Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:Proprietary means no security (Score 1) 74

The Skype protocol is proprietary. No one has any idea if it is secure or not. Therefore it isn't secure. Support open standards and protocols.

That's some thinly veiled nonsense you've got there. You're arguing that because we are unable to verify a claim, the claim is necessarily untrue, when in reality our ability to verify a claim has no bearing on whether or not the claim is true (much as we might prefer for that to not be the case).

I'm all for open source when it comes to these matters because I firmly believe that public scrutiny is one of the best tools we have for improving the security of our software, and that it also comes with the nice benefit of building trust and confidence between developers and their community, but it is far from being the only tool in the box. By no means do I support what Microsoft has done here, but please, lets argue for our cause by using some actual logic, rather than by stating arbitrary rules as if they were immutable truths.

Comment Re:Result of brexit? (Score 4, Informative) 153

Uh, no.

The stock went up because of what Softbank offered, not the other way around.

Actually, uh, yes, the stock went up exactly for the reason AC said, as well as for the reason you said. From the article:

In fact, [SoftBank CEO Masayoshi Son] said because ARM’s sales are mostly to customers in the U.S. and Asia, and are largely dollar-denominated, its stock has risen about 15 percent since the EU referendum vote. That means the deal actually became more expensive for SoftBank because of Brexit, not cheaper, he said.

ARM's valuation went up 15% after Brexit according to the article (just as AC said), and went up an additional 43% after news of the acquisition broke (just as you said), taking them to the price reported in the summary. The two are not mutually exclusive.

Comment Re: no end-to-end no streaming media (Score 2) 282

Yeah, I overstated things a bit, unfortunately. Corrections and clarifications are in a followup post.

That said, they could just reject a packet if they're not capable of doing deep packet inspection on it. And for consumer-level (i.e. tier 3) ISPs, they'd be present for the handshake, meaning that they may be able to stop the encryption before it begins, which is something they've already been caught doing.

Comment Re:no end-to-end no streaming media (Score 2) 282

And, almost immediately after hitting Submit, I realized I overgeneralized and misstated some simple facts regarding an ISP's ability to conduct a MITM attack. While they certainly are in the best position to do so, given that they are, by their very nature, a MITM, they can't actually insert themselves arbitrarily in an end-to-end encrypted communication, even if they are privy to all parts of the conversation including the handshake, for the simple reason that they don't hold the private keys for either of the intended parties, meaning that they lack the ability to decrypt the relevant messages.

That said, we have heard of cases where ISPs (I believe Verizon was caught doing it a few years back on mobile) intercept the handshake and strip necessary flags from it, thus dropping the connection to a less secure/insecure protocol that they are more than capable of reading. Granted, that basically breaks the encryption, but there are ways around that as well. For instance, an ISP could easily spoof the certificate authority to serve up their own credentials, or could even provide their own updates to the CA lists used by the major browsers so that their credentials would be recognized as valid for virtually any domain.

Granted, there are ways around such things (e.g. sneakernet in a valid CA list with their public keys), but they'd be able to cover a huge swath of the population with measures like those, and while it may take awhile to get up to speed, there's not much preventing a government from compelling ISPs to make use of tools of that sort.

Comment Re:no end-to-end no streaming media (Score 2) 282

If your ISP is a CSP, then this bill is impossible to enforce unless the ISPs either prevent encrypted packets from crossing their network or else they MITM their customers by intercepting packets during the handshake, posing as the customer, and then inserting themselves in all subsequent communications.

Of course, in your example, Netflix itself may be considered the CSP, in which case it already has the ability to provide all of the transmitted data, given that it's one of the parties to the end-to-end encryption. In which case the DRM would be protected just fine.

Mind you, I'm not suggesting that this is a good arrangement. I'm merely pointing out that these politicians are likely not offending their corporate overlords while they pursue their quest to save the children and protect us from threats that are far less dangerous than the ones we voluntarily choose for ourselves every single day we drive a car.

Comment Re:Amazon too big for its own good (Score 1) 129

That certainly used to be the case, but recently, it's been a whole bevy of items.

A quick example: we placed an order on July 5th for four items--a video game, a DVD, a pair of flip flops, and some felt pan separators for the kitchen--that were all marked as Prime items that were in stock. The video game and felt pan separators arrived on the 7th, as we expected. The DVD and flip flops didn't even ship until the 7th, which was when we thought they were supposed to be arriving. Neither my wife nor I ever saw any indication that shipping would be delayed on those items until after we had placed the order and we noticed that half the items had shipped and half hadn't.

To say the least, none of those items fall into the categories you described. As I said, it used to be that I only rarely saw items that weren't eligible for free two-day shipping, and they would typically fall in line with what you're talking about, but that no longer seems to be the case, since this isn't the first time we've been hit by unexpected, inexplicable delays on our orders.

Comment Re:Amazon too big for its own good (Score 1) 129

My Prime membership runs out later this month, but last I checked, they still had the free shipping on larger orders. It went up from $25 to $35 a few years back, and I think it may have gone up again in the last year ($50?), but I suppose I'll know for sure in a few weeks.

But yeah, I question the value proposition that Prime actually brings to the table, even for its bread and butter services, which in many cases have gotten worse over the last year or two. For instance, I'm regularly seeing items marked as Prime that no longer have free two-day shipping (e.g. quite a few items I looked at on Prime Day were marked as having free five-day shipping instead of free two-day shipping) or that I find out afterwards had small text indicating they weren't actually promised to arrive within two days, even for Prime members, which has become an all-too-routine disappointment, simply because our expectations end up exceeding reality. Whenever I haven't had Prime, I know what to expect, so I've been fine letting items pile up in my cart until I reach the amount necessary for free shipping, but if you train me to expect two-day, you better deliver it, and they haven't been.

Those bribes for slower shipping are nice, but the $10 or so in credit we got for things we were actually interested in (i.e. just Instant Video) barely makes a dent in the cost of a Prime membership. And Prime Instant Video is lacking both in terms of free content and UX polish when compared to Netflix; I rarely use it, and when I do, it's almost exclusively for paid rentals that I pay for using credit from the bribes. The Prime discounts they offer on pre-ordered video games and the like (e.g. many are $48 instead of $60) are a poor incentive for me, since I'm the type who is perfectly content to wait a few years and pick the game up for $5.

We had actually cancelled our Prime previously, but they hooked us again last year when an item we needed was $50 cheaper than anywhere else due to a steep discount for Prime members. Prime ended up paying for a year of itself that day, since I had been in grad school recently enough that they still had me down as eligible for the $50 student pricing, but when the renewal came around this year, there was no doubt that we'd be dropping it, even if they had offered us the student pricing again (which they didn't). If it can pay for itself like that again, we'll consider renewing, but not until then, since we've barely gotten any value out of it other than on that day.

Comment Re:no password manager (Score 1) 60

Indeed. A "security researcher" who thought an 8 character password--regardless of whether it was randomly-generated--was in any way sufficient for a single site, let alone across so many sites that they can't remember where they've used it, is not a researcher I would trust. Simply on account of the large numbers involved, it's virtually guaranteed that others would also land on that same password, as this researcher discovered.

Moreover, for any site not employing best techniques (i.e. hash+salt), you don't have to look around online for too long to find databases that can provide a reverse-lookup to go from a pre-generated list of hashes back to the passwords that produced them (e.g. rainbow tables). Last year when I looked around, the lookups could be done on most of the common hash methods and would work on any password up to 14 or 15 characters in length. I wouldn't be surprised if they've gotten even further by this point. So if any of those sites you used your 8 character password at were hacked and weren't employing best techniques, your password would be one of the easiest ones to decipher.

First thing I did when I switched to using a password manager years and years ago was to have it tell me which passwords were duplicates of each other, then go through and update each of them to max-length, randomly-generated passwords. Perhaps ironically, banking and other financial institutions in my experience seem to have the strictest limits on how long a password can be, which makes it all the more important to ensure that they are not reused elsewhere, and that additional factors for authentication are layered on top as well.

Comment Re:Good (Score 1) 170

Funny you should bring upgradeability up, since that actually ties into the topic at hand for me.

See, I'm still using a 2011 Mac mini. My original plan when I got it was to do some DIY upgrades to increase its worth, upgrade to the new model each time one came out, and then sell the old, upgraded machine to make up my costs (DIY upgraded minis regularly sell at or above the price of new models on eBay) so that I'd have a smooth upgrade path while keeping my costs relatively low or maybe even making a small profit.

Unfortunately, my 2011 model has a BTO i7, a BTO dedicated GPU, a DIY Fusion Drive, and 8GB RAM that I installed. Subsequent models had worse graphics performance because they dropped the dedicated GPU as a BTO option, plus they (I believe) dropped the ability to do your own Fusion Drive and RAM. I would have been paying for a downgrade or sidegrade, which I wasn't going to do.

Which brings us around to tablets...

As I began considering my options for an upgrade, I realized that ever since getting married last year, the only time I sat down at my computer was to game. As it turns out, I had switched all of my non-gaming computing over to my iPad so that I could spend time with my wife more easily, but I had apparently done so without experiencing any pain points along the way or even realizing that I was doing so. Once I finally did realize what was going on, the upgrade path became pretty clear: sell the Mac mini and build my own gaming rig, since that's apparently all I'm using it for these days anyway, and a dedicated gaming rig will handle games far better than a 5 year old Mac mini.

Comment Re:15% performance increase (Score 3, Interesting) 144

The article says, "NVIDIA claims that the GTX is on average 15 percent faster than its closest competitor (i.e. the Radeon RX 480)", leaving it ambiguous as to which model they were referring. Given the pricing (4GB 480 for $200, 8GB 480 for $240, 6GB 1060 for $250), we'd assume that the 15% increase would be over the $240 RX 480, since it's the closest competitor in terms of price, but NVIDIA may be using some coy phrasing to compare the 1060 against a fictional mid-level RX 480 that averages the capabilities of the 4GB and 8GB models.

If it really is achieving a 15% increase over the $240 RX 480, then that's substantial, especially so considering that it does so "while also being over 75 percent more power efficient [than its closest competitor]", because at that point you'd be paying just $10 for a noticeable performance boost that would pay for itself over time from power savings. They'd sweep the legs completely from underneath the high-end 480. But if it's actually just 15% faster than a fictional, mid-level model or the 4GB model, that's substantially less impressive.

I'm eagerly awaiting the benchmarks.

Comment Re:Uh yeah... that already exists (Score 1) 71

Indeed. I've been using WhatTheFont for identifying fonts from pictures since it was launched in 2011. And being able to pull a color from an image is nothing new either. Everything from the built in Digital Color Meter app on every Mac to the Sherwin Williams paint app on my tablet can pull colors from images.

Comment Re:Not good for all driving conditions. (Score 2) 290

While all of those may be true, in practice few if any of them matter, for two simple reasons:
- Humans are the bottleneck
- Mirrors can only reflect what's around them...both for better or worse

A pitch black reflection of pitch black surroundings isn't useful, regardless of how clear it is, but a night vision display is able to enhance our ability to perceive the world around us, making it immensely more useful. Likewise, in low contrast conditions mirrors have failed me on numerous occasions (e.g. seeing gray cars on the highway during a torrential downpour), whereas displays can be made to enhance the contrast of the surroundings or overlay a highlight on nearby objects.

Again and again as we go through the details you listed out, the limiting factor is the fact that humans are still involved. Our eyes aren't great and we're woefully error prone. I mean, the majority of people adjust their mirrors incorrectly, providing them with suboptimal views, but even among those who do it right, a casual bump by a passerby in a parking lot, a pothole in the road, or a second driver who uses the car can put their mirror into a failure mode requiring a reset by the user. Moreover, mirrors require looking entirely away from the road ahead, can't adapt easily to show you the best angles in different situations, and can only reflect what's visible around you, which sometimes isn't enough.

Which isn't to say that cameras and screens are the best choice in all situations. If you frequently submerge your vehicle, a mirror may very well be a better choice, in much the same way that you'd also want a snorkel for your air intake. But those sorts of conditions are atypical, so they don't serve as a solid basis for arguing that either snorkels or mirrors should be a standard feature on cars.

At the end of the day, for typical conditions (whether good and bad), we are more of a limiting factor than anything else we're talking about. In good conditions you don't stand to gain from any of the benefits you've enumerated, and in bad conditions you suffer from the fact that mirrors do nothing to enhance our abilities. They merely reflect the world around us, whereas a display can show you things you can't see.

Comment Re:Walled garden (Score 1) 327

How is this any different?

A) Taylor Swift refused to even begin putting her content on Apple Music until the problem was dealt with. Spotify, on the other hand, was happy to play along for several years, until they decided they weren't. If it was a raw deal, why have they been putting up with it for years? And why complain when the deal is getting better for them (Apple's cut is dropping from 30% to 15%) unless they want publicity?

B) Taylor Swift would have been getting $0 during the trial period for new Apple Music users. Spotify has both been getting paid the same amount the entire time, and has been getting paid the same amount that they get on non-iOS platforms. Moreover, if they maintain their prices, they're set to actually start making more on iOS from their customers after Apple's cut drops, unless they pass that savings onto their customers.

Comment Re:Walled garden (Score 1) 327

Citation? I don't recall ever hearing of Apple having a Most Favored Nation (MFN) clause in their contracts with App Store developers, even early on. The biggest restriction at launch that they later backed off on was that IAP were only available for paid apps, not free ones, presumably to maintain a strong delineation between for-pay and free apps. It wasn't until later in the life of iPhone OS 3 (back before it was called iOS even) that they opened it up to free apps as well.

Apple has done MFN clauses in contracts elsewhere (most infamously in the eBooks market), but I can't find any evidence that they did so with app developers, nor do I have any memory of it, so if you have any way to reference that tidbit, I'd be keen to get more information.

Slashdot Top Deals

Lend money to a bad debtor and he will hate you.

Working...