Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

How long ago did you last assemble a computer?

alostpacket I think it's more a value trade (391 comments)

I think it really depends on the game. I've seen this go both way where the i7s significantly outperform the i5s, and vice versa. The other advantage of a faster CPU is that it will open up so that the graphics card is sure to be performing at full potential.

This site shows the i7 leading the i5 in most games by a tiny-to-small margin
http://www.ocaholic.ch/modules... (random site I found on Google search):

Ultimately I think the big win for the i5 is you get nearly identical performance of an i7 (for a game), but for a much greater value. I have never read, other than your comment, that hyper-threading is a performance hit. I would love if you could point to some post / site with more info backing that claim. Cheers.

about 2 months ago
top

Auditors Release Verified Repositories of TrueCrypt

alostpacket Re:Subscribe (146 comments)

But the /. moderation system is infallible

about 4 months ago
top

Chicago Robber Caught By Facial Recognition Sentenced To 22 Years

alostpacket Re:Fingerprints (143 comments)

I think his point is that fingerprint and DNA false positives dont lead to a suspect that looks like what a witness saw. Whereas facial regonition false positives almost guarantee that the person will at least look similar to what the witness saw. Thus for facial recognition, the witness-as-a-confirmation is not as compelling. It's almost the same piece of evidence, rather than two corroborating pieces.

about 4 months ago
top

Lose Sleep, Fail To Form Memory

alostpacket Re:no surprise (85 comments)

Don't you remember? It was right there in the article. ;)

about 4 months ago
top

As Crypto Mining Grows, Data Centers Begin Accepting Bitcoin

alostpacket Re:A new coin, again? (94 comments)

The Swedish Chef has started a new crypto currency.

about 4 months ago
top

VHS-Era Privacy Law Still Causing Headaches For Streaming Video

alostpacket Re:Fubared priorities (62 comments)

I always thought it had something to do with the Swedish Chef.

I wonder what his viewing history would be like.

about 5 months ago
top

Some Mozilla Employees Demand New CEO Step Down

alostpacket Something of note: (824 comments)

Not sure about behavior, but as a 501c3, Mozilla is not allowed to donate to candidates and has limits on lobbying. But I do not know what exactly the limits are.

https://en.wikisource.org/wiki...

Something in there...

The lobbying ceiling amount for any organization for any taxable year is 150 percent of the lobbying nontaxable amount for such organization for such taxable year, determined under section 4911.

Hopefully someone has a greater interest in deciphering that.^ It does not seem related to anything decided in Citizens v United as far as I can tell.

about 6 months ago
top

One Billion Android Devices Open To Privilege Escalation

alostpacket Re:Nope (117 comments)

I wonder, though. When you buy a new Android phone and sign in to Play, it downloads (or at least offers to) all the apps you had on your old phone. Does the same thing happen there

No, this particular exploit requires the malicious app be on a phone prior to an OS update. Additionally these apps would never* make it on the Play store as they have detectable characteristics (such as trying to use the same "Shared UID" of another app). In order to upload an app with the same Shared UID, you would need the same keystore to sign your app. Basically the way this bug works is exploiting the reverse of how the package manager grants precedence. The package manager give precedence to what is on the device first. So anything "updated" from the Play store, even if they spoofed the Shared UID and signature, would fail to install. The bug is that an app can "steal" the ability to control the permission completely, AND install itself or block the install of the legit version of an app.

So TL;DR: This definitely is a rather nasty privilege escalation bug in the package manager (if the paper is correct and I am reading it correctly), but one would likely need to side-load (or use a different app store) the malicious app prior to an OS update to get caught by it.

Agreed about permissions in general though. Personally I try not to give out contacts to any app unless they happen to be a type of "contact manager/replacement". Most apps can request a user use the default "contact picker" to add a contact, or share, or the like. No permission is required for this. The only reason apps request this is to prefill those "share with a friend" fields and to spam. This is similar to READ_PHONE_STATE, there are few legit reasons for an app to need this anymore. Apps can launch the dialer and prefill the number sans the permission, just not complete the call. They also have other ways to generate a UUID for the device without the IMEI, or the other info provided by READ_PHONE_STATE.

The USB storage permissions are antiquated, but not as sensitive. Apps do have private storage but this used to be quite limited in the earlier days of Android. The Nexus S was one of the first to come with a single, large internal storage (although even that was still partitioned). Prior to that you had a limited protected storage and an SD card. Nowadays they are adding better "Read" file permissions.

Finally, I think much of this stuff could be requested at time-of-use, rather than install. But they have to balance the "Are you sure you want to allow X?" disaster that was Windows UAC vs. sensible permissions. It is not as easy as it looks.

* (Well maybe not never, but very close to never...)

about 6 months ago
top

Time Dilation Drug Could Let Heinous Criminals Serve 1,000 Year Sentences

alostpacket Star Trek DS9 (914 comments)

This was actually an episode on Star Trek DS9. O'Brien was punished by some alien culture and served a ~20 year sentence in a matter of ~hours (iirc). They claimed it was more humane and economical than prison. However I think the moral of the episode is that it really scarred him mentally (and he was innocent, again iirc).

Could there be a humane way to use something like this? Personally I highly doubt it, but I can't completely rule it out as just barely plausible (Kinda like Star Trek in general). I just can't imagine how this would be used without causing mental instability.

about 6 months ago
top

Apple Launches CarPlay At Geneva Show

alostpacket Re:Innovation? (264 comments)

And if they do a good job, they will push competition. This seems like a common theme with Apple. They come into a fractured mess of a product sector and make a good show of it. This is good news, car infotainment is terrible.

Plus maybe cars will be able to launch actual angry birds at each other to express road rage.

about 7 months ago
top

Does Relying On an IDE Make You a Bad Programmer?

alostpacket Re:Programming is not about rote memorization (627 comments)

Not sure if trolling but that's not really what trivial means in this context.

adjective: trivial
1. of little value or importance.
synonyms: unimportant, banal, trite, commonplace, insignificant, inconsequential,

Think "the average airspeed of an unladen swallow". "The atomic weight of cobalt"

about 7 months ago
top

Netflix Blinks, Will Pay Comcast For Network Access

alostpacket Re:If Comcast were Exxon (520 comments)

ISPs are not peers though, they are endpoints. The "equal data" argument only works between two backbone/transit providers. ISPs are requesting that data be sent to them. they don't get to request the data be sent to them and request that they also be paid to receive it.

Also what makes you think you only pay for upload? That makes no sense. Though I agree in that bandwidth caps are bad -- though mostly because they are generally misleading advertising.

about 7 months ago
top

Netflix Blinks, Will Pay Comcast For Network Access

alostpacket Re:Maybe Netflix is too big for peering agreements (520 comments)

1) it's the ISP's users requesting 30% of the internet traffic, not Netflix. The ISPs aren't peering at all, they are the termination point. They aren't providing a service to Netflix, or to anyone else on the internet for that matter, except their customers.
2) It's the ISPs responsibility to provide enough network infrastructure to their customers. They don't get to hold hostage their users as a product to be bought by Netflix or other content providers.
3) Netflix offers Open Connect CDN

ISPs can directly connect their networks to Open Connect for free. ISPs can do this either by free peering with us at common Internet exchanges, or can save even more transit costs by putting our free storage appliances in or near their network.

https://signup.netflix.com/ope...

I think there is a fundamental misunderstanding of how peering arrangements are supposed to work that is being exploited by the PR departments of ISPs.

about 7 months ago
top

Facebook To Buy WhatsApp

alostpacket Re:Oh Good (199 comments)

Well, there aren't really any apps that satisfy all of that. Open-source, secure, video and mobile. Thought the post I was replying to did not specify mobile (although that's WhatsApp's main platform I guess). But the Point I was trying to make is that WhatsApp didn't satisfy those requirements either. It wasn't open, nor secure.

Anyways. there is Xabber for Android -- but I don't think that has video. Also many Android users use Google Hangouts / Talk etc for chat and video, but that is not open-source. There seem to be a number of other XMPP clients for Android but I don't know enough about them.

Also, FYI that Wikipedia link covers lots of apps -- both desktop and mobile (including WhatsApp).

about 7 months ago
top

Drive-by Android Malware Exploits Unpatchable Vulnerability

alostpacket Re:If I understand TFA (120 comments)

Scratch that, looking through the links, even one of the AOSP browsers is affected.

Some distributions of the Android Browser app have an addJavascriptInterface call tacked on, and thus are vulnerable to RCE. The Browser app in the Google APIs 4.1.2 release of Android is known to be vulnerable. A secondary attack vector involves the WebViews embedded inside a large number of Android applications. Ad integrations are perhaps the worst offender here. If you can MITM the WebView's HTTP connection, or if you can get a persistent XSS into the page displayed in the WebView, then you can inject the html/js served by this module and get a shell.

about 7 months ago
top

Drive-by Android Malware Exploits Unpatchable Vulnerability

alostpacket Re:If I understand TFA (120 comments)

I think it's that it gains the permissions of the app hosting the webview. This isn't really browser related AFAICT

about 7 months ago
top

Facebook To Buy WhatsApp

alostpacket Re:Oh Good (199 comments)

Was WhatsApp ever secure or open? Wasn't it just a proprietary wrapper for xmpp?

There are other jabber/xmpp/jingle clients out there. I'm not sure what is the best client but pidgin works well for most things IIRC. Miranda IM may also be worth a look, or Adium. All three are a GPL or similar license I think.

https://en.wikipedia.org/wiki/...

about 7 months ago

Submissions

top

Statistical error labels 4700 K-3rd students ineligible for 'Gifted' programs

alostpacket alostpacket writes  |  about a year and a half ago

alostpacket (1972110) writes "The New York times reports that statistical scoring by the standardized testing company Pearson incorrectly disqualified over 4700 students from a chance to enter gifted / advanced programs in New York City schools. Only students who score in the 90th percentile or above are eligible for these programs. Those in the 97th or above are eligible for 5 of the best programs. "According to Pearson, three mistakes were made. Students’ ages, which are used to calculate their percentile ranking against students of similar age, were recorded in years and months, but should also have counted days to be precise. Incorrect scoring tables were used. And the formula used to combine the two test parts into one percentile ranking contained an error." No mention of enlisting the help of the gifted children was made in the Times article, but it also contained a now-corrected error. This submission likely also contains an erro"
Link to Original Source
top

How do users remove CAs from a mobile OS?

alostpacket alostpacket writes  |  about 3 years ago

alostpacket writes "With all the news recently about Mozilla, Microsoft, Google and Apple removing DigiNotar's and possibly some of Commodo's fraudulent certificates from their respective desktop browsers and operating systems, it seems mobile OSes may be more of a challenge.
While it appears some Android apps have sprung up, some of it is apparently early beta software. There is also an issue for Cyanogenmod. With Mobile OS updates few and far between, Google an Apple apparently have not yet commented on the matter. And, while WP7 and RIM devices do not appear to use DigiNotar, one would likely suspect they are equally prone to slow updates should a CA they do use become compromised.
In the meantime, what are users to do to help protect themselves? What steps are even necessary?"

Link to Original Source
top

Is Spotify the perfect honeypot?

alostpacket alostpacket writes  |  more than 3 years ago

alostpacket writes "James Allworth has an article on the Harvard Business Review blog concerning Spotify's potential to become a 'bait-n-switch' scenario. While this could be a concern with any subscribtion-based media service, Allworth contends that 'the way we consume music is fundamentally different to the way we consume movies and TV.' He also points out that bait-n-switch potential is there regardless of Spotify's intentions due to pressure content companies can extert by raising prices or removing songs from your library. This pressure may already be happening in the case of Netflix."
Link to Original Source
top

Google Q2: 550k Android activations/day, 250k apps

alostpacket alostpacket writes  |  more than 3 years ago

alostpacket writes "Many of the Android sites and blogs are reporting some highlights from Google's Q2 earnings call: Android is now up to 550,000 activations per day. This comes just two weeks after they hit the 500k milestone. Adding to the big number news: 250,000 apps, 6 billion downloads, and $9 billion in revenue ($2.5b net) for Google overall. Apple still maintains the high score in the mobile app game though. They recently reported 15 billion downloads and 350,000 apps. And even may be regaining momentum from developers."
Link to Original Source

Journals

alostpacket has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?