Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Re: Cert signed by central private authority = cr (Score 1) 47

This is one of those moments where I wish I could post a retraction to my comment. It may provide some useful info regarding an actual issue that's been happening, but it's inapplicable in this particular situation, as you pointed out, so I certainly appreciate the correction.

For anyone else reading this far, it's worth summarizing what the actual problem was. It was neither what the AC suggested nor what I suggested. Rather, what actually happened was that a different dev's certificate was used to sign the malicious app, which was then uploaded to the Transmission servers. Basically, the malware dev had their own valid certificate, signed their malicious binary with it, and then uploaded it to the Transmission dev's servers. At this point, the obvious next step would be for Apple to revoke the malware dev's certificate and add the binary's signature to their XProtect malware definitions list. Also, if it doesn't already do so, it would be beneficial for Transmission to disallow automatic updating from binaries that are signed by a certificate other than their own, but that's on them to do, not Apple, since they're distributing it outside of the Mac App Store.

Anyway, thanks again, Rosyna, both for the correction and the response.

Comment Re:Cert signed by central private authority = croc (Score 3, Insightful) 47

...since all it confirms is that the malicious author has managed to bypass the extremely primitive identity verification methods.

Unlikely. A far more likely scenario is that the build machine itself was compromised.

We first started hearing widespread reports of fake versions of XCode making the rounds in China last year (apparently because download speeds in China from Apple's servers are atrocious, so people host local mirrors of XCode to help each other out), which were configured to inject malware at compilation into any software being built. At that point, the developer would then sign their app like normal and distribute it through their official channels, which is exactly what we saw happen here.

I mean, at the end of the day, do you really think it's more likely that someone managed to crack the entire signing mechanism and decided that their first target should be a relative small-fry whose website they'd have to take the time to personally hack in order to distribute the software via official channels, or is it instead possibly just a bit more likely that a known vector that's been in the wild was used to compromise this particular dev's system somewhere upstream?

Comment Re:No such thing as a .20 gauge (Score 4, Informative) 635

The OP is correct in saying that the ".20 gauge" mentioned in the summary makes no sense, since it would suggest a shotgun large enough to fire lead balls that each weighed 5 pounds. We'd practically be talking about small cannonballs at that point.

Both ".410" and "20-gauge" (with no decimal) are valid ways to refer to a shotgun. The former does so directly by telling you that the bore size is .410, as you said. The latter does so indirectly, since you can use the gauge to calculate the caliber (as you alluded to, shotgun gauges tell you how many lead balls you'd need at that caliber to equal one pound). In the case of a 20-gauge shotgun (i.e. a shotgun that has a caliber the size of a lead ball that is 1/20th a pound), it's a .615 caliber. But few people refer to 20-gauges that way, so far as I know.

All of which is to say, while ".410" and "20-gauge" are valid ways to refer to shotguns, ".410-gauge" is not (because .410 is a bore size, not a gauge) nor is ".20-gauge" (because it's supposed to be "20-gauge", not ".20-gauge").

Comment Re:40% profit, not 400% (Score 2) 296

I know this may come as a shock, but your numbers appear to have little basis in reality. Instead, let's work with Apple's latest financial statements and draw our conclusions from there.

Focusing on page 3, here's what we can quickly glean using some simple arithmetic with their numbers from last quarter:
- They have a 38% margin after you deduct the cost of sales
- They have a 24% margin after you deduct operating expenses
- They have an 18.4% margin after you deduct taxes

According to page 28, operating expenses is where R&D, advertising, employee salaries, and other day-to-day costs fall, so it's safe to say that your claim regarding a "100% profit margin" has no factual basis, despite you being a random person on the Internet who has an opinion. Rather, depending on how we define "profit", we'd peg it at more like 18-24%.

As for why their margin isn't what you claimed, you probably grabbed your $200 number from this report that was widely circulated a few years ago, but it neglected to consider a number of costs beyond the bill of materials (BOM) and manufacturing. For instance, there's no mention of the cost to ship components to where they'll be assembled, the cost to package the final product, capital expenditures to customize or scale manufacturing, nor of the cost to ship the final product to its destination. These teardowns routinely come in FAR under the actual cost, and that trend has only been getting worse these last few years. It got so bad, in fact, that Tim Cook even took some time to address it last year.

Disclaimer: The numbers on page 3 (and here) represent their full product line, so I will readily admit that we can't take them as hard and fast numbers for iPhones specifically. That said, other statements I've read over the years have indicated that iPhone margins fall in line with their margins for their products as a whole, so we shouldn't expect them to be much different, if at all, given that iPhones account for 57% of their net sales, according to page 25.

Comment Re:Not possible (Score 1) 68

Who said it had to be? This issue was about whether or not Verizon had done enough to allow the case to go forward into further discovery, not to prove anyone's guilt or settle the matter. Basically, they're just answering the question of, "is there enough here for a case?" By all accounts, there is. That doesn't mean there's enough to make a final ruling or prove anything conclusively yet. That'll come after the discovery process, which is what they're getting set to start, it sounds like.

Comment Re:Not possible (Score 4, Informative) 68

WTF does "direct detection" even fucking mean?

Having read most of the ruling, it apparently means, "We connected directly to the IP address and received our copyrighted material from them", as opposed to, "We took it on faith that any IP address listed by the BitTorrent tracker is serving up our copyrighted material." The terminology comes from a 2008 University of Washington paper that discussed the fact that indirect identification (i.e. relying on the tracker), which was what was primarily in use at the time, was woefully insufficient.

From what I can gather, the ruling basically says that the case can move forward. It doesn't assign guilt, it doesn't say that an IP address = a particular person, and it doesn't deny the possibility that there are ways to spoof IP addresses. It simply says that Verizon has provided enough evidence for the case to move forward with further discovery that would help them to uncover those facts, should any of them be at play.

IANAL, so I may be misreading things, but that's roughly what I got out of what I read.

Comment Re:why not sell your own stuff? (Score 1) 85

In a world where people prefer a subscription over ownership, an individual musician is ill-suited to handle that expectation alone, since even die-hard fans will typically tire of listening to the same couple of albums on repeat ad infinitum. Your idea works fine for direct sales, but people's expectations have changed in the last decade, as evidenced by the fact that artists continue to put up with Spotify, despite the abysmal profit they make from it.

Comment Re:BS (Score 5, Informative) 175

The conclusion I'm taking away from this is that the article (and perhaps study) are complete crap. The stats in the reporting fall apart at the slightest touch. For instance...

1) They're lumping everything from "the phone might've felt a little slow that one time" to "this phone literally summoned the Four Horsemen to usher in the end of the world" into a single "failure" bucket. No weighting, no granularity, and no consideration for the fact that we wouldn't even refer to most of those as "failures" or even the fault of the manufacturer.

2) Their math doesn't add up because they use the term "failure rate" to arbitrarily refer to multiple different concepts, most of which aren't even rates. The most obvious example comes from looking at the Android charts, in which they indicate that Android devices have an overall failure rate of 35%, with the worst manufacturer (Samsung) having a failure rate of 26%. But that makes no sense. If the worst manufacturer has a failure rate of 26%, then the highest the overall failure rate could possibly be (if that manufacturer sold 100% of devices) would be 26%. What they appear to be doing (but don't disclose) is using the term "failure rate" to refer to the share of failures that correspond to each manufacturer.

3) For similar reasons, you can't even compare their own numbers against each other. As the fine print in the image indicates, the "failure rate" for each model actually represents that model's share of the failures for their platform. Basically, there's a pie representing all iOS failures, and another representing all Android failures. The iPhone 6 gets 29% of the first pie, and the Le 1S gets 10% of the second pie, but who's to say which slice is actually bigger, since they never tell us how big each pie is? Plus, they cleverly hide the fact that the quantity of slices in each of those pies is likely orders of magnitude different by only telling us about the top 5 models from each.

This feels like a case of someone massaging the statistics until they get something that suits their need, given the odd bucketing and double-use of terminology. Blancco Technology Group, which authored the study, apparently counts at least one Android manufacturer on its list of clients, but given the way that manufacturer was unfavorably represented, I doubt that manufacturer is behind these trashy statistics. I don't know if Blancco is the one doing the massaging (since the report is behind a "give us your info and agree to receive our marketing" wall) or if it's Softpedia, but either way, there's no useful information in the article.

Were the stats flipped to favor the other side, I'd have the same critiques, since it's trash reporting either way, and Slashdot should be doing a better job of weeding articles that have no factual basis with which to prop up their clickbait headlines.

Comment Re:Apple Just Released an Update to Address This (Score 1) 31

It's seriously frustrating how one-sided the reporting is here. Summaries like these blast Apple while failing to state the obvious: that Apple has already patched...

What's that? They did mention it in the summary?

Oh. Uhh...what was I complaining about again? What was the point of your post in the first place?

Comment Re:Why do people still go there? (Score 5, Insightful) 348

they will have to start treating their guests more normally at some point.

I think you underestimate our insular mentality and the degree to which we believe in American exceptionalism. Only 30% of us even have passports, despite the 2007 change that requires us to present them every time we re-enter the country, even if we just visited a neighboring nation. And regardless of whether it's true or not, I'd wager that most Americans would believe that the tourism taking place within or between states far outweighs the 80 million visitors that come to the US for tourist activities each year.

On the flipside, I think you also overestimate the typical person's level of care about any of this stuff. I've opted-out of going through the body scanners every single time I've gone through an airport since they were introduced, but in all of those trips, I have yet to see anyone else do the same. While you and I might view this suggestion as an abridgement of our rights and a gross invasion of privacy, most people won't give it a second thought, simply because they've already made their vacation plans and a question on a form about something minor like that isn't enough to put them off. I wish it wasn't so, but we both know that to be true.

The fact that international tourist visits to the US have grown in the last few years (only France receives more tourists, but we bring in nearly 4x as much tourism revenue as they do, and nearly 2x that of China, which is the next closest in terms of revenue) only provides evidence for the notion that these draconian measures haven't adversely impacted the industry.

Comment Re:International Units please (Score 1) 190

when will US posters finally stop using imperial

We'd have to start using them first.

A) America uses American customary units, which were derived from colonial era English units. British Imperial units share a common heritage, in that they were derived from those same English units as well, but the Imperial system was created in 1824, after America's independence, so the two countries diverged, resulting in the two systems having a number of differences.

B) Brits still use miles in everyday practice, so feet are consistent with the system already in common use. Moreover, shows like Top Gear (which is about as much exposure as most Americans get to British people using units) still use inches and feet on occasion, so it's unsurprising that a poster would assume all/most English speakers would be versed in using them.

C) Given that things don't magically become metric when they're smaller than a driving distance, isn't it a bit pretentious to expect that others keep up to date with your particular country's mix-and-match of systems? Assuming that you are indeed British, are we really expected to know that feet and inches aren't okay to use these days, even though miles are fine? You're on good terms with pints, but you'll complain if I use cups? And then there's kilos, pounds, AND stones in everyday use, but not hundredweights or certain varieties of tons/tonnes? Or have stones stopped being used this week and I missed the memo?

My point is, the world is a messy place, and when it comes to units it will continue being messy until the world standardizes on a particular system. We can all look forward to that day eagerly, since it'll mean silly posts like mine and yours won't be around. In the meantime, do what the rest of us do: convert the units without complaining.

Slashdot Top Deals

Pause for storage relocation.