Become a fan of Slashdot on Facebook


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:DCMA Fair Use / Parody (Score 1) 214

No, it wouldn't. These notices are made on behalf of Samsung about an exclusive right to something about the Galaxy 7 which is allegedly being infringed. The assertion of infringement has no legal standing, but the assertion is made on behalf of the owner of an exclusive right that is allegedly infringed.

A judge can find a load of other shit you're doing wrong if you're misusing the statute. Abuse of the legal system is frowned upon.

Comment Re:Mitigations (Score 1) 95

The simple mitigation is to not have local users who will hack your machine.

If you run a server, an exploit of the server software (nginx, PHP scripts, Ruby on Rails, etc.) will provide local non-root access, which you can then root.

If you run your server software in Docker, then the host system's binaries aren't exposed. That means an attacker can't modify the disk cache for /bin/su and then su to root; he can only modify the disk cache for /bin/su or glibc from e.g. the debian:jessie image that the Docker image the container used is based on. Elevation in the same container is useless: anything mounted read-write is likely already writable by the software the attacker exploited in the first place, so they have that access; and modifying the system is pointless, since you can just destroy and recreate the container in 10 seconds.

A container exploit might give a cross-container exploit to all containers eventually descended from the same version of the same base image (e.g. everything ultimately built from that release of debian:jessie), but it's tricky. You can modify e.g. /usr/sbin/nginx and send a reverse-shell to all nginx containers; or you can modify glibc and get it into everything using the same base image (because it's from the same disk blocks, thus the same disk cache). Either of those has to use the existing memory space (can't add empty memory pages or use anything outside the file), replace code in an existing function, and not outright crash (or the container terminates and all processes end immediately); and a glibc modification would make your reverse shell kind of useless (bash would just re-exploit and call a new reverse shell).

Escape to the host system is as impossible as it is without this exploit, so there's that.

So, for some server software configurations, this is diminished to the point of uselessness. For others, they get the www-data user and then su straight to root.

Comment Re:Account Recovery (Score 2) 104

Google no longer supports non-security questions for account recovery.

FTFY. Security questions are a joke. The answers are almost always easy for an attacker with a little bit of information about you to find, and a lot of the time the legitimate user can't remember them. Moreover, those two traits are strongly correlated: the harder it is for an attacker to find the answers, the more likely it is that the user won't be able to find them either.

Everyone should stop using them.

Comment Re:Reason (Score 1) 104

Google doesn't actually want your phone number for security. Google wants your phone number so that they can link the account in their database to other information that contains your phone number.

The number is to make account recovery possible in the event you've forgotten your password. The assumption is that attackers won't have access to your phone. That assumption is violated if your telco will transfer your number to the attacker's phone, of course.

If you prefer not to give your phone number to Google, don't. Just turn on two-factor auth using a non phone number-based auth method, either the Authenticator app or (better yet) a security key, or both. Then download and print out some backup 2FA codes and keep them somewhere safe. Google won't have your phone number and you won't be vulnerable to mistakes by dumb telco customer service reps.

Submission + - Wired says Google's Pixel is the best phone on the market

swillden writes: The reviews on Google's Pixel phones are coming in, and they're overwhelmingly positive. Most call them the best Android phones available, and at least one says they're the best phones available, period.

Wired's reviewer says he used to recommend the iPhone to people, but now he says "You should get a Pixel." The Verge, says "these are easily the best Android phones you can buy." The Wall Street Journal calls the Pixel "the Android iPhone you've been waiting for." ComputerWorld says "It's Android at its best."

AndroidPolice is more restrained, calling it "A very good phone by Google." The NY Times broke from the rest, saying "the Pixel is, relatively speaking, mediocre", but I'm a little skeptical of a reviewer who can't figure out how to use a rear-mounted fingerprint scanner without using both hands. It makes me wonder if he's actually held one.

Comment Re:How can that possibly be legal? (Score 1) 300

Well they could disable access to the travel data stream--a resource you're continuously using, maintained by them, at a cost of loads and loads of money per year diffused through thousands of consumers.

400 million copies of Windows XP sold. If they paid 270 programmers full-time for 10 years to develop and maintain XP, Microsoft would have made a profit selling it at $1. What's Tesla's incentive to keep up with firmware and data updates?

For what it's worth, the 2009 DVD to update the 2004 Mazda 3's in-dash navigation system costs $300. Yes, you have to pay $300 for the DVD, then install it into your car yourself, and then you have 2009's map data instead of 2004's. This was also true of the 2007 update.

Comment Re: Irony (Score 1) 87

They obviously know, but are legally forbidden from commenting.


I think people often forget that corporations are about the furthest thing possible from monolithic. It's entirely possible for one organization within a corporation to receive a request that is within its own ability and authority and to handle it without bothering to tell anyone else, or with only brief consultations with legal, who may not have kept any records. Given government secrecy requests/demands, that possibility grows even more likely. Further, corporations aren't static. They're constantly reorganized and even without reorgs people move around a lot, and even leave the company. There are some records of what people and organizations do, but they're usually scattered and almost never comprehensive.

It's entirely possible that they did something like this, that the system was installed and later removed, and that the only people who know about it have left the company or aren't speaking up because they were told at the time that they could never speak about it, and that the organization that was responsible for doing it and/or undoing it no longer even exists. It's possible that Yahoo's leadership's only option for finding out whether it happened is to scan old email to see if anyone discussed it via email (which may not have happened; see "government secrecy requests/demands") or to look in system configuration changleogs to find out if the system was ever deployed (and it may have been hidden under an innocuous-sounding name)... or to ask the government if the request was ever made.

Of course, my supposition here depends on a culture of cooperation with the government. I don't know if that existed at Yahoo. I think most of the major tech corporations at this point have a strong bias towards NON-cooperation, which would cause any request like this to go immediately to legal who would immediately notify the relevant C-level execs. But I have worked for corporations where the scenario I describe is totally plausible.

Comment Re:DCMA Fair Use / Parody (Score 4, Interesting) 214

Not even.

The phone isn't copyrighted. Its existence and a representation of it as a material fact can't be copyrighted. You can't copyright the existence and form of your product in such a way that, for example, a novel writer can't mention that a person was using a Samsung Note 3 and describe the functionality he was using. Those are material facts.

The phone is a trademark--or at least its visual form and its name are potential trademarks. You may be able to patent the production of a phone in that form (design patent), and trademark a particular shape of a phone (like the Gibson and Fender headstocks--yes, their brand-identifiable shapes are trademarked); that applies only to actually making a phone.

Samsung is legally-required to protect its trademarks, else they lose them. That means a number of things. It means you can't make a DogRun Galaxy 7 phone (especially in substantially-similar design to the Samsung offering) because Galaxy and Galaxy 7 are Samsung trademarks. It means you can't use the Samsung name to brand your phone. If you do these things, Samsung must take action, or else the next guy to do the same thing can point out that Samsung hasn't protected their trademark.

A reference to a trademark isn't a trademark infringement.

A reference to a trademark in a book, in a TV show, in a video game, in literature about your own product, wherever it is, does not infringe trademark. Trademark distinguishes products. If you make a phone and, in the literature, identify that it is distinct from the Samsung Galaxy 7 by pointing out that it has similar or superior battery life to the Samsung Galaxy 7, you haven't infringed trademark because you haven't identified your phone as a Samsung Galaxy 7.

That video isn't parody, by law; it's non-infringing. It's a non-infringing reference to a trademark and to the existence of a product. Artistically, it's satire: it explores an existing material fact with humor and exaggeration. Even if it had no artistic defense, there's no standing for any intellectual property claim--copyright, trademark, patent, or otherwise. Samsung's phones blowing up is a material fact; it might be over-emphasized, but it's a thing that happened in the world, and the phones are a thing that exist in the world, and the thing in the game is a representation of that thing and not a counterfeit product.

Comment Re:Holy flamebait batman! (Score 1) 883

It's something we need to move into, as a matter of social welfare. There's actually an argument (not very sound) that the United States is legally-required to implement something substantially-similar to the system I designed as soon as technically-feasible.

The ideal that we'll need some kind of UBI because of an upcoming crisis is rooted in a misunderstanding of economics. People think automation is a new thing and jobs go away forever; but it's just technical progress, the same as we've been doing for thousands of years. The threat comes when progress occurs too rapidly: if you create rapid unemployment, the slow replacement of jobs doesn't keep up, and you get high unemployment.

The only zero-job economy is a zero-labor utopia where humans do nothing. Flat out. As long as human hands are required somewhere in the process, there's no such thing as permanent job destruction. As well, new jobs range from highly-complex, heavily-specialized disciplines to pushing the buttons on the machines at the correct time; sometimes the sensors and probes aren't nearly as accurate as humans, or just cost a lot more. That's why things like injection-molded plastic forms are removed from the mold by hand and placed on a conveyor: a machine that can handle that job would be ridiculously-complex and unreliable; at the very least, it'd require thousands of hours of QA testing after retooling the IM to make a new form--or you just skip all that maintenance and extra QA and pay someone to do it by hand.

The nature of technology is also that it's invented as soon as it's envisioned in sufficient detail. It's in-production shortly after. People have romanticized about robots replacing 100% of all jobs since Karl Marx proposed it as an immediate, tomorrow-goal for society; then, they made machines and came up with new jobs doing the last bits of work finishing up after the machines--the robot does the job of a hundred men, and one man clears up their mistakes.

The corollary is we're constantly imagining all jobs will go away forever when we see a new technology (machines, trade, or materials--cotton is the bane of the sheep-shearers's union!). We can't imagine what new technology will appear tomorrow and how it will create jobs, because technology reduces labor requirements.

So what actually happens?

We reduce the labor involved, and the costs go down eventually--the relative cost of things is in constant turmoil, and the relative desirability of goods changes. Food has enormous competition. Every good competes with every other good--if you spend more of your money on food, you have less for iPads; if 2/3 of the price of iPads is actual costs and people are only willing-and-able to spend 3/4 of the price, then you need to lower the price (by 1/4, meaning the cost is now 8/9 of the price--an 11% margin instead of 33%). Instead of margins getting fatter and corporate profits soaring, corporate profits average the same marginal percent over the long term.

So people steadily get that spending power back. They then buy more stuff. That creates replacement jobs. If you've eliminated (over a wide time span) 50% of all required labor to make things, then costs are now only 50% as much; prices adjust in total to half of all income; and people now buy twice as many things. It takes half the working-hours to make the same, or the same working hours to make (and buy) twice as much.

Handwaving away all the economics bullshit, you can just state mathematically that a profit margin of X% implies paying wages of 100%-X%. Wages being what they are, the number of labor hours is mediated by how much money is spent. Reducing labor in one place means you have unspent money; you spend it elsewhere; suddenly there's labor there. This works over long timescales; your economy collapses if you replace a third of it with machines over the long weekend.

So, all of that. Yeah. Point?

I don't believe we're going to need to face up to a UBI in the future, in the sense that I don't believe society will collapse from catastrophic job loss and everyone will need free money. I believe the system I designed slows the transition onto technical progress by making human labor lower-cost, thus strengthening competition with lower-labor solution, without lowering take-home (spendable) wages. That means businesses take less risk waiting for automation solutions to come down in price (delaying for a competitive advantage of implementing even-cheaper automation later, at the cost of paying more for labor now); the variation in risk appetite and risk tolerance will lead some businesses to implement earlier and others later, whereas ramping up the cost of labor will cause the higher-risk players to hit their risk limits at the same time (i.e. earlier) as the lower-risk players.

A UBI is one way to avoid a transition like the Industrial Revolution (60% unemployment for THREE GENERATIONS), and instead get a transition like the Information Age (low employment, rapid job growth, rapid economic growth, and a high-speed evolution through generations of new technology and greater economic security--and occasional bitching about 6%-8% unemployment peaks that came a decade apart and lasted 2-3 years; the Great Recession of 2008 was pretty huge). It reduces the risk of a societal collapse in the way people fear one might occur, but that collapse isn't guaranteed anyway.

Other than that, it's also a lot more efficient than our current system--but only once we've got a wealthy-enough nation (which became a stable fact in 2013, in that we could do it while moving around no more money than we're already spending on welfare). Doing this in 1950 would have destroyed America.

Comment Re:It's not a matter of those reasons (Score 1) 545

True, and that's their prerogative.

The thing is both positions are surprisingly mature. Zuckerberg is probably just being a loud-mouth and trying to prevent a public incident from screwing with his company; but it's still an important point if you exclude his viewpoint. The highest-developed psychological defense mechanisms include suppression and tolerance--delaying an emotional response until you can deal with it safely, and allowing behaviors of others which aren't harmful to you even if you disagree with them. Trump supporters are their own problem, by and large because they want to support a celebrity or a political party (a lot of Republicans are blind to their own candidate and only want to be saved from socialism or something); and people who object to Trump have the right to declare that their particular organization has strong objections to Trump's message.

That means YC can declare it wants nothing to do with Trump or its supporters; and Facebook can declare itself not the steward of people's opinions; and both are essentially-correct behaviors.

Comment Re:If only there was some possible way to ... (Score 1) 82

Sure, in the same way it's not hard to just order the cheap dextromethorphin powder, measure it on a mg scale, and sift it into empty capsule shells. People still buy Robitussum.

Part of the point is that the storage has gotten so cheap there's no excuse, even if you seal the device and just permanently install a 128GB or larger microHD card in one of these devices.

So one of the things I argued was the control circuitry for a storage card costs about as much or more than a large (32GB+) amount of storage, if you use those NAND chips instead of (or in addition to) the NAND chips you used anyway. You just suggested a more-expensive way to achieve the same goal; and it's also slower than just integrating the storage directly.

I also described that the "so cheap there's no excuse" part is essentially making you buy things you won't use if you don't have a use for it--essentially everybody these days, because the cost of adequate storage for near-100% of use cases is nearly-undifferentiated from the cost of smaller storage (i.e. the process for X gigabyte chips is so efficient it's no more costly than using the same package but only etching in less than X gigabytes, where the cost of more-than-X gigabytes is higher because it requires a more-expensive process or the same process with more chips). To be clear about this: wasting a few pennies that way can have disastrous impacts on the economy, making everyone strikingly poorer.

In the case of fast food as an example, fast food joints serve 240 billion sales per year at an average $8 per sale. If we bump that to $8.14, who cares? Well, 14 cents times 240 billion is $33.6 billion. The money spent in a given year comes from incomes, which comes from revenues, which comes from sales: if you spend $8 more on some other thing, then that's $8 that isn't spent on a fast food value meal in that time frame. $33.6 billion translates to 2,371,241 full-time minimum wages--or a maximum of 2.37 million jobs lost. (The jobs are lost only if you remove their buying power--by taking a bigger corporate profit margin or raising wages so that the same money concentrates into fewer hands).

What you're describing--putting something approximately-nobody needs into the product at an arbitrary "small" cost because the producer thinks it would be nice and is cheap--is technically called "gold plating". More importantly, it wastes labor time (purchasing power and the work done to make what is purchased) producing a thing that nobody is going to use, and thus prevents people from having what that labor time would have made instead. In this case, that's an estimated $10 times 43.7 million Kindles sold per year to equip them with additional storage approximately 0% of the population will actually use--or a waste of $437 million.

That's fractionally-small compared to a few penny's increase in fast food costs. There are also cell phones, computers, watches, shoes, jackets, televisions, lamps, blenders, refrigerators, cars, keyboards, pens, tea pots, and all manner of things people buy which we could gold-plate for pennies on the dollar (because making a $120 device $130 is about 8 cents on the dollar). The end result would be a purchasing power 8% smaller--you might have the same income, but you'll buy 8% less stuff, mainly because all that stuff has a marketing bullet-point that sounds awesome but that you never use (but hey, your car DOES have a hardware Monkey's Audio decoder IC and can directly play .APE files from USB with hardware acceleration!).

I actually used to argue the exact opposite, but then I sat down and reasoned it out trying to generate a supporting argument and shot myself straight in the foot. Attempting to use logic can backfire now and then. I had to change my stance to align with objective reality.

Comment Re:I thought this was obvious? (Score 1) 150

If it were the top 3% of users, it would reach an equilibrium well-below the top 3% of typical user demand.

If it were the top 3% of volume, it would reach an equilibrium at the maximum volume possible at the throttled speed, as that is eventually the amount of use below which you cannot reduce by throttling, and any use above that would eventually push you into the top 3% as the top users are drawn downward.

They're throttling customers in the top 3% of data usage, rather than data users. Supposedly the mean data usage is around 2GB currently, so 17GB at less than 3 standard deviations out seems ludicrous.

Comment Re:If only there was some possible way to ... (Score 1) 82

My point was having two SD cards is rocket surgery--or at least is often more-complex than would be obvious. The UX to easily know what data is on what is difficult. People who aren't obsessive nerds who organize their $HOME directories essentially want "Space": they want things to download and magically end up where they belong. They don't want to spend 40 minutes sorting through 6,000 files, picking out what's what, tagging them, inspecting them when they don't remember, and then individually setting each one's storage location.

Almost 100% of people who put an SD card in a device are adding permanent storage. They put a card in their phone or tablet or whatever, and that's the end of that. It's not an organization tool to most people; it's a bulk commodity.

That's why Android phones stopped having SD cards, and then started having them again, and then started letting users replace their internal storage with SD card (your photos get copied onto the card, and the internal storage space is replaced with the SD card entirely). People see two things with storage: "I can't install an app because my phone is full" or "Now I can take more pictures!" They don't know or even care where it goes.

The solution, then, is more internal storage. External storage is an expensive added complexity that almost all users will use by putting exactly one card into the slot and never removing it unless, somehow, they have the phone 5 years later, the 32gb card is full, and new 1tb cards are available cheap--all the while wanting it to behave as more internal storage.

Comment Re:I thought this was obvious? (Score 1) 150

If you're in the top 3 percent of data volume, then throttling reduces your data volume, moving your span downward. Thus the top 3 percent of data volume becomes lower.

If you're in the top 3 percent of users, then throttling moves reduces your data volume, moving your span downward. Thus others would fall into the usage range of the top 3 percent of users, and the spot group of top-3%-users would become volatile. This would bring more users's use downward, increasing this effect until they cluster together enough to not drag down further.

Slashdot Top Deals

egrep patterns are full regular expressions; it uses a fast deterministic algorithm that sometimes needs exponential space. -- unix manuals