Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment Re:Doesn't give warm fuzzies (Score 1) 162

You're wrong, you shouldn't trust your doctor AT ALL. Your life/health and privacy are far too important to do so.

Your doctor is no better of a person than anyone at the insurance company.

You need to understand that every single person at a hospital is also a person, not some mythical creature who actually cares about you.

99.9% of the doctors created today are just as scummy as anyone else. The age where doctors cared has not existed during my life time, if it ever did. The hippocratic oath is a joke at best, nothing more than lip service.

I don't trust my doctor with my personal information because of some vague oath any more than I do any politician to support and defend the constitution. I trust my doctor with my personal information because he has a legal obligation to not disclose that information to other parties without my consent.

Comment Re:I have a IMO a propounding question. (Score 1) 64

I have a IMO a propounding question. Why is this stuff just done with no voter imput? Wither its a government project or a private one, I thing we should demand public input and maybe even voter approval or disapproval.........And has any privacy agencies tried this method? Just seem to me they shouldn't be using government equipment "poles" "Right of ways".or government property.

No, the proper way to do it is wait until they have spent all the money to buy the equipment and deploy it, then pass a referendum that makes them illegal.

Comment Re:Worrysome (Score 2) 128

Diversity is good, especially if they wind up diverging and actually being diverse. Not all implementations wind up being vulnerable to the same attacks, except when there are weaknesses inherent to the protocol.

Just be sure that as a developer you write an abstraction layer between the application and the library so that when the interfaces diverge too much you have a single class to rewrite. Diversity in implementations is a good thing. Diversity in the interfaces can be a pain in the butt.

Comment Re:Doppler effect (Score 1) 345

Apparently you are unfamiliar with the Doppler effect []. Even on a Harley making a huge obnoxious racket it is easy to get dangerously close to someone before they hear you

Perhaps you should have read the article you cited. Doppler shift affects the observed frequency of the sounds but does not affect the speed at which that sound travels in a given medium. In addition it is the difference between the speeds of the observer and the source. If both are traveling at the same relative speed, there will not be a shift in the frequency for that observer.

Submission + - Netflix has no project managers. Yet, everybody uses this project management too 1

mattydread23 writes: Netflix is well-known for its unusual management structure, and one of its characteristics is a lack of official project managers. Instead, workers cluster into ad hoc groups for particular projects. With no official mandate from IT, a project management tool called Smartsheet has become incredibly popular at the company. Netflix enterprise technology manager Justin Slater explains why.

Comment Re:Millions of conventional TVs vulnerable too (Score 1) 155

"Researchers from Dickweed University's Network Security Lab discovered a flaw affecting nearly every TV on the planet. The flaw allows a radio-frequency attacker with a low budget to take control over tens of thousands of TVs in a single attack, forcing the TVs to turn on or off, or switch channels. The attack works by equipping a drone with a powerful universal remote, sending commands to all TVs in a broad range." It's even scarier like this!

That is not how this attack actually works. The attack has nothing to do with the remote and references to it and the "red button" have derailed things. This is an attack on the broadcast television signal. As you recall, broadcast TV was switched from an analog signal to digital. In Europe the protocol for this signal is DVB and in the US it is ATSC. Within these digital broadcasts is a protocol called the HbbTV standard which allows additional interactive data, features, etc. to be embedded to provide a hybrid viewing experience. For example during a baseball game they might embed an HTML page with the stats for the current batter. The exploit is that this embedded data is not protected in any way so anyone can inject a malicious payload into the signal. This could allow such attacks as session hijacking, etc. In the demonstration the researchers are attacking smartTVs in the neighborhood by rebroadcasting a local channel with the extra packets added to the stream. That approach is limited of course to the extend to which you can override the regular broadcast signal. A much broader impact would be if you could inject the packets at the broadcast source, for example on the network between the broadcast station and the actual transmitter station. In that case your attack would reach entire greater metropolitan areas.

What I am interested in is how much, if any, of this HbbTV information gets through when local channels are carried on other transmission media such as satellite or cable.

Comment Re:It doesn't take a genius to come up with an att (Score 4, Informative) 155

So the idea is that the attacker overrides the RF signal with his own one, which contains the malicious data.

No. They are actually overriding the DVB broadcast signal from the broadcaster and inserting malicious packets into the stream.

Abstract: In the attempt to bring modern broadband Internet features to traditional broadcast television, the Digital Video Broadcasting (DVB) consortium introduced a specification called Hybrid Broadcast-Broadband Television (HbbTV), which allows broadcast streams to include embedded HTML content which is rendered by the television. This system is already in very wide deployment in Europe, and has recently been adopted as part of the American digital television standard.

All of the references to the "red button" on the remote are a distraction that can be confusing. The red button on your remote is simply a way that you can invoke or interact with the hybrid content in the broadcast stream. It has nothing to do with the actual attack and the embedded content doesn't need to be actual interactive content.

Comment Re:This is awesome (Score 1) 217

but in practice the subset of "all people" who actually do code reviews appears to be very, very small -- possibly smaller than the set of people who review closed source code.

I'm going to disagree here. For a given company that has a closed source implementation, there may be small group of people qualified to look at the code and understand it, but that in no way means that they are or have done so. Corporate politics, capitalizable time, access restrictions, etc. all play a part in whether any one at all actually looks at the closed source code for vulnerabilities.

Slashdot Top Deals

You're not Dave. Who are you?