Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:DCMA Fair Use / Parody (Score 1) 214

No, it wouldn't. These notices are made on behalf of Samsung about an exclusive right to something about the Galaxy 7 which is allegedly being infringed. The assertion of infringement has no legal standing, but the assertion is made on behalf of the owner of an exclusive right that is allegedly infringed.

A judge can find a load of other shit you're doing wrong if you're misusing the statute. Abuse of the legal system is frowned upon.

Comment Re:Mitigations (Score 1) 95

The simple mitigation is to not have local users who will hack your machine.

If you run a server, an exploit of the server software (nginx, PHP scripts, Ruby on Rails, etc.) will provide local non-root access, which you can then root.

If you run your server software in Docker, then the host system's binaries aren't exposed. That means an attacker can't modify the disk cache for /bin/su and then su to root; he can only modify the disk cache for /bin/su or glibc from e.g. the debian:jessie image that the Docker image the container used is based on. Elevation in the same container is useless: anything mounted read-write is likely already writable by the software the attacker exploited in the first place, so they have that access; and modifying the system is pointless, since you can just destroy and recreate the container in 10 seconds.

A container exploit might give a cross-container exploit to all containers eventually descended from the same version of the same base image (e.g. everything ultimately built from that release of debian:jessie), but it's tricky. You can modify e.g. /usr/sbin/nginx and send a reverse-shell to all nginx containers; or you can modify glibc and get it into everything using the same base image (because it's from the same disk blocks, thus the same disk cache). Either of those has to use the existing memory space (can't add empty memory pages or use anything outside the file), replace code in an existing function, and not outright crash (or the container terminates and all processes end immediately); and a glibc modification would make your reverse shell kind of useless (bash would just re-exploit and call a new reverse shell).

Escape to the host system is as impossible as it is without this exploit, so there's that.

So, for some server software configurations, this is diminished to the point of uselessness. For others, they get the www-data user and then su straight to root.

Submission + - ICANN recommends TLDs like .txt -- and .exe ( 1

fyngyrz writes: ICANN says, in part:

Given preliminary feedback that there is not a technical need to prevent file extensions as TLDs, as well as the lack of an authoritative source of common file extensions to draw from, staff determined that it is not workable to prevent common file extensions from being used as TLDs.

To summarize, it is the recommendation of the ICANN technical staff to allow applications for TLD strings that may also be commonly used for file extensions.

But will ICANN approve such applications? If so, we can all look forward to opportunities to click on...


Comment Re:Your car is not your car (Score 1) 300

...and the "cloud" -- if it's in the "cloud", someone else owns it. Even when they tell you you own it.

It's not on your hardware, it's not on your software, it's not in your storage, it's not on your premises, and you have zero control over any of the actual foregoing locations / instances.

But hey, everyone, keep that cloud-ward stampede going. They love ya for it.

Comment Tesla has control (Score 1) 300

All they could do to stop you from doing is voiding your warranty.

Perhaps not. As I understand it, the car is connected in order to facilitate software upgrade / maintainance. So they could tell the car it couldn't drive the next time you parked it for ten minutes, for instance.

I imagine that would land them in court -- but technically speaking, they could do it.

Comment Re:How can that possibly be legal? (Score 1) 300

Well they could disable access to the travel data stream--a resource you're continuously using, maintained by them, at a cost of loads and loads of money per year diffused through thousands of consumers.

400 million copies of Windows XP sold. If they paid 270 programmers full-time for 10 years to develop and maintain XP, Microsoft would have made a profit selling it at $1. What's Tesla's incentive to keep up with firmware and data updates?

For what it's worth, the 2009 DVD to update the 2004 Mazda 3's in-dash navigation system costs $300. Yes, you have to pay $300 for the DVD, then install it into your car yourself, and then you have 2009's map data instead of 2004's. This was also true of the 2007 update.

Comment Re:DCMA Fair Use / Parody (Score 4, Interesting) 214

Not even.

The phone isn't copyrighted. Its existence and a representation of it as a material fact can't be copyrighted. You can't copyright the existence and form of your product in such a way that, for example, a novel writer can't mention that a person was using a Samsung Note 3 and describe the functionality he was using. Those are material facts.

The phone is a trademark--or at least its visual form and its name are potential trademarks. You may be able to patent the production of a phone in that form (design patent), and trademark a particular shape of a phone (like the Gibson and Fender headstocks--yes, their brand-identifiable shapes are trademarked); that applies only to actually making a phone.

Samsung is legally-required to protect its trademarks, else they lose them. That means a number of things. It means you can't make a DogRun Galaxy 7 phone (especially in substantially-similar design to the Samsung offering) because Galaxy and Galaxy 7 are Samsung trademarks. It means you can't use the Samsung name to brand your phone. If you do these things, Samsung must take action, or else the next guy to do the same thing can point out that Samsung hasn't protected their trademark.

A reference to a trademark isn't a trademark infringement.

A reference to a trademark in a book, in a TV show, in a video game, in literature about your own product, wherever it is, does not infringe trademark. Trademark distinguishes products. If you make a phone and, in the literature, identify that it is distinct from the Samsung Galaxy 7 by pointing out that it has similar or superior battery life to the Samsung Galaxy 7, you haven't infringed trademark because you haven't identified your phone as a Samsung Galaxy 7.

That video isn't parody, by law; it's non-infringing. It's a non-infringing reference to a trademark and to the existence of a product. Artistically, it's satire: it explores an existing material fact with humor and exaggeration. Even if it had no artistic defense, there's no standing for any intellectual property claim--copyright, trademark, patent, or otherwise. Samsung's phones blowing up is a material fact; it might be over-emphasized, but it's a thing that happened in the world, and the phones are a thing that exist in the world, and the thing in the game is a representation of that thing and not a counterfeit product.

Comment Re:Holy flamebait batman! (Score 1) 883

It's something we need to move into, as a matter of social welfare. There's actually an argument (not very sound) that the United States is legally-required to implement something substantially-similar to the system I designed as soon as technically-feasible.

The ideal that we'll need some kind of UBI because of an upcoming crisis is rooted in a misunderstanding of economics. People think automation is a new thing and jobs go away forever; but it's just technical progress, the same as we've been doing for thousands of years. The threat comes when progress occurs too rapidly: if you create rapid unemployment, the slow replacement of jobs doesn't keep up, and you get high unemployment.

The only zero-job economy is a zero-labor utopia where humans do nothing. Flat out. As long as human hands are required somewhere in the process, there's no such thing as permanent job destruction. As well, new jobs range from highly-complex, heavily-specialized disciplines to pushing the buttons on the machines at the correct time; sometimes the sensors and probes aren't nearly as accurate as humans, or just cost a lot more. That's why things like injection-molded plastic forms are removed from the mold by hand and placed on a conveyor: a machine that can handle that job would be ridiculously-complex and unreliable; at the very least, it'd require thousands of hours of QA testing after retooling the IM to make a new form--or you just skip all that maintenance and extra QA and pay someone to do it by hand.

The nature of technology is also that it's invented as soon as it's envisioned in sufficient detail. It's in-production shortly after. People have romanticized about robots replacing 100% of all jobs since Karl Marx proposed it as an immediate, tomorrow-goal for society; then, they made machines and came up with new jobs doing the last bits of work finishing up after the machines--the robot does the job of a hundred men, and one man clears up their mistakes.

The corollary is we're constantly imagining all jobs will go away forever when we see a new technology (machines, trade, or materials--cotton is the bane of the sheep-shearers's union!). We can't imagine what new technology will appear tomorrow and how it will create jobs, because technology reduces labor requirements.

So what actually happens?

We reduce the labor involved, and the costs go down eventually--the relative cost of things is in constant turmoil, and the relative desirability of goods changes. Food has enormous competition. Every good competes with every other good--if you spend more of your money on food, you have less for iPads; if 2/3 of the price of iPads is actual costs and people are only willing-and-able to spend 3/4 of the price, then you need to lower the price (by 1/4, meaning the cost is now 8/9 of the price--an 11% margin instead of 33%). Instead of margins getting fatter and corporate profits soaring, corporate profits average the same marginal percent over the long term.

So people steadily get that spending power back. They then buy more stuff. That creates replacement jobs. If you've eliminated (over a wide time span) 50% of all required labor to make things, then costs are now only 50% as much; prices adjust in total to half of all income; and people now buy twice as many things. It takes half the working-hours to make the same, or the same working hours to make (and buy) twice as much.

Handwaving away all the economics bullshit, you can just state mathematically that a profit margin of X% implies paying wages of 100%-X%. Wages being what they are, the number of labor hours is mediated by how much money is spent. Reducing labor in one place means you have unspent money; you spend it elsewhere; suddenly there's labor there. This works over long timescales; your economy collapses if you replace a third of it with machines over the long weekend.

So, all of that. Yeah. Point?

I don't believe we're going to need to face up to a UBI in the future, in the sense that I don't believe society will collapse from catastrophic job loss and everyone will need free money. I believe the system I designed slows the transition onto technical progress by making human labor lower-cost, thus strengthening competition with lower-labor solution, without lowering take-home (spendable) wages. That means businesses take less risk waiting for automation solutions to come down in price (delaying for a competitive advantage of implementing even-cheaper automation later, at the cost of paying more for labor now); the variation in risk appetite and risk tolerance will lead some businesses to implement earlier and others later, whereas ramping up the cost of labor will cause the higher-risk players to hit their risk limits at the same time (i.e. earlier) as the lower-risk players.

A UBI is one way to avoid a transition like the Industrial Revolution (60% unemployment for THREE GENERATIONS), and instead get a transition like the Information Age (low employment, rapid job growth, rapid economic growth, and a high-speed evolution through generations of new technology and greater economic security--and occasional bitching about 6%-8% unemployment peaks that came a decade apart and lasted 2-3 years; the Great Recession of 2008 was pretty huge). It reduces the risk of a societal collapse in the way people fear one might occur, but that collapse isn't guaranteed anyway.

Other than that, it's also a lot more efficient than our current system--but only once we've got a wealthy-enough nation (which became a stable fact in 2013, in that we could do it while moving around no more money than we're already spending on welfare). Doing this in 1950 would have destroyed America.

Comment Re:It's not a matter of those reasons (Score 1) 545

True, and that's their prerogative.

The thing is both positions are surprisingly mature. Zuckerberg is probably just being a loud-mouth and trying to prevent a public incident from screwing with his company; but it's still an important point if you exclude his viewpoint. The highest-developed psychological defense mechanisms include suppression and tolerance--delaying an emotional response until you can deal with it safely, and allowing behaviors of others which aren't harmful to you even if you disagree with them. Trump supporters are their own problem, by and large because they want to support a celebrity or a political party (a lot of Republicans are blind to their own candidate and only want to be saved from socialism or something); and people who object to Trump have the right to declare that their particular organization has strong objections to Trump's message.

That means YC can declare it wants nothing to do with Trump or its supporters; and Facebook can declare itself not the steward of people's opinions; and both are essentially-correct behaviors.

Comment Re:Holy flamebait batman! (Score 1) 883

Maybe TPTB know we're nearly there. Why else would Hillary be provoking Russia into war? They realize the facade of the world economy is crumbling and want to clear out the riff raff before they realize what's happening.

OK, taking my tin foil off now...

Slashdot Top Deals

APL hackers do it in the quad.