Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Researcher Finds Tor Exit Node Adding Malware To Downloads

Animats Re:SSL/TLS may not help if you use Cloudflare (24 comments)

This attack on binaries requires a MITM attack. The attacker must be in a position to intercept and modify the data. SSL only prevents that if it's end to end SSL. Using SSL over Cloudflare doesn't eliminate the possibility of an attack on binaries, because Cloudflare is a MITM itself. The exit from Cloudflare is vulnerable in exactly the way the exit from Tor is.

2 minutes ago
top

Researcher Finds Tor Exit Node Adding Malware To Downloads

Animats SSL/TLS may not help if you use Cloudflare (24 comments)

Cloudflare offers a fake SSL service called "Flexible SSL". Cloudfront gets a cert generated with a long list of domains. Users connect to Cloudfront, Cloudflare sets up a secure connection from the user's browser to Cloudflare, acts as a man-in-the-middle, and makes an unencrypted connection to the destination host.

And, of course, there's an exploit for this.

Even if you buy Cloudflare'ss "most secure" option, and have SSL to your own server using your own certificate, you have to give Clouldflare your SSL cert's private keys. Does Clouldflare take responsiblity for the security of your private keys? No.

So do not use Cloudflare for sites which handle any valuable data, such as credit card numbers.

17 minutes ago
top

We Need Distributed Social Networks More Than Ello

Animats Distributed is hard because of the asshole problem (245 comments)

Diaspora failed partly because it presents itself in such a confusing way. See Join Diaspora.: "JoinDiaspora.com Registrations are closed But don't worry! There are lots of other pods you can register at. You can also choose to set up your own pod if you'd like. There's no "Join" button, but two "Donate" buttons. Take a look at a few "pods". You can't see anything without signing up, and many sound like they're run by wierdos.

The latter is the real problem. A system where anyone can join anonymously and can have as many identities as they want will be overrun by spammers and jerks. Facebook has some pushback in that area, which helps. Facebook also started by getting people from big-name schools, so they didn't start with a loser-heavy population.

A social network needs some cost to creating an identity. The cost can be money, or reputation, or even a proof of work, like Bitcoin. Otherwise, the network is overrun with fake accounts. A distributed social network needs good anti-forgery mechanisms, to prevent one node from spoofing another. That's hard without central control.

yesterday
top

Austin Airport Tracks Cell Phones To Measure Security Line Wait

Animats Why not just use cameras? (163 comments)

There are probably security cameras watching the line already. Use them to count the people. Software for this is available from several suppliers.

Cameras at intersections already do this, as part of traffic signal control. The best systems report things like "3 cars waiting at signal, then a big gap, then more approaching cars". The controller can then let three cars through, then turn the light for that intersection face red and let the other direction go.

yesterday
top

If You're Connected, Apple Collects Your Data

Animats Apple just made a big legal mistake. (312 comments)

Sending the content of every search request to Apple? Notifying Apple if the user sets up a non-Apple email account? That's a blatant violation of the Computer Fraud and Abuse Act unless Apple properly discloses that up front and gets the user's consent.

Apple didn't do that.

The EULA for MacOS isn't on line on Apple's own site. This matters. It violates the FTC's "clear and conspicuous" rule on disclosures. It's just like bundling spyware, which the FTC and state attorneys general have routinely hammered vendors for trying.

This puts Apple in the uncomfortable position Sony was in when they put a root kit on an audio CD.

4 days ago
top

Snapchat Will Introduce Ads, Attempt To Keep Them Other Than Creepy

Animats The first one is always free (130 comments)

That's how it always starts. In a few years, more ads than content.

You are not the customer. You are the product.

5 days ago
top

Tesla Teardown Reveals Driver-facing Electronics Built By iPhone 6 Suppliers

Animats Too many discrite components (158 comments)

The head unit has more than 5,000 discrete components...

That's characteristic of small-volume production. If Tesla were making enough units, they'd have more custom ICs made to get the parts count down.

about a week ago
top

For Game Developers, It's About the Labor of Love

Animats Suckers (164 comments)

"Labor of love" - right. That's why game developers are so exploited that EA got into trouble with CA labor laws.

about a week ago
top

Ask Slashdot: Handling Patented IP In a Job Interview?

Animats IP is licensed separately. (224 comments)

Yes, you should explicitly refuse to implement your patented IP for the company without a separate licensing fee. This is completely separate from employment.

In particular, you don't want to use your IP in their product without a licensing deal in place. That creates a conflict of interest situation, one likely to result in litigation later. What if, later, you sold your patent rights to another party and they sued your employer? Your employer could then sue you for putting them in that situation.

Bring in a lawyer. Welcome to the big time.

about a week ago
top

The Great Robocoin Rip-off

Animats Re:Huge spreads on withdrawals! (117 comments)

It's worse than that. Much worse. Robocoin, right now: "Sell rate: USD 347.43 | Buy rate: USD 465.87". That's a 17% spread in each direction. On top of that, the one at Hacker Dojo in Mountain View adds a 5% fee. So you lose about 22% on each transaction.

about two weeks ago
top

Battery Breakthrough: Researchers Claim 70% Charge In 2 Minutes, 20-Year Life

Animats There is no battery (395 comments)

Prof Chen and his team will be applying for a Proof-of-Concept grant to build a large-scale battery prototype.

In other words, they haven't built a battery yet.

Why are so many "nanotechnology" articles like this? People find some new surface chemistry phenomenon in the lab, and immediately announce it as if it were a product ready to ship. Then it turns out that the phenomenon only works under limited conditions, or is really expensive to make, or doesn't even perform in the intended application. The nanotechnology crowd should STFU until they can demo.

about two weeks ago
top

Secretive X-37B Military Space Plane Could Land On Tuesday

Animats The real space shuttle (81 comments)

Whatever the X-37B does, it seems to do it well. The USAF sends them up into space, they stay up for months or years, they do whatever they do, and they come home.

Space is the place - for robots.

about two weeks ago
top

Smart Battery Tells You When It's About To Explode

Animats "Smart"? (97 comments)

What does it do, establish a connection to the "cloud" to send a message to your cell phone? I

about two weeks ago
top

WhatsApp's Next Version To Include VoIP Calls and Recording

Animats Most VoIP apps include recording. (65 comments)

It's just that the user doesn't have access to the playback function.

about two weeks ago
top

Independent Researchers Test Rossi's Alleged Cold Fusion Device For 32 Days

Animats Where's the actual paper on arxiv? (984 comments)

The article says the actual paper is being posted, but doesn't link to it. Anyone have a link?

The last time I looked at this, it appeared that the thing requires input power to function, and the input power is provided in a "proprietary waveform", even though it's just used for resistance heating. Other "free energy" schemes have turned out to be fake because measuring the wattage of a funny waveform is tricky, especially when current and voltage are out of phase. So I'm a bit suspicious.

about two weeks ago
top

Ask Slashdot: Best Books On the Life and Work of Nikola Tesla?

Animats Read Tesla's patents (140 comments)

If you want a non-bullshit view of Tesla, read his patents. His real achievement was that he figured out most of the kinds of modern AC motors. It's not at all obvious how you get an AC motor started and turning in the right direction. Clever tricks with bits of copper in the magnetic circuit are used to bias starting direction, and synchronous motors start up as induction motors. Tesla worked all that out. It's very elegant. AC machine design is hard, and, unlike DC machine design, requires calculus. That was a big jolt for engineering at the time. Nothing before had required that much math to make it work.

You can also read his thinking about the Wardenclyffe tower in his patents. He had RF propagation all wrong. He thought the ionosphere was a conductive layer. His plan was to punch through to the ionosphere by ionizing a path all the way up (!), and transmit power and signals conductively, using the ionosphere and the ground as a pair of conductors.

about two weeks ago
top

Z Machine Makes Progress Toward Nuclear Fusion

Animats Pulse generation - why? (151 comments)

The whole pulsed laser fusion effort turned out to be a cover for nuclear weapons research. It lets Lawerence Livermore study H-bomb like fusion reactions on a convenient scale. With a gym-sized bank of lasers aimed at a single point, they can pump enough energy into a tiny space to force fusion. That's a research tool.

So is the Z-machine, for much the same reason. It's yet another pulsed-fusion machine relying on inertial containment.

The tokamak crowd has at least been able to hold a fusion reaction together for 400ms or so. But plasma instability is the curse of all tokamak designs, including ITER. There's much doubt that ITER will work. It's conjectured that a bigger plasma will be more stable, but many physicists question this. ITER has become a pork program, though, and it's hard to stop. Cost is about $15 billion. If there was real confidence it would work, the private sector would fund it.

Right now, the new generation of stellerators looks more promising than the tokamaks.

about two weeks ago

Submissions

top

Facebook is down, again

Animats Animats writes  |  more than 2 years ago

Animats writes "Not just the stock. The Facebook site itself is having problems this weekend.
Facebook has had intermittent outages since Friday, the Huffington Post reports. Right now, DownRightNow reports a "likely service disruption." The symptom is very slow, but valid responses from the site. So far, Facebook hasn't made any public statements."

Link to Original Source
top

Sprint discontinues phone camera support, loses pictures

Animats Animats writes  |  more than 2 years ago

Animats (122034) writes "On April 30, Sprint discontinued their "Picture Mail" site, where pictures uploaded from Sprint phones are stored. Some users report the loss of years of pictures. Sprint didn't provide a bulk download feature that worked, so some users struggled during the last hours to get pictures off the site before it went down.

Sprint's plan was that users would switch from their system to Flickr, Facebook, or some other photo uploading site. Unfortunately, the tools for doing that were on the site they just took down. The main Sprint web site now has dead links. The old system was taken down before the new system came up. So they've left their non-smart phones in limbo.

There's a privacy issue. Pictures uploaded to Sprint's site were private. Pictures uploaded to "sharing" sites tend to get "shared"."

Link to Original Source
top

CPanel installs back door into Linux servers

Animats Animats writes  |  more than 2 years ago

Animats writes "I recently leased a new dedicated server from a well-known hosting company. The server came with CPanel, a popular system administration tool, installed, and on first log-in, I was presented with a CPanel EULA, something that wasn't present on older servers. The EULA indicates that CPanel, Inc. has a back door into the server for "authentication", and can not only "copy, access, store, disclose and use cPanel Data indefinitely in its sole discretion", but can disable the server remotely. This is like CarrierIQ's back door — something that has no business being there.

This is for a fully dedicated server, not shared, not virtual, and not managed by the hosting company. I'm leasing a bare CentOS machine in a rack here. This isn't something to give a hosting company access. It allows access by a third party company that just sells system administration software. They have no need for that access whatsoever.

Here are the actual EULA terms:

*Authentication System*. The Software contains technological measures that, working in conjunction with cPanel computer servers, are designed to prevent unlicensed or illegal use of the Software (collectively, the "Authentication System"). You acknowledge and agree that such Authentication System allows cPanel to (among other things) (a) monitor use of the Software by you and Third Party Users as set forth in Section 2.5.4 (cPanel Data); (b) verify that the Software is only used on the Licensed Server; (c) suspend or disable access to the Software in whole or in part in the event of a breach of this Agreement or in the event of a breach by a Third Party User of cPanel-related provisions of a Third Party Agreement; and (d) terminate use of the Software upon the expiration or termination of this Agreement. You agree not to thwart, interfere with, circumvent or block the operation of any aspect of the Authentication System, including any communications between the Software and cPanelâ's computer servers. For the avoidance of doubt, the Software will not operate unless cPanel from time to time verifies the Software using the Authentication System which requires the exchange of information between the Licensed Server and cPanel over the Internet.

*cPanel Data*. You agree that, without further notice to you or any Third Party User, cPanel may use technological means, including the Authentication System, to (a) monitor use of the Software as may be necessary to monitor for compliance with the terms of this Agreement; (b) collect language file modifications as provided in Section 3.6 (License to Language File Modifications); and (c) collect cPanel Data. cPanel reserves the right to copy, access, store, disclose and use cPanel Data indefinitely in its sole discretion; provided, however, that in the event that cPanel collects information concerning which features of the Software are most often used by you or Third Party Users, cPanel will remove personally identifiable information (if any) from such data and copy, access, store, disclose and use such data solely for the purpose of improving the Software.

"

Link to Original Source
top

Facebook settles with FTC, admits privacy violatio

Animats Animats writes  |  more than 2 years ago

Animats writes "The social networking service Facebook has agreed to settle Federal Trade Commission charges that it deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public. The settlement is soft on Facebook; there are no fines or criminal penalties.

According to the FTC, in December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. Facebook didn't warn users that this change was coming, or get their approval in advance.

Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users' personal data – data the apps didn't need.

        Facebook told users they could restrict sharing of data to limited audiences – for example with "Friends Only." In fact, selecting "Friends Only" did not prevent their information from being shared with third-party applications their friends used.

        Facebook had a "Verified Apps" program & claimed it certified the security of participating apps. It didn't.

        Facebook promised users that it would not share their personal information with advertisers. It did.

        Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.

        Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn't."

Link to Original Source
top

John McCarthy, founder of AI, dead at 84

Animats Animats writes  |  more than 2 years ago

Animats writes "John McCarthy, who established artificial intelligence as a field and created the LISP programming language, died yesterday at age 84.

(I took his "Epistemological Problems in Artificial Intelligence" class at Stanford, almost 30 years ago.)"

Link to Original Source
top

Google fined $500 million over drug ads

Animats Animats writes  |  more than 3 years ago

Animats writes "The Wall Street Journal reports: "Google Inc. is close to settling a U.S. criminal investigation into allegations it made hundreds of millions of dollars by accepting ads from online pharmacies that break U.S. laws." Google's acceptance of ads from unlicensed "online pharmacies" is considered profiting from illegal activity. The Washington Post writes the inquiry could draw more attention to how vulnerable Google's automated system has been to the machinations of shady operators."
Link to Original Source
top

Major outage at Codero

Animats Animats writes  |  more than 3 years ago

Animats (122034) writes "Codero, which is a large dedicated hosting provider, is down today due to what they claim is a distributed denial of service attack against their routing. Their main IP block for their Phoenix data center has dropped out of routing.

Their phone system is dropping calls, and their support chat system is reporting "An online representative will be with you shortly. You are number 194 in queue. Your wait time will be approximately 806 minute(s). Thank you for waiting. ""

Link to Original Source
top

SourceForge down after attack

Animats Animats writes  |  more than 3 years ago

Animats (122034) writes "SourceForge, a hosting site for many open source projects is down today. management claims they were attacked: "We detected a direct targeted attack that resulted in an exploit of several SourceForge.net servers, and have proactively shut down a handful of developer centric services to safeguard data and protect the majority of our services." Currently, CVS and SVN access to source code, even for reading, is unavailable, and there is no announced restoration time."
Link to Original Source
top

How Google uses Chrome to boost ad revenue

Animats Animats writes  |  more than 5 years ago

Animats (122034) writes "Harvard Business School professor Benjamin Edelman has published a paper, How Google and Its Partners Inflate Measured Conversion Rates and Increase Advertiser Costs. The trick is that Google has interactive URL completion in its URL input box, but, unlike Firefox, interactive completion doesn't take you to the real URL. It takes you through Google Search, and through Google's pay-per-click system.

As an example, Edelman typed "expedia" into Chrome. "Expedia.com" appears as a suggestion, and pressing "Enter" accepts that default. But that doesn't take you to Expedia.com directly. There's a side trip through Google Search and a Google ad. The advertiser is then charged for an unnecessary ad click.

As Edelman puts it, "As users type web addresses into Google's Chrome web browser, Chrome's "Omnibox" address bar suggests that users run searches instead of direct navigation. If a user accepts Chrome's suggestion — the user is taken to a page of Google search results for the specified term. ... As usual, Google's most prominent search result is an advertisement. If the user clicks the ad, the advertiser pays a pay-per-click fee — even though the user was nearly at the advertiser's site, for free, before Chrome interceded with its 'Search for...' suggestion."
top

Explosion at Scaled Composites kills 2, injures 4

Animats Animats writes  |  more than 7 years ago

Animats (122034) writes "Details are scant at this time, but a explosion at the Scaled Composites rocket test facility has killed two people and seriously injured four more. The Los Angeles Times reports that the explosion was "ignited by a tank of nitrous oxide".

This is Burt Rutan's facility, and the home of SpaceShip One and Virgin Galactic spacecraft development."

Link to Original Source

Journals

Animats has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?