Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Idea for Microsoft (Score 1) 208

The people who need quality patches that have undergone thorough regression testing will likely pay for it.

"Windows Update Premium Subscription" should delay patches for all products until they are verified correct, and allow the user to schedule the patch runs.

$200/year, and many would likely pay it.

Comment No. p53 - the guardian of the genome. (Score 1) 127

All mammalian cells are constantly producing p53, and disposing of it. When they stop, repair or suicide should occur.

https://en.wikipedia.org/wiki/TP53

Once activated, p53 will induce a cell cycle arrest to allow either repair and survival of the cell or apoptosis to discard the damaged cell. How p53 makes this choice is currently unknown... First, the half-life of the p53 protein is increased drastically, leading to a quick accumulation of p53 in stressed cells. Second, a conformational change forces p53 to be activated as a transcription regulator in these cells....

Comment Quercetin (Score 1) 127

About a year ago it was discovered that the common dietary substance quercetin is able to kill senescent endothelial cells in the gi tract.

http://onlinelibrary.wiley.com/doi/10.1111/acel.12344/abstract

By transcript analysis, we discovered increased expression of pro-survival networks in senescent cells, consistent with their established resistance to apoptosis. Using siRNA to silence expression of key nodes of this network, including ephrins (EFNB1 or 3), PI3K, p21, BCL-xL, or plasminogen-activated inhibitor-2, killed senescent cells, but not proliferating or quiescent, differentiated cells. Drugs targeting these same factors selectively killed senescent cells. Dasatinib eliminated senescent human fat cell progenitors, while quercetin was more effective against senescent human endothelial cells and mouse BM-MSCs. The combination of dasatinib and quercetin was effective in eliminating senescent MEFs. In vivo, this combination reduced senescent cell burden in chronologically aged, radiation-exposed, and progeroid Ercc1/ mice. In old mice, cardiac function and carotid vascular reactivity were improved 5 days after a single dose.

Comment Re:Marshmallow $40 (Score 1) 55

It may have been a completely different environment in the early days, but the security has become critical. Russia had DOZENS of OEM phones using Mediatek processors sending device data back to China. BLU was doing the same thing here, and the same malware made it into the latest Barnes & Noble tablets. We are talking tens of thousands of devices here, and Russia is certainly moving in the direction of seizing all of Google's Android assets within their borders. A few more major security incidents, and we will be doing the same - Google only owns Android as long as congress says they do. Poof.

For myself, I DEMAND control of my device. I will be running Xposed, Cerberus, AdAway, Xprivacy, GravityBox, a bloat/freeze agent, and a wifi password viewer (among others). Any OEM that successfully prevents me from doing this crosses themselves off my list of acceptable suppliers.

Unfortunately, in order to obtain this control, I usually have to exploit OS flaws, then prevent the device from ever receiving OTAs again. This is stupid. One of the major OEMs should just sell copperheadOS with a functioning gapps. Power Android users HATE the manufacturers for the straitjackets of stock roms. Why make your customers hate you?

Comment Marshmallow $40 (Score 1) 55

There is no reason to spend $500 or more on a phone when I was able to order a Samsung Galaxy Express 3 Marshmallow device for AT&T yesterday that cost a total of $42.50.

Google needs to do several things with the Pixel and greater Android: lower the price, fix the architecture, improve code quality, unify Android among all manufacturers, and implement Google-issued patches that can apply against the whole Android ecosystem at once without interference from carriers or OEMs.

Apple can do all these things. Google has talked themselves out of it, and they need to change their minds.

Comment No chroot()? No privilege separation? (Score 1) 92

Google, your design of Android has been so phenomenally bad that you issued 115 patches for Stagefright/Mediaserver CVEs in 2015. Let's just review exactly how terrible the design of Android's media system really is:

Don't start me on Stagefright and Mediaserver, I could rant for 2 or 3 hours non-stop! Seriously, the code over there is crap, and has insane concepts, like aborting the whole mediaserver (and all related media decoding of all other applications running at the same time), when it parses a file with attributes it does not know, instead of skipping the file. We discovered some issues in Stagefright (busy loops, device reboots, mediaserver crashes) quite early, but we never thought about submitting them.
--Jean-Baptiste Kempf, Lead Developer of VLC

Anything that you are doing with attachments in a new messaging app should fork any outside processes in separate chroot() jails as individually-distinct, non-root users.

If you can't figure out how to write secure code, then just stop writing code.

Comment Re:Google competence (Score 1) 129

I don't use iOS, and I'm not familiar with their Apple's record on security. However, Google suffered 115 CVEs in 2015 on Stagefright and the Mediaserver. Nexus is a tiny fragment of the Android ecosystem, and most users have 3rd party devices that will never see these completely patched. These flaws are carved in stone in the /system mountpoint, and can never be corrected.

Apple may not have ideal security, but at least they CAN issue patches on the core OS that will reach the majority of their users. Google cannot, and this was a staggeringly bad decision. We have not yet seen the full consequences of it.

Comment Google competence (Score 5, Insightful) 129

Despite a blinding array of talent that works for the organization, this is the architecture for multimedia that they produced:

Don't start me on Stagefright and Mediaserver, I could rant for 2 or 3 hours non-stop! Seriously, the code over there is crap, and has insane concepts, like aborting the whole mediaserver (and all related media decoding of all other applications running at the same time), when it parses a file with attributes it does not know, instead of skipping the file. We discovered some issues in Stagefright (busy loops, device reboots, mediaserver crashes) quite early, but we never thought about submitting them.

Google has in no way acknowledged the exceptionally poor design of Android, and there is no evidence that the organization has improved and learned from their management mistakes. How then can they be trusted to produce a new operating system? And why would anyone trust them to produce a secure system that is closed source?

I don't care if Verizon gives it away. Absolutely not.

Slashdot Top Deals

Chemist who falls in acid will be tripping for weeks.

Working...