Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Old Apache Code At Root of Android FakeID Mess

Wyzard Re:Java sandboxing helped in this case (127 comments)

Not quite.

First, sandboxing in Android isn't done at the Java level, it's done at the OS level, by running each app under a different UID and letting the kernel take care of enforcing what that UID is (and isn't) allowed to do. It's the same system that prevents different users on a "conventional" Linux system from accessing each other's private files. This is why Android apps can load and run native code (via JNI) without needing any special security permission or exemption. Native code is still in the sandbox.

Second, the real danger in this flaw isn't malicious apps tricking the user, it's malicious apps tricking other apps. Android's permissions system includes a feature called "signature-level permissions" which allows apps that are signed by the same publisher to grant each other permissions that aren't available to apps signed by other publishers. This bug means that a malicious app can pretend to be signed by Company X in order to gain signature-level permissions to interact with actual Company X apps in privileged ways. Depending on the app, this may allow access to sensitive data.

about 6 months ago

StarCraft 2: Heart of the Swarm Released

Wyzard Re:Who cares? (271 comments)

Brood War had a new campaign, units, maps, and cinematics too. It's an expansion in the sense that you can't buy and play it by itself: you have to own the base game already.

about 2 years ago

GNU Hurd To Develop SATA, USB, Audio Support

Wyzard Re:Wheezy? (274 comments)

I wonder why they picked that name since it is already what the Raspberry PI's version of Debian [Raspbian] is called.

Because "wheezy" is the codename for the upcoming Debian release, for all architectures, not just a specific system like the Raspberry Pi.

about 2 years ago

Ask Slashdot: Best Laptop With Decent Linux Graphics Support?

Wyzard Wait for Haswell (260 comments)

If you can wait awhile longer before buying, Intel's upcoming Haswell processor is reported to have significantly improvied graphics performance, and Intel GPUs are well-supported with free drivers in Linux and Xorg. They're less-powerful than NVIDIA and AMD GPUs, but should be fine unless you need to play high-end games on high quality settings.

more than 2 years ago

Google Targets Android Fragmentation With Updated Terms For SDK

Wyzard Re:but its Java? (154 comments)

Apps can be written to use new features where available but degrade gracefully where they're not.

Every app has both a "minimum SDK version" that identifies which version of Android it requires, and a "target SDK version" that identifies the latest version of Android that it knows about. At runtime, the app can check which version it's actually running on, and enable or disable features as appropriate.

If an app is is run on an Android version newer than the app's "target", the OS itself will do whatever's needed to be backward-compatible with the target version. The developer can update the app and change the target version in order to take control of any new features and differences.

more than 2 years ago

Mozilla Leaves Out Linux For Initial Web App Support

Wyzard Re:Fork it, then (403 comments)

As I recall, Mozilla was willing to grant Debian a license for the Firefox trademark, but they weren't willing to grant it recursively to all Debian users who might want to make (and distribute) their own modified versions of the code they got through Debian. Since Debian doesn't accept licenses that are specific to Debian (DFSG #8), Debian couldn't accept Mozilla's offer of a Firefox trademark license, and thus had to rename it.

The discussions at the time — this is based on my memory from reading the list archives — were all about the fact that Debian applies patches to the code; I don't think the logo issue came about until later.

more than 2 years ago

Valve's Steam & Games Coming To Linux

Wyzard Re:Steam is so hot it burns (224 comments)

How long ago was that? In Steam's properties window for a game, there's an Updates tab with the choices "always keep this game up to date" and "do not automatically update this game". That option has been there for a long time.

more than 2 years ago

Site Offers History of Torrent Downloads By IP

Wyzard Re:Its a trap!! Dont do it! (340 comments)

Looks like it shares more than that. The source for the login button is:

<fb:login-button perms="user_likes,user_about_me,email,user_hometown,user_relationship_details,user_location,user_website,user_work_history" onlogin="oRRQ.login();">

The site has no legitimate need for all that info if it just wants to know that you're a real person.

more than 3 years ago

Download.com Bundling Adware With Free Software

Wyzard Re:Just Curious... (228 comments)

Software creator is getting market exposure....This is good.

Software creator's good name is tarnished because people installed their software and got malware as a result. Not good.

People get malware, period. Also not good.

more than 3 years ago

Android Dev Demonstrates CarrierIQ Phone Logging Software On Video

Wyzard But is the data actually transmitted anywhere? (322 comments)

In this video, the researcher is looking at debug logs from the phone itself, not network traffic logs showing remote communication. He clearly shows that keystrokes and URLs are being passed to the IQ software running on the phone, but presents no evidence that the data is actually sent to anything outside of the phone.

Has anyone determined what the IQ software does with all this information besides writing it to the debug logger? Is it actually sent somewhere, or saved to persistent storage on the phone? (I'm no Android expert, but I'm under the impression that debug messages are discarded when there's no debugger attached.)

Having this software running in the background is sneaky and certainly makes spying more possible than it would be otherwise, but it's not necessarily the huge immediate privacy violation that everyone seems to be assuming it is.

more than 3 years ago

Carbonite Privacy Breach Leads To Spam

Wyzard Re:More proof opt-in is the ONLY way to do it righ (134 comments)

The article's suggestion of address hashes is kinda bogus, and especially dangerous if the hashed addresses are known to be customers. Assuming a spammer/phisher already has eleventy billion addresses, this is a hash collision attack. All the spammer has to do is hash their list and look for matches. Instant customer list.

That's the intended usage of the list of hashes: for each address that the marketer already has, they can determine whether it's the address of an existing customer so they can exclude it from the ad campaign. No technological measures can avoid the fact that if you want an advertiser to exclude your customers from an ad campaign, you have to give them a way to determine who your customers are. Only trust (and trustworthiness) can resolve that.

But hashing the list would at least prevent the marketer from learning new addresses that they didn't already know about, so it's better than giving them the raw list.

more than 3 years ago

Ask Slashdot: Image Recognition For Race Timing?

Wyzard There are special cameras for this (170 comments)

I don't know how timing is normally done for auto races, but I've been part of the staff at a few track & field events, such as the Nike Indoor Nationals, and seen how the timing is done there. There's a special camera that captures a single column of pixels, carefully aligned with the finish line, that records a rapid sequence of images whenever something changes in its field of view. The software assembles all these one-pixel-wide images into a single image whose horizontal axis is time rather than space. You can clearly see each runner, though arms and legs often look a little curved since they're moving as they pass through the plane of the finish line. In particular, the ID number tags worn by each runner are clearly visible.

Recognition isn't automatic, but it doesn't need to be. The operator just clicks on the front of each runner's shoulder (the part that "counts" for finishing the race) and reads the number from the runner's ID tag, and the time value associated with that column of pixels is recorded as that runner's finish time. So there's a human delay involved in matching the time measurements to the runners, but no human delay in the measurements themselves.

The company that did the timing at the races where I worked was CFPI Timing, and the tech page on their website has lots of details. Apparently the camera system I described is made by FinishLynx.

more than 3 years ago

The Hobbit Filming at 48fps

Wyzard Re:i dont get it (423 comments)

3D at the movies use polarized light, and each eye gets their usual 24fps. No flickering because there is no "black" in between each frame.

RealD uses polarized light, but through a single projector, running at 144fps, switching "sides" six times per (24fps) film frame. Your eyes see left-right-left-right-left-right for each still picture before moving on to the next.

Since each eye sees black while the other eye is seeing a picture, RealD does flicker. It's 144fps flicker, which most people don't notice, but some people are sensitive enough to be bothered by it.

more than 3 years ago

Civ IV's Baba Yetu Wins First Grammy For Video Game

Wyzard Re:Wrong Version (88 comments)

It's the same song, but performed by different singers. The in-game version was performed by (I think) an a cappella group at Stanford; the album version is performed by Ron Ragin and the Soweto Gospel Choir.

Basically, the artist re-recorded the song with more professional talent. Compare:

more than 3 years ago

Takedown Letters For WP7 Tetris Clones

Wyzard Re:I can't support the OP... (290 comments)

Patents protect inventions like McCoy's. Copyrights protect works of creative expression, such as books and music. They're two very different things.

Since a copyright protects only a specific expression (rather than an "idea"), a Tetris-like game shouldn't infringe Tetris copyrights unless the developer copied actual graphics, music, code, etc. from the original Tetris game. A patent on falling-block games, if one existed, would cover Tetris clones, but this isn't an allegation of patent infringement.

more than 3 years ago

Trash-To-Gas Power Plant Gets Greenlight

Wyzard Re:But But (113 comments)

The GP is a reference to powerplants in SimCity, not in the real world.

more than 4 years ago

Has Christopher Nolan Turned the 3D Argument?

Wyzard Re:3D is lame (381 comments)

Is that true of IMAX as well? I was under the impression that IMAX is still mostly film-based, though it's been a few years since I've actually seen an IMAX projection system. (The Tuttleman IMAX Theater at the Franklin Institute in Philadelphia has a big glass wall that lets the public see the projection room with the big reels in the center; I'd be sad if they're no longer present.)

Speaking of IMAX, you mentioned the polarizing filter needing power to sync with the projector. That's true of RealD 3D, which uses a single digital projector alternating between the left and right pictures (three times each) for every frame. Do you know if it's also true of IMAX 3D, or does that use dual projectors to show both pictures at the same time? I've been wondering whether IMAX might be better than RealD for some people who get headaches watching 3D movies, if it avoids the temporal dithering needed when using a single projector.

I assume the "special reflecting screen" is one that doesn't alter the polarization of the light it reflects.

more than 4 years ago

The State of Linux IO Scheduling For the Desktop?

Wyzard Re:It sucks I agree (472 comments)

Switching from ext3 to ext4 resolved this for me. Since ext4 allocates files in extents of up to 256MB, deleting even a very large file involves freeing just a handful of extents, rather than a huge number of individual 4k blocks.

Another advantage of ext4 is much faster fsck times on large filesystems — minutes rather than hours.

more than 4 years ago

GNOME 3.0 Delayed Until March 2011

Wyzard Re:Havoc Pennington? (201 comments)

By the way, do you know what language did they use to program gnome-shell? Javascript.

The JavaScript is the high-level "business logic" that manipulates nodes in a scene graph to move things around on the screen. The actual scene-graph library, Clutter, is written in C and renders via OpenGL.

I think it's a pretty reasonable design decision, actually. High-level behavior in a high-level language that's easy to maintain, lower-level implementation details in efficient compiled native code. It's similar to what browser-based apps like Google Maps do, with Clutter taking the place of the HTML DOM.

more than 4 years ago

Was This the First Denial of Service Attack?

Wyzard Re:Was it a DoS exactly? (166 comments)

DoS is any attack that deliberately prevents people from being able to use the system, without actually damaging the system. Flooding the system with service requests is just one way of doing that. Sending commands to hang everyone's terminal is another.

more than 4 years ago


Wyzard hasn't submitted any stories.


Wyzard has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?