Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:The patents (Score 1) 186

by tricorn (#49132765) Attached to: Jury Tells Apple To Pay $532.9 Million In Patent Suit
Many years back is 9 (when that particular patent was filed) or 16 (based on the priority date, though I'm unclear what that priority date is based on). Buying things over the Internet wasn't some stroke of genius, and couching things in standard patent-speak doesn't make it any more innovative. Makes me want to file a patent on "A Method and System of Using A Computing Device", put in all sorts of vague claims with "data means" and "storage means" and "communication means" and "user interface means", include something really specific like "a processor using graphene), then wait until someone creates something nifty after graphene has become common in chip fabrication, then sue everyone for violating my innovative patent, since I was the only person in 2015 who could have foreseen graphene being used in computers. Of course, as every new potential technology is reported on, I file a continuation on my patent and add in the new technology. Perhaps a cool new public key system is devised, I can toss using that as part of the data communications means of using my Computing Device. This will cost me some money, of course, so I'll deserve a big payout at the end for having taken so much risk in developing my innovative technology.

Comment: Re:The patents (Score 1) 186

by tricorn (#49132063) Attached to: Jury Tells Apple To Pay $532.9 Million In Patent Suit
I read a few of them. They appear to be continuations of continuations of continuations based on a foreign application of a continuation of .... Trying to figure out what was ACTUALLY claimed to be innovative a the priority date of 1999, and what was added since the iPod and other systems supposedly infringing came out, is pretty difficult. Indeed, trying to understand the claims themselves doesn't really tell you much, and I fail to see how ANY jury, with anyone with a hint of software knowledge excluded, could form a reasonable decision as to validity. As near as I can tell from the ones I read, it's basically "You know that music and stuff you can download off the Internet onto a portable device? What if you had to pay for it first?" There really is nothing more non-obvious than "sell something - OVER THE INTERNET".

Comment: Re:Really? (Score 1) 215

by tricorn (#49069263) Attached to: New Encryption Method Fights Reverse Engineering

With hardware support in the CPU this can be done properly.

CPU-unique public/private key pair generated by the manufacturer. Public key signed by manufacturer's private key. To install program, CPU public key is validated, program is encrypted with unique key, unique key is encrypted with CPU public key, program and encrypted key is sent to customer.

CPU would then be givent the execution key, which it decrypts internally with private key and saves securely (no access via JTAG, no instructions to access it in any way). Instructions are then decrypted on-the-fly into internal secure instruction cache. You could do the same thing with data, with specific instructions to read/write unencrypted (after all, you do have to get the results out somehow), using a random key internally generated by the CPU. That key could be read/stored, but only encrypted with the instruction key (and changing the instruction key would wipe the data key).

Encryption key for each block would include the location of that block (e.g. take decrypted key and hash with location, then use that as the key for the block). A final step could be to have a block of (encrypted) hashes of each block that would be verified as each block is decrypted (with immediate wipe of decryption keys and cached code if it fails).

Breaking the private key of an individual CPU would, of course, allow you to emulate such a processor and break any program that's been keyed to it, but if such a CPU also required booting into encrypted firmware it could be very difficult to do (assuming the hardware is properly hardened), with the only practical attack being to break it using the public key. If you could do that, there are much better targets to go after than to get a free copy of some expensive program.

Comment: Re:Better way (Score 1) 289

by tricorn (#48763009) Attached to: Extra Leap Second To Be Added To Clocks On June 30

That's a terrible solution. It simply guarantees that there will be even more significant problems when you do trigger that Leap Minute. Having this occur every year or two means you have an incentive to handle it correctly. Having it occur once every 60-100 years means that no one will bother handling I correctly, or will implement handling it incorrectly.

Think of a critical system that hangs for a minute rather than a second. The results would be much more damaging.

That's like fixing a memory leak by adding more memory to your system. You're just pushing problems down the line and making them more significant.

Comment: Re: Leap hour (Score 1) 289

by tricorn (#48762981) Attached to: Extra Leap Second To Be Added To Clocks On June 30

Exactly. The system clock should be uniform and continuous down to the resolution of the system/hardware. All conversions to/from wall time (including time zones, DST, and leap seconds) should be done separately. The tz database/library is already capable of supporting that mode.

I think it was one of the biggest mistakes in time processing to have NTP adjust the system clock on a leap second. Have NTP include the current offset, even have something that automatically updates the leap second history file when NTP indicates a pending leap second (or is showing a different offset from the current database, which would indicate that a database update is needed, say for a system that's been turned off or disconnected for a long time - not perfect, but close).

This could be phased in in several ways, perhaps just changing it and overriding the few programs that would break (perhaps with a per-process flag to modify the kernel calls to get the time, which the tz library could take into account).

Comment: Re:and the cities are... (Score 2) 175

Champaign and Urbana are the same system, working also with the University of Illinois.

They have the core network in place, City, schools, some businesses, and some under-served neighborhoods (using a federal grant), but progress in connecting other neighborhoods has been very slow. They're now working with another area company to install neighborhoods, but no good indication of how fast it will go. They've made some commitments, but only if enough houses in each neighborhood sign up.

The biggest problem I've seen is getting a competent company to do the work, and keeping people informed. I'm still hopeful, I want to get away from AT&T. The City/University group has been turned into a non-profit, and they've pledged that the network will be open to ISPs on an equal basis (though I assume that the company building out the home connections will get a chunk of any revenue for some time until they've recouped their investment).

Comment: Re:Sanitizing comments, trolls, first to market (Score 2) 159

by tricorn (#48016039) Attached to: Ask Slashdot: Software Issue Tracking Transparency - Good Or Bad?

Yeah, I really like the idea of setting up a bug tracking system for your competitor that all their customers can contibute to.

One of the biggest turn-offs to me is a company that doesn't have any good way to report bugs or to request changes. The ideal company for me would be one where every bug or suggestion either generates a new tracking entry or is assigned to an existing one, and that tracking ID is sent to me as a response.

Now I can see what's happening with an issue that affects me, I can provide further details when I see that no one else has pointed something out (or not create redundant reports when they have) - such a system should have a "me too" capability for tracking how many people have that issue without them all needing to take up support time by reporting it. It doesn't need to show all the developer notes on progress or specifics about internals, but it really isn't that hard to give a status update that's useful to the customer, or an explanation of why something isn't going to be done, work-arounds, etc.

Make it easy for your customer to find out the issues and you won't have as much of a problem with wild rumors and complaints and mobs with pitchforks.

Yes, security-related issues should be redacted. No big deal.

Shouldn't be any problem to restrict it to customers who request it, at least for non-consumer-based products, as long as there's a simple process for a prospect to be given access as well, but I really don't think it's worth the hassle of keeping access restricted. It would be interesting to see the sales/marketing response after seeing how mnay of their sales are contingent upon getting access to the bug tracking system.

Comment: Avegant Glyph (Score 3, Interesting) 65

by tricorn (#47956085) Attached to: New "Crescent Bay" VR Headset Revealed and Demo'd At Oculus Connect

I'm really looking forward to seeing how the Rift and the Glyph compare. They both seem to be converging from different sides to be very similar, but with the delivery tech being quite different. I'm excited about the form factor of the Glyph and the emphasis on audio. The video doesn't have the resolution of the Rift yet, but it sounds like it is still very good.

It would be really interesting to see innovations from both put together. I really like the idea of using micro-mirror arrays to create the virtual image, and I really like that the Glyph can be used without corrective lenses.

If the two companies could have merged and joined the best of both, that would have been really excellent.

Comment: Re:Could be a different route involved for the VPN (Score 1) 398

It's not like it's a surprise that there's a lot of Netflix traffic. I could forgive an ISP for not having the connections in place to handle that amount of traffic if all of a sudden it sprang up, but they should be able to handle it by now.

Customers are paying for that level of service. If most of their traffic is coming from Netflix, that's because THAT'S what's driving their customers to pay more for higher speed service. That means that they're getting more money, but most of the capacity increase for their network can be concentrated on serving the Netflix traffic. That's probably less expensive than building out the capacity to handle all those high-bandwidth customers spreading it around more.

Comment: Re:Could be a different route involved for the VPN (Score 1) 398

It would actually be fairly easy to show that it isn't traffic-analysis throttling going on - set up a server somewhere that you can get a 5Mbps stream going, and that also can get 3Mbps to Netflix, then use an un-encrypted port forward. Given that Verizon and Level3 have both shown that it's a bottleneck at their interconnect point, I'd expect that method to get you a full speed Netflix stream with no problem.

Now, that wouldn't necessarily be a real solution - the route you're getting would probably also be overwhelmed by the traffic if a large number of people were all routing traffic through it. What it does show is that Verizon needs to fix the bottleneck. That's what they're being paid for by their customers. The providers Netflix is using can handle the load, and they clearly have no incentive to not build out their networks in whatever way is needed to handle it properly.

If 90% of Verizon's traffic ends up coming from Netflix, so what? That means they only need 10% of their network for everything else. Their customers are already paying to receive that data, why should Netflix pay again?

The people talking about "unbalanced data flows" are missing the point. It wouldn't make things better if Netflix changed the protocol to require that customers send them as much data as they receive. Bits aren't a resource, nor are they toxic waste, the country won't start to tilt if Netflix sends too many bits in one direction without accepting the same number in return.

If that's the way it worked, then Netflix could simply set up a Cloud backup service.

Comment: Re:He was anti GMO (Score 1) 71

by tricorn (#47497735) Attached to: Exhibit On Real Johnny Appleseed To Hit the Road

My parents have an apple tree growing in the front that has apples that don't brown at all. They taste pretty good as well, and don't seem to have much of a problem with insects. I have no idea if the tree was grown from ra andom seed from an apple or what its lineage is, I don't think it's been grafted. Does that mean it's potentially worth something?

BTW, regarding the article - that's Urbana, Ohio. There's more than one Urbana (e.g. Urbana, Illinois, with the University of Illinois, not Urbana University). That confused me briefly!

Have you ever noticed that the people who are always trying to tell you `there's a time for work and a time for play' never find the time for play?