Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Firefox 33 Integrates Cisco's OpenH264

Burz Re:Great (186 comments)

They don't know what's precisely in those blobs, so its presumptuous of Mozilla to vouch for them. Its more prudent to put Cisco's key in Firefox and let Cisco vouch for their own code.

2 days ago
top

Firefox 33 Integrates Cisco's OpenH264

Burz Re:Great (186 comments)

Why should Mozilla use their own key to sign code they did not compile themselves?

2 days ago
top

Firefox 33 Integrates Cisco's OpenH264

Burz Great (186 comments)

I always wanted a backdoor in my browser.

2 days ago
top

Open Hardware and Digital Communications Conference On Free Video, If You Help

Burz Re:If you pay... (15 comments)

Are they addressing people's problems, or creating gadgets for elite techies? There is a huge ongoing crisis in personal computing because we have an Internet that (understandably) assumes endpoint security, but those points (PCs and mobile) are collections of black-box proprietary chips.

I have recommended running Qubes OS as a way to mitigate the security shortfall created by run-of-the-mill PCs and software, but that leaves us with the problem of trusting hardware designed and produced by a handful of large corporations who are increasingly willing to shaft their customers. Privacy and security are exchanged for maintaining a close relationship with the military-industrial complex (or police surveillance state, depending from which angle you prefer to view it).

In short, open PC hardware should be a priority for the open source community if not the IT industry as a whole. What are open hardware people doing about it?

about a week ago
top

Mozilla Doubles Down on JPEG Encoding with mozjpeg 2.0

Burz Formal verification (129 comments)

Why indeed would Mozilla waste their resources on this when stability and security on web clients ought to be their greater concern?

If it were up to me, I would start with self-contained date formats like JPEG that browsers handle frequently, and put that code through a formal verification process. Eventually, maybe even HTML rendering and the browser could be subject to formal verification. This could strengthen computer security dramatically.

about two weeks ago
top

KDE Releases Frameworks 5

Burz Re:What's been removed,dumbed down,made incompatib (87 comments)

1) Color management refers to controlling the color accuracy of the display. Typically this will involve importing an ICC file, or performing a manual calibration sequence. KDE has a not-half-finished module (not included in the core package) for System Settings panel, whereas gnome and unity are fully functional and included by default.

2) You're probably not setting the DPI to match your display and using the default that results in text becoming tiny on higher-res displays.

3) It occurs when the setting is on "group when taskbar is full". It will switch back and forth when there are a few dozen windows on the desktop.

4) You can switch to double-click (as I usually do), but then you have a situation where, for instance, the icons on the main System Settings panel are doulble-click, but going down a level, say into Application Appearance, gives you another set of icons that are presented the same way but are single-click. Sometimes this switch shows up *inside* applications, making the overall UI feel goofy and inconsistent. On the one hand, single-click everywhere can be inconvenient and risky, whereas their implementation of double click is VERY unprofessional. They could simply show an underline on mouseover if the object is single-click and be done with it, but meaningful ques for the user are not this project's strong suit.

5) Yeah... really they should give people a way to get that sh!t out of the way; Better yet, choose a sensible default and leave it disabled so it isn't sticking wacky-useless icons everywhere.

6) The last time I tried, the new Konqueror's kio integrations were broken. The fact is that they trashed their two best-loved apps: Konqueror and Amarok.

[...]
9) Having used KDE since 2000, I'd say the project has a general problem with deterioration. They used to be the most reliable desktop, but lately it seems more like Gnome2.

about two weeks ago
top

KDE Releases Frameworks 5

Burz Re:What's been removed,dumbed down,made incompatib (87 comments)

Hmmm...

1) No (working) color management

2) Taskbar overinflates icons when its vertical (no more ability to control it since 4.x) and doesn't care what the panel's max icon size is set to.

3) Taskbar switches between grouping and non-grouping, from minute to minute

4) Very loose UI design leaves me less able to anticiapate how KDE will react to my input, and I can't tell it, for instance, to underline single-click widgets.

5) Activities - A huge waste that detracted from bug fixes and design consistency, and even scared away a lot of the technical users.

6) The pretense that Dolphin is anywhere near as flexible as (the old) Konqueror.

7) Can't control keyboard layout from login screen

8) Can't control trackpad speed

9) Decreasing stability.

I have to use KDE every day. Quite frankly, it only has the "Special Window Settings" really going for it. I'd trade all the rest of the KDE features for a Unity that had Dash replaced with a launcher menu.

about two weeks ago
top

Researchers Claim Wind Turbine Energy Payback In Less Than a Year

Burz Re:WUWT (441 comments)

Yet, there is still a huge difference between reporting facts from a particular perspective and running a misinformation campaign.

Efforts to downplay the significance of climate change resemble the determined efforts of tobacco lobbyists, in the face of scientific evidence linking tobacco to lung cancer, to prevent or delay the introduction of regulation. Lobbyists attempted to discredit the scientific research by creating doubt and manipulating debate. They worked to discredit the scientists involved, to dispute their findings, and to create and maintain an apparent controversy by promoting claims that contradicted scientific research. ""Doubt is our product," boasted a now infamous 1969 industry memo. Doubt would shield the tobacco industry from litigation and regulation for decades to come."[64] In 2006, George Monbiot wrote in The Guardian about similarities between the methods of groups funded by Exxon, and those of the tobacco giant Philip Morris, including direct attacks on peer-reviewed science, and attempts to create public controversy and doubt.[12]

Former National Academy of Sciences president Dr. Frederick Seitz, who, according to an article by Mark Hertsgaard in Vanity Fair, earned about US$585,000 in the 1970s and 1980s as a consultant to R.J. Reynolds Tobacco Company,[65] went on to chair groups such as the Science and Environmental Policy Project and the George C. Marshall Institute alleged to have made efforts to "downplay" global warming.

So, take your tired Republican tactic of false equivalency and shove it!

about three weeks ago
top

Researchers Claim Wind Turbine Energy Payback In Less Than a Year

Burz Re:WUWT (441 comments)

WUWT's publisher gets Koch funding by way of the Heartland Institute... so, not "random".
http://mediamatters.org/blog/2...

Now I get to put my first /. mod on my (rather small) enemies list and my exclusion list: Timothy.

about three weeks ago
top

EFF To Unveil Open Wireless Router For Open Wireless Movement

Burz Re:Run it all through Tor? (184 comments)

TAILS is an interesting suggestion, because it includes a general IP 'replacement' stack called I2P. And THAT is what the EFF should be encouraging people to spread as far and wide as possible: A P2P-routed, mesh-like, torrent-ready, anonymized network connection that isn't limited to TCP and browser stuff. Its even got secure decentralized messaging (also inspired by bittorrent as it uses DHT), so no more Tormail type incidents.

I almost feel like the current generation of network experts, even people like Jacob Applebaum and Bruce Schneier, are rooted in a hopelessly outdated vision of network privacy. They both advocate that the end user not only setup Tor, but also fend for their own privacy with each application's own security scheme. Instead, they could just tell people, "You can reach me on I2P; Avoid Windows; And encrypt your HD". What they offer now is more like a recipe for a nervous breakdown; They want to maintain their Tech Ninja image, so they keep spouting a dizzying array of jargon relating to "solutions" that only solve for one layer.

Offer a version of network access that is general-purpose, is anonymous/private by default, where people can choose how much of their real identity they want to associate with the virtual one.

about a month ago
top

How Secret Partners Expand NSA's Surveillance Dragnet

Burz Interesting Skype history: (63 comments)

Dec. 22, 2010: The great Skype blackout
Feb. 6, 2011: Skype goes online with NSA PRISM spying (6 weeks after blackout)
October 2011: Microsoft completes Skype acquisition
July 2012: NSA boasts that "a new capability had tripled the amount of Skype video calls being collected through Prism"

about a month ago
top

Elon Musk's Solar City Is Ramping Up Solar Panel Production

Burz Re:Tie this in with the battery tech from Tesla... (262 comments)

Lithium won't be a prime target for grid storage for quite some time (if ever). There are dozens of interesting energy storage techs actually coming to market that have much lower cost/KWh and longer lifetimes. Some are batteries like this or flow batteries and some are not, like the 'icebear'. Even used lithium batteries taken from cars will probably get more of the storage business than new lithium batteries; for now, its just more cost effective and efficient.

The idea of using electric cars themselves as grid storage is an elegant one, but don't hold your breath waiting for it to become a big thing.

about a month ago
top

Cable Boxes Are the 2nd Biggest Energy Users In Many Homes

Burz Re:huh (394 comments)

I have measured it myself. Two different models of boxen supplied by Verizon consume 35W -- constantly.

about a month ago
top

Malvertising Up By Over 200%

Burz Re:It's one of many reasons why Adblocking is mora (174 comments)

No, he's implying ad servers need to start acting like a responsible industry. They pollute the web with malware and make a lot of sites unreadable with adblocking, owing to the moving, flashing and sometimes audible garbage that cover some sites.

If a simple text article with a few associated photos causes my computer's fan to wheeze and slows it to a crawl, and the ads keep breaking my concentration, AND they pose a security threat that (over the years) has gone from significant to huge, then their business model is just attempting to use you as a pair of eyes with a wallet attached. FUCK THEM.

Website operators like Ars Technica and Slashdot should be researching ways to deliver ads that are safe and sane -- there is no justification for a friggin' advertisement to be otherwise. Its just too bad the advertisers don't trust the content creators to serve the ads themselves. So what we get is a cycle of mistrust and negligence that puts their readers at risk of attack. Its sicko.

about 2 months ago
top

Anti-Virus Is Dead (But Still Makes Money) Says Symantec

Burz Re:Does the nature of the business hold it back (254 comments)

Security by isolation is one way to solve that problem. With a hypervisor designed for strong security instead of primarily for conveniece as is usually the case, users can safely allocate their tasks and data to different domains. For instance, 'Work' and 'Personal' could be two domains that have network access, whereas 'Vault' would hold the most sensitive info (like certain keys and passwords) and have no networking. An 'Untrusted' domain is used for most of the general web surfing-- reading articles, watching video streams, etc. On Qubes, there is also a TorVM package that facilitates the creation of anonymous domains.

So, whatever "happens in Vegas stays in Vegas". Qubes even assigns high-risk hardware, like NICs, to their own unprivileged domains.

The nice thing about this setup is that the window manager resides in the privileged domain and both the WM and its graphics stack are isolated from attacks originating in the VM domains. Further, each domain is assigned a border-color when its created so you can always get an idea of what is running in which context by glancing at the desktop. A compromised browser in 'Untrusted', for instance, could put up a window asking for admin access to the privileged domain, but the red border (and [untrusted] marker in the title) would give it away.

Copy/paste and file copy between domains are also protected; they are integrated into the UI so as to require a confirmation step so the privileged domain knows the user really intends to perform the action.

about 3 months ago
top

The Upcoming Windows 8.1 Apocalypse

Burz Re:Microsoft make up your mind! (293 comments)

A word of caution: Most hypervisors were made primarily for the convenience of managing multiple systems on a single piece of hardware. If you want strong security around that Windows install you should think about running it in Qubes; version 2 just came out of beta.

about 3 months ago

Submissions

top

EU FairPhone starts 25k+ production run in one week

Burz Burz writes  |  about 8 months ago

Burz (138833) writes "Ubuntu Edge may not have made it off the drawing board, but more ambitious FOSS-oriented devices have:

FairPhone has garnered over 32,000 orders for its socially-conscious design of the same name, overshooting the original 25k target in the time they allotted (a second run for the same model will start in January). Unfortunately, this sexy phone starts out as an EU-only product. The FairPhone is priced at 325 euros and will come loaded with Android 4.2, a 4.3" touchscreen, dual SIM slots, replaceable battery, and an admirable array of ports and sensors. What FairPhone aren't interested in selling you, however, is another charging brick-- bring your own! :)"
top

Doctorow tears up ISP contract: lack of neutrality

Burz Burz writes  |  more than 6 years ago

Burz (138833) writes "As a reaction to Virgin Media CEO's promise to violate the concept of net neutrality, Cory Doctorow is declaring his ISP contract void, canceling the service, and asking other Virgin customers to do the same. He isn't alone, and neutrality apparently isn't the only reason to drop Virgin. Myself, I am thinking of stopping my Virgin Mobile service in protest."
Link to Original Source

Journals

top

Modern online privacy for the age of Mass

Burz Burz writes  |  about 8 months ago

Invisible Internet Project...
      I2P is best described as a cross between Tor and Bittorrent. That is to say, the onion routing benefits from the fact that most participants contribute to the available bandwidth. It does also come bundled with a bittorrent client and email service. A number of other I2P apps are available including i2P-Bote, a new server-less email system based on DHT.

Qubes OS...
      Qubes is a desktop OS based on a customized Xen hypervisor. It ships with Fedora 18 to provide Linux desktop functionality, but can also host Windows and other VMs. The philosophy here is that paravirtualization, VT-x and VT-d are all employed in concert to reduce the system's attack-able surface to the base minimum while still providing the functionality of a desktop.

My choices in this area amount to a pretty short list because each one is comprehensive in its approach to privacy and security. I2P keeps everything encrypted and anonymous end-to-end without the worrying about app-specific encryption settings (PGP, OTR, HTTPS, etc) which leads to inconsistent usage. That means using mostly I2P-specific apps, though Firefox for I2P Web is the current exception. Qubes OS secures the system by keeping the high-risk subsystems - IP, firewall and X11 - in their own read-only VMs, and also runs my apps in separate domains according to the trust/risk levels I assign to them. For example: a 'banking' appVM to access bank accounts in Firefox, a 'personal' appVM for email, chat and personal files, an 'untrusted' appVM for general roving around the unsecured Web and multimedia entertainment, an 'i2p' appVM for the growing amount of anon/private communications over I2P, etc. The Qubes project goes so far as to claim "strong security" and I believe them... this is not your run-of-the-mill VM system.

More about some of the interesting features in these puppies later...

top

Submissions: Danish paper makes U-turn on cartoons

Burz Burz writes  |  more than 8 years ago

The Media Guardian is reporting on an infamous Danish newspaper's turnaround regarding the publication of certain cartoons. After initially expressing interest in reprinting cartoons from an Iranian paper, they have decided that some caricatures are beyond the pale: "Jyllands-Posten in no circumstances will publish Holocaust cartoons from an Iranian newspaper". This is the same paper in Denmark which posted a boring-then-shocking caricature of the Prophet Muhammed and is now apologising profusely, "peace be upon him".

Meanwhile the U.S. State Dept. says that the Muhammed cartoon irresponsibly incites ethnic as well as religious hatred; a double-whammy that seems to be ignored when debating the issue.

(Posted here cuz I'm tired of seeing my submissions irretrievably drop down a black hole.)

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...