Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:In Soviet Russia (Score 0) 373

1. Very few of the emails are DKIM signed. Check for yourself.
2. Even where DKIM is signed, it relies on the following assumtions.
A: The attacker has not compromised the Google private key
B: The attacker has not compromised DKIM or any of the technologies it relies on
C: The attacker had not compromised the sending account at the time of sending.

The requirement of assumption C is applicable regardless of who the attacker is. Assumptions A and B fail when considering a highly motivated state actor. It should go without saying that everyone here knows that major powers actively work on things like A & B, and C is their bread and butter.

Do I think that a power like, say, Russia, has compromised DKIM itself, or any of the technologies it relies on? Probably not, but I certainly wouldn't put it past them. Do I think that said entity has compromised the Google private key? Probably not, but again, I certainly wouldn't put it past them. I absolutely would not put C past them - but it depends on the importance attached to the topic at hand.

To reiterate: the majority of the leak will be real. But there is an active, demonstrable history this cycle, of the attackers salting the leaks with fakes, using the real content to try to legitimize the fakes, so try not to be naive about all this.

Comment Re:No you don't (Score 1) 208

All of those are bad examples, because the latter form factor is better in every way except its ability to fit hardware inside. If you could make a laptop that contained the same hardware as a desktop, for the same price, then it would obviously be better. A decade ago, laptop sales outpaced desktop sales and so the economies of scale started to tilt things in favour of the laptop. As desktops become increasingly niche, the prices will keep going up and a lot of desktops now are just laptops without the built-in screen, keyboard, or battery.

If you take a desktop and scaled everything down so that you had the same amount of storage, CPU and GPU power, and RAM in a laptop form factor, for the same price, then obviously the laptop is better for most people (people who need PCIe slots being the exceptions).

If you took a laptop and scaled everything down so that you had the same amount of storage, CPU and GPU power, and RAM in a phone form factor, then you'll have a very powerful phone, but it won't replace a laptop. There are a lot of things where you can open up the laptop and start working immediately, but the phone will need connecting to an external monitor and keyboard before it's equally useful. Even putting a picoprojector in the phone won't entirely solve that, as you often don't have a useable projection space.

Comment Re:of course the do! (Score 1) 73

That may be less of an advantage than you'd think, because you need to know by about half way through the first season whether it's worth commissioning a second. It's definitely an advantage for longer-running things (if people are still discovering it when you're in the fifth season and starting from the beginning, then it's probably worth a sixth, for example), but it might be a disadvantage at the start of the process.

Comment Re:In Soviet Russia (Score 5, Insightful) 373

Right. So let's take a look at how this "excerpt the gotcha" plays into that.

Slashdot writes about Zuckerberg:

a later exchange between Sandberg and Podesta showed that Mark Zuckerberg was looking to get in on the action a bit, and perhaps curry favor with Podesta and the Clinton camp in shaping public policy.

Except that the email from Shelly about Zuckerberg very clearly begins:

Mark is meeting with people to learn more about next steps for his philanthropy and social action and it’s hard to imagine someone better placed or more experienced than you to help him. He’s begun to think about whether/how he might want to shape advocacy efforts to support his philanthropic priorities and is particularly interested in meeting people who could help him understand how to move the needle on the specific public policy issues he cares most about

Likewise on the other email from Cheryl. They mention the "She came over and was magical with my kids" re. Clinton. They don't bother mentioning the reason for Hillary's visit, which can be seen in what she's replying to:

To: Sheryl Sandberg
Subject: At a loss for words

Can't imagine your pain, but know that you are surrounded by people who love you. Mary and I are praying for you, the kids and, in our Catholic way also for Dave.

... and the part before the excerpt:

Thank you – means a lot to me that you reached out.

And I like that you are praying for Dave. I have to believe in heaven now.

This wasn't some buddy-buddy campaign visit, this was a "person I know's husband just died" visit. Likewise, the implication that they're supposed to give here is that they know her because of Facebook. No bothering to mention that the reason that they actually know her is because she was Larry Summers' Chief of Staff during the Clinton administration.

Almost anything can be made to look sinister when you take it completely out of context. Which is the whole purpose of these emails.

Furthermore, do you honestly think you couldn't do the exact same thing by picking through the Trump campaign's internal messaging? Do you have any clue how many people of note a major campaign interacts with, how many people work for them, etc? We know given Trumps record on server security that hacking him would have been a breeze, but miraculously nobody bothered. Why do you think that is?

Lastly: take everything you read with a grain of salt. I know everyone's reaction to statements that emails could have been altered (and scattered amongst real ones) is going to be "You just don't want to discuss them!" No, the reason you should take things with a grain of salt is that the other anti-Clinton hacks this year have done exactly that. Leaks posted by the hackers in different places involved cases where they had involved changing the same file to say different things (such as a donation list where they added a donation from Soros to a Russian democracy activist, but had different values for the donation in different versions of their release), cases where files were dated to after the hack occurred, and cases where file metadata showed the changes they'd been making. Salting real data with fake is something that they've been doing this year, so it'd be naive to think that they're just going to stop doing it now. Come on, even the most die-hard Clinton hater is going to be hard pressed to actually believe that the Clinton Foundation has a directory sitting around literally called "Pay for Play".

Yes, the majority will be real. But don't be naive when viewing them and assume that you can just take everything at face value.

Comment Re: Why even have elections? (Score 2, Insightful) 373


Because we hate Wall Street, let's instead put a billionaire real estate scammer whose entire adult life has been spent trying to kiss up to investors and banks to get loans for his businesses, and who refuses to reveal what banks he's in debt to in power.

Because we oppose the Libyan conflict, let's put in power someone who wants to bomb the children of terrorists, insists that waterboarding isn't harsh enough, wants more nations to have nuclear weapons, wants to build a new generation of nuclear weapons, and spent his first security briefing repeatedly asking why we're bothering to have nuclear weapons if we're not going to use them.

Because we oppose free trade, let's put in power someone who spent his entire career - up until he decided to rebrand himself as a populist for this election - championing free trade, built his empire on dumped steel and undocumented workers, and - until it was shut down as a scam - championed the benefits of outsourcing on his Trump University page.

I'm not even sure where you're getting that Clinton has been big "drill baby drill" champion, but Trump has literally called for "drill baby drill" in speeches, including lifting all federal restrictions on offshore drilling and elimination of the EPA.

So if you want to cut off your nose to spite your face, go right ahead, but please understand why many people will not be joining at you.

And if your argument is "I'm not supporting either of them" - if you don't vote for one, you're supporting the other. Not to the degree of voting directly for the other, but you're still supporting them. Because that's the way the US electoral system works.

Comment Re:Bug of feature? (Score 2) 95

Uh, no. All RowHammer attacks use a hardware vulnerability. That's the definition. The JavaScript attack allows you to exploit this vulnerability from a bug-free JavaScript VM, with the only requirement being that it implements TypedArray objects as contiguous (virtual) memory arrays (which is the obvious way of implementing them, and it would be difficult to implement them usefully any other way if you want to use them with WebGL). The only variation is which bits you choose to try to flip with the RowHammer attack. This is the equivalent of running a different program with a known attack, not a new attack.

Comment I claim a Godwin dispensation... (Score 1) 179

The following (translated) quotation describes this syndrome perfectly.

"The great masses of the people in the very bottom of their hearts tend to be corrupted rather than consciously and purposely evil ... therefore, in view of the primitive simplicity of their minds, they more easily fall a victim to a big lie than to a little one, since they themselves lie in little things, but would be ashamed of lies that were too big".

- Adolf Hitler, Mein Kampf (Houghton Mifflin Co., Boston, 1971; original version 1925), Vol. 1, chapter 10, p.231

Comment Re:Bug of feature? (Score 5, Informative) 95

Rowhammer has been usable from JavaScript for ages. As I said above (in the post currently at 0 overrated), one of the published ways of exploiting it is to use TypedArray objects to get a large chunk of contiguous memory, which then gives you a load of addresses in the same cache associativity set. You then hammer those addresses, which forces repeated cache evictions and eventually flips some adjacent bits. You can then use this to escape from the JavaScript sandbox. I don't know why this attack wouldn't work on mobile devices, so I don't really see what's new here.

Comment I don't understand (Score 5, Interesting) 95

One of the simplest existing known attacks involves creating an 8MB TypedArray object in JavaScript. This gives you a contiguous virtual address range, which allows you to generate 9 addresses that will be aliased to the same cache line and therefore where 9 sequential writes will trigger an eviction and a write back to RAM. What made this attack now work on mobile devices?

Comment Re:People probably realized.. (Score 1) 319

I can see a lot of uses for a smartwatch:
  • The Apple watch can unlock my computer when I'm next to it and lock it again when I move away.
  • Apple Pay on the watch looks like it might actually be more convenient than getting the card out of my wallet - on a phone it doesn't.
  • A two-factor auth device that I carry around with me on my wrist sounds useful.
  • Calendar appointment reminders without having to get something out of my pocket.
  • More convenient map / direction display to glance at while cycling.
    • There are probably a lot more. The problem is that current smartwatches are like early-90s Nokia smartphones. All of the basic ingredients are there, but the technology isn't up to the vision. A decent smartwatch would be about 5mm thick, have a battery that lasts a few days, charge via induction from a thing I can leave on my bedside table, have always-available network connection without a smartphone, and be waterproof and rugged enough to survive frequent knocks. Give it another 5-10 years and we might get there...

Comment Re:of course the do! (Score 2) 73

I wouldn't be surprised if there's also a much more direct feedback loop for Netflix-produced content (though HBO is probably similar). Think about how a normal TV show is created:
  1. Someone has an idea. They persuade a studio to fund a pilot.
  2. The studio takes a loss on the pilot and shops it around to TV channels.
  3. The TV channels evaluate it and decide the demographics that will watch it and if a large enough segment of a profitable (i.e. high income, low impulse control) of the population might like it, they commission the series.
  4. The studio produces the series.
  5. The channel sells ads.
  6. If the ad purchasers think that the ads are worthwhile (via a complex indirect feedback mechanism involving tracking sales against projections) then they'll be happy and the studio will renew the show (unless a new show that could possibly make more money in the same slot comes along).

Now compare that to Netflix.

  1. Someone has an idea. They persuade a studio to fund a pilot.
  2. Netflix decides that people might like it and funds the full series.
  3. As soon as the show is available, Netflix records how many people watch it, how many didn't finish an episode, and what the review score distribution is from the subset of people that bother to write reviews.
  4. If it's popular, Netflix funds another season.

Which of these is more likely to produce shows that lots of people want to watch?

Comment Re:Too bad for men. (Score 1) 154

Let's help make it a bit clearer. Let's say you're the average US male height, weight and build - 176cm / 59" and 83kg/184lbs and a bench press of 165lbs. Picture an environment where everywhere you go, you're surrounded by men who average 192cm (64"), 105kg (231lbs) - with the weight difference being primarily muscle - with a bench press of 400lbs. On average. Basically, the average person around you is a NFL linebacker. Now picture that a good number of them are sexually attracted to you. That they're much more likely to be involved in violent crime than you. That a disturbingly high percentage of your friends and family have been molested or raped by them. Perhaps you yourself.

Try to understand the difference in what the world is like for others.

Slashdot Top Deals

Real programmers don't write in BASIC. Actually, no programmers write in BASIC after reaching puberty.