Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:Not at all (Score 1) 229

You're assuming that the attacker either 1) controls Chrome's sourcecode so fully that they can modify it and nobody else will review the change and/or 2) this new api will introduce a security bug.

#1 is a possibility for every single piece of hardware and software that we interact with. There is nothing that makes Chrome more vulnerable, other than being a higher profile target. That's countered by higher levels of scrutiny from the whitehat community and Google themselves.

#2 applies to any feature that they add. There is nothing special about a Bluetooth API. We're already trusting browsers to handle stuff far more sensitive than this. Chrome is one of the most thoroughly tested, hardened, and sandboxed pieces of software there is. If it's not provided by the browser (which has essentially replaced the OS these days in terms of running 3rd party code) then we have to trust some 3rd party extension to do the device interaction, and to do it with the level of security that Chrome would. Sorry, but I don't see that as any better or likely. Whether it's the Chrome app on a mobile phone, or Chrome on the desktop, this will make working with Bluetooth much easier, while keeping things as safe as can be reasonably expected.

Comment Re: Not at all (Score 1) 229

I'm sorry, but it sounds like you realize your whole comment is a slippery slope argument, but not that that is a logical fallacy. The permission request is there -- just like there's a request in every browser before for sharing your location -- because it isn't always appropriate to share personal data with untrusted sites.

Comment Re: Not at all (Score 1) 229

I don't understand this literacy laziness. It feels like most of the people here are willfully blind. In the very same section you're referring to, it says: "Google Chrome will prompt user with a device chooser where they can pick one device or simply cancel the request." That's the browser doing that. The website you're on doesn't suddenly now trivially have permission to scan all available devices. It's the browser -- the app you're already trusting with the passwords for all the sites you access -- doing the scan.

Comment Not at all (Score 5, Informative) 229

Is this even a tech blog anymore? These assumptions about privacy loss only make sense if you haven't done even the most trivial reading of the spec. The docs are here: https://developers.google.com/... A site can request to connect to a bluetooth device. Chrome prompts the user for which one (or none), and the website can then interact with the selected device. I did less than a minute's worth of research. It's even mentioned in the article, but then the article just goes on to assume that the user has granted permission to the page to access every device they have somehow. Maybe I've missed something, but nobody seems to be talking about the actual implementation.

Comment Android apps (Score 1) 176

I recently discovered the nice work they did on their Android apps (finance & weather). I had completely written Yahoo! off before then. If they keep that up, they might get some traction from them. (It even got me to sign in to my old account)
SuSE

openSUSE 11.2 Released 207

An anonymous reader tips news that openSUSE 11.2 has reached its official release. You can get it from their download page, or just grab the torrents (32-bit, 64-bit). "openSUSE 11.2 will come with the latest version 2.6.31 of the Linux kernel, the beating heart of every openSUSE system. The default file system of openSUSE will be switched to the new Ext4 as well. Of course, openSUSE will continue to support Ext3 and other filesystems — but on install, new partitions will automatically be designated Ext4. ... Desktops and servers can use the same kernel, but it's better to tune the kernel for the job at hand. That's why openSUSE now includes a desktop kernel specially tuned for desktop users. ... In addition to the work of the openSUSE Project in the desktop, openSUSE 11.2 includes the latest versions of the two desktop environments, KDE 4.3 and GNOME 2.28. KDE users will enjoy the new Firefox KDE integration, OpenOffice.org KDE4 integration, consistent KDE artwork and all standard applications being ported to KDE4 including KNetworkManager, Amarok, Digikam, k3b, Konversation and more."

Submission + - Apple says booting OS X makes an unauthorized copy 9

recoiledsnake writes: Groklaw has an extensive look at the latest developments in the Psystar vs. Apple story. There's a nice picture illustrating the accusation by Apple that Psystar makes three unauthorized copies of OS X. The most interesting however, is the last copy. From Apple's brief: "Finally, every time Psystar turns on any of the Psystar computers running Mac OS X, which it does before shipping each computer, Psystar necessarily makes a separate modified copy of Mac OS X in Random Access Memory, or RAM. This is the third unlawful copy." Psystar's response: "Copying a computer program into RAM as a result of installing and running that program is precisely the copying that Section 117 provides does not constitute copyright infringement for an owner of a computer program. As the Ninth Circuit explained, permitting copies like this was Section 117’s purpose." Is Apple seriously arguing that installing a third party program and booting OS X results in copyright infringement due to making a derivative work and an unauthorized copy?
Security

Delta Air Lines Sued Over Alleged E-mail Hacking 152

alphadogg writes "Delta Air Lines is being sued for allegedly hacking the e-mail account of a passenger rights advocate supporting legislation that would allow access to food, water and toilets during long delays on the tarmac. Kathleen Hanni, executive director of Flyersrights.org, alleges Delta obtained sensitive e-mails and files and used the material in an attempt to derail the 'Airline Passenger's Bill of Rights of 2009,' of which four versions are pending before Congress. The suit was filed on Tuesday in US District Court for the Southern District of Texas and seeks a minimum of $11 million in damages. Flyersrights.org, a nonprofit organization founded in 2007, had been investigating surface delays in air travel."

Slashdot Top Deals

"One day I woke up and discovered that I was in love with tripe." -- Tom Anderson

Working...