Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Put A Red Cross PSA In Front Of the ISIS Beheading Video

dinfinity Re:I forced myself to watch it (299 comments)

Exactly. It's not as if Youtube allows everything else.

There is a lot of very very nasty stuff on the internet and I'm pretty sure most of it isn't allowed on Youtube.

2 days ago
top

Researchers Hack Gmail With 92 Percent Success Rate

dinfinity Re:tl;dr (87 comments)

This is true and my pants are now definitely starting to change to a brownish hue. Knowing the currently running app greatly simplifies the task for the classifier.

This possibility and security risk is going to disappear in the next version of Android, but is very present in all current versions:
http://stackoverflow.com/quest...

5 days ago
top

Researchers Hack Gmail With 92 Percent Success Rate

dinfinity Re:tl;dr (87 comments)

Granted the sophistication of a finely tuned and well crafted attack would mean even I'd fall for it without being any wiser

Although I agree with you in general, the thing is that you need to think of what the effects of a false positive are. Imagine starting up your game of solitaire and then seeing a Gmail-like login window. Because that is what could very well happen and would set off alarm bells in a fairly large set of users.

I suppose you could try to mitigate that by using a generic enough login window and only firing the phishing attack when the model is almost 100% confident that a login window is appropriate. After all, if you can have your app run in the background for several months (or longer), you can afford having it bide its time and wait for the perfect opportunity.

The question then becomes how confident the model can really be. Various methods would probably have to be included to boost the confidence. Checking which apps are installed and only attacking devices that have a pretty default set of FacebookGmailWhatsappCandyCrush apps installed would mitigate the issue of having to deal with colliding signatures of unmodeled apps.

The attack app could even retrieve collect a list of processes ran on the device and/or installed apps, the device type, Android version etc., and then request a classifier from a server, if one exists for that combo. Perhaps different versions of apps could still pose a problem, though.
In addition to the classifier, the app could also retrieve the tuning parameters for that specific device/Android version from a server.

Hmm. It seems a turtle head actually is starting to poke out.

5 days ago
top

Researchers Hack Gmail With 92 Percent Success Rate

dinfinity Re:tl;dr (87 comments)

Its a very powerful attack vector

Yes and no.

I'd like to point out that the authors have only used the attack on Galaxy S3 devices running Android 4.2, for a very specific set of apps.
"We run all experiments on Samsung Galaxy S3 devices with Android 4.2. We do not make use of any device-specific features and expect our findings to apply to other Android phones."

Basically, they use the following (world-readable) elements to generate signatures of certain Activities (parts of apps) starting up.:
  - CPU usage pattern
  - Network usage pattern
  - Increase and decrease of the shared memory (where the graphics buffer of the window compositor resides)

(they use more elements, but these are their most important ones: "Thus, the CPU utilization time, the network event and the transition model are the threemost important contributors to the final accuracy. Note that though the Content Provider and input method features have lower contributions, we find that the top 2 and top 3 candidates’ accuracies benefit more from them. This is because they are more stable features, and greatly reduce the cases with extremely poor results due to the high variance in the CPU utilization time and the network features.")

For the apps mentioned, they collect this data for a large number of the same Activities starting up. They average the results (model it using a normal distribution) and use that data as input for an offline machine learning step in which a model is generated.

On the 'hacked' device itself, they can then use the live data in their classifier and predict which Activity is starting up. When a specific target Activity is started up, they immediately start up their own mockup Activity and destroy it after the data has been entered, returning the user to the previous Activity with a misleading 'Server error' dialog in between. This method is what allows the injection to work without requiring the 'draw over other apps'-permission.

Now, anyone who has experience with machine learning can see how these results may not generalise very well, given that they used only a specific set of apps on a specific device. Choosing between 100 alternative Activities is a lot easier than choosing between the millions of Activities out there. How many signature collisions (false positives) would that lead to? A lot.
That is exacerbated by the fact that different users run different sets of apps in the background, which obviously greatly influences the CPU usage signatures and network signatures.
Besides that, the signatures are device and probably Android version specific, leading a model for many devices to become prohibitively large to be distributed in a single app. Of course, this can be mitigated by just targeting one specific very popular device (such as one of the Samsung flagship models).

Their injection of the activity is also something to look at again. Consider this:
"Note that the challenge here is that this introduces a race condition where the injected phishing Activity might enter the foreground too early or too late, causing visual disruption (e.g., broken animation). With carefully designed timing, we prepare the injection at the perfect time without any human-observable glitches during the transition (see video demos [6])."
Everybody knows that 'carefully designed timing' and generalisable match very poorly. Targeting one specific device may indeed work here, but I think some testing in more varied scenarios is required before we all shit our pants.

5 days ago
top

The Benefits of Inequality

dinfinity Re:Different approaches for different situations (254 comments)

Although real time constraints play a part, the main benefit of hierarchies is specialization.

Every decision or action requires a specific skill set and a group as a whole becomes more efficient for every task that is performed by individuals dedicated to that task, simply because those individuals become proficient at it.

Making high-level decisions is also just a task in which someone can become proficient. The problem that we see today with such tasks is that there is a lot of competition for them (which leads to a certain type of individual taking those positions, not because they are fit for the task, but because they compete well in being assigned the task) and that these tasks give a disproportionate amount of power and influence. That combination is toxic.

about two weeks ago
top

Brookings Study Calls Solar, Wind Power the Most Expensive Fossil Alternatives

dinfinity Re: Finally!! (409 comments)

Nothing lasts forever. Now say something relevant.

about three weeks ago
top

Brookings Study Calls Solar, Wind Power the Most Expensive Fossil Alternatives

dinfinity Re:Finally!! (409 comments)

Or just use battery packs near the solar panels. Problem solved.

about three weeks ago
top

Experiment Shows People Exposed To East German Socialism Cheat More

dinfinity Re:Money (619 comments)

Someone who doesn't cheat for $6 might cheat for $10k, but someone who will cheat for $6 will almost certainly cheat for any larger value.

No.

Someone who will cheat for $6 can rationalize it by saying "everybody does this; it's only $6". In fact, the lower the amount, the less anyone would feel like they did something amoral. Which is exactly the opposite of what you implied.

The 'everybody does this' part is probably a huge factor in this research.

about a month ago
top

Study: People Would Rather Be Shocked Than Be Alone With Their Thoughts

dinfinity Re:How fitting (333 comments)

Exactly. It's not about 'not wanting to be alone with your thoughts', but about curiosity and obedience.

I thoroughly enjoy my thinking sessions, but:
1. I do so when I feel like it, instead of when being told to.
2. If there's a button in the room, I'm damn well going to press it. There's an obligatory xkcd somewhere below this comment that says it all.

about 2 months ago
top

Germany's Glut of Electricity Causing Prices To Plummet

dinfinity Re:This just illustrates (365 comments)

1. Most people in Germany do not have their own house, but live in rented apartments. They have no possibility to install any kind of power generator, renewable or not.

That is not really true. One of the things that is becoming more common is for the housing corporations to create projects where the renters pay an additional fee for using power from solar panels the corporations install. There are variants when it comes to the type of payment and ownership, but the general construction is quite viable. Basically, renters get to bet that their fees for the solar panels will be lower than what they would pay in electricity costs, feel good about supporting solar and have to do nothing otherwise. The housing corporations can (technically) provide better panels and prices due to the scale advantages.

It's obviously not a panacea, considering that housing corporations could really mess up their choices or try to become rich off of the projects, but in a way it is a much faster way to increase the number of installed solar panels than waiting for home owners to take the plunge.

about a month ago
top

YouTube Introduces 60fps Video Support

dinfinity Re:60 fps? (157 comments)

AFAIK, GoT wasn't filmed at 60fps. Even if the broadcast format is 1080x60/30, it is just displaying (~)24fps using pulldown techniques.

Having said that, the rest of your comment is accurate. There is plenty of true 50/60fps material out there.

about a month ago
top

Meet Carla Shroder's New Favorite GUI-Textmode Hybrid Shell, Xiki

dinfinity Re:Welcome to Macintosh Programmers Workshop, 1985 (176 comments)

Or, or: CTRL+R and keyup.

If you take away the mouse in this newfangled interface, I bet CTRL+R and keyup require fewer keystrokes on average than moving the cursor to the command you want to re-run. Granted, CTRL+R and keyup could be slightly less destructive in certain cases, but other than that they're pretty much perfect.

about a month ago
top

New Chemical Process Could Make Ammonia a Practical Car Fuel

dinfinity Re:Why not just burn the ammonia (380 comments)

Please, Slashdot, don't encourage this old, useless, overused and unfunny Doge crap.

about 2 months ago
top

Emotional Contagion Spread Through Facebook

dinfinity Re:No surprise to teachers of Grades 6-12 (127 comments)

Give them a way to express themselves in original work and you'd be stunned by the diversity of thought.

Have you seen 'vlogs'?

about 2 months ago
top

"Super Bananas" May Save Millions of Lives In Africa

dinfinity Re:Replying AC to avoid undoing mods (396 comments)

You're assuming that said people know how to cook, and have the equipment to cook. A LOT of poor people weren't even taught basic cooking skills by their parents or guardians.

Are you kidding me?
Water, oil/fat, 1 pan and a heat source is all you need in the equipment area, and unless poverty in the US has actually become what most Europeans think it has become, those things should be easily available to everybody.

And 'knowing how to cook'? Jesus Christ, it's not fucking rocket science.
1. Put water in pan, add X to water, boil until it is edible. Add some salt.
2. Put oil in pan, add Y to pan, fry until it is edible. Add some salt. Maybe some sugar.

rice cookers or slow cookers

Or, or, or: just use a normal fucking pan. Those things aren't magical devices using spooky technology, you know?

I'm not disputing that eating right when impoverished isn't hard, just that "I don't know how to cook" or "I don't have any cooking equipment" are terrible, terrible excuses.

about 2 months ago
top

The Nightmare On Connected Home Street

dinfinity Re:Uh-oh (186 comments)

No, I'm the load your mother swallows eight times every weekend.

Come on, we can let what was a at some point witty thread devolve even further. Give me your best shot (I'm throwing this one into your lap here).

about 2 months ago

Submissions

top

Solar power absorbing nanoparticle-based steam generation boasts 24% efficiency

dinfinity dinfinity writes  |  about 2 years ago

dinfinity (2300094) writes "Rice University scientists have unveiled a new technology that uses nanoparticles to convert solar energy directly into steam. The new “solar steam” method from Rice’s Laboratory for Nanophotonics is so effective it can even produce steam from icy cold water. Details of the solar steam method were published online today in ACS Nano. The technology’s inventors said they expect it will first be used in sanitation and water-purification applications in the developing world."
Link to Original Source

Journals

dinfinity has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>