Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Widevine (Score 3, Informative) 134

This is the same buggy piece of crap that led to root exploit on many Android phones, since of course a media player needs privileged access to the kernel.

http://bits-please.blogspot.co...

But don't worry, that was a fluke, I'm sure the opaque blob for the PC is written by their best men, and not the scum of the earth who failed their McDonalds job interview.
The complete loss of security to all their users is a small price to pay to eradicate unlicensed copying of movies once and for all!

Comment They didn't! (Score 2) 135

What a non-story. The flaws in Dual EC DRBG were widely published shortly after release.

The backdoor was first published by Dan Shumow and Niels Ferguson in August 2007.

Bruce Schneier wrote the same year:

My recommendation, if you're in need of a random-number generator, is not to use Dual_EC_DRBG under any circumstances. If you have to use something in SP 800-90, use CTR_DRBG or Hash_DRBG.

This was common knowledge if you had more than a passing interest in cryptography. I think TFA is mistaken when it says that it didn't get enough attention. The reason academics didn't take it more seriously is that it was seen as so obvious, it was mostly harmless shenanigans.

You would only use it in a serious cryptographic product if you were an incompetent crackhead, or if the NSA had stuffed your ass full of money.

Incidentally, RSA, the large security firm, shipped it in a serious cryptographic product for years and years.

Comment Re:End of certificates, please? (Score 1) 80

The trouble with Convergence; I think, is the reliance on online notaries; which become highly-centralized single points of failure.

They don't, really. The great thing about notaries as opposed to CAs is that you can use as many of them as you want, and the client decides how to handle discrepancies and outages. So a browser could ship preconfigured with 8 independent notaries, and alert the user if more than four of them were down, or if any single one of them disagreed with the rest.

In the same way, CAs can still act as authoritative notaries for domains they have signed. But now if they misbehave they can be instantly delisted, and users will fall back on the standard Convergence protection.

Comment Re:Tired of bashing Bitcoin, yet? (Score 0) 285

I disagree. The "proof of work" busywork is wasteful and makes it hard to prove any real security. The Bitcoin protocol scales poorly and consumes disproportionate resources.

I am sure it is possible to do both the ledger and the currency distribution more elegantly than Bitcoin does.

For instance, a IOU system like Ripple could facilitate a Hawala-like transaction network without the meaningless weapons race caused by allocating new coins proportionally to hashing power.

Or zero-knowledge protocols could be used to vastly enhance the anonymity of transactions.

Bitcoin is an interesting proof of concept, but "as elegant as a decentralised digital transactions system could be" is overselling it by far.

XBox (Games)

Microsoft Exec Says Xbox One Kinect Is Not Built For Advertising 75

MojoKid writes "Among the various SNAFUs and PR misfires related to the Xbox One release earlier this year, one item that had people upset was that Kinect would be used for advertising--or worse, that the Xbox One Kinect was actually designed with advertising in mind. The source was a UI designer who was expounding the capabilities of the Kinect and how it could be used to deliver interactive ads and used for native advertising. However, Microsoft Director of Product Planning Albert Penello threw cold water on much of it. 'First--nobody is working on that,' he said. 'We have a lot more interesting and pressing things to dedicate time towards.' He also stated that if Microsoft were to engage in something along those lines, users would definitely have control over it, meaning that Kinect would not be spying on you; you would have to engage with Kinect for anything to happen."
Television

Legislators Introduce Bill To Stop Set Top Boxes From Watching You 161

An anonymous reader writes "For a few years now, we've been hearing about TV-related devices that have built-in cameras and microphones. Their stated purpose is to monitor consumers and gather data — often to target advertising. (We'll set aside any unstated purposes — the uses they tell us about are bad enough.) Now, two members of the U.S. House of Representatives have submitted legislation to regulate this sort of technology. '[They] said they want to get out ahead of the release of this new technology and pass legislation that ensures it would include beefed up privacy protections for consumers. They added that this legislation is particularly relevant given the recent revelations about the National Security Agency's Internet surveillance programs. ... Additionally, the bill requires a cable box or set-top device to notify consumers when the monitoring technology is activated and in use by posting the phrase "We are watching you" across their TV screens.'"

Comment Re:AF_BUS -- a[n] implementation of the D-BUS" (Score 3, Informative) 61

Hadn't heard about AF_BUS before...
I found the rationale, and a summary of the argument against.

I get that doing multicast in userspace isn't optimal, but I'm a bit mystified what people are doing with D-Bus that would require any kind of performance. Wasn't D-Bus supposed to be a simple pub-sub system for notification of events and the like?

Comment Re:Requires local access (Score 1) 210

this will be easily stopped by adding a filename prefix or suffix

No it won't. It is still easy to make collisions with a known prefix or suffix. You would have to include a random component.
Even if that was a feasible workaround, it's hardly a common best practice, nor should it be.

There goes this script kiddie's

He discovered this vulnerability himself, and wrote the attack code; he is by definition not a script kiddie. Never mind that he's a professor and published cryptographer.

while about experimental software not being perfect.

This has nothing to do with being experimental software. This is not a bug, it is a weakness in the design. Furthermore, the bad behaviour will not manifest by accident - you have to deliberately provoke it.
This is the type of problem that isn't fixed before someone finds and reports it -- like Junod did.

Please cease your inane babbling.

Microsoft

Microsoft Granted Patent For Augmented Reality Glasses 89

another random user writes with an excerpt from the BBC about Microsoft's vision for augmented reality glasses: "A patent granted to the U.S. tech firm describes how the eyewear could be used to bring up statistics over a wearer's view of a baseball game or details of characters in a play. The newly-released document was filed in May 2011 and is highly detailed. ... Although some have questioned how many people would want to wear such devices, a recent report by Juniper Research indicated that the market for smart glasses and other next-generation wearable tech could be worth $1.5bn by 2014 and would multiply over following years." Noticeable differences from Google's version: two lenses, a wrist computer, and wires.

Comment Re:Brilliant references! (Score 4, Funny) 197

Also be sure to check out the brilliant paper recently published by Hakin9 in their issue on Nmap.

The authors detail the working of their DARPA Inference Cheking Kludge Scanner (DICKS), and cite such prominent references as
Z. Sun, "Towards the synthesis of vacuum tubes," Journal of Concurrent, Extensible Technology, vol. 84, pp. 1-19, Feb. 2005.
C. Hoare, J. Wilkinson, and D. Ritchie, "Contrasting Scheme and Internet QoS using SluicyMash," Journal of Flexible, Omniscient Epistemologies, vol. 20, pp. 154-194, Feb. 2000

Some excerpts:

"Obviously, event-driven modalities and web browsers are based entirely on the assumption that extreme programming and digital-to-analog converters are not in conflict with the deployment of massive multiplayer online role-playing games."

"We show our method's real-time evaluation in Figure 1. We consider a framework consisting of n flip-flop gates. Such a claim might seem counter intuitive but is derived from known results. Next, NMAP does not require such a theoretical emulation to run correctly, but it doesn't hurt. This seems to hold in most cases. We use our previously enabled results as a basis for all of these assumptions. This seems to hold in most cases."

"Figure 1.3: The 10th-percentile latency of NMAP, as a function of popularity of IPv7"

Android

Universal Android Laptop Dock: Microsoft Nightmare, Or Toy? 262

ozmanjusri writes with this story from PC World: "A company that makes keyboard docks has announced a laptop-like peripheral that uses smartphones for processing and storage. Since many Android and Apple phones have multi-core processors powerful enough to deliver laptop-level performance, they only lack usable screens and keyboards to be productive for most office work. ClamCase believes their 13.3-inch 1,280 x 720 ClamBook with keyboard, multi-touch touchpad, and dedicated Android keys will make up for the lack, and turn smartphones into fully-functional laptops. A device like the ClamBook could be a real game-changer for the computer industry. If it succeeds, peripheral makers could build docks which would allow any monitor, keyboard, mouse and storage to be powered by any Android phone. It's a combination which would make BYOD offices very tempting for the corporations who are the Windows/Office combination's remaining cash-cow." I only wish the company would license the idea as well to established makers, so otherwise conventional laptops could gain the ability to easily become advanced phone screens, too.
Google

Sergey Brin Demos Google Glasses Prototype 122

MojoKid writes "Folks have been clamoring for more on Google's Project Glass and Sergey Brin — one of the co-founders of Google — is now burying himself in the R&D department associated with its development. Recently Brin appeared on 'The Gavin Newsom Show' with the prototype glasses perched on his face. The visit was actually a bit awkward as you can see in the video, as it's a lot of Brin and Newsom describing what they're seeing via the glasses with no visual for the audience. However, Brin dropped a bomb when he stated that he'd like to have the glasses out as early as next year."
Censorship

Judge Who Ordered Pirate Bay Censorship Found To Be Corrupt 104

TheGift73 writes "TorrentFreak reports that 'This week yet another court order was handed down in Europe with the aim of censoring The Pirate Bay. The ruling forbids the Dutch Pirate Party from not only running a direct proxy, but also telling people how to circumvent an earlier court ordered blockade. However, according to Pirate Party founder Rick Falkvinge, the judge in the case has a history of corruption relating to another file-sharing case he presided over in the Netherlands. The Court of The Hague in the Netherlands has been particularly busy this work with Pirate Bay-related cases.' Falkvinge wrote, '... not only was the plaintiff and judge personally and closely acquainted, the plaintiff in a controversial copyright monopoly case was running a commercial anti-piracy outfit together with the judge in the case. Money was involved. Commercial interest was involved. The judge was, as it appears from this brochure for the quite expensive course, getting money. Shortly after the case. In a directly related matter together with the plaintiff. That makes the judge not only corrupt, but textbook corrupt.'"

Comment Re:Waiting for ad.doubleclick.net ...zzz... (Score 1) 275

Some web browsers just render the page assuming that included scripts won't call document.write(), and then render the page again when the scripts have loaded, in case they do.
I think Chrome does this, and Opera has it as an experimental option in opera:config ("Delayed script execution").
It speeds up things a lot, especially if you aren't blocking ads. Many sites spend most of their loading time just waiting for ad servers.

There ought to be an attribute or something that webmasters could use to explicitly request XHTML semantics... Something like

Slashdot Top Deals

"What man has done, man can aspire to do." -- Jerry Pournelle, about space flight

Working...