×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Wireless Keylogger Masquerades as USB Phone Charger

hankwang Re:And this is good why? (150 comments)

"the claim that this can work against all Microsoft Wireless Keyboards is 100% BS, and has been since 2007, when the issue was first uncovered; covered in depth by Schneier, and remedied in all versions of the Microsoft Wireless Keyboard created since then, which use at minimum 128-bit AES; NOT XOR."

The only meaningful hits on 'schneier microsoft wireless keyboard' is just a few broken links to a Dreamlab study: http://www.google.com/search?q...,

Those were using a 27 MHz transmitter (near field, i suppose) and an association process that at least uses a different xor key each time. TFA claims that the newer 2.4 GHz keyboards always use the same xor key, 0xCD. TFA mentions at least two recent keyboard models that use this protocol. (Maybe I overlooked other ones)

It seems that there is only the MS "2000 AES for business" keyboard that is explicitly marketed as using AES. http://www.microsoft.com/hardw...

about three weeks ago
top

Publications Divided On Self-Censorship After Terrorist Attack

hankwang Re:"which had 12 people killed." WTF? (512 comments)

"Turkey -- 99.8% Muslim"

Where did you get that number? Walk around in a big city and you will see less than 50% of the local women wearing head scarves, in most neighborhoods. In some places, it's less than 10%.

Turkey does register most citizens as "muslim" as a default value, unless they are christian or jewish, but it has little to do with the beliefs of those citizens. Many Turks are atheistic (and utterly despise the present muslim government).

Source: my Turkish S.O., who has "Islam" in her passport despite coming from a family that has been secular for several generations.

about three weeks ago
top

Tips For Securing Your Secure Shell

hankwang RC4, how weak is it? (148 comments)

TFA: "... RC4 are broken. Again, no need to wait for them to become even weaker, disable them now."

Is that really so? I think RC4/arcfour is only known to leak secret data in the first 2 KB of the cipher stream, and for that reason SSH will simply feed it 2 KB or so of garbage data before encrypting the actual payliad. Or am I mistaken?

RC4 has a big advantage: it is by far the fastest cipher, which is relevant if you want to do large file transfers over slowish hardware (home-grade NAS, Raspberry Pi, old Atom CPU, etc.).

about three weeks ago
top

Bots Scanning GitHub To Steal Amazon EC2 Keys

hankwang Re:Give the man some slack (119 comments)

The mistake he made was not understanding the tools he was using. (...) Signing up for a service and then using it without reading the documentation is foolish.

I assume that you also blame the subprime borrowers for signing a contract that they didn't fully understand without putting most of the blame on the banks that knew damn well what they were doing?

The fact that one person can be blamed for a mistake due to lack of experience does not mean that there is not someone else (i.e., Amazon and the people who actually abused the keys) who deserves a lot more blame.

about a month ago
top

Bots Scanning GitHub To Steal Amazon EC2 Keys

hankwang Give the man some slack (119 comments)

To all posters who are blaming the man for being so stupid: please RTFA. He had just opened an amazon AWS 1-year free trial to practice what he'd just learnt about Ruby on Rails. He made a mistake:

I knew my API key needed to be safe, so I installed the Figaro gem (a rails API key security gem, which typically works great), and trusted it to keep my API key off of git when I pushed. (...) deleted all traces from GitHub. I was able to clean it up within about 5 minutes (...) After a close call, I went to bed.

Surely it is not that unreasonable to (1) realize that those keys will be scraped within 5 minutes after uploading to an obscure project, and (2) not realize that an S3 key in a free trial subscription wouldn't allow racking up $2375 in EC charges within 10 hours?

about a month ago
top

Hotel Group Asks FCC For Permission To Block Some Outside Wi-Fi

hankwang Re:Interesting (293 comments)

Repeat guests? C'mon, really? You shop for hotels the same way the rest of us do - Either your employer tells you "you will stay here", or you use a price search and pick the lowest place that doesn't mention rats in the toilet.

Would you book a place that mentions complaints along the lines of "The bathroom is clean, but cell phones of any provider don't work here and the room phone is 2 dollars per minute?"

As for the employer: the travel offices of big companies who regularly have their people work on site at major customer or other offices will consider putting their employees somewhere else if they all complain about a particular hotel. The repeat customer is not the individual person, but the employer.

about a month ago
top

Canadian Supreme Court Rules In Favor of Warrantless Cellphone Searches

hankwang Re:Simple: enable your password (105 comments)

"the carriers and phone makers are all REQUIRED by calea (in the US) to have backdoors on anything that has a 'network' aspect to it."

Citation needed.

"they have magic usb cables that get into your phone"

I think I saw a website of a company that claims to have such a device, but I had the distinct impression that it mostly helps with booting into recovery mode (android phones); it will tell you which combo of power/volume up/down to press during boot. Some phones don't have a locked bootloader or have a bootloader that allows installing software to the "ROM" from the bootloader. (I've seen this on low-end Samsungs and the popular Clockworkmod bootloader for Cyanogenmod allows this).

For phones that are switched on, it will.check for usb debugging and mass storage access.

Essentially, it has collected the known procedures for rooting for a lot of phones. Guess what, a lot of phones cannot be rooted without either having unlocked the screen or wiping all user data.

about 1 month ago
top

Uber's Android App Caught Reporting Data Back Without Permission

hankwang Re:So, in essence, Uber's app is malware (234 comments)

"Unless they have changed their stance since CM7, the privacy manager sucks compared to XPrivacy because XPrivacy will allow spoofing of data. If a permission is flatly blocked instead of spoofed then many apps will force close"

Well, they did. CM11 has a privacy manager that will allow you to block access to contacts and so on, without making apps crash. I have set it up such that it will notify me whenever an app tries to access contacts, sms, calendar, location and it is surprising how few suspicious popups I get. One weird thing: wifi related apps need location access in order to show access points. Makes some sense, but it took me a while to realize why those apps weren't working.

about 2 months ago
top

Is LTO Tape On Its Way Out?

hankwang Re:Shyeah, right. (284 comments)

"You need it backed up on at least 4 pieces of media, of at least 3 different types, in at least 2 different cities, in at least 1 different state; bumping each of those numbers up by 1 is not unreasonable."

At least 2 different cities means two or more cities.
At least 1 different state means one or more states.

Well, at least, you don't store it in zero states.

about 2 months ago
top

What Happens When Nobody Proofreads an Academic Paper

hankwang Re:MS Office Incompatibility (170 comments)

If the %-prefixed comment says "This section should be rewritten", then it is a problem if it stays there, because the final version of the document will have a crappy section.

about 3 months ago
top

Denmark Faces a Tricky Transition To 100 Percent Renewable Energy

hankwang Re:Cost nothing to run? (488 comments)

"[Conventional plants] also produce so much more power that merely sending somebody by once a year to glance that the greed led is still softly glowing is more maintenance per watt."

That could be an interesting hypothesis, but if you put it down like a hard fact, you should also provide some data to support it so that we can have a meaningful discussion about it.

about 3 months ago
top

Denmark Faces a Tricky Transition To 100 Percent Renewable Energy

hankwang Re:Home storage (488 comments)

That is 0.50 $/Wh. You can buy USB powerbanks for EUR 7 per 2600 mAh, which is about 0.70 EUR/Wh or 0.85 $/Wh and includes a USB cable, fancy colored shell, USB connectors, charging circuits, and status LEDs.

I'm surprised that the economy of scale makes so little difference.

about 3 months ago
top

What Happens When Nobody Proofreads an Academic Paper

hankwang Re:MS Office Incompatibility (170 comments)

In LaTeX (and Word for that matter), I always prefix my notes with @@@ because that is a string that nnever occurs in normal text (easoly searchable) and that sticks out visually like a sore thumb.

Percent-sign-prefixed comments ("this needs an update") are much easier to overlook, or even guaranteed to be overlooked during proofreading. At least, I don't proofread my LaTeX markup, but rather the typeset document.

about 3 months ago
top

Researchers Simulate Monster EF5 Tornado

hankwang Re:Monster EF5? (61 comments)

"It's called the F5 - From what I can gather, somewhere along the line they had to "enhance" the F ratings to get more f4's and ef 5's."

Not quite. From Wikipedia:

It was revised to reflect better examinations of tornado damage surveys, so as to align wind speeds more closely with associated storm damage. Better standardizing and elucidating what was previously subjective and ambiguous, it also adds more types of structures and vegetation, expands degrees of damage, and better accounts for variables such as differences in construction quality.
(...)
Since the new system still uses actual tornado damage and similar degrees of damage for each category to estimate the storm's wind speed, the National Weather Service states that the new scale will likely not lead to an increase in a number of tornadoes classified as EF5.

http://en.m.wikipedia.org/wiki...

about 3 months ago
top

How Apple Watch Is Really a Regression In Watchmaking

hankwang Re:My two cents (415 comments)

"I received a Pebble .... the battery life is such that I only need to recharge it a few times a week."

Îoey Pebble (1 year old) lasts an entire week on a charge, unless I have been using realtime apps (gps tracker). It helps to disable the "shake for backlight" setting.

about 3 months ago
top

New Crash Test Dummies Reflect Rising American Bodyweight

hankwang Re:A prediction (144 comments)

"the only time the 5-star rating is going to go to a 3-star rating is if the national testing facilities start using these dummies. And if they do that..."

If they do that, you'll need twice the number of cars to sacrifice in crash tests and the dummies will wear out twice as fast. Likely, you'll need twice the number of testing facilities as well. A decision to make such tests mandatory should not be taken lightly.

My guess is that these dummies will be used to gain knowledge on how to translate standard test results to risks for nonstandard body types, and possibly to mandatory requirements on car/safety belt construction if the disadvantage of an obese person is large and preventable.

about 3 months ago
top

Haier Plans To Embed Area Wireless Chargers In Home Appliances

hankwang Re:4 watts isn't enough (61 comments)

"4W charger can charge devices at the same rate as my 5 and 10 watt chargers! The last generation of phones use 5V 1A = 5 watt chargers"

That the charger is capable of delivering 5 W does not actually mean that the device will actually draw that amount. I have a dongle that measures the current and voltage of USB chargers and my smartphones rarely draw more than 0.8 A, and even then only if I use a low-resistance cable with a battery below 80%. Cables that are long enough to reach comfortably from the floor to my hands while I'm sitting usually do less than that.

Google "usb charger doctor", the dongle is only $7 or so.

about 3 months ago
top

Haier Plans To Embed Area Wireless Chargers In Home Appliances

hankwang Re:Hmmm (61 comments)

"HAM radio operators have a statistically significant higher incident of cancer."

You seem to be selective in your interpretation of the data. From the second link:

"Among men, there were 14,630 deaths (SMR = 0.73 (95% CI = 0.71-0.74)) and among women, 760 (SMR = 0.72 (0.67-0.78)). There were 4,007 cancer deaths among males (SMR = 0.79 (0.76-0.81)) and 289 among females (SMR = 0.82 (0.72-0.92))."

Standardized mortality ratios (SMR) smaller than one for cancer mean that there are fewer cancer deaths among radio operators than among the total (US) population. The abstract continues to state that for some particular types of cancer, the SMR is slightly above one, but with very wide confidence intervals (CI), which indicate that there are too few cases for reliable statistics.

about 3 months ago
top

Despite Patent Settlement, Apple Pulls Bose Merchandise From Its Stores

hankwang Normal listening level (328 comments)

I think we need to resort to specifying listening volumes in dB(A) levels, since I can't imagine driving even a bad headphone to distortion levels at what I call 'normal listening volume'. For me, that's probably around 70 dBA, "normal speech at 3 ft".

about 3 months ago

Submissions

top

EU fines TV makers for 1.47 billion euro

hankwang hankwang writes  |  more than 2 years ago

hankwang (413283) writes "The European commission fined a number manufacturers for pricing fixing of cathode ray tubes in the period between 1996 and 2005. The total fine was EUR 1.47 billion (USD 1.92 billion), for Philips, LG Electronics, Samsung SDI, and three other firms. According to the European Commission: "For almost 10 years, the cartelists carried out the most harmful anti-competitive practices including price fixing, market sharing, customer allocation, capacity and output coordination and exchanges of commercial sensitive information. The cartelists also monitored the implementation, including auditing compliance with the capacity restrictions by plant visits in the case of the computer monitor tubes cartel. "

Other news sources:
http://www.bloomberg.com/news/2012-11-07/lg-said-to-face-eu-fines-with-philips-panasonic-for-cartel.html
http://www.reuters.com/article/2012/12/05/us-eu-cartel-crt-idUSBRE8B40EK20121205
http://news.cnet.com/8301-1001_3-57557212-92/philips-lg-samsung-others-hit-with-eu-antitrust-fine/"

Link to Original Source
top

One million web pages attacked by lilupophilupop S

hankwang hankwang writes  |  about 3 years ago

hankwang (413283) writes "The Internet Storm Center reported that one million web pages have been attacked by a the Lilupophilupop SQL injection and contain a malicious javascript link. Affected sites can be found using a a Google search query. See also the technical details of the SQL injection. The attack is directed to sites running ASP or ColdFusion with an MSSQL back end. The payload of the javascript leads, via redirects and obfuscated javascript, to a fake download page for Adobe Flash and antivirus software."
top

Dutch hotels must register as ISPs

hankwang hankwang writes  |  more than 4 years ago

hankwang (413283) writes "The Dutch telecommunications authority OPTA has announced that Dutch hotels must register as internet providers (Original version in Dutch) because that is what they formally are according to Dutch laws. It is well possible that once hotels are officially internet providers, they will also have to abide the European regulations on data retention and make efforts to link email headers and other data traffic to individual hotel guests. Could this also happen in other European countries? This is probably not likely to lead to a more widespread adoption of free WiFi services in hotels."
Link to Original Source
top

Online-Banking Trojan Stole Money From Belgians

hankwang hankwang writes  |  more than 4 years ago

hankwang (413283) writes "The Belgian authorities uncovered an international network of online banking fraud, which has been going on since 2007. (Story in Dutch and Google translation). The fraud targeted customers of several major banks, which used supposedly secure two-factor systems that required the customer to generate authorization codes from transaction information (random code and amount or recipient's account number) that is manually keyed into a cryptographic device (Flash demo from one of the banks, Manufacturer's website). Trojan horses that were planted onto the victim's computer would generate a fake error message and requested to re-enter authorization codes. This way, amounts up to €4,000 were transferred to foreign bank accounts.

The worrying part is that many cases were never reported to the police, with the bank preferring to refund the money to the victim rather than risking their reputation. The extent of this type of fraud is unclear."

Link to Original Source
top

Doubled yield for bio-fuel from waste

hankwang hankwang writes  |  more than 4 years ago

hankwang (413283) writes "Dutch chemical company DSM announced a new process for production of ethanol from agricultural waste. Most bio-fuel ethanol now is produced from food crops such as corn and sugar cane. Ethanol produced from cellulose would use waste products such as wood chips, citrus peel, and straw. The new process is claimed to increase the yield by a factor 2 compared to existing processes, thanks to new enzymes and special yeast strains."
Link to Original Source
top

Microsoft's ethical guidelines

hankwang hankwang writes  |  more than 6 years ago

hankwang writes "Did you know that Microsoft has ethical guidelines? Think of how "Microsoft did not make any payments to foreign government officials" while lobbying for OOXML, and how "Microsoft conducts its business in compliance with laws to designed to promote fair competition" every time they suppressed competitors. In their Corporate Citizenship sction, they discuss how the customer-focused approach creates products that work well with those of competitors and open-source solutions. So all the reverse-engineering by Samba and OpenOffice.org developers wasn't really necessary. It makes one wonder how people got all those weird ideas about the ethical company Microsoft?"
top

Zero-day exploit in PDF with Adobe Reader

hankwang hankwang writes  |  more than 7 years ago

hankwang (413283) writes "Security researcher Petko Petkov, who is known for his recent discovery of a vulnerability with Quicktime in Firefox, claims to have discovered an exploit that allows arbitrary code execution when a maliciously crafted PDF document is opened in any version of Adobe Reader. Petkov did not disclose any technical details other than a video, but claims on his blog that Adobe has acknowledged the vulnerability. If this exploit goes wild, it could cause some serious problems, as PDFs are usually automatically opened from web browsers and widely used and trusted by corporate users. See also Petkov's original blog post [Coral cache]."
Link to Original Source

Journals

hankwang has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?