Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
BLACK FRIDAY DEAL: Trust the World's Fastest VPN with Your Internet Security & Freedom--A Lifetime Subscription of PureVPN at $48 with coupon code "BFRIDAY20" ×

Comment Re:Summary of the exploit (Score 2) 81

Looks like the fix they have applied will cause java.lang.zip.ZipFile to throw a ZipException, indicating a format error, whenever it encounters a duplicate entry in *any* zip file, for *any* application using android's dalvik JVM.

I'm not certain that's the correct response to this issue. Should a zip file with duplicate entries always be considered invalid?

Comment Serval Mesh for Android (Score 1) 393

The Serval Mesh software for android encrypts voice and text messaging by default. Though it's focused on enabling communications in a disaster when everything else has failed, and doesn't have any internet based message routing. It's perfectly fine for a small community, or for sneaker-net based messaging.

They're also starting an indiegogo campaign to build and sell a device with much longer range than Wi-Fi.

Comment Re:Looking forward to 1st August (Score 4, Informative) 85

APK's are signed with what amounts to the normal jar signing process. So either they have found a way to create a hash collision, or there's some other bug in the verification process that allows some unsigned code to be included in the file and executed.

Either way, you will still need to trick people into installing your version of the apk.

Comment Re:NSA (Score 1) 127

With DNSSEC we should be able to publish and verify certificate information via signed dns records, which would also shift the root of the trust relationship up to the dns registrars. And since the authentication part of CA certificates is tied to dns already, I don't see that this would change much.

Comment Re:Saves me from having to buy cheap cellphones (Score 1) 172

Let me tell you what's wrong with the built in messaging system in Android.

There should be a clear separation between the text entry / conversation viewing user interface, and the services that can send and receive text messages. Right now, if anyone wants to provide an alternative text message delivery service, they must replace the entire text entry user interface.

Your replacement could store the sent and received messages in the phone's SMS database. But then, whenever you open an unread message you have to remember to open the correct text entry application based on which 3rd party service your contact can use.

You can't keep a conversation going with one person, while automatically swapping between message delivery services based on changing network conditions. Nor can you easily choose which application to use based on other subscription information, eg we both use a 3rd party app like TextSecure. While you can add an app specific raw contact record with a custom action, you can't create anything with the same behaviour as a phone number field.

Application integration with Google Voice, Hangouts & the old Talk app suffer from this same basic problem.

Voice calling has similar 3rd party integration issues, but I won't delve into them now.

Comment Re:alternate implementation (Score 1) 259

It probably isn't deliberate at all. If the pdf was created with a windows printer driver, the easiest method for converting word files for example, then the printer driver interface basically does the same thing. "Here's this new font definition, but I'm only using these 50 glyphs so I'm not going to tell you what the unicode characters are."

Comment Re:Defeated in one... (Score 1) 467

I was also thinking that each target replacement would have more than one possible variation, though from a pure entropy point of view that doesn't change the likelyhood of invalidating the watermark.

Also once you've discovered a couple of the variations used in the watermark, then choose one option from each variation randomly. Then the remaining mark may be able to identify one of the purchasers, or perhaps both of you. But could certainly narrow down the possibilities to a handful of people.

Comment Re:Defeated in one... (Score 2) 467

Then they'll implemented a polymorphic sentence generator. Actually you could set it all up by hand, it wouldn't take too much effort. Pick a handful of sentences, pick a handful of alternative words from a thesaurus or rephrasings that don't change the intent. Heck the alternatives could all be provided by the original author if you like. You'd need less than 60 possible replacements across the whole book to encode a unique enough watermark.

Comment Re:Good (Score 1) 476

The movement of share prices correlates strongly (0.8 - 0.9) with either the velocity or the acceleration in the level of margin debt. Share prices are growing because people are borrowing money to buy them. This isn't "real" wealth creation, and it isn't sustainable.

Slashdot Top Deals

Genius is ten percent inspiration and fifty percent capital gains.