×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Administration Ordered To Divulge Legal Basis For Killing Americans With Drones

DigitAl56K Re:I thought there were rules about this already? (309 comments)

If there citizens are required to be afforded due process by constitution and can not be shown to receive such, it's forbidden. The actual question is how far they can/will go before there's enough push back to either make them decide to stop or face repercussions. All of this secrecy nonsense is simply meant to avoid some of the push back by implying there is legitimacy. So long as that strategy keeps working nothing is going to change.

3 days ago
top

The Dismal State of SATCOM Security

DigitAl56K Re:As a SATCOM professional... (54 comments)

LDR services like Inmarsat were never meant to be secure. Now if this was about AEHF that would be news.

I'm pretty sure they're meant to be at least secure enough that Joe Shmoe couldn't take them over with a text message or a known hardcoded credential. Well, unless you can point someone at this list of vulnerabilities and say "it's not meant to be secure", and still make your sale, of course.

about a week ago
top

LA Police Officers Suspected of Tampering With Their Monitoring Systems

DigitAl56K Data mining to find the culprits? (322 comments)

I wonder if the damage was reported and tracked over time, and if you could correlate this with who was assigned the equipment immediately prior? The results would probably paint a good heat map against the list of officers as to what subset was behind the damage.

about two weeks ago
top

OpenSSL Bug Allows Attackers To Read Memory In 64k Chunks

DigitAl56K Re:Ironic (303 comments)

Irony rears it's head on the day that patches for a Linux vulnerability are announced at the same time Microsoft ends its patching and update service for Windows XP.

How is a vulnerability in OpenSSL, which is a library that can be compiled for multiple platforms, a "Linux vulnerability"?

about two weeks ago
top

Five-Year-Old Uncovers Xbox One Login Flaw

DigitAl56K Re:$300? (196 comments)

To put it in perspective, that $100K was for bypassing exploit mitigation features that cross all processes on the system, and would severely undermine Windows 8.1's security features. This one seems to require you to be standing in front of a specific console.

Still, what a stupid bug to have.

about three weeks ago
top

AWS Urges Devs To Scrub Secret Keys From GitHub

DigitAl56K Re:Nice job obfuscating the key (109 comments)

When posting screenshots containing secret keys, just remove a large part of it. Don't use blur or swirl like filters, these can be reversed quite well.

The blurred key posted by itnews is pretty much reversible with the naked eye.

According to the summary the blurred key, and others, are already available in plaintext on Github meaning countless people could have already captured them and possibly still can.

about 1 month ago
top

Ex-Microsoft Employee Arrested For Leaking Windows 8

DigitAl56K Re:H-1B? (197 comments)

I wonder how he worked for MS for 7 years as H1-B Visas are supposed to be limited to 6 years.

Because you don't understand immigration law? He could have a greencard, making him a permanent resident but Russian national, or he could have applied for one, in which case he can continue to extend his visa until a determination is made on his application.

about a month ago
top

Officials: NSA's PRISM Targets Email Addresses, Not Keywords

DigitAl56K Re:So the question is, is this true? (96 comments)

Of course they ask ISPs to hand over stuff by email addresses, etc.

How do they select those email addresses? Because that's the bit we're actually talking about. The Snowden docs suggest it's by automatically inspecting everything and applying selectors to find the interesting stuff. IMO that's dragnet surveillance.

about a month ago
top

Obama Administration Transparency Getting Worse

DigitAl56K Re:Most Transparent Ever! (152 comments)

“This is the most transparent administration in history,” -- Barack Obama, February 2013

He must have been speaking about how obvious their stance with regarding releasing information was.

But to make a counter-point, much as I loathe to do so, it's also possible with all the NSA/Snowden stories that they have faced more requests for documents that are classified than typical. It would be nice to see the chart from TFA displayed as a 100% breakdown rather than a stacked breakdown.

about a month ago
top

Weak Apple PRNG Threatens iOS Exploit Mitigations

DigitAl56K Re:Why do we have all these custom PRNGs? (143 comments)

That doesn't make a lot of sense to me. If you define some performance criteria and the processors on which those criteria must be met, what's the problem? The operations would be the same, the instructions underlying those operations could be different. For any particular processor it could even be slightly inefficient. But at least it would be secure to an agreed upon/openly vetted standard. As I said, if you just want a fast/insecure PRNG, make one separately, and give it a very clear API name indicating that it's insecure.

The only problem I see is where you draw your entropy from if you need to mix in something truly random.

about a month ago
top

Weak Apple PRNG Threatens iOS Exploit Mitigations

DigitAl56K Re:Not responsible disclosed (143 comments)

How is it irresponsible disclosure?

Apple might prefer someone disclosed it to them first, whereas some of Apple's users might like to know straight away that they're vulnerable. In either case there is the chance someone less scrupulous has identified the same problem and may use for nefarious purposes.

Open disclosure is only irresponsible depending on your point of view, just like private disclosure might be irresonsible depending on your point of view. There are researchers who will argue for both sides. Open disclosure might disqualify you for being paid under some bounty programs, but then it's up to whoever runs those programs as to whether they would rather encourage at least open disclosure at a minimum based on the personal opinions and motivations of the person doing the research.

about a month ago
top

Weak Apple PRNG Threatens iOS Exploit Mitigations

DigitAl56K Re:Why do we have all these custom PRNGs? (143 comments)

Crypto and security guys are an opinionated lot. Getting everyone to agree to some kind of standard is unlikely.

There are surely a set of criteria to be met in the design for a PRNG to be acceptable, a set of known attacks and weaknesses that the PRNG has to be resiliant to to some established degree, some minimum level of performance required (max ops per generation, average ops or ms per generation of n numbers on a certain CPU feature set), unencumbered by patents or full waiver provided. You put together some candidates, allow some window of time (e.g. a year) for everyone to poke holes in them provided all the known materials that would assist someone to make them fail the acceptance criteria. Whatever makes it through is your suite.

about a month ago
top

Weak Apple PRNG Threatens iOS Exploit Mitigations

DigitAl56K Why do we have all these custom PRNGs? (143 comments)

Why don't we decide on a handful of strong PRNGs, and make every major OS use them exclusively, and in the case you really need something fast/psuedo-random you have to use a source/API explicitly named "insecure_rng".

That's both Android and iOS fallen victim to poor PRNGs in the last year..

about a month ago
top

Mt. Gox Knew It Was Selling Phantom Bitcoin 2 Weeks Before Collapse

DigitAl56K Re:Bitcoin (263 comments)

As much as people (including me) like to hate on banks, when was the last time you actually lost money? When was the last time you put money in a bank and they "lost" all or part of it? When was the last time you put money in a bank and lost all or part of it because the bank was robbed?

When was the last time the fed printed as much money as it wanted, devaluing the money you had put in the bank?

Oh, I see, all the time.

about a month and a half ago
top

Neil Young's "Righteous" Pono Music Startup Raises $1 Million With Kickstarter

DigitAl56K Re:Too pricey, odd shape? (413 comments)

I think the idea is to create demand which will bring the pricing down over time. What will start out as a niche device could easily become the new standard.

Well, it has some other challenges in that regard too:
* If MP3/AAC/AAC+ is "good enough" those devices will always have cheaper storage and will undercut the Pono, even if its price does come down. And my phone already supports all those formats out of the box, and can pull the content from the cloud with album art.
* I wonder how the battery life is, becauseas an enthusiast I've used devices that support FLAC before, and without hardware support like most products have for MP3 I found that they tend to run hotter and battery life is shorter.
* All major online stores deliver music in lossy formats. Most people have libraries of MP3s. Those libraries don't swallow their hard drive.

Again, don't get me wrong, a lossless world would be nice, but I think lossless has to at least arrive in the online stores first, and I doubt this device will be what drives that, given its initial price point and zero market share.

Also, Neil Young have never given a fuck about what other people think.

Well, he has to care about what his target market are actually willing to fork out for in sufficient numbers. I guess we'll see.

about a month and a half ago
top

Neil Young's "Righteous" Pono Music Startup Raises $1 Million With Kickstarter

DigitAl56K Too pricey, odd shape? (413 comments)

I read the other day that these units are going to go for about $400 a piece. While I myself am an audiophile at heart, I just can't see the use cases for this that makes it worth the money.

For a start, when I'm on the go, unless I'm in a plane (which I'm not very often), I can't use noise-cancelling headphones or I have little situational awareness, and the benefit of this higher fidelity is lost. If I'm sitting at my computer, I'd rather access my library through the computer via a nicer interface and still be able to hear the audio for videos I play etc., and I don't have to worry about plugging in or running down batteries.

So I'm left wondering where are the occasions when I'd really benefit from the higher quality on the go, how frequently do they arise, and is it worth the money for more pristine sound in just those cases?

Also, the damn thing is triangular. Where am I supposed to be putting this? It's not going in a pocket alongside my smartphone...

For me, it's nice that someone is trying to produce a product with a higher audio quality, but I don't see myself buying one.

about a month and a half ago
top

Silicon Valley's Youth Problem

DigitAl56K Obviously.. (225 comments)

Why do these smart, quantitatively trained engineers, who could help cure cancer or fix healthcare.gov, want to work for a sexting app?

Because as an employee in America, your CEO makes on average over 273x your pay, whereas if you join a startup early enough you stand a chance of actually benefiting from your companies success.

Next stupid question?

about a month and a half ago
top

NSA and GCHQ Target "Leaky" Phone Apps To Scoop User Data

DigitAl56K So... (144 comments)

now can we encrypt all traffic by default?

about 3 months ago
top

Does Anyone Make a Photo De-Duplicator For Linux? Something That Reads EXIF?

DigitAl56K Seriously? (243 comments)

Are we seriously discussing how to dedupe files based on a hash here?

News for nerds, stuff that matters, questions that belong in a forum where people answer things you couldn't be bothered to Google.

about 3 months ago
top

MIT Develops Inexpensive Transparent Display Using Nanoparticles

DigitAl56K Re:A little misleading (87 comments)

Not only that, but notice that the demo video conveniently has them moving a set of cups behind the screen, none of which are blue. The glaring omission here is what happens if something blue does get moved behind the display - like say when you're out driving and a blue car goes past, or you look at the sky? Does that get badly distorted/dimmed? And if so, and I want an RGB version of this, what happens?

It would be sweet if you could project e.g. IR light at it and have that come out with a frequency shift, but that doesn't seem to be what's happening.

about 3 months ago

Submissions

top

Websites Still Failing Basic Privacy Practices

DigitAl56K DigitAl56K writes  |  more than 4 years ago

DigitAl56K (805623) writes "Do you ever find it surprising that large companies still can't get down the basics of privacy and security on the web? Today I went to enter a competition from Duracell to win a Nintendo Wii by filling out an online form that requires entering your full name, address, and date of birth, and then proceeds to submit it via an unencrypted HTTP POST. The ultimate irony? The message at the bottom of the page that reads,

"Trust is a cornerstone of our corporate mission, and the success of our business depends on it. P&G is committed to maintaining your trust by protecting personal information we collect."

Which websites have you found to be lacking in their basic privacy practices?"
Link to Original Source

top

MEDUSA Ray Gun Creates Voices In Your Head

DigitAl56K DigitAl56K writes  |  more than 5 years ago

DigitAl56K (805623) writes "NewScientist is reporting on a US company, Sierra Nevada Corporation, that is ready to produce a crowd-control device which uses microwaves to heat the tissues inside your head so rapidly that the shockwaves resulting actually create sound. The device is named MEDUSA (Mob Excess Deterrent Using Silent Audio) and can be targeted using broad or narrow beams. From the article:

MEDUSA involves a microwave auditory effect "loud" enough to cause discomfort or even incapacitation. Sadovnik says that normal audio safety limits do not apply since the sound does not enter through the eardrums.

A member of the Electrical and Computer Engineering Department at the University of Illinois in Chicago who has also worked on the technique has commented that while feasible, attaining the necessary volume might involve power levels that could cause neural damage.

It is estimated that a demonstration version could be built within a year."

Link to Original Source

top

AVG 8 Causing Trouble For Web Analytics?

DigitAl56K DigitAl56K writes  |  more than 5 years ago

DigitAl56K (805623) writes "The Register is reporting that AVG 8 includes as part of its anti-virus scanner Linkscanner, technology acquired by the company that scans results from popular search engines including Google, Yahoo!, and Live Search before you visit them. This apparently has resulted in traffic for some sites to increase by as much as 80%, confusing web analytics because real visits may not have increased at all. Approximately 28% of AVG users worldwide are now using AVG 8, so this problem has plenty of scope for growth.

How will analytic services react to the effects of prescanning, and what benefits does prescanning hold over real-time transport scanning? Further, even if prescanning protects your computer does it ultimately pose a risk to your personal security? In May Slashdot informed us that the FBI had raided homes of people who had merely clicked links to illegal pornography. When your computer is automatically clicking search results for you maybe you had better be careful what search terms you use."

Link to Original Source
top

US to employ overhead spying domestically

DigitAl56K DigitAl56K writes  |  about 6 years ago

DigitAl56K (805623) writes "The Washington Post reports that, "The Bush administration said yesterday that it plans to start using the nation's most advanced spy technology for domestic purposes soon" and that Homeland Security Secretary Michael Chertoff has said that "Sophisticated overhead sensor data will be used for law enforcement". Last year CNET reported on at least one county in North Carolina already using a UAV to "monitor gatherings of motorcycle riders at the Gaston County fairgrounds from just a few hundred feet in the air — close enough to identify faces".

Discovery Channel's Future Weapons has provided insight into numerous UAVs, including the Fire Scout, Global Hawk, Predator 2, and the Dominator, their coverage of the Predator 2 particularly demonstrating surveillance and tracking capabilities of these units.

According to DefenseNews the US Air Force just announced the purchase of 28 Predators as part of a contract awarded to General Atomics. The US Air Force has just begun running ads on cable TV as part of their "Above All" campaign that feature the UAVs (sorry, no online video yet).

Initially, it appears that the administration plans to leverage conventional satellites for domestic surveillance purposes.

Behave yourself, citizens."

Link to Original Source
top

How do you securely change your e-nationality?

DigitAl56K DigitAl56K writes  |  more than 6 years ago

DigitAl56K (805623) writes "Being a foreigner in the US has its ups and downs. One of the downs I face stems from the music industry's obsession with territory restrictions. Not only am I unable to purchase certain UK releases online despite being able to import CDs, but I also can't listen to most of the webcasting radio stations near my home because they've had to implement IP->Geo lockouts. This leads to a cultural disconnect for me that the Internet really ought to solve. If you've ever graced the forums of an online music store you have likely seen dozens of users around the globe with similar complaints, and in general the only solution is to find an open proxy in another country to bypass the artificial barriers.

Unfortunately many open proxies are not intended for medium-high bandwidth applications, and may be unknowing victims of malware designed to sniff and steal information. Are there any reputable secure and/or trustworthy commercial proxy/tunneling services designed to provide end-points in specific countries?"
top

When will smart phone plans become affordable?

DigitAl56K DigitAl56K writes  |  more than 6 years ago

DigitAl56K (805623) writes "When my old no thrills voice-only handset finally began giving up the ghost last week I decided it was time to join my colleagues and jump on the smart phone bandwagon. Mobile IM, web, GPS and music downloads all beckoned. Then I totaled up the cost of my new wireless plan. Ouch!

The offerings from the leading US wireless providers are incredibly expensive. A typical voice plan coupled with basic personal Blackberry service can easily cost over $100 and depending on the network other basic features push the monthly rate higher still. Limited or unlimited messages, M2M messages, and night or weekend calling often cost extra. Users buying handsets advertised as having GPS may be unpleasantly surprised to find additional monthly service subscriptions are required to use all or some parts of these services, such as voiced directions. In the end you're likely to pay more for a cellphone with basic smart phone functionality than you do for digital TV and high speed Internet combined, even without high-tech features like GPS included, and most of the service agreements although offering unlimited data for what are clearly multimedia-enabled devices prohibit medium-high bandwidth applications regardless.

How long must we wait for todays smart phones to become the norm and for some level of sanity to take hold in wireless plan rates?"
top

DigitAl56K DigitAl56K writes  |  more than 7 years ago

DigitAl56K writes "Star Wars fans rejoice! Four years after their original fan film saw them picking up light sabers and taking to battle, Ryan Wieber and Michael Scott have published RvD2. The choreography and attention to detail strongly rival the best efforts of Lucasfilm, as does the sound track.

A low resolution version of RvD2 is available on YouTube, and an HD version (429MB) can be downloaded from DivX Stage6. You can also order the original soundtrack and "Making of" videos via ryanvsdorkman.com, as well as donating to their projects."
top

DigitAl56K DigitAl56K writes  |  more than 7 years ago

DigitAl56K writes "Brian Transeau (BT) is a pioneer of the electronica genre who helped to define trance in the early '90s. His career is diverse with a background in classic music and long history of film scoring, but it is arguably his pursuit of using new technology in music that distinguishes him as an artist. He's a recognized master of audio synthesis and engineering, he writes his own software instruments and effects, and he's famous for his live shows — which he often plays real-time from a laptop computer.

His latest album, This Binary Universe, is released on CD+DVD and mastered in DTS digital surround, accompanied by visuals ranging from CGI to watercolors produced by artists who participate on deviantART. One track on the album is written entirely in Csound, a synthesis scripting language and renderer where the instruments, effects, and score are composed using only a text editor.

BT is currently on tour with electonica veteran Thomas Dolby. The shows not only feature visuals from the album rendered live, but also artwork from members of deviantART local to each area, and a full surround sound audio environment.

The DivX Stage6 team interviewed BT to discuss his career, latest album, use of technology in music, mathematics in music and in nature, and more. We also asked him how he feels about people who download music. The response was both interesting and honest, and gave significant insight into the ethical views of a real artist, as well as dispelling some of the common myths around the effect of piracy on artists large and small.

The complete interview is available from the BT channel on DivX Stage6, including the video for track 4 from his album, entitled "1.618" after the golden ratio, in DivX HD with MP3 Surroud."

Journals

DigitAl56K has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...