Security Collapse In the HTTPS Market
Signing key, not the key on the certificate itself.
Security Collapse In the HTTPS Market
HTTPS/SSL, but with the signing, distribution, and recovation done in-house. The big SSL vendors seem to often be prone to poor security, as well as possibly succumbing to the demands of certain government agencies and providing "private" keys.
At least if your certificate is signed in-house, you have control of your certs and a certain amount of extra protection against the above. This might not be a good solution for smaller shops, but mid/medium shops could accomplish this, it's just easier to use a "big name" registrar.
Perhaps one solution would be to have an easily deployed appliance/distribution that runs as an internal certificate store.
Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild
Just out of curiosity, what's the shell behind Android? if it's BASH then there could be a *LOT* more exploitable devices out there than people might think.
Drones Reveal Widespread Tax Evasion In Argentina
So how about building inspections, utilities hookups, etc? How are these houses getting connected if they're listed as vacant (and couldn't the city just cross-reference utilities/inspections otherwise)
Apple Allegedly Knew of iCloud Brute-Force Vulnerability Since March
While they have their flagship products (Galaxy S? for Samsung), those vendors also sell multiple different models targeting multiple market segments, so one thing they've got going is that they've got phones at a lot of different price/feature points.
If you're talking about Samsung: NFC, Infrared, water resistance/proof, tap, screen mirroring standards, wireless charging (yes, Apple has NFC too but it's also a year later).
I believe somebody (Song?) was looking into cool tech like 3d/spatial scanning etc.
For features that aren't new but make the phone attractive: user removable battery, SD card slot (so you don't need to buy a new phone to upgrade).
The thing is, Apple was once known for bringing new features that really stood out. The one thing in recent phones I'd say makes the iPhone attractive is the fingerprint-authentication, (though I get similar functionality with a tethered smartwatch). For stuff like NFC, payments, and larger screen sizes they're actually playing catch-up.
The new iOS is actually slower in many cases and certainly no better on batteries, while Android L is set to boost battery life and performance (caveat: may not work on 32-bit phones from my current readings).
BlackBerry Launches Square-Screened Passport Phone
All that space, just to fit the keyboard. Why not a snap-out keyboard like the HTC phones used to have (and that people were pissed off when they stopped making).
Emma Watson Leaked Photo Threat Was a Plot To Attack 4chan
Those users move on, find another site, and rise up again. Or, they just go on a spree with no central site at all.
Did shutting down P2P sites stop torrents? Shutting down 4chan as a site won't help, we need to address the underlying social issues.
Users Report Warping of Apple's iPhone 6 Plus
And yet I've had two of those phones and I've never experienced anything close to the bending issue. Neither has anyone I know (Blackberries and S4's are pretty prevalent through my friends and co-workers), nor have I seen any news about it.
Sci-fi Predictions, True and False (Video 1)
... and a battery that would last for weeks, at the least. In TNG, it was also in a very thin badge (unless it had some external power supply under the shirt).
We just had a discussion around smartphones in my office. If there was *one* feature that would sell us no a new model (keeping the same features as the current gen) it would be a few days more battery life, preferably 5-7. No faster CPU with more cores. No fancy graphics, flexible screens, or bigger form-factor, but same size, same speed, and battery life that actually makes it more useful than a paperweight after 24h.
Netflix Rejects Canadian Regulator Jurisdiction Over Online Video
So what should happen:
Netflix releases data with an NDA against redistributing it or using it for other than a very strict purpose. Seed the data with some false users/address and take out a few PO boxes.
If Bob Nonexistent gets letters from Bell or somebody else because the CRTC gave the info out anyhow, then sue for breach of contract.
Netflix Rejects Canadian Regulator Jurisdiction Over Online Video
I can fault him for disallowing religious chaplains in prisons EXCEPT for Christian ones. Either allow other religions, or none at all.
Before Using StingRays, Police Must Sign NDA With FBI
Yes, Canada has guns, but we don't have the same culture.
There's no public/concealed carry permits. You're not allowed to simply walk around carrying unless you're a police officer etc. If you see somebody walking around with a gun, you call the cops, and - depending on the location - he/she is likely to be surrounded by red and blue lights in short order. You're allowed to own guns (after passing certain tests/checks etc) but there are some fairly strict rules about where you're allowed to be out and about with them.
In the US, it's not just gun ownership, but the number of people owning guns and toting them around in public.
"Big Bang Signal" Could All Be Dust
The universe did not come from nothing. Thermodynamics prevents this.
But where did the something it came from, come from. And where did that come from, etc.
Whatever your belief, it seems the human brain is somewhat limited when it comes to the perception of infinity. I wonder if one day we'll discover that - like colours and mantis shrimp - there's a dimension to the universe that we're simply incapable of perceiving.
Counter-Strike: Global Offensive Premieres On Linux, 2 Years After Windows
What OpenGL issues, exactly? The only ones I've had recently are with some nvidia-specific stuff for surface mapping, but that was in a coding demo. For the actual games, modern AMD/Radeon drivers seem to do just fine, and are actually sometimes less of a pain than the nVidia ones for installation.
Secret Service Critics Pounce After White House Breach
And if somebody does get in through another means, do you really want to have to take the time to unlock the door to go in after him?
Friendly Reminder: Do Not Place Your iPhone In a Microwave
Yes, wouldn't it be wonderful is somebody released a Water resistant or waterproof mobile.
(more standardized wireless charging would be nice though)
Mark Zuckerberg Throws Pal Joe Green Under the Tech Immigration Bus
I don't really agree with the whole "stealing jobs" thing, but some concern with these types of visas include
* Foreign workers are at the mercy of employers
Yes, even when they come here on a decent wage, employers often use the visa to push for unpaid OT, or to have them look the other way in the face of workplace violations
* Investing in workers
This is perhaps a bigger issue to me, and the issue itself goes beyond work visas etc. The relationship between companies and their employees is sour. Companies used to invest in their employees more, and in-turn they often got more loyalty. Except for some union situations, it's easier to get rid of employees and re-hire than to invest in training. If the foreign worker is more qualified that's as least something, but it would be nice if companies considered training existing employees or offering more education advancement opportunities. There's ignored value in keeping somebody around who knows the workings of a company, even if he/she is missing some of the technical merits for a position.
However, I don't fault foreign workers for taking better-paying jobs in better-paying environments.If somebody offered me a 50% raise to work in a tropical country I'd have a hard time passing that up.
Kickstarter Lays Down New Rules For When a Project Fails
How about a stipulation that any project that fails must release applicable resources to the public domain, as well as records on the use of applicable funds.
That public domain clause would include source code, artwork, template designs, patents, etc etc. The records, well, that just helps know that funding didn't pay for somebody's vacation and/or drug+alcohol habit.
Ask Slashdot: Is iOS 8 a Pig?
eh? I've still gotten OS updates for Samsung devices after the new models came out (except for the rooted/custom devices).
If the manufacturer fails to provide the update, Cyanogenmod tends to be a good option afterwards. They're still building nightlies for my old i9100 (Galaxy S2)
Android Apps Now Unofficially Able To Run On Any Major Desktop OS
Indeed. Perhaps the OP has not noted that there are a *LOT* of Android TV/streamer devices out there. Most of those work with a keyboard/mouse (or, preferably, an "air mouse"). I've had no issues using the core Google Apps, Netflix, XBMC-android, etc. Perhaps "Angry Birds" might be a little annoying with a mouse but more of the media-centric stuff works very nicely. As it is I've pretty much migrated my former Linux media box to an Android box that runs Play, Netflix, XBMC, and a few other media apps.
Cross-platform game development
phorm (591458) writes "As a bit of a gamer, hacker, and coder, I've been playing with various 3D development kits for some time. There's actually a lot of choice out there, much of it crossing not only the PC triumvirate, but also into tablet/phone OS's.
However, perhaps one of the reasons we lack major AAA games on Linux is the lack of a AAA engines or dev platforms. Two of the bigger free options are Ogre3d and Irrlicht.
Ogre seems good for those with some coding knowledge who want to jumping into mid-level functionality. It allows for one to quickly develop a polished environment and with decent modern effects. However, sometimes it holds your hand too much to the point where more advanced functionality becomes difficult to implement: notably advanced collision detection and manual objects/terrain. Documentation rot may also be an issue if you're trying to use a newer version with older tutorials. Ogre3d is free and open-source.
Irrlicht, on the other hand, seems to offer flexibility, but definitely holds your hand less. This makes it somewhat more complicated for a mid-level coder to get down to business and see results quickly. Irrlicht is free and open-source
Unity — which targets more AAA game development — has increased Linux support more recently. While it still primarily focuses on Windows development, the producers do seem to recognise that Linux may be an increasingly viable option in the gaming market. Currently Linux desktop publishing is still in preview, but seems to be making good progress.
Lastly, the new kid on the (Linux) block. LeadWerks will be finishing their kickstarter soon, allowing for full Linux support (as well as additional features). Leadwerks is not a free solution, but the ~$100 price for backers won't break the bank. Leadwerks also offers source-code licenses according to their site."
Big-name games abusing app permissions
phorm (591458) writes "While it's no secret that sketchy app vendors tend to ask for unusual permissions on mobile devices, it seems that the "Big Name" companies are joining the fray.
I recently noticed that apps such as Electronic Arts "Need for Speed: Most Wanted" are asking for permissions such as the ability to read contacts.
On android phones, this gives them ability to see your contacts, including how and when you've communicated with contacts on your devices.
One wonders why a game would need to know who's on my call list and when I'm calling them. Is this an issue with dev-houses abusing the permissions of trusting users, or a sign that permissions in apps are still too broad.
It also shows how forward-thinking privacy-wise RIM was for their security model, as Blackberry apps can be set to "always allow", "always deny", or a more secure "prompt on demand" type security elevation. How is it that more popular device OS's still lack such core security functionality?"
Link to Original Source
Where do the alone go?
phorm (591458) writes "http://www.cbc.ca/news/canada/british-columbia/story/2012/10/13/bc-amanda-todd-suicide-charges.html
Recently the Canadian media has focused in on the story of Amanda Todd, a young girl hounded by bullies until she eventually committed suicide. While the story of bullying — or the horrible impact it can have — is not in itself unique, the somewhat haunting legacy of a video left by Amanda is.
The video — without words — shows Amanda as she holds up a series of notes detailing how a small mistake led to exploitation, isolation, violence, and pain.
The media is abuzz. Politicians are vowing to make a difference, and that things will change. But in the grand scheme, they really don't, do they? This is not a new story. Young people have died before. Politians have made speeches before. Schools will counsel. New rules will be made, and forgotten, left unenforced, or even misused. People will forget. Bullying will continue.
Social media, while allowing friends to stay connected, unfortunately also allows people like Amanda to be continually targetted, reducing the safe-havens for those in the crosshairs.I'm sure many here have stories of their own, and slashdot's own trolls are testiment to the despicableness and persistence of those who will do anything to get a reaction.
Some of us survive, perhaps to become stronger. Some — like Amanda — will not.
For those that know bullying, who have been its victims and survived, is there anything we can do? I watched this video wondering if — had I seen it before it was too late — could I have reached out and made a difference?
Is there a place where young — or perhaps even those not so young — can go where they can realize they aren't alone? In my day, I had friends across the world in IRC. People I didn't know but could talk to and share my thoughts on life. But even then, people who understood my particular situation were few and far between.
So where do they go?
The lost. The depressed. Those that could have a bright future if they can just survive their youth.
Where can they find shelter, to survive or even thrive?
Does such a place exist? How can we keep it safe from the aggressors, and how can we help young people find it.
At the end of the video, Amanda states...
I have nobody.
I need somebody.
How can we help these young people discover that they're not alone?"
Link to Original Source
LCD's and pixel warranties
phorm (591458) writes "As more and more devices are coming out with dense-pixel displays, it seems that the "x dead pixel" clause in warranties has become prolific with all vendors. Specifically, the clause states that the vendor will only consider a unit defective if the LCD has a certain amount (usually 4-5, but often it's specific as to certain amounts in different parts of the LCD) of dead pixels.
An LCD with a dead pixel is a problem. 2-3 dead pixels would to most be considered a fairly obvious defect.
How is it that the manufacturers get to say what constitutes a real defect or not? We don't have clauses on new cars that say "engine is not considered defective unless 2 or more pistons are seized", so what is it considered acceptable for LCD's.
Moreover, for a new-in-box product, how enforceable are these terms (which are generally not clearly available on packaging)?
For a fee, various suppliers offer anti no-dead-pixel-on-delivery warranty. If the issue is so common, why do people seem to accept it (and what's your recourse if you don't).
Lastly, when dense-pixel displays are often so dense that the human eye can't perceive a single pixel, how do you tell how many are dead (especially when a single "white" pixel is comprised of at least 3 component colors)."
Canadian court deciding on music-preview royalties
phorm (591458) writes "The Society of Composers, Authors and Music Publishers of Canada is suing various telecommunications companies across Canada over the use of music "previews" (up to 30 seconds) for use as ringtones.
The CBC article is a bit short, but many questions could arise from the lawsuit. While the current lawsuit seems mainly targeted at ringtones, it could perhaps have a broader impact against sites which allow short previews of music, and what would the impact upon self-created ringtones (perhaps clipped from legally purchased music) be?"
Link to Original Source
Canadian Revenue Agency refuses to make amends
phorm (591458) writes "After driving a taxpayer into poverty, the CRA (Canadian Eqivilent to the IRS) continues to refuse compensation for its victim.
Irvin Leroux honestly paid his taxes, and did not run afoul of the tax agency until 1996. During an audit, the agency accidentally misplaced his receipts, sending them to the shredder. Without the expenses allowed by the receipts, several years of audits against Leroux ballooned to approximately a million dollars, comprised of "owed" back-taxes and penalties. Despite finding that the CRA actually owed Laroux approximately $24,000, no compensation has been offered for the life-destroying costs associated with the debacle.
With his assets all lost or seized, Leroux has struggled to live, let alone pay expensive lawyers. His case has been taken up by the "Canadian Constitution Foundation," which will hopefully proving for all citizens that the government can be held accountable for such mistakes."
Link to Original Source
When music licensing collides with other media
phorm writes "Recently, I've been looking up some various sci-fi shows that seem to have ended prematurely, wondering if perhaps they reached a conclusion on paper/DVD that they did not reach on television. As we all know, many are canceled due to lack of "popular" interest (they may be popular in the geek crowd but not enough of the mainstream), or conflicts with primary actors, etc
According to wikipedia, one series — "Dark skies" — met an interesting demise in that it was several times deemed too expensive to conclude on DVD or other media due to the prohibitive cost of licensing the music. Specifically, the wiki article (which cites other sources) indicates the expense was in "potential costs involved in licensing the period music."
This had led me to wonder: is this another case where lengthy extended copyrights have killed future potential? How often does music kill film, or possibly other media?
The last dated notation on this particular movie is from January 2009. For a series that premiered over a decade ago to be killed off by music that is likely even older shows how further and further lengthening of copyright has anything but a beneficial affect upon the entertainment industry overall."
Microsoft Australia says "use IE8 or get lost!
phorm writes "Microsoft is running a new contest to promote IE8, which — to users of other browsers — appears to severely lack in professionalism or good taste.
Had this link not been on the official microsoft.com website, I would have had a hard time believing that even they could so have let this one slip past the PR department, however if you visit http://www.microsoft.com/australia/ie8/competition/ with firefox, you will get the message that Microsoft has "buried" $10,000 somewhere on the internet, "but you'll never find it using old firefox."
The page goes on further to state that you should "Get rid of it, or get lost"
Is this Microsoft's true attitude, or was this just a poorly worded attempt at humor that slipped through the PR cracks?"
Link to Original Source
SPAM filtering for non-email purposes?
phorm writes "While filtering for SPAM on email and other related mediums seems to be fairly productive, there is a growing issue with SPAM on forums, message-boards, blogs, and other such sites. In many cases, sites use prevention methods such as capchas or question-answer values to try and restrict input to human-only visitors. However, even with such safeguards — and especially with most forms of capchya being cracked fairly often these days — it seems that spammers are becoming an increasing nuisance in this regard.
While searching for plugins or extensions to spamassassin etc I have had little luck finding anything not tied into the email framework. Google searches for PHP-based spam filtering tends to come up with mostly commercial and/or more email-related filters.
Does anyone know of a good system for filtering spam in general messages? Preferably such a system would FOSS, and something with a daemon component (accessible by port or socket) to offer quick response-times."
90% of gaming addiction patients not addicted
phorm writes "BBC is carrying an article which states that 90% of visitors to Europe's "video game addiction clinic" are not, in fact, addicted. The problem is a social one rather than a psychological issue.
In other words, the patients have turned to heavy gaming because they felt they didn't fit in elsewhere, or that they fit in better "in the game" than elsewhere in "the real world." This has been discussed before, with arguments ranging from gaming being a good way to socialize, the clinical definition of gaming addiction, and claims than males are wired for video-game addiction."
New catalyst in electrolysis to store solar energy
phorm writes "Reuters is carrying an article about a recent MIT development which may pave the way for solar-energy to be collected for use in low-input periods. According to Reuters, the discovery of the a new catalyst for separating hydrogen+oxygen from water requires only 10% of the electricity of current methods. This would allow storage-cells to function as a form of battery for other forms of energy-collection, such as solar panels. The new method is also much safer (and likely environmentally friendly) than current methods, which require the use of a dangerously caustic environment, and specialized storage containers."
Bell wants to dump third-party ISP's entirely
phorm writes "Not only is Bell interfering with third-party traffic, but — according to CBC — they want third-party ISP and phone carriers off their network entirely.
This Story details how Bell is lobbying to lease-conditions on their networks removed, stating that enough competition exists that they should not longer be required to lease infrastructure to third-parties. Perhaps throttling is just the beginning?"
CBC to broadcast program finale on BitTorrent
phorm writes "The CBC television program "Canada's Next Great Prime Minister," which recently aired its final episode and is already notable for having conducted auditions on YouTube and having its own Facebook group, is now planning to release a high-resolution, DRM-free version of the finale via BitTorrent.
As other media companies continue to slam BitTorrent as being only a "tool for piracy", will the continued increase of its use in legitimate distribution overshadow these failing arguments?"
Link to Original Source
You can not reverse-engineer our GPL-violations...
phorm writes "If appears that Monsoon Technology, the makers of the Hava media-transmission systems, don't quite understand the GPL. As some users pointed out in their forums, their systems appear to be based on Linux and various GPL'ed software, with the output of "strings" and other tests showing signs of running busybox and others. A monsoon spokesperson on the forum has indicated that they are aware it uses GPL'ed software, and are "working" on making source available, but at the same time are dropping various threats against supposed reverse-engineering of the software by those that determined the GPL violations.
A few snippets from the Monsoon rep include:
I have a little secret to let you in on — HAVA runs Linux! Yes, much of the source is GPL and we should publish those sections which we have modified per the terms of GPL. A project is underway to pull this together.
A couple of observations — some of you appear to be violating the terms of the End User License Agreement
You recognize and agree that the HAVA Software including its structure, source code and the design and structure of modules or programs, constitute valuable trade secrets owned by Snappymultimedia or its licensors. You will not copy or use the HAVA Software except as expressly permitted by this EULA and, specifically, you will not ...
(b) yourself or through any third party modify, reverse engineer, disassemble or decompile the HAVA Software in whole or part, except to the extent expressly permitted by applicable law, and then only after you have notified Snappymultimedia in writing of your intended activities;
Seems to me that some of you have just come out blatantly admitting you are reverse engineering the firmware — or trying to. How should we handle this?
As responses have indicated, the methods used to determine the violation do not seem to constitute reverse-engineering. Moreover, the initial friendliness of the rep is severely marred by the apparent hostility of the later message, as forum members have indicated. The overall message seems to be "we have not lived up to our obligations under the license of the software which we are using, but we'll get to it... sometime. Meanwhile, do not attempt to poke around our code yourself or things will get ugly."
The owners of BusyBox have been notified of this violation, however the response is still troubling. Is this the response we should come to expect as more and more commercial software uses and misuses GPL'ed components?"
HP removes all support for windows 98, ME
phorm writes "At my work location, I suppose a number of older (pentium-III generation, sometimes pentium-II) machines which run using windows 98. Recently, after re-imaging a machine, I attempted to download a printer driver from HP's website only to be greeted with a message stating that HP has removed all drivers for windows 98, 98SE, and ME, and will no longer offer CD's with drivers for hardware under those platforms. This includes the removal of drivers for any printers, etc that previously existed on the HP site.
Here's the blurb [and printable version] from HP's website, they blame it on changes from Microsoft but frankly I can't see how this affects older, previously-available drivers:
As of July 2007, HP will no longer be able to offer software driver downloads or replacement CD ordering for Windows 98, 98 Second Edition (SE), or Windows Millennium (Me) for your HP printer, all-in-one, camera, or scanner. Microsoft has stopped providing and supporting certain files related specifically to Windows 98 SE, and this change affects all technology companies. HP, along with other technology companies, is no longer able to use selected components in support of Windows 98SE, which has an impact on our software strategy for Windows 98, Windows 98 SE, and Windows Me.
Although the software drivers for Windows 98, 98 Second Edition, and Windows Me will no longer be supported by HP, your HP product will still work with these operating systems with the software provided to you on the CD that shipped with the product. Also, if you have previously received a software CD that lists any of these operating systems on the CD label, or downloaded a driver for one of these operating systems, please maintain these files. These files will no longer be available in the HP online support Web site or in any other HP support options (such as e-mail, chat or phone support) after the date mentioned above.
This information supersedes any statements in the printed documentation, the online Help and also other documents available in the HP support website.
Link to Original Source
phorm writes "I was recently having a discussion with a friend wherein we noticed that, although we had been lacking in sleep lately, we were — in general — feeling somewhat less tired. More specifically for myself, I generally end up feeling more alert in the morning, sometimes with a more steep drop-off towards night.
This had led to research over the concept of how much sleep is optimal, and how much is enough. Interestingly, it seems that many who are into heavy fitness schedules (bodybuilders etc) require lesser sleep amounts to maintain an alert state. This would seem to fit with my own observations, in that if I have exercised heavily, I tend to fall into a deeper sleep, within a shorted period of time. However, if I have exercised in a way that has over-strained my body, sometimes extra rest can be required, most likely so that it can "fix" itself.
I have many memories of college wherein intellectual stimulation would also have the same result. Coding would run into the early AM hours, and at some point when my brain was reduced to gelatin I would return home for about 3-6 hours of sleep, and still manage to feel active and refreshed the next day. Coding where I went to bed before my brain gelified might result in tossing-and-turning.
Stimulants, of course, affect either of these situations, but as I'm not much of a caffeine drinker (particularly later in the day), I believe that can be ruled out.
So, how much sleep does a normal slashdotter need before being able to achieve uncaffeinated alertness? What tips and tricks can you recommend to pull a few extra hours out of the day (much like many fitness fanatics do) without sacrificing your health or alertness? How do you trick your body into achieving the almighty "power-nap" or "super-sleep" for quick revitalization?"
phorm writes "A lot of cool movies have been coming out nowadays using not-too-expensive hardware and consumer-available software. In particular, works such as Star Wreck have shown that you don't need to be a big-budget production company to create modern effects and impressive video. Even the PC hardware that's available to consumers nowadays is coming closer to the power of big-production, with dual-core and even quad-core technology pushing into the marketplace, and high-capacity hard-drives + RAM becoming ever-lower in price.
However, I have noticed that most software used along these lines is still commercial and/or closed source. Open-source software along these lines would allow for greater intregration and/or private development. In particular I have some interest in integrating software based on some of the free 3d SDK's with blue-screening, allowing for new and interesting combinations of reality and fantasy. Does anyone know of any open source (linux or windows, but preferably for linux or both) software to handle bluescreening or greenscreening? Perhaps a modification of existing software such as EffecTV would allow for realtime effects and new concepts in realtime digital video effects."