Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Six hours of loss is a "melt-down"? (Score 4, Insightful) 356

Editors. I understand that any loss is bad but holy hyperbole batman... the title reads like a nuke was dropped on Gitlab's datacenters. I had to read halfway through the post to see they lost six (6!) hours of data. Again, really bad, but just losing six hours of data would be a case study in success for a lot of companies and definitely not a "melt-down".

Comment It would have to be trained for "legal" text (Score 1) 128

If anything... the built in predictive text app is going to be a nuisance because it's trained for common text, not for latinglish that is legal text. For example.. if I type in "quid pro q" on my iPhone, I'm prompted with "q" "quality" and "queen" (I'm assuming that the iPhone and the Touchbar use the same predictive engine). It also fails "ad infinitum" and "de jure" and several other phrases that have made it into common vernacular. There's no chance that it's going to predict terms used on bar exams. I have a feeling that someone just read "predictive" and freaked out... without actually trying it.

/ IANAL, just too much catholic school.
// Latin is a dead language, as dead as can be. It killed off all the Roman's and now it's killing me.

Comment This is just stupid, no matter the "real" motive (Score 3, Insightful) 455

I've seen so many comments on here and other blogs about how Apple is to blame because they're "blocking" other's from using the technology. Or it's Apple's fault for not implementing it in their phones.

First, the idea sounds simple in concept until you actually look at the implementation. Can my wife not FaceTime/Skype while I'm driving? Can I not use it on the bus, taxi or train for work (which I do frequently... well, I try to avoid the bus)? How do you handle rare occasions where you can't get a consistent fix on the phone's location? If Apple could think of a good, reliable way of implementing this without regularly interfering with legitimate operations I'm pretty sure they'd be all over it because they have a PR department on steroids.

Second, this is against the law in California... so why isn't the California Highway Patrol being sued for not enforcing the law? Why isn't the car manufacturer being sued for not having a safety device that requires both hands on the wheel (there are practical problems with as well, I'm just using it as an argument)? Why aren't they required to have safety radars on all their cars (the recent Tesla video shows it might have prevented this accident)? Why isn't the cellular provider being sued for providing data service to a customer that they can tell is traveling over a certain speed? (same practical problems apply here).

Finally, almost anything can be deadly or can lead to deadly consequences. If you drop M&M's in your car and bend down to pick them up while speeding down the freeway and kill someone it is NOT M&M's fault for having a poorly designed bag. It is your fault for making a stupid, reckless decision. Period, end of story.

I want to believe this is a case of grieving parents being maneuvered by an asshat lawyer but who knows.

Comment Apple is a fashion brand now (Score 4, Insightful) 212

I was eagerly awaiting the new MBP release expecting it would support 32GB like everyone else (hell, you can buy relatively svelte laptops that supports 64GB from Dell). The 16GB limit, the fact that you can't upgrade the RAM or the SSD, the lack of ports... the new MBP was just a giant middle finger to the "power user" community. It's very apparent that the executive/senior management at Apple could give two sh*ts about their technical/professional user base any more and are more focused on users who are concerned about how their device looks. The recent article on Bloomberg.com bears that out. The thing is, from a business stand point it makes sense. The average users is, well, average, and represents a much larger user base than you or I. "Space Gray" and "Rose Gold" are much much easier and cheaper options to implement during assembly than multiple memory options, etc. You can either spend more on R&D to appeal to 10-25% of the market or you can appeal to the 75% of the market like my wife whose still happily chugging along on her 8GB MacBook Air. From a business standpoint it's a no-brainer. I'm disappointed, I loved my MBP's but it's time to move on.

Comment Re:Anything but an advertising/marketing platform. (Score 2) 52

Saying you're not going to link user data and then trying to do so is underhanded. And that wasn't a casual remark Facebook made in passing, it was a requirement made by the EU to allow the acquisition to go through and Facebook agreed to it. Actually that's just lying. Underhanded is going through and changing the options available for users privacy settings and then reseting all users privacy options to the default as a result (and they did that more than once).
It's the hypocrisy of it all that upsets me. The entire reason the Facebook's status as a "media" outlet is in question is Facebook (as well as Twitter and others) are making a big show about fighting "fake news" and "hate speech". Something that has been going on for years. For example, the "birther movement" (link for people not up US politics) started eight years ago and was driven as much by social media as talk radio. Facebook and other beating the drum now did nothing about that, 9/11 truthers or anything else because they were making money off the advertising revenue. However, their gal Clinton lost (for the record I thought both candidates were terrible) and all of a sudden it's the scourge of society and must be eradicated. I have no doubt that if Hillary had won, we wouldn't have heard a peep about this and they'd go on merrily cashing checks off of similar stupidity.

Comment Anything but an advertising/marketing platform... (Score 4, Insightful) 52

It's not that he can't describe what it is, it's that he won't describe what it is. If he comes out and says "Hey suckers, we're a platform centered around gathering every bit of information we can about you and bundling it up for the highest bidder." some people might actually start to wise up to the fact that Zuckerberg sees every single one of us a source of income and nothing more. I have no doubt that if was made clear to Facebook that they would not be allowed to harvest user data from their internet drones their altruistic product to unite the planet would run into unforeseen technically difficulties and be wrapped up. And I understand they're a business and have to make money, that's their prerogative. It's the underhanded way they go about it, acting as if they're trying to work for the greater good while often flat out lying to everyone about their business activities. Witness the WhatsApp acquisition. "We will not bind WhatsApp users to their Facebook data". After everything has settled down, "Yeah, about that....". And that's just the most recent example of many.

Comment Might be related to the current scandal (Score 1) 50

The current corruption scandal that broke out at the end of November revolves around the government's controversial approval of Samsung's purchase of Cheil Industries in 2014. Among other things Cheil makes chemicals for batteries. If they had anything to do with batteries in the Note 7 I wouldn't blame Samsung management for distancing themselves as far away from them as possible. Calling them "toxic" would be putting it mildly.

Comment Endorse James Webb. Do NOT even mention Sptizer. (Score 3, Interesting) 107

The vast majority of US Representatives and Senators do not understand the distinction between the Spitzer and James Webb Missions. Nor should they, there primary job is taking care of local and internal politics here. However:

If a lot of people call/email/write in saying "Save Spitzer", they'll have their assistants do some research and run the numbers. Unless one of those assistants is a space/astronomy junkie, the result will come back the same for all parties. Spitzer is "up there" and "doing science".... James Webb costs more and is risky (it hasn't even launched yet)... so back Spitzer. It's the politically "safe" move.

Personally, I don't want to see that happen. If we have to sacrifice Spitzer (and even other projects) to get James Webb... so be it. Astronomy is, after all, all about the very long game.

Comment London Cabbies are different (Score 5, Insightful) 417

I'm a New Yorker who makes frequent use of the yellow cabs here and has had the pleasure of using London cabs.

In NYC, it's basically the taxi's the are licensed. Any yellow cab has to have a medallion and they are expensive... often going for $750k+ USD. Once you have the medallion you can lease/rent it to just about any hack who qualifies for a drivers license.

In London, it's the drivers that are heavily regulated. The tests are notoriously hard and London cabbies either have or acquire neurology that is much more spatially oriented than normal.

The difference may be subtle to most people but it's important. When you get in a cab in NYC, you usually need to be explicit about the route that should be taken. Nefarious types will often take you through Times Square, Union Square, Canal Street or other traffic nightmares to run up the tab. London cabbies pride themselves (at least in my experience) on on knowing every last back road that will get you there that much faster.

So I see their point. They're a group of professionals.... who act like professionals. They've put a lot of time and effort into becoming such, I'd want to protect my turf as well.

Comment Reality Check. The sky is not falling. (Score 4, Informative) 239

One of my current roles is to provide technical support/advice for a group of project managers and business analysts. This morning a few of them had watched the Crash News Network over breakfast and came in convinced that privacy, as we know it, had come to an end. My job is to talk them off the ledge (and I actually enjoy it, they're smart people and as long as I explain it correctly, they get it... I've found that's pretty rare).

1. The issue only exposes 64k at a time. Let's assume that the average enterprise application has at least a 1G footprint (and that's actually on the low end of most applications I work with). That's 1,048,576K. At best, this means that this exploit can access 0.006% of memory of an applications memory at one time.

Ahh you say, I will simple make 16,667 requests and I will retrieve all the memory used by the application.

2. The entire basis of this issue is that programs reuse memory blocks. The function loadAllSecrects may allocate a 64k block, free it and then that same block is used by the heartbeat code in question. However, this code will also release this same block which means that the block is free for use again. Chances are very good (with well optimized code), that the heartbeat will be issued the same 64k block of memory on the next call. Multi-threaded/multi-client apps perturb this but the upshot is that it's NOT possible to directly walk all of the memory used by an application with this exploit. You can make a bazillion calls and you will never get the entire memory space back. (You're thinking of arguments to contrary, your wrong... you wont.)

Congratulations, much success... you have 64k internet.

3. Can you please tell me where the passwords are in this memory dump:

k/IsZAEZFgZueWNuZXQxFzAVBgNVBAMTDk5ZQ05FVC1ST09ULUNBMB4XDTEwMDMw
MzIyNTUyOFoXDTIwMDMwMzIyMTAwNVowMDEWMBQGCgmSJomT8ixkARkWBm55Y25l

There will be contextual clues (obvious email addresses, usernames, etc) but unless you know the structure of the data, a lot of time will be spent with brute force deciphering. Even if you knew for a fact that they were using Java 7 build 51 and Bouncy Castle 1.50, you still don't know if the data you pulled down is using a BC data structure or a custom defined one and you aren't sure where the boundaries start and end. The fact that data structures may or may not be contiguous complicates matters. A Java List does not have to store all members consecutively or on set boundaries (by design, this is what distinguishes it from a Vector).

Long story short. Yes, there is a weakness here. However, it's very hard to _practically_ exploit... especially on a large scale (no one is going to use this to walk away with the passwords for every gmail account... they'd be very, very lucky to pull a few dozen).

This doesn't excuse developers from proper programming practices. It's just putting "Heartbleed" in perspective.

Slashdot Top Deals

You're using a keyboard! How quaint!

Working...