Researcher Finds Tor Exit Node Adding Malware To Downloads
This attack on binaries requires a MITM attack. The attacker must be in a position to intercept and modify the data. SSL only prevents that if it's end to end SSL. Using SSL over Cloudflare doesn't eliminate the possibility of an attack on binaries, because Cloudflare is a MITM itself. The exit from Cloudflare is vulnerable in exactly the way the exit from Tor is.
Researcher Finds Tor Exit Node Adding Malware To Downloads
Cloudflare offers a fake SSL service called "Flexible SSL". Cloudfront gets a cert generated with a long list of domains. Users connect to Cloudfront, Cloudflare sets up a secure connection from the user's browser to Cloudflare, acts as a man-in-the-middle, and makes an unencrypted connection to the destination host.
And, of course, there's an exploit for this.
Even if you buy Cloudflare'ss "most secure" option, and have SSL to your own server using your own certificate, you have to give Clouldflare your SSL cert's private keys. Does Clouldflare take responsiblity for the security of your private keys? No.
So do not use Cloudflare for sites which handle any valuable data, such as credit card numbers.
We Need Distributed Social Networks More Than Ello
Diaspora failed partly because it presents itself in such a confusing way. See Join Diaspora.: "JoinDiaspora.com Registrations are closed But don't worry! There are lots of other pods you can register at. You can also choose to set up your own pod if you'd like. There's no "Join" button, but two "Donate" buttons. Take a look at a few "pods". You can't see anything without signing up, and many sound like they're run by wierdos.
The latter is the real problem. A system where anyone can join anonymously and can have as many identities as they want will be overrun by spammers and jerks. Facebook has some pushback in that area, which helps. Facebook also started by getting people from big-name schools, so they didn't start with a loser-heavy population.
A social network needs some cost to creating an identity. The cost can be money, or reputation, or even a proof of work, like Bitcoin. Otherwise, the network is overrun with fake accounts. A distributed social network needs good anti-forgery mechanisms, to prevent one node from spoofing another. That's hard without central control.
Austin Airport Tracks Cell Phones To Measure Security Line Wait
There are probably security cameras watching the line already. Use them to count the people. Software for this is available from several suppliers.
Cameras at intersections already do this, as part of traffic signal control. The best systems report things like "3 cars waiting at signal, then a big gap, then more approaching cars". The controller can then let three cars through, then turn the light for that intersection face red and let the other direction go.
Ask Slashdot: Event Sign-Up Software Options For a Non-Profit?
list of 62 volunteer-management packages. Some are web based. Some are free. Somewhere in there should be something that solves your problem.
If You're Connected, Apple Collects Your Data
Sending the content of every search request to Apple? Notifying Apple if the user sets up a non-Apple email account? That's a blatant violation of the Computer Fraud and Abuse Act unless Apple properly discloses that up front and gets the user's consent.
Apple didn't do that.
The EULA for MacOS isn't on line on Apple's own site. This matters. It violates the FTC's "clear and conspicuous" rule on disclosures. It's just like bundling spyware, which the FTC and state attorneys general have routinely hammered vendors for trying.
This puts Apple in the uncomfortable position Sony was in when they put a root kit on an audio CD.
Soda Pop Damages Your Cells' Telomeres
The actual study only applies to sugar-sweetened drinks.
Robot SmackDowns Wants To Bring Robot Death Matches To an Arena Near You
Somebody watched Robot Jox too many times.
Snapchat Will Introduce Ads, Attempt To Keep Them Other Than Creepy
That's how it always starts. In a few years, more ads than content.
You are not the customer. You are the product.
Tesla Teardown Reveals Driver-facing Electronics Built By iPhone 6 Suppliers
The head unit has more than 5,000 discrete components...
That's characteristic of small-volume production. If Tesla were making enough units, they'd have more custom ICs made to get the parts count down.
For Game Developers, It's About the Labor of Love
"Labor of love" - right. That's why game developers are so exploited that EA got into trouble with CA labor laws.
Ask Slashdot: Handling Patented IP In a Job Interview?
Yes, you should explicitly refuse to implement your patented IP for the company without a separate licensing fee. This is completely separate from employment.
In particular, you don't want to use your IP in their product without a licensing deal in place. That creates a conflict of interest situation, one likely to result in litigation later. What if, later, you sold your patent rights to another party and they sued your employer? Your employer could then sue you for putting them in that situation.
Bring in a lawyer. Welcome to the big time.
The Great Robocoin Rip-off
It's worse than that. Much worse. Robocoin, right now: "Sell rate: USD 347.43 | Buy rate: USD 465.87". That's a 17% spread in each direction. On top of that, the one at Hacker Dojo in Mountain View adds a 5% fee. So you lose about 22% on each transaction.
Battery Breakthrough: Researchers Claim 70% Charge In 2 Minutes, 20-Year Life
Prof Chen and his team will be applying for a Proof-of-Concept grant to build a large-scale battery prototype.
In other words, they haven't built a battery yet.
Why are so many "nanotechnology" articles like this? People find some new surface chemistry phenomenon in the lab, and immediately announce it as if it were a product ready to ship. Then it turns out that the phenomenon only works under limited conditions, or is really expensive to make, or doesn't even perform in the intended application. The nanotechnology crowd should STFU until they can demo.
Secretive X-37B Military Space Plane Could Land On Tuesday
Whatever the X-37B does, it seems to do it well. The USAF sends them up into space, they stay up for months or years, they do whatever they do, and they come home.
Space is the place - for robots.
Smart Battery Tells You When It's About To Explode
What does it do, establish a connection to the "cloud" to send a message to your cell phone? I
WhatsApp's Next Version To Include VoIP Calls and Recording
It's just that the user doesn't have access to the playback function.
Independent Researchers Test Rossi's Alleged Cold Fusion Device For 32 Days
The article says the actual paper is being posted, but doesn't link to it. Anyone have a link?
The last time I looked at this, it appeared that the thing requires input power to function, and the input power is provided in a "proprietary waveform", even though it's just used for resistance heating. Other "free energy" schemes have turned out to be fake because measuring the wattage of a funny waveform is tricky, especially when current and voltage are out of phase. So I'm a bit suspicious.
Ask Slashdot: Best Books On the Life and Work of Nikola Tesla?
If you want a non-bullshit view of Tesla, read his patents. His real achievement was that he figured out most of the kinds of modern AC motors. It's not at all obvious how you get an AC motor started and turning in the right direction. Clever tricks with bits of copper in the magnetic circuit are used to bias starting direction, and synchronous motors start up as induction motors. Tesla worked all that out. It's very elegant. AC machine design is hard, and, unlike DC machine design, requires calculus. That was a big jolt for engineering at the time. Nothing before had required that much math to make it work.
You can also read his thinking about the Wardenclyffe tower in his patents. He had RF propagation all wrong. He thought the ionosphere was a conductive layer. His plan was to punch through to the ionosphere by ionizing a path all the way up (!), and transmit power and signals conductively, using the ionosphere and the ground as a pair of conductors.
Z Machine Makes Progress Toward Nuclear Fusion
The whole pulsed laser fusion effort turned out to be a cover for nuclear weapons research. It lets Lawerence Livermore study H-bomb like fusion reactions on a convenient scale. With a gym-sized bank of lasers aimed at a single point, they can pump enough energy into a tiny space to force fusion. That's a research tool.
So is the Z-machine, for much the same reason. It's yet another pulsed-fusion machine relying on inertial containment.
The tokamak crowd has at least been able to hold a fusion reaction together for 400ms or so. But plasma instability is the curse of all tokamak designs, including ITER. There's much doubt that ITER will work. It's conjectured that a bigger plasma will be more stable, but many physicists question this. ITER has become a pork program, though, and it's hard to stop. Cost is about $15 billion. If there was real confidence it would work, the private sector would fund it.
Right now, the new generation of stellerators looks more promising than the tokamaks.
Animats has no journal entries.