Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - ICANN recommends TLDs like .txt -- and .exe (icann.org)

fyngyrz writes: ICANN says, in part:

Given preliminary feedback that there is not a technical need to prevent file extensions as TLDs, as well as the lack of an authoritative source of common file extensions to draw from, staff determined that it is not workable to prevent common file extensions from being used as TLDs.

To summarize, it is the recommendation of the ICANN technical staff to allow applications for TLD strings that may also be commonly used for file extensions.

But will ICANN approve such applications? If so, we can all look forward to opportunities to click on...


Submission + - Wired says Google's Pixel is the best phone on the market

swillden writes: The reviews on Google's Pixel phones are coming in, and they're overwhelmingly positive. Most call them the best Android phones available, and at least one says they're the best phones available, period.

Wired's reviewer says he used to recommend the iPhone to people, but now he says "You should get a Pixel." The Verge, says "these are easily the best Android phones you can buy." The Wall Street Journal calls the Pixel "the Android iPhone you've been waiting for." ComputerWorld says "It's Android at its best."

AndroidPolice is more restrained, calling it "A very good phone by Google." The NY Times broke from the rest, saying "the Pixel is, relatively speaking, mediocre", but I'm a little skeptical of a reviewer who can't figure out how to use a rear-mounted fingerprint scanner without using both hands. It makes me wonder if he's actually held one.

Comment Re:Your car is not your car (Score 1) 262

...and the "cloud" -- if it's in the "cloud", someone else owns it. Even when they tell you you own it.

It's not on your hardware, it's not on your software, it's not in your storage, it's not on your premises, and you have zero control over any of the actual foregoing locations / instances.

But hey, everyone, keep that cloud-ward stampede going. They love ya for it.

Comment Tesla has control (Score 1) 262

All they could do to stop you from doing is voiding your warranty.

Perhaps not. As I understand it, the car is connected in order to facilitate software upgrade / maintainance. So they could tell the car it couldn't drive the next time you parked it for ten minutes, for instance.

I imagine that would land them in court -- but technically speaking, they could do it.

Comment Re: Irony (Score 1) 85

They obviously know, but are legally forbidden from commenting.


I think people often forget that corporations are about the furthest thing possible from monolithic. It's entirely possible for one organization within a corporation to receive a request that is within its own ability and authority and to handle it without bothering to tell anyone else, or with only brief consultations with legal, who may not have kept any records. Given government secrecy requests/demands, that possibility grows even more likely. Further, corporations aren't static. They're constantly reorganized and even without reorgs people move around a lot, and even leave the company. There are some records of what people and organizations do, but they're usually scattered and almost never comprehensive.

It's entirely possible that they did something like this, that the system was installed and later removed, and that the only people who know about it have left the company or aren't speaking up because they were told at the time that they could never speak about it, and that the organization that was responsible for doing it and/or undoing it no longer even exists. It's possible that Yahoo's leadership's only option for finding out whether it happened is to scan old email to see if anyone discussed it via email (which may not have happened; see "government secrecy requests/demands") or to look in system configuration changleogs to find out if the system was ever deployed (and it may have been hidden under an innocuous-sounding name)... or to ask the government if the request was ever made.

Of course, my supposition here depends on a culture of cooperation with the government. I don't know if that existed at Yahoo. I think most of the major tech corporations at this point have a strong bias towards NON-cooperation, which would cause any request like this to go immediately to legal who would immediately notify the relevant C-level execs. But I have worked for corporations where the scenario I describe is totally plausible.

Comment Reconstructing text - Already been done (Score 1) 56

I used a technique back in the early 1990s where anyone using internet relay chat would have their keystrokes appear on my end. It was also 100% accurate, no microphone needed, and able to capture hundreds -- no, thousands of users at a time. I could capture dozens of conversations lasting hours sorted into "channels". It was fun for a while, I really should get back into it.


Comment Re:Warrant canary (Score 1) 22

I was expecting a Warrant canary. e.g. something to say they have not yet been been given secret orders by the NSA/CIA to install a backdoor for spying on users.

Like Apple used to have. Is there some reason Google cannot do that?

I think their absence of an existing Warrant Canary speaks volumes. (That is - they've already been issued such an order or warrant.)

Google's head lawyer, David Drummond, has explicitly said that Google has done no such thing. Of course, if the government could order him to lie, then that doesn't mean anything. But if the government could order corporations to lie, then it could order them to publish a false warrant canary statement.

Comment Re: I hope Apple Pay will die (Score 1) 283

I'm sorry but that's just not true. The two systems are vastly different in implementation. Google are acting as a financial intermediary for every transaction through use of a "virtual credit card" which is what is on your phone and what the vendors see (they never see your actual cards as they are only on Google'a servers). As a result, Google have access and knowledge of every detail of every transaction you make using their system. This aligns with their panopticon business model. By effectively acting as a middleman financial institution they don't need any agreement with banks etc. Every transaction you make actually becomes two 1. Google pays vendor, 2. Google charges your bank.

Your information is out of date.

What you say was the mechanism that Google Wallet used, in its second version. The evolution of Google's NFC payment system went as follows:

1. The initial release used a secure element (essentially a smart card chip) and installed your actual credit card information in the SE, using the standardized EMV solution straight up. (EMV is EuroPay/Mastercard/Visa, a consortium that creates payment standards). Initially only Chase cards were supported because this approach requires support from the issuer.

In this version Google was not a middleman.

2. Due to banks being very slow to get on board with SE-based NFC payments, and due to lots of opposition from carriers (who wanted to become the new payments infrastructure, see ISIS/SoftPay), Google abandoned the SE-based solution and invented something called Host Card Emulation (HCE). In this model, your actual credit card information was kept off the phone entirely, stored only in Google's servers. A proxy card was used to make payments at the point of sale, using pre-computed single-use cryptographic tokens computed on the server and stored on the phone. The proxy card allowed Google Wallet to support any and all credit and debit cards -- in theory any payment mechanism that Google's back-end payment infrastructure could support.

In this version Google acted as a middleman, as you say.

3. AndroidPay deployed after ApplePay and uses a payment architecture very similar to ApplePay, called "network tokenization". The idea is that the interchange networks can produce cryptographic credentials which can be validated by the network, which then passes the validated transaction back to the card issuer. This means that the issuing banks have dramatically less work to do to support NFC payments than in the original EMV-specified model (the one used by Google Wallet). Network tokenization was under development when Google Pay deployed initially, but far from ready to go. Apple waited until it was before launching, and as soon as it was available Google shifted to it as well. They still work somewhat differently, in that Apple uses long-lived multi-use tokens stored in the secure enclave, while Google uses short-lived, single-use tokens stored in Android, and encrypted with a key kept only in RAM and re-downloaded after each reboot.

In this version Google is no longer a middleman.

I expect that a future iteration of AndroidPay will shift to using tokens stored in the Trusted Execution Environment (TEE), discarding the RAM-only key, but that will have to wait until all of the devices using AndroidPay have the TEE with the necessary software.

Submission + - Google Says Black, Hispanic Children Like CS 1.5x-1.7x More Than White Kids 2

theodp writes: Based on a sample of interviews with 1,672 students in grades 7-12, Google says its research with Gallup shows that "Black and Hispanic students are more likely than their white counterparts to be interested in learning CS". In fact, Google says it found "Black students are 1.5 times and Hispanic students are 1.7 times as likely as white students to be interested in learning CS." In response, Google has joined Microsoft, Apple, Amazon, and others to call for more K-12 CS cowbell. A just-released K–12 Computer Science Framework (pdf, 339 pgs.), which cites some of the same Google & Gallup reports President Obama drew factoids from ("Nine out of ten parents want it [CS] taught at their children’s schools") to justify his $4.2B CS For All budget request, even calls for "pair programming" lessons for the pre-Kindergartner set. "At the pre-K level," reads a chapter on Computer Science in Early Childhood Education, teachers can help facilitate pair programming among two children with the same "My turn"/"Your turn" flashcards to designate driver/navigator roles as well as encourage children to engage in collaboration and communication skills to foster peer-to-peer scaffolding. Educators can provide more support and scaffolding by engaging in child/teacher pair programming."

Comment Re:Clinton, Podesta, Putin and Trump (Score 1) 435

No he's the bad guy for saying

There may be somebody with tomatoes in the audience. So if you see somebody getting ready to throw a tomato, knock the crap out of them, would you? Seriously. Okay? Just knock the hellâ" I promise you, I will pay for the legal fees. I promise, I promise. It wonâ(TM)t be so much â(TM)cause the courts agree with us too.

This is almost certainly the crime of incitement to violence (or murder if they'd accidentally killed someone).

What ever the democrats are alleged to have done is a separate issue. So I'm going to ignore your attempted /pivot but I'll give you a cookie for not using "But Hillary!"

Slashdot Top Deals

If I have not seen as far as others, it is because giants were standing on my shoulders. -- Hal Abelson