Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Where's the news? (Score 1) 238

To be fair, this is not about "non-practicing entities" -- aka patent trolls. The companies that are suing actually do sell real physical golf balls incorporating some of the patents into the manufacturing process and design.

Maybe those patents are invalid, IANAPL, but this is definitely not a case of "those who can't, sue".

Comment Re:Picking your post apart: (Score 1) 329

Your developers should be smart enough to maintain their own security if they need admin rights, the ones that aren't can be weeded out immediately.

Indeed, most are smart enough. But it takes just one dumb (or groggy) developer to let an adversary yank a useful credential and start moving laterally through your network. I mean, even your developer's normal-privilege git account is enough to plant a backdoor in the code without any fancy persistent-threat-acrobatics added on top.

Don't get me wrong, I still think devs should have super-user privileges on their development machines. But things like IDS, monitoring, logging and other tools are quite useful to help them maintain security and catch the occasional slip up that can have outsize effects. Don't get in the way, but insist that access to sensitive materials requires some form of monitoring and audit trail. And have a solid legal policy that entitles you to access that data in order to investigate potential breaches while at the same time having a solid company policy that says you won't fish for any reason.

Comment Was anything different ever expected? (Score 1) 77

Were we ever expecting Samsung to actually just toss all these things into the grinder? They had a fairly high end SoC, bunch of RAM and Flash, nice screens, etc. no reason to suspect that the PMIC itself was executing batteries. Why would you scrap something like that?

For 'brand' reasons, it wouldn't be a surprise to see them shunted off to some less-loved market; or even 'de-branded' and sold in more generic livery; but scrapped?

Comment Re: Mint (Score 1) 481

I agree that grovelling for solutions to oddball problems is annoying; but my experience has been that any OS puts you in that place from time to time.

If, say, Windows Update is throwing cryptic errors, it doesn't take too long to be instructed to 'Reset the BITS service to the default security descriptor'. Just open an elevated CMD shell and run "sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)", n00b.

OSX has the virtue of changing at least a few of the command line options that aren't pulled straight from BSD every version bump(changes related to user/directory structure seem to be particularly popular); and not all advice is clear on which versions it pertains to; which can be really annoying.

I don't disagree with the fact that, if a Linux system does something...unexpected...you may well deeply fail to enjoy finding the answer; but any time the automagic fails, regardless of OS, you are usually in for some pain(since, if the answer were trivial and unambigious, the automagic would probably still be working); and a trip to the command line, registry, PLists, or some combination is likely in your future.

If anything, it's the scary, hostile-looking OSes that are least risky in this regard because they never pretended to have automagic to help you in the first place; and so are simpler; and designed so that an unaided human can grind through everything themselves. That's a huge nuisance, which is why most OSes aren't like that; but fallible automatic failing is never pretty.

Comment Re:Don't remake, release the source. (Score 1) 159

I'd be surprised to see Blizzard do either; but he did specify 'the source' rather than 'the IP'; and the two are (relatively) easily separable.

Given that, even at the time, most of the enthusiasm for Starcraft was for a combination of its play balance(having 3 actually-different sides without being horribly lopsided was pretty big news when the standard was two, often basically reskins of each other with a couple of flavor units) and overall style/art direction; I'm not sure who would be interested in just the engine; but Blizzard certainly could release it without giving up any control over the parts of the Starcraft 'IP' that are of actual value. Given the number of people who actually want to look at the code vs. the number of people who just want to play Starcraft, it would be a lot of trouble for not a lot of interest, but it needn't threaten the stuff that is actually worth something.

Comment Re:What videos exactly? (Score 1) 291

People rarely have a lot of love for the party in the position to charge them more; but the fact that a 'search company' apparently can't make any useful promises regarding where your ads will end up is probably not helping their position on this one.

Even in situations where everything is pretty banal; advertisers generally want some targeting of the impressions they are paying for to the audience they are trying to reach. If Google can't demonstrate an ability to avoid certain contexts on request, why would an advertiser believe that they are any more accurate or honest when it comes to targeting certain audiences?

Comment Re:Uhm... (Score 2) 534

Trump's relationship with the truth isn't so much interesting in that it's fairly casual; but in how self-destructive it seems to be.

People lying in order to advance their interests is an issue; but hardly unexpected or particularly abnormal. People who can't stop lying even when they'd be trivially better off keeping their mouths shut are a different matter. Something like the inagural crowd size thing: that's an idiotic lie. Trivially verifiable, hilariously petty; and completely unnecessary. He didn't lose much by it, since nobody actually seems to expect better; but he had virtually nothing to gain even if it had worked; and no reasonable expectation that it would work.

Comment Impressive work. (Score 4, Insightful) 71

Aside from the egregious delay in fixing these things; does anyone else get a very, very, bad feeling about the expected quality of the firmware when 'supply a string longer than a normal user would type' is a successful attack?

If you aren't sanitizing your inputs against that one; what are you sanitizing?

Comment not anonymous (Score 1) 270

It appears that Bitcoin, a currency designed with anonymity in mind...

No. Bitcoin is designed around decentralization, not anonymity. Every transaction is logged forever; for anonymity, that's a nightmare. This misconception is widespread. Bitcoin is not anonymous; if privacy is important to you, you should not be using it.

Comment Re:Mercator straight lines are not great circles! (Score 1) 319

Ironically, that's the main sense in which arguments that Mercator projections are 'imperialist' aren't total nonsense:

You don't 'imperialize' by drawing the other guy's country really small and hurting his feelings; you do so by having the maritime expertise to deliver troops and maintain supply lines across large areas of the world; and conquering the other guy's country.

As a rather useful projection for navigation, Mercator can definitely help you out with that; the wonky land areas are just a minor side effect.

Comment Re:Geometry is hard, as is geography (Score 2) 319

The trouble isn't with the Mercator projection, it does what it was designed to do well enough; but the somewhat baffling decision to make a map whose main virtues are for marine navigation the quasi-default for classroom applications mostly focused on what happens on land.

I've never heard a particularly cogent justification for that one.

Comment Re: Not if the NRA has any balls! (Score 1) 62

It's considered tacky to talk about 'blocking' GPS; but if you look for 'GPS signal generators' or 'GPS simulators', you can get hardware that doesn't merely interfere with GPS; but can produce a fairly convincing GPS fix for a time/location/etc. that you specify. Tricky and subtle to fool a suitably nice GPS system that is actively paranoid about the possibility; a couple of antennas on the ground just doesn't look quite like a satellite constellation; but can fool more naive GPS systems quite effectively.

It is suspected that this is the technique behind a few surveillance drones that were led off course and (mostly) soft-landed in hostile areas(I think the most recent case was a US drone that got a little too close to the Iranians). Really shoddy firmware might get fatally confused if you suddenly present it with some wild fantasy data; but if you start feeding accurate GPS signals, and gradually skew them, error can quickly and quietly accumulate much faster than a naive target might suggest.

I imagine that the power of blocking or spoofing GPS depends mostly on how many backup instruments you have; and how paranoid you are. GPS is preferred because it provides very well-behaved data from a chip that costs peanuts; but it's not as though everyone just stumbled around and got lost before it was available. A drone built right down to budget and weight might not have anything to fall back on; but compasses, terrain-following, inertial navigation, even celestial navigation if it isn't too sunny are all options.

Comment Re:type of technology (Score 2) 188

I assume that someone with service provider MiTM access could do a bunch of SS7 weirdness, in order to confuse attribution; but that's my understanding: if you have privileged access at the provider level, you don't need to do anything to traffic routing/redirection that might attract attention, you can just grab a copy as it passes by; while if you don't have provider-level cooperation;, you either need to try to get the traffic sent somewhere you do have access to(or run the comparatively great risk of sending people out with stingrays to do it in person; which is likely a poor plan unless you are the local cops.

Sort of like when something deeply unsettling happens to the world's BGP configurations. Ma Bell doesn't need to mess with those to tap your stuff; but some backwater that normally doesn't pass traffic worth spying on needs to modify things if they want to intercept something of interest.

Slashdot Top Deals

C'est magnifique, mais ce n'est pas l'Informatique. -- Bosquet [on seeing the IBM 4341]

Working...