign and hang a new one up on the van. (They almost always advertise some service, like "air duct cleaning" and they universally do a poor job of it. Or it's a real traditional scam).

So it's not a case where they're bought a loophole, it's more a case where they're using modern technology to do a run around the law.

For me, the most obvious sign is they always re-use the first 3 digits of the 7 digit number - (e.g., in 523-555-1212, the caller ID will always be 523-555-xxxx), so that's almost a dead giveaway it's a scam call.

Comment Re:Context On the Issue (Score 2) 405

This error occurs if the repair involves the TouchID sensor. Sense this stores data required for the fingerprint authentication, the device will refuse to function for security reasons if it thinks it's been tampered with, which seems to be a reasonable precaution for a device component that can authenticate you across the device and also external services including financial transactions.

A better option would be to instead disable TouchID if tampering is suspected, but this isn't a case of Apple just arbitrarily making iPhones not work if you get a third-party repair like the story suggests.

And I'd argue Apple did the right thing by bricking the phone - because hardware was tampered with. Who knows what else was modified?

Perhaps just the sensor was changed, but perhaps it was replaced with something designed to overload the secure enclave and exploit bugs? Once the secure enclave is compromised, the entire device is compromised including all data. By bricking, you ensure the user's data is not accidentally revealed through a hack via a trusted part.

Basically the trusted part has gone from trusted to untrusted state. The part is no longer trustable, and the secure enclave has some of the highest access available in the system. If the enclave cannot trust the trustable fingerprint reader, it should dump all the system keys to prevent accidental exposure of user data through a bug in the enclave.

Remember, Apple's doing a privacy thing now - it's the one advantage they have over Google.

Comment Re:Consumerist stories about Comcast (Score 1) 176

When stories like this exist, one has to wonder why they are still legally allowed to be in business. What fucking good is the Better Business Bureau when shit like this rages on for years? Seriously.

Customer service is not a requirement for a business.

Seriously, it isn't. If you take a business at it's core to sell a product or service for a profit, customer service is not part of that. (Neither is handling returns, etc).

Of course, the reason businesses do a lot of things that are optional is competition - customer service is something if you neglect, your customers might go to your competitor, so you offer it. Likewise, you handle returns even though you don't have to (there is no legal requirement for a customer to be able to return a product), because otherwise customers again will prefer to use a competitor

Comment Re:Require that patents be defended (Score 1) 134

The thing is, IP needs to realize that software is special.

There are three traditional domains of IP. You have trademarks, which are protections used in the conduct of trade, copyrights used to protect creative works (used by humans and enjoyed by humans) and patents, of which you have utility (things used to make other things) and design (things with a decorative touch).

Software is none of these - it is both a creative work - done and enjoyed by humans, as well as thing used to make other things. This means it fits poorly with copyright and patent laws, which means it really should be its own category of protections with its own time limits.

Comment Re:ownCLoud (Score 1) 52

Then I hope your backup solution works because the day one of those disks shits itself, odds are you'll lose the entire array. Rebuilding large disks with a parity count is long and brutal on the spindle, and those 5 drives you bought are quite possibly coming from the same manufacturing batch and are exposed to the same environmental conditions as the one who failed. You're playing with fire.

DIsks are cheap, there's no reason to use anything but RAID-10.

Yeah, RAID5 is cool, but when the array goes non-redundant, the rebuild is the most stressful thing in the world.

RAID10 is somewhat wasteful - you just move to RAID6, which is RAID5 except now you have to lose two disks before you go non-redundant. Which means when one disk dies, you can rebuild it and still have room for losing a disk.

Of course, good systems will have hot/cold spares at the ready to start rebuilding the instant a drive goes offline.

Slashdot Top Deals

The star of riches is shining upon you.