Old Apache Code At Root of Android FakeID Mess
First, sandboxing in Android isn't done at the Java level, it's done at the OS level, by running each app under a different UID and letting the kernel take care of enforcing what that UID is (and isn't) allowed to do. It's the same system that prevents different users on a "conventional" Linux system from accessing each other's private files. This is why Android apps can load and run native code (via JNI) without needing any special security permission or exemption. Native code is still in the sandbox.
Second, the real danger in this flaw isn't malicious apps tricking the user, it's malicious apps tricking other apps. Android's permissions system includes a feature called "signature-level permissions" which allows apps that are signed by the same publisher to grant each other permissions that aren't available to apps signed by other publishers. This bug means that a malicious app can pretend to be signed by Company X in order to gain signature-level permissions to interact with actual Company X apps in privileged ways. Depending on the app, this may allow access to sensitive data.
StarCraft 2: Heart of the Swarm Released
Brood War had a new campaign, units, maps, and cinematics too. It's an expansion in the sense that you can't buy and play it by itself: you have to own the base game already.
GNU Hurd To Develop SATA, USB, Audio Support
I wonder why they picked that name since it is already what the Raspberry PI's version of Debian [Raspbian] is called.
Because "wheezy" is the codename for the upcoming Debian release, for all architectures, not just a specific system like the Raspberry Pi.
Ask Slashdot: Best Laptop With Decent Linux Graphics Support?
If you can wait awhile longer before buying, Intel's upcoming Haswell processor is reported to have significantly improvied graphics performance, and Intel GPUs are well-supported with free drivers in Linux and Xorg. They're less-powerful than NVIDIA and AMD GPUs, but should be fine unless you need to play high-end games on high quality settings.
Google Targets Android Fragmentation With Updated Terms For SDK
Apps can be written to use new features where available but degrade gracefully where they're not.
Every app has both a "minimum SDK version" that identifies which version of Android it requires, and a "target SDK version" that identifies the latest version of Android that it knows about. At runtime, the app can check which version it's actually running on, and enable or disable features as appropriate.
If an app is is run on an Android version newer than the app's "target", the OS itself will do whatever's needed to be backward-compatible with the target version. The developer can update the app and change the target version in order to take control of any new features and differences.
Mozilla Leaves Out Linux For Initial Web App Support
As I recall, Mozilla was willing to grant Debian a license for the Firefox trademark, but they weren't willing to grant it recursively to all Debian users who might want to make (and distribute) their own modified versions of the code they got through Debian. Since Debian doesn't accept licenses that are specific to Debian (DFSG #8), Debian couldn't accept Mozilla's offer of a Firefox trademark license, and thus had to rename it.
The discussions at the time — this is based on my memory from reading the list archives — were all about the fact that Debian applies patches to the code; I don't think the logo issue came about until later.
Valve's Steam & Games Coming To Linux
How long ago was that? In Steam's properties window for a game, there's an Updates tab with the choices "always keep this game up to date" and "do not automatically update this game". That option has been there for a long time.
Site Offers History of Torrent Downloads By IP
Looks like it shares more than that. The source for the login button is:
<fb:login-button perms="user_likes,user_about_me,email,user_hometown,user_relationship_details,user_location,user_website,user_work_history" onlogin="oRRQ.login();">
The site has no legitimate need for all that info if it just wants to know that you're a real person.
Download.com Bundling Adware With Free Software
Software creator is getting market exposure....This is good.
Software creator's good name is tarnished because people installed their software and got malware as a result. Not good.
People get malware, period. Also not good.
Android Dev Demonstrates CarrierIQ Phone Logging Software On Video
In this video, the researcher is looking at debug logs from the phone itself, not network traffic logs showing remote communication. He clearly shows that keystrokes and URLs are being passed to the IQ software running on the phone, but presents no evidence that the data is actually sent to anything outside of the phone.
Has anyone determined what the IQ software does with all this information besides writing it to the debug logger? Is it actually sent somewhere, or saved to persistent storage on the phone? (I'm no Android expert, but I'm under the impression that debug messages are discarded when there's no debugger attached.)
Having this software running in the background is sneaky and certainly makes spying more possible than it would be otherwise, but it's not necessarily the huge immediate privacy violation that everyone seems to be assuming it is.
Carbonite Privacy Breach Leads To Spam
The article's suggestion of address hashes is kinda bogus, and especially dangerous if the hashed addresses are known to be customers. Assuming a spammer/phisher already has eleventy billion addresses, this is a hash collision attack. All the spammer has to do is hash their list and look for matches. Instant customer list.
That's the intended usage of the list of hashes: for each address that the marketer already has, they can determine whether it's the address of an existing customer so they can exclude it from the ad campaign. No technological measures can avoid the fact that if you want an advertiser to exclude your customers from an ad campaign, you have to give them a way to determine who your customers are. Only trust (and trustworthiness) can resolve that.
But hashing the list would at least prevent the marketer from learning new addresses that they didn't already know about, so it's better than giving them the raw list.
Ask Slashdot: Image Recognition For Race Timing?
I don't know how timing is normally done for auto races, but I've been part of the staff at a few track & field events, such as the Nike Indoor Nationals, and seen how the timing is done there. There's a special camera that captures a single column of pixels, carefully aligned with the finish line, that records a rapid sequence of images whenever something changes in its field of view. The software assembles all these one-pixel-wide images into a single image whose horizontal axis is time rather than space. You can clearly see each runner, though arms and legs often look a little curved since they're moving as they pass through the plane of the finish line. In particular, the ID number tags worn by each runner are clearly visible.
Recognition isn't automatic, but it doesn't need to be. The operator just clicks on the front of each runner's shoulder (the part that "counts" for finishing the race) and reads the number from the runner's ID tag, and the time value associated with that column of pixels is recorded as that runner's finish time. So there's a human delay involved in matching the time measurements to the runners, but no human delay in the measurements themselves.
The company that did the timing at the races where I worked was CFPI Timing, and the tech page on their website has lots of details. Apparently the camera system I described is made by FinishLynx.
The Hobbit Filming at 48fps
3D at the movies use polarized light, and each eye gets their usual 24fps. No flickering because there is no "black" in between each frame.
RealD uses polarized light, but through a single projector, running at 144fps, switching "sides" six times per (24fps) film frame. Your eyes see left-right-left-right-left-right for each still picture before moving on to the next.
Since each eye sees black while the other eye is seeing a picture, RealD does flicker. It's 144fps flicker, which most people don't notice, but some people are sensitive enough to be bothered by it.
Civ IV's Baba Yetu Wins First Grammy For Video Game
It's the same song, but performed by different singers. The in-game version was performed by (I think) an a cappella group at Stanford; the album version is performed by Ron Ragin and the Soweto Gospel Choir.
Basically, the artist re-recorded the song with more professional talent. Compare:
Takedown Letters For WP7 Tetris Clones
Patents protect inventions like McCoy's. Copyrights protect works of creative expression, such as books and music. They're two very different things.
Since a copyright protects only a specific expression (rather than an "idea"), a Tetris-like game shouldn't infringe Tetris copyrights unless the developer copied actual graphics, music, code, etc. from the original Tetris game. A patent on falling-block games, if one existed, would cover Tetris clones, but this isn't an allegation of patent infringement.
Trash-To-Gas Power Plant Gets Greenlight
The GP is a reference to powerplants in SimCity, not in the real world.
Has Christopher Nolan Turned the 3D Argument?
Is that true of IMAX as well? I was under the impression that IMAX is still mostly film-based, though it's been a few years since I've actually seen an IMAX projection system. (The Tuttleman IMAX Theater at the Franklin Institute in Philadelphia has a big glass wall that lets the public see the projection room with the big reels in the center; I'd be sad if they're no longer present.)
Speaking of IMAX, you mentioned the polarizing filter needing power to sync with the projector. That's true of RealD 3D, which uses a single digital projector alternating between the left and right pictures (three times each) for every frame. Do you know if it's also true of IMAX 3D, or does that use dual projectors to show both pictures at the same time? I've been wondering whether IMAX might be better than RealD for some people who get headaches watching 3D movies, if it avoids the temporal dithering needed when using a single projector.
I assume the "special reflecting screen" is one that doesn't alter the polarization of the light it reflects.
The State of Linux IO Scheduling For the Desktop?
Switching from ext3 to ext4 resolved this for me. Since ext4 allocates files in extents of up to 256MB, deleting even a very large file involves freeing just a handful of extents, rather than a huge number of individual 4k blocks.
Another advantage of ext4 is much faster fsck times on large filesystems — minutes rather than hours.
GNOME 3.0 Delayed Until March 2011
I think it's a pretty reasonable design decision, actually. High-level behavior in a high-level language that's easy to maintain, lower-level implementation details in efficient compiled native code. It's similar to what browser-based apps like Google Maps do, with Clutter taking the place of the HTML DOM.
Was This the First Denial of Service Attack?
DoS is any attack that deliberately prevents people from being able to use the system, without actually damaging the system. Flooding the system with service requests is just one way of doing that. Sending commands to hang everyone's terminal is another.
Wyzard hasn't submitted any stories.
Wyzard has no journal entries.