Forgot your password?

Comment: Re:iOS Attack Vector? (Score 3, Informative) 46

by tlhIngan (#48040251) Attached to: iOS Trojan Targets Hong Kong Protestors

So, the question begging to be asked is whether jailbreaking phones in China by the owner is a common occurrence or if the phones are sold "pre-jailbroken" by a larger agency and able to download and install these hacks at will?

Probably a mix of both, because the #1 reason to jailbreak these days seems to be... pirating software. I mean, the iOS 7.12 jailbreak was done by a bunch of Chinese people to promote... their Chinese app store. Which happens to conveniently be filled with pirated apps. (It was one of the things that led to the original iOS7 exploit to be questioned).

So effectively the users jailbreak to get "free apps" from the Chinese app store that also happens to install malware along with it.

I'm guessing the Chinese store must have a lot of pirated apps, because piracy on iOS is just at a lower level - at least on Android there are entire "daily packs" that contain new and freshly updated paid apps on your favorite torrent site (which can be RSS fed to your torrent client). iOS apps ... not so much. Maybe a fraction and not as convenient to get.

Comment: Re:Hope He Continues (Score 2) 387

by tlhIngan (#48038347) Attached to: The $1,200 DIY Gunsmithing Machine

know a lot of people want to blame guns for many problems but that is a rather cheap excuse and avoidance of the fact that the public needs improved living conditions so that there are less violent people who act out irrationally. Without much hope of a decent future we do have far too many people who act out. We also have prisons that make only token gestures at rehabilitation of inmates and a mental health system that is a national disgrace.

But that's just an excuse as well because other countries have the same problems with mental illness, homelessness, poverty, etc. But the availability of guns is far lower so the rates of homicide and other deaths due to guns is also far lower.

Canada has roughly 1/3rd the per-capita gun ownership rate (roughly 300M guns in the US (1 per person), 10M in Canada (1/3rd per person, or 1 in 3 own a gun)), but still the same (if not more) issues with homelessness and poverty (especially among Native Americans). It's considered a bad year when the death rate due to violence (including knives and the like) approaches double digits in a city of roughly a half-million people. (Deaths due to guns is lower).

So I wouldn't blame just the crazies for the whole problem. Presumably a violent culture where owning a gun is more for "protection" and less for utility (e.g., recreation, hunting, etc).

Though if you really want to be truthful, most homicides are committed by handguns more so than long guns like the AR. It's just that the AR probably "looks scarier" and may be a good weapon if you're going to do a mass killing, but those generally tend to be fairly rare events.

Comment: Re:So eBay would survive (Score 1) 72

by tlhIngan (#48029861) Attached to: eBay To Spin Off PayPal

eBay and Paypal are mutually beneficial. Paypal is absolutely reliant on ebay for sheer volume. It's their foundation.

But I just don't think sellers liked being cornered into having to accept PP 99% of the time.

eBay is off it's core market, chasing more lucrative opportunities. Problem is, they don't own that other market (amazon, alibaba), never will, and are pissing off their base with every new change. It's the curse of needing constant growth in our economy.

Well, eBay and Paypal are fundamentally tied together.

eBay is a marketplace, but they don't do payments. Paypal does payments, and more importantly, Paypal lets random joe customer pay with a credit card to random jane seller WITHOUT a merchant account.

That's the key, because Amazon and Google and others are pretty much buyers are regular consumers, sellers are businesses (who may be single person owned and operated, but still has a business entity). Whereas sellers on eBay are made up of several groups, from standard companies to someone who found something in their attic one day. And the latter are NOT able to traditionally get a merchant account, which means they normally could only take limited forms of payment (cash, cheque, money order). Which over the Internet is... a stupid idea (who wants to go out and send a letter, wait a week, blah blah blah, when you can enter your credit card number and pay within minutes?).

Now, the eBay-Paypal split is probably to answer some of eBay's biggest customers (i.e., the people that run whole companies) to allow for alternate payment methods - including their own credit card payment system (or Amazon or Google), to be more flexible. Though you can probably guess eBay will mandate some form of credit card payment must be allowed, even if it means for most joe sellers, Paypal. (Again, because who wants to win an auction, then go out and get a money order by lining up at the post office, then mailing it out snail mail, and hope it gets there a couple of weeks later...).

Paypal has competition in all areas except person-to-person payments (well, they technically do have competition there too if you count bitcoins, but until someone makes it so I can buy bitcoins with my credit card and it magically all works like Paypal, it's a complex option).

eBay has network effects though - competition with eBay tends to be very niche or not at all. Because face it - eBay has customers, and sellers know that. And buyers know eBay sells practically everything. If you want me, as a seller to use something else, you better provide something good (usually in the form of lower fees). If you want me, as a buyer to use something else, you better provide something good for me (usually in the form of lower prices).

But there's a mismatch - buyers don't want to pay eBay prices off eBay, and sellers don't want to sell for much less than eBay because they'd just list on eBay instead. So sellers complain buyers "lowball" bids, while buyers complain that sellers ask so much it's just easier to stick with eBay.

Comment: Re:Graphics appear to be closed/proprietary. (Score 1) 102

Why would this be so hard? "Cheap hardware is more important to us than open hardware" would be sufficient.

More like "Hardware people will want to buy and license from us" versus "Hardware that's open, but no one wants".

3D graphics is a patent minefield, where even data formats are patented as part of the standard.

So an open device with open firmware will mean basically it doesn't work - graphics will be stutter and framerates low. Perhaps video decoding will work out fine. Or maybe not.

Anyhow, the big thing is, ARM goes by what its customers (ARM licensees) want. And the hardware guys want silicon that their customers want. That silicon includes a decent GPU because their OS (Android) makes good use of it. Those customers (the ones taking the silicon and turning them into Android phones) don't care if it's open or closed source - as long as they can stick it in a box and tick off "runs Android".

And none of them down the chain care if it's open or closed source - because they've already gotten licenses for the source code or "it works" and they don't touch it.

That's the real reason - no one cares about open-source drivers because they're not affected by it. The silicon vendor gets source from ARM through their NDA and licensing agreements, the OEM/ODM may or may not get source code (they most likely probably won't care if things work, if they don't, they raise a support question).

Comment: Re:Moron (Score 2) 102

by tlhIngan (#48027635) Attached to: Robotic Taster Will Judge 'Real Thai Food'

Thai food is known for its balance of flavours. It's a delicate balance of a minimum of 2 (but usualy 4) of spicy, sweet, bitter, salty and sour in a dish.

It's also VERY easy to screw up.

As an aside, Jet Tila was appointed the Culinary Ambassador to Thailand for his role as a guide to Thai cuisine. (People from LA and Food Network viewers will recognize the name for he's had numerous appearances on various shows).

I guess we'll have a new Food Network special - Jet Tila vs. this machine.

Comment: Re:Why isn't this auto-update? (Score 5, Insightful) 162

by tlhIngan (#48027533) Attached to: Apple Fixes Shellshock In OS X

I have 10.9.5 and checked for software updates. None. Why do I have to click the link in the slashdot article and manually download the patch?!?!?

Because of many reasons.

First off, the patch isn't complete. Sure there was a patch last week, but did you know it didn't fix the problem? Yes, it fixed the obvious error, but there were still more (and new CVE was opened for Shellshock). Bash devs are still finding more holes related to this issue, and it goes down a deep rabbit hole. This hole may never be full patched for a long time.

Second, there aren't many OS X systems that are exploitable. Remote exploits require a server to take parameters, format them as environment variables and then call the shell (usually through system()). HTTP and CGI scripts are a common vector because that's exactly how they work. Most webservers out there run Linux and there really isn't a special reason to run OS X + httpd + CGI over running it on Linux especially on a public server. So for the scant few servers, those admins can update the shell.

And on OS X, the webserver is disabled by default and most users won't know how to turn it on. I don't think even OS X server has it on by default - given the server is really just a bunch of admin tools nowadays.

Third, well, I don't think many OS X apps actually bother using a call like system() to perform a task - there's probably a native Cocoa API that is supposed to be used instead.

So it's more of a hotpatch for those few machines that are potentially vulnerable. In fact, the patch that was provided last week wasn't fixing the issue, more working around the issue so it's harder to exploit (i.e., instead of an arbitrary variable containing a function, it has to be prefixed with _BASH_FUNC_ in order to be allowed as a definition).

There is currently no root-cause fix for the issue - it's actively being worked on by Bash developers and others. This isn't like heartbleed where the mistake was a little programming oversight - it's a full on design issue that dates back 20+ years. There are probably going to be dozens of patches to fix the issue in the end.

Comment: Re:This isn't going to work. (Score 1) 108

by tlhIngan (#48027345) Attached to: Tor Executive Director Hints At Firefox Integration

I'd love to see more people using Tor, but the experience has to change a lot before we can do that.

Being anonymous and secure on Tor is not easy. It's a major inconvenience to disabling browser features like Javascript, and it requires firm behavioral changes from the user.

Putting a mainstream user into the same environment is simply not going to work.

In fact, I'd wager most Tor users who were "discovered" were not taking basic precautions - they just plainly sent identifying information over it through an exit node. I mean, it's well known the NSA runs a pile of exit nodes for the purposes of monitoring Tor, and Tor isn't a magic bullet that magically makes you disappear. But it's been advertised that way (especially when the Snowden revelations came out and everyone said "Use Tor!"), and users will be users and use their Facebook, Twitter, and online shopping at Amazon and others over Tor assuming "they're magically protected".

Well, they are, sort of. It's just the whole anonymization thing doesn't work when the user sabotages it by being non-anonymous.

So no, even if every Firefox user used Tor by default, nothing would really happen. Just Tor would get slower from all the YouTube and other traffic sent by users who go forth and de-anonymize themselves by logging into the sites.

Comment: Re:Android version req - long time coming (Score 1) 408

It depends on what the apps are. For example, the text message interface may be counted as one of the 20 "apps" but it is a requirement for a functional phone.

Well, that would be Hangouts now, replacing the AOSP Messages/SMS app with an all in one messaging system that combines Google Hangouts, SMS and other media.

But the other sare like Google Play, Google Play Store Music, Google Play Movies, Google Play Books (which really seem just duplicates of Google Play Store), then there are the likes go Google+, GMail (which doesn't replace the mail app), Google Search

Comment: Re:HL7 & MUMPS (Score 1) 78

by tlhIngan (#48021827) Attached to: Medical Records Worth More To Hackers Than Credit Cards

Here is a great mumps tutorial for those of you that aren't familiar & for those of you who only know "modern" languages, it's a timely Halloween horror show...

The Daily WTF features a few MUMPs, uh... code. A shorthand overview and a collection of MUMPS articles. If it wasn't so specialized and used in so few areas, they'd probably have to institute a "no MUMPS stories" policy to avoid being flooded.

Comment: Re:Maybe not so silly (Score 1) 89

by tlhIngan (#48020277) Attached to: Blood For Extra Credit Points Offer Raises Eyebrows In Test-Mad China

Well, the problem is it takes advantage of the educational system and gives a reward for donating.

The problem is in Asia, there is a strong fixation on "the big test". The one that determines your future - do you score high enough that you can CAN go to university, or are stuck doing a trade, or even worse, labourer?

(No, I don't think there's anything wrong with the trades, but in Asia, a plumber or electrician is seen as a lower level of prestige than an office worker).

It's why there is a high rate of teen suicide (the pressure imposed means many succumb, before AND after), and why many will literally study themselves to death (wake up, go to school, come home, do homework, study, study, study, study, study, go to bed). Students who "pass" (i.e., get university) often are rewarded handsomely for their hard work (luxury cars, condos, video game machines, etc). Students who fail, well, if the family is well off, they'll send them overseas to study at a UK or US university. If not, they get shamed and may even be disowned or kicked onto the street with little more than the clothes on their back.

Rewarding donations is not a new idea, but it has to be done VERY carefully because most of the time it results in the most desperate doing the most donations when they can least afford to do so (and at the detriment to themselves and the blood bank who may end up with substandard blood (e.g., infected, etc)).

Comment: Re:Why the preference for video? (Score 1) 97

by tlhIngan (#48020125) Attached to: Ask Slashdot: Multimedia-Based Wiki For Learning and Business Procedures?


Videos aren't easy things to produce, and properly producing them will take longer than writing them up.

That said, there is value in doing a video - it can be easier to show complex steps by doing it in a video that one can pause and rewind as well as show things like where you turn around the object rather than try to illustrate it.

However, that doesn't mean you shouldn't have a text description, and you shouldn't have long videos - no more than a couple of minutes. If it's a long procedure, then have multiple videos because the user may only need help in one area and having to sit through everything else gets old quick.

Comment: Re:C=128 (Score 1) 165

by tlhIngan (#48019887) Attached to: Why the Z-80's Data Pins Are Scrambled

If the 6502 and Z80 waveforms for various instructions are examined, it quickly becomes apparent that the Z80 effectively divided its clock by 2 before using it. This is why, for the technology available in any particular year, they had comparable performance but the Z80 used twice as many clock cycles.

Actually, the problem was the ALU of the Z-80 was only 4 bits wide. So processing an 8 bit operand required two trips through the ALU, thus incurring twice the number of clocks or half the effective clock rate..

The 6502 and others had an 8-bit ALU which meant they could do an 8-bit operand in half the clocks.

Comment: Re:How it happened? Easy: PATENTS expired. (Score 1) 69

by tlhIngan (#48019569) Attached to: How 3D Printers Went Mainstream After Decades In Obscurity

No, the availability of cheap parts did.

The 80s and 90s were marked by a distinct downturn in the "maker" movement, or rather, hobbyists who would tinker for fun. You can see it in the magazines - former hobbyist mags started turning into consumer electronics extravaganzas as people cared less about soldering bits together and assembling PCs and doing all sorts of nifty software stuff with them. Interfacing things became a whole lot less interesting.

The 2000s changed all that when people started getting interested in making things for fun again (Arduino had a big hand here, but there was a revival).

And guess what? 3D printers are back because the maker movement has ready access to cheap computing (Arduino, rpi, etc) that talk to computers super-easy (back then, you needed to build an ISA card, deal with DOS, etc, now, you can do with Linux or Windows, talk using USB, etc) and subsequently parts like stepper motors and all that.

It was less patents, and more hobbyists. People were 3D printing in the 80s and 90s, but they were big companies who could afford the equipment, and hobbyists were pretty much left high and dry - either you talked to a PC using ISA or if you were skilled, PCI, because cheap microcontrollers that were very capable were hard to get and even harder to assemble. Then you needed the skills of a mechanical guy to help build the xyz platform. Something the internet made readily available.

So basically the revival of the maker movement or hobbyist tinkerer, coupled with the rapid availability of talent via the Internet (and the availability of parts and supplies - being able to order anything online without it taking 6-8 weeks is a real boon), plus cheap and easily accessible microcontroller platforms that interface to everything make the whole project doable.

Was it doable in the 80s? Yes. Was it easy? Not so much. When you're mail ordering parts because you can't find it locally, having to start, stop because you miss something etc., and then finding someone to help you with parts of it can be challenge.

Comment: Re:3G is terrible for all these things (Score 1) 117

by tlhIngan (#48017217) Attached to: World's Smallest 3G Module Will Connect Everything To the Internet

Sure 3G for Vehicle-to-Vehicle communication might make sense since the yearly cost in a car is far higher than the cost of 3g connection and there's plenty of electricity to go around,

Actually, V2V communications is going less high-tech. There's no need for 3G or WiFi radio broadcasts for V2V because you don't need to transmit further than a few cars either way. So they're moving towards lights. Modulating the headlights (daytime running lights mean they're always on), brake lights, and other lights because well, light communication is short range anyways, and it's really only of importance to those around you (e.g., if you're braking, it's important to the guy behind you in the same lane and adjoining lanes (because why you braked may also be going into their lanes).

Using WiFi or other mechanisms mean the guy on the intersecting street gets the information too (useless, has to be filtered out), as well as opposing traffic (who probably know why you're stopping anyways by nature of coming the other way).

Anyhow, smart meters can use either 3G or WiFi (proprietary licensed band) already. Meters are limited by standards to draw at most 12W of power (which is a ton of power when multiplied by the number of meters out there - a million businesses and homes? That's 12MW, or roughly 12,000 homes by the old measurement). Given they only check in periodically, a 3G modem doesn't consume all that much power idling (otherwise your battery life would be much less than a day).

Comment: Re:We've really gotten wrapped around the axle (Score 1) 94

by tlhIngan (#48017135) Attached to: Mobile Phone Use Soon To Be Allowed On European Flights

We've really gotten wrapped around the axle on this whole electronic devices on aircraft thing. The local oscillator of an ordinary FM radio receiver is 10.7mhz above the indicated frequency... which makes 100mhz on your FM dial 110.7mhz... which meant there was a carrier in the middle of the COM/NAV band that aircraft use. So we had to (understandably) prevent FM radios from operating on aircraft. But thru the years it has turned into all electronics. It's like the "five monkeys with bananas and water" experiment gone wrong. We've gotten so wrapped around no electronics we forgot WHY.

Actually, there are plenty of oscillators that happen between 108-122MHz.

In fact, the FCC allowable limits for equiment has a noticable dip around that region.

No, it's not because of a receiver, but all the other oscillators in the system. A big one is the pixel clock on things like cameras and LCD screens - they often do run smack right in the middle with a loud spike.

Then there are all the higher frequency devices. A certain model of cellphone was known to cause GPS unlocks on the aircraft GPS. This wasn't a problem because the only ones using GPS extensively was military and GA, but these days with RNP and GPS approaches, a GPS unlock could screw up everything.

Even to this day there are still incidences of suspected EMI causing havoc - usually things like unexplained instrument drift. My favorite was where my flight instructor had a phone call (we were taxiing back to the ramp) and I could hear both sides of the conversation through the avionics (my instructor had removed his headset to answer the phone - given the low power setting of taxiing, it wasn't necessary).

The only thing that may save this is if it's like if you try to use your phone on a cruise ship where you get "Cellular At Sea". Though I suspect in a couple of months we'll see people complaining about $1000 phone bills because they couldn't do anything but yak the whole way. Even worse, because these kind of guys make NO roaming agreements with anyone, your carrier won't be able to write off the bill because they have to pass on the full rate - a roaming agreement means their cost is far lower than what you're paying (down to cents a minute when you're paying tens or dollars a minute).

Yes, your phone will eventually roam onto it - because they are not a preferred carrier though, your phone will go through many anxious searching rounds before it'll reluctantly find service at the PMITA carrier. (It's non-preferred, because the carrier can't make much money off it).

One small step for man, one giant stumble for mankind.