Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Artists often get little (Score 3, Interesting) 157

by toejam13 (#48977687) Attached to: Major Record Labels Keep 73% of Spotify Payouts

Music artists have often received little from broadcasting. Historically, they've received the bulk of their money from live performances and merchandise. Most of that broadcast money goes to the studios, the producers, the managers, the studio, the songwriter, agents and lawyers. Singers (if they're not also songwriters) usually come dead last.
My understanding is that many new artists have come to realize this scam and are starting to avoid the major labels, using alternate channels of distribution instead. It may not sell as much music, but they get a much larger slice of the pie

Comment: Re:Physics doesn't work like that. (Score 1) 54

by toejam13 (#48881581) Attached to: TWEETHER Project Promises 10Gbps MmW 92-95GHz Based Wireless Broadband

The higher the frequency, the less penetration of solid objects you have.

At -that- frequency, it'll work well for extremely short range, indoor, communications. But as soon as you put something even slightly solid, or damp, in the way, the signal will get blocked.

Yup. At this frequency, walls and vegetation are essentially opaque to RF. This will be useful for in-room or sub-kilometer line-of-sight deployments. Great for Phoenix (little rain, few tall trees), horrible for Seattle (damp, heavily forested).

One good thing about hitting 25 GHz or higher is that indoor APs and outdoor APs don't fight with each other the way that they do at 2.4 or 5.8 GHz (lower co-channel interference). So you can have a PTMP or mesh network running in dense areas like New York City. But with the range limitations, it'll need to be a dense network in order to get any sort of coverage. Your hop count is likely to skyrocket if you're using a mesh. High speed, horrible latency.

Comment: Even in China and India, English will dominate (Score 1) 578

by toejam13 (#48723527) Attached to: What Language Will the World Speak In 2115?

In many eastern nations, English is so widely used because it is seen as a neutral language. Many people in southern China who speak Yue Chinese (ie, Cantonese) dislike speaking Mandarin, which is a mutually intelligible language. Likewise in India where there are 7 major language groups comprising over 120 languages and over 1000 dialects and minor languages, many Indians (especially of the upper caste) prefer to use English as opposed to a non-local language. In these cases, English will thrive if only as a dominant second language.

India comes up again for another reason, which is the British Commonwealth. English is widely spoken in these member countries, which comprises a good chunk of the population in Africa and Asia.

Comment: Re:voicemail to email (Score 1) 237

by toejam13 (#48662859) Attached to: The Slow Death of Voice Mail

Voicemail to text is probably the best evolution of voicemail. Speech to text has gotten very good, so there is no reason that we can't have the system perform a S2T on a message, then sending that message as a text. Keep the original recording around in case the translation is wrong, but delete it once the text has been deleted.

Comment: Re:I'm Using C++ (Score 4, Informative) 421

by toejam13 (#48645559) Attached to: Ask Slashdot: Is an Open Source<nobr> <wbr></nobr>.NET Up To the Job?

The C standard library provides an API to all your system resources.

The C standard library (libC) provides a very basic API to some of your system resources. You have to include a large number of other libraries in order to obtain a feature set similar to the Java and .NET frameworks.

And in addition to the IO, thread and math limitations that the AC above touches on, there are several other major problems facing the core C libraries: wchar support, qword support, socket support and overflow safe functions. There has been significant balkanization between the BSD, GNU and Microsoft camps on these topics, making cross platform development difficult. I've written a lot of wrapper code over the years dealing with the issue.

The nice part about the Java and .NET frameworks is that they eliminate most of the problems I mentioned and several of the issues the AC brought up.

But I do still find the C libraries, Java framework and .NET framework all lacking. They're good for about 80% of all cases, but I seem to find myself thumping on the native APIs far more than I thought I should. I'm really annoyed at how often I find myself using PInovoke under C#.

My hope is that with the Core .NET moving off to the open source camp, maybe Microsoft can start focusing on adding C# bindings for the rest of WinAPI. The day I can write code without having to use a PInvoke is the day I'll stop writing C/C++ code.

Comment: Re:Stupid (Score 1) 396

by toejam13 (#48631801) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

This is a dumb idea. A very dumb idea. Since we're assuming MITM, what happens when I inject javascript into the page? Even assuming the browser prevents me from leaking the PROT header, I can still have it make arbitrary requests using your session.

Encrypting the content length header and adding an encrypted checksum (or cryptographic hash) of the payload would help detect JS injections, URL rewrites or other forms of malicious modification. Marking your user session cookie as HttpOnly should also help sandbox it from JS hijacking.

What happens when I just block the original response, pretend your session died, and serve up a bogus login page that gives me your credentials?

Introducing a new URL protocol for HTTP-Mixed could help prevent that. It would indicate that HTTP header encryption was a requirement and that the client refuses to proceed without it. So when the user hits refresh on their client after an hour, your bogus site would then need a counterfeit certificate in order to survive the PROT ClientSSL <-> PROT ServerSSL challenge.

The best way to deploy such a system would be to use HTTPS for your site's landing page. If the client's browser supports HTTPM, you could step down to it for pages deeper in your site. Otherwise, stick with HTTPS.

In some ways, HTTPM would be analogous to FTPES in the FTP/FTPS world. FTPS clients know to issue an AUTH TLS command shortly after starting an FTPES connection and refuse to continue if a FTP-503 Unsupported server response or a failed TLS handshake occurs.

Comment: Re:Stupid (Score 1) 396

by toejam13 (#48626723) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

Utilizing a client IP address as a means of identification is highly unreliable unless that client is on the same network as you. Proxy servers, cache servers and NAT devices can masquerade multiple devices under a singular IP address. Worse, some organizations load-balance outbound connections across an array of those masquerading devices. Every TCP connection could originate from a different IP address. The same is true when the client itself is multi-homed, such as a mobile device utilizing both cellular and wifi simultaneously.

And while the payloads of cookies can be hashed to obscure sensitive information that is stored in clear-text, it does not prevent the theft of the cookie itself. I may not know the true value inside of it, but I may not care. I might want it just to tailgate on an authenticated session. To avoid that, you need to encrypt both the cookie payload and its name.

Comment: Re:Stupid (Score 1) 396

by toejam13 (#48626243) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

For most sites, I don't really care if my browsing activity is being monitored. If some security service wants to eavesdrop on my visits to, let them. For the sites where I do care about privacy, HTTPS is generally an option.

But keep in mind that HTTPS alone only buys you so much. You're still leaking information about the sites you visit via your DNS queries. Also, you're still being tracked at the end-points by ad networks and other systems that log your moves. If privacy is that important, you should also be using an anonymizing proxy service like TOR.

Comment: Re:Stupid (Score 3, Interesting) 396

by toejam13 (#48623463) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

Encryption has a cost, it isn't free. ... This is a dumb idea. A very dumb idea.

Agreed. For most sites, there are only two areas where I care about encryption: 1) login authentication and 2) session tokens (cookies). For #1, briefly switching to SSL/TLS is no big deal.

The problem today is that there is no satisfactory solution for #2. In order to encrypt your cookies in your HTTP header, you have to encrypt everything. As previously mentioned, this can have some adverse side effects. It is also complete overkill. What HTTP needs is a middle option.

Enter explicit HTTPS.

When a client requests a protected URL, it can be given a challenge and negotiation method for TLS not unlike how NTLM authentication over HTTP occurs. It should also negotiate what HTTP headers should be private. When complete, the client then sends encrypted data using a PROT: [session id] [base-64 payload] header. If you wanted to be fancy, you could make the system tolerant of upstream proxies or load-balancers inserting their own cookies.

Now you have a system where your session tokens cannot be eavesdropped upon, but yet the payload of the HTTP request can be cached.

Comment: New Revenue System (Score 4, Interesting) 190

by toejam13 (#48567577) Attached to: Fraud Bots Cost Advertisers $6 Billion

Perhaps advertisers should finally move away from the current revenue system that pays per-click and should instead move towards a profit sharing system where the referring website receives a commission based on any sales or executed transactions.

I've been reading about click fraud for over a decade now. I don't expect it to go away under the current system.

Comment: Re:Doesn't matter even if the publishers win... (Score 4, Interesting) 699

by toejam13 (#48548849) Attached to: French Publishers Prepare Lawsuit Against Adblock Plus

...someone else will develop a list...

Which is why I believe that the whole exercise is futile. Suing Eyeo is not unlike playing Whack-a-Mole. If they are forced to remove their app, others will simply take their place. Given that Ad Block has already forked development lines (see: Adblock Edge), they're already too late.

Ultimately, websites are going to need to protect their content using JavaScript or other means. I'm already familiar with a few sites that use JS based elements that display a message after a few seconds if the ads in the page don't load (see: Of course, AdBlock Edge allows me to block those elements, but it wouldn't be hard to use element name randomizing techniques to thwart AdBlock Edge.

Comment: Re:Legal Opinion, Please? (Score 1) 699

by toejam13 (#48548627) Attached to: French Publishers Prepare Lawsuit Against Adblock Plus

IANAL, so I'd like a tort guru to enlighten us on exactly how creation and distribution of a product (AdBlock) that that gives consumers an informed choice over another product (advertising bullshit) is an actionable case.

I'm also curious how much Eyeo opened themselves to litigation by offering a for-profit whitelist that overrides the blacklist instead of sticking just with a blacklist-only model.

It sounds like a water utility company suing faucet makers for making a device that restricts flow of billable water, or the electric company suing light switch manufacturers.

Or like how AT&T used to prohibit third party phones on their lines?

The main difference here is regarding the level of exclusive ownership rights the publisher has versus the public good in relaxing those rights. Many governments have rules allowing small quotes and allowing parodies when it comes to published content. But ad skipping is somewhat murky. Over on the TV side, it is assumed that the Betamax timeshift ruling provides some protection (which the SonicBlue DVR lawsuit would have clarified had it continued). But I'm not aware of anything on the published side.

Comment: Re:Hibernation (Score 2) 77

by toejam13 (#48544453) Attached to: Pluto-Bound Spacecraft Ends Hibernation To Start Mission

But it is a PlayStation One system (well sort of).

Poor analogy. That would be like saying that the Macintosh Classic is sort of an Atari ST just because they both used Motorola 68000 processors.

As for the minimalistic nature of the Mongoose-V (MIPS R3000 based) processor in the NH spacecraft, it is more than adequate for an embedded processor. My Sony NEX camera uses a Bionz (also MIPS R3000 based) processor for image processing and user interface controls. The clock rate of the Mongoose-V might seem a little low, but remember that the spacecraft is both power and uplink speed limited. Having a faster processor really wouldn't gain much.

Comment: Re: Then again, maybe it _is_ good news. (Score 1) 172

by toejam13 (#48510779) Attached to: Study: HIV Becoming Less Deadly, Less Infectious

I've often wondered. Suppose you had a time machine, went back, took some random person from the year 1900, and brought them to the present day. How would they fare in the modern world? My guess is that there would be a big adjustment period but they would manage. How about a person from 1850? 1800? 1700? At what point would the person be so totally lost in modern society that they wouldn't be able to function at all.

If you want an example, look at how refugees from poor rural areas in third world countries handle the transition when they arrive in a first world nation. You often have massive language and cultural barriers. First hand knowledge and use of technology is going to be limited. They're going to know little to nothing about our laws. If you just drop them into the middle of NYC, they will do very poorly.

If you put them into an orientation program and assign them to a handler who will bring them up to speed, they'll probably do alright. It might take a decade before they're comfortable in their new home, especially if language was a barrier, but it will eventually happen. There are millions of examples all throughout the western world of this happening. People adapt.

10 to the minus 6th power mouthwashes = 1 Microscope