Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Old Apache Code At Root of Android FakeID Mess

raymorris Java sandboxing helped in this case (86 comments)

Essentially, what Java sandboxing is designed to do is to completely separate different apps, so for example your text messaging app doesn't have access to your browser's password storage. On a regular OS, traditional applications have access to all of your files and all of your hardware, meaning one piece of malware can get everything on your computer. Sun hasn't done a great job of implementing the sandbox in their Windows Java plugin. Google may have done a better job on Android.

In Android, you specially allow each app to have access to different things. If a flashlight app requests permission to read your text messages, you don't install that flashlight, because a flashlight has no legitimate reason to be reading text messages.

This bug isn't directly related to sandboxing, but sandboxing does reduce the impact. This bug allowed the author of an app to lie about who they are, about who made the app. So Joe Hacker could have marked his app as being made by Microsoft. If you trust Microsoft, you might install the app thinking it was made by Microsoft, but it wasn't really. So you go to install Microsoft Flashlight and the system says "Microsoft Flashlight wants to read your text messages". You'd click the "fuck off" button because a flashlight app doesn't have any business reading your text messages - even a flashlight app made by Microsoft. So while the bug allowed them to lie about who made the app, you can still see what the app is trying to access and deny if if doesn't make sense.

4 hours ago
top

seL4 Verified Microkernel Now Open Source

raymorris contributions on top, etc scare me. Once you know (55 comments)

True, theoretically once you know about it, you should be untangle any GPL3 code and any contributions on top of that GPL3, and any other code that borrowed from the GPL3 code. As an example of what I'm thinking of, suppose you have something modular like WordPress or Apache. Someone contributes an authentication module that includes gpl3 code. Because it includes GPL3 code, the whole module is gpl3. Someone else writes a different type of authentication module and rather than writing boring parts from scratch, they start by making a copy of the existing authentication module and replacing the "guts", the actual authentication function, with some other type. That second authentication module would be a derivative work of the first, and therefore gpl3. The project maintainers have no way of knowing how the author went about writing it, though, so they don't know if it's gpl3 or not.

My primary 8-5 job is maintaining and enhancing a gpl3 project called Moodle. I appreciate what the licence APPEARS to say, but I'm always nervous about what it DOES say. I'm careful to only contribute or distribute under my personal name, never hosting a copy of the source on my employer's servers. When I get an email at work asking for a copy of a module I wrote, or some help with something, I reply from my personal email address in order to protect my employers IP by avoiding any indication that the organization is distributing. Even with that, I also have to watch the entire project for anything that might infringe on my personally held UP because if someone puts infringing code on the project github I'll arguably lose my rights.

4 hours ago
top

seL4 Verified Microkernel Now Open Source

raymorris You can't choose forever. Once v3 touches it, gone (55 comments)

> since you can choose forever, everyone can pick
You cant choose forever. As soon as someone touches it with v3, it's v3 and you can't get it back.
The most common and easiest case where that happens if that someone integrates some other GPL code into the GPL project.
The contributor didn't realize that GPL(2) and GPL(3) are two very different things. The code integrated / copy-pasted from elsewhere was GPL3. If not caught and removed immediately, the presence of ANY GPL3 code, just one line, requires that the entire project be released _only_ as GPL3. It can no longer be used under GPL2.

The reason for that is that the new contribution that is GPL3 licensed wasn't licensed under GPL2. Since that bit isn't licensed under 2, the whole package can't be distributed under 2.

The wording in GPL3 is unclear in such a way that it could pose a very significant risk to people who aren't even remotely involved in open source at all. Whether that wording is merely stupid or devious, who knows. The problem was pointed out before the license was approved, and the wording wasn't changed, so perhaps Stallman actually did intend to leave the threat there, while claiming the threat didn't exist.

8 hours ago
top

Senate Bill Would Ban Most Bulk Surveillance

raymorris Good point. Doesn't outlaw anything they are doing (157 comments)

That's an excellent point. The executive, including the NSA, reports to the president. If the president wants them to stop doing something, he doesn't need a law - he can just say "stop doing that". We've seen him do exactly that, he said "stop deporting illegal aliens under 18 years old", and they stopped. Therefore, we know that they aren't doing anything the president cares to stop. He would have already stopped it if he wanted to.

Probably, the extremely specific language of this bill bans something they weren't doing anyway. They aren't allowed to spy on a specific area code, which is fine since they are spying on all customers of the telecom, not a specific area code.

10 hours ago
top

Put Your Code in the SWAMP: DHS Sponsors Online Open Source Code Testing

raymorris DHS is many different agencies - Coast Guard, FEMA (59 comments)

> Seems the left hand doesn't know what the right hand is doing, or wants!

DHS includes a LOT of hands that don't know what the others are doing. This is a high-level overview of a few of the major sections within DHS:
http://www.dhs.gov/xlibrary/as...

You'll notice it includes agencies as diverse as the Coast Guard, FEMA, health stuff ...

The $60 billion budget for all of the different agencies within DHS is 10% of the total non-defense operational budget of the entire government. So anything the government does, there's a reasonably good chance it's part of DHS.

US-CERT is now part of DHS, and of course US-CERT is the #1 information security organization. One thing CERT is doing is dispensing DHS grant money to pay universities to develop free cybersecurity courses http://niccs.us-cert.gov/ . Some of the courses are quite good.

13 hours ago
top

Put Your Code in the SWAMP: DHS Sponsors Online Open Source Code Testing

raymorris typos (59 comments)

When I write open source software in C, and expect it to be widely distributed, I may use the service.
I wouldn't submit PROPRIETARY software, probably, but code I submit to Apache or something like that isn't exactly secret. If NSA or someone wants to analyze the Apache source, they'll do that without me submitting it. By running static analysis on my code, I can learn about potential issues and fix them.

yesterday
top

Put Your Code in the SWAMP: DHS Sponsors Online Open Source Code Testing

raymorris For widely used open source, great. I'll use it. (59 comments)

When I write open source software in C, and expect it to be widely distributed, I may use the service.
I wouldn't submit PROPRIETARY software, probably, but code I submit to Apache or something like that isn't exactly. If NSA or someone reacts to analyze the Apache source, they'll do that without me submitting it. By running static analysis on my code, I can learn about potential issues and fix them.

yesterday
top

Verizon Now Throttling Top 'Unlimited' Subscribers On 4G LTE

raymorris not MY notion, but yes restaurants de-prioritize r (262 comments)

> Your notion of fairness is like someone standing in line at McDonalds being asked to move to the back of the line because they already bought a dozen hamburgers last week and McDonalds is really busy right now.

FYI, I'm not Verizon. I didn't make this policy. I only explained it.
Interestingly, sit-down restaurants actually DO de-prioritize regulars when they get too busy. Customers who are not regulars (yet) get priority.

> Please, drop the notion of "fair" and "heavy user".

Considering that this story is about the company giving lower priority to heavy users in order to be fair to customers who don't demand as much, it would be pretty tough to have any meaningful discussion about it without discussing the major concepts involved.

yesterday
top

Report: Nuclear Plants Should Focus On Risks Posed By External Events

raymorris if you looked it up, you'd know (122 comments)

> What has carbon dating to do with backround radiation?

If you looked up how carbon dating works, you'd know the answer to that.

2 days ago
top

SpaceX Executive Calls For $22-25 Billion NASA Budget

raymorris perfect solution. Bureaucrats won't find ways to (112 comments)

> The theory is that a lot of political rancor has taken place in the aerospace community because of the space agency's limited budget. If the budget were to be increased to pay for everything on the space wish list, the rancor will cease.

That will definitely work. Government agencies can never find more ways to spend money.
I bet if we handed 43% of everything we produce to the federal government, they'd stop having budget problems.

2 days ago
top

Report: Nuclear Plants Should Focus On Risks Posed By External Events

raymorris Carbon dating is amazing. Look it up. (122 comments)

Carbon dating is a very interesting technique. I think you'll be amazed at how it works. Or, you'll deny the existence of carbon dating in order to preserve your misconceptions.

2 days ago
top

Report: Nuclear Plants Should Focus On Risks Posed By External Events

raymorris eight days. Gunpowder dangerous, candles are not (122 comments)

Iodine is most dangerous because it releases all of it's radiation quickly. With a half-Life of just eight days, it releases enough energy, quickly enough, to do real harm. After a few weeks, the radiation is pretty much gone. You can visualize that as being like gunpowder, it releases its energy quickly, and that's dangerous.

Other substances release energy very slowly, over the course of hundreds of years. That's like the heat energy released from from iron rusting - it takes a long time to release the energy, so it would take a LONG time to be affected by it. You wouldn't want to keep a piece of plutonium in your pocket for 800 years, because after 200 years or so you might start to notice some affects. Except of course you'll die of other causes in about 50 years, so you'd never notice any affects from plutonium.

Iodine and other isotopes with a short half-life ARE dangerous for a little while, until they "burn up".

2 days ago
top

Report: Nuclear Plants Should Focus On Risks Posed By External Events

raymorris Congress acts == too late (122 comments)

> It hardly seems late if it is a report requested by congress

It's been said that one sure sign that an event is over is when Congress finally gets around to doing something about it.

2 days ago
top

Verizon Now Throttling Top 'Unlimited' Subscribers On 4G LTE

raymorris Porsche max speed 150 MPH. Should cap GB (262 comments)

> We don't let car manufacturers advertise MPG

I understand the sentiment. Phone companies sometimes act like jerks. In this case, they are lying by using the word "unlimited". Data transfer is ALWAYS limited,on any media.

Mbps is a measure of speed, though. Technically, looking at how very large networks work, "up to 30 Mbps" is more like saying a Porsche can go "up to 150 MPH".

It's important information for consumers, too. I want to know how quickly my cat video will load - will I have to wait while it buffers? That's actually a completely separate measurement from how many cat videos I can download in a month. Unless of course you assume I'm downloading videos 24/7. I buy bandwidth that way - 24 / 7 dedicated bandwidth. It's VERY A expensive that way because you're not sharing the cost since you're not sharing the bandwidth.

2 days ago
top

Verizon Now Throttling Top 'Unlimited' Subscribers On 4G LTE

raymorris In the long run, yes. Why I don't host spammers. (262 comments)

In the long run, yes decreased cost results in decreased prices TO THE EXTENT THAT COMPETITION IS ALLOWED.
If, say Cricket wireless can provide the same service at half the cost, they'll charge less in order to get market share. On the macro level, it puts downward pressure on prices.

Here's a concrete example for you. In the web hosting business, like many others, 20% of the customers result in 80% of the cost. Most customers never require much attention, the servers just run, the bill goes out, and their credit card is charged. A few customers run opt-in mailing lists, and while those are legitimate, they cause some spam complaints that needed to be handled, they need DKIM set up, etc. Other customers feel they need to install a new script every week, so they need a lot of support, and since they do everything ad-hoc rather than settling into a pattern they miss paying their bull sometimes and you have to call them a couple of times to get them to pay. Many years ago, I started a very small invitation-only web hosting service. We only hostprofessional webmasters who know what they are doing, so they don't bug support with stupid questions. Their invoice is billed to their business credit card every month. I have customers I haven't heard from in years. Because of this, our costs are low, and so are our prices. We can provide excellent service at an excellent price because we're not spending our time and money dealing with spam and DMCA complaints, or chasing down past-due accounts. Our costs are low, therefore our prices are low.

* no, we won't host your site. Not unless we know you, or people we know vouch for you. We don't want new customers unless we know those new customers won't bring DMCA, spam, billing, or support problems.

2 days ago
top

Two Cities Ask the FCC To Preempt State Laws Banning Municipal Fiber Internet

raymorris the FCC regulates milk now? (198 comments)

I know it's not fashionable to read the article, but you didn't even read the title?
This is about wireless. I pointed out that the platform of the Green party is to give the FCC new powers to do a, b, c, and d. Which in effect means giving Wheeler those powers. What does that have to do with the price of tea in China? Or in your case, milk in China.

If you for some reason want to make a comparison between the US and China on the topic of "big government", you might notice that China isn't exactly an example of small government. In China, the milk producers report directly to the government bureaucrats, more or less exactly what the Greens want to do here. Yes, that system results in melamine in milk.

2 days ago
top

Verizon Now Throttling Top 'Unlimited' Subscribers On 4G LTE

raymorris 1,050 people for a 1,000 person tower (262 comments)

Here's what you're missing. The article is about what happens when a tower hits maximum capacity for a moment.
Suppose the hardware on the tower is capable of serving 1,000 people per second*. There are 1,050 people who want to download this second. Sorry, 50 people are going to have to wait one second. The tower can only handle 1,000. That's just a fact. They aren't "messing with" anything, that's just what the hardware is capable of.

What Verizon has decided is that when there is an overload and somebody will have to wait a second, it'll be the heaviest users who have to wait. After all, they've already used "more than their fair share".

* it's actually how many packets and bytes the tower can serve per second / millisecond, not customer count. The person who uses a lot will wait milliseconds.

3 days ago
top

Verizon Now Throttling Top 'Unlimited' Subscribers On 4G LTE

raymorris 1,000 of you is expensive (262 comments)

Your entire post is basically repeating the same failure of logic over and over.
They don't put up a new tower for one customer, true. However, 1,000 customers like you mean that 10 more towers hit capacity and ten more need to be added. Verizon isn't making decisions one customer at a time. If they lost a many of their 150 GB / month customers, they could provide better service for a lot more 15GB / month customers and make a lot more money. That would be a good thing for them.

3 days ago
top

Verizon Now Throttling Top 'Unlimited' Subscribers On 4G LTE

raymorris This is about wireless phones (262 comments)

Your gigabit network is nice and all, but this conversation is about phones.

3 days ago

Submissions

top

ask - what do you think caused the NSA to start collecting so much data?

raymorris raymorris writes  |  about 7 months ago

raymorris (2726007) writes "Many people believe that the NSA collects far too much data, violating the privacy rights of the very citizens the NSA is supposed to protect. How did we get here? What specific structural or cultural changes can be identified that led some to believe it is okay to engage in this sort of broad dragnet surveillance as opposed to getting specific court orders for specific suspects?

Many people simply assign the blame to the opposite political party, which doesn't get very far in solving the problem and ensuring it doesn't happen again. Can we look at specific, identifiable factors and show exactly how they directly caused the intelligence community to get off track? For example, precisely which sections of which laws are being used to justify these programs, and what caused those laws to be passed? Is the surveillance directly authorized by law, or do the justifications require "creative" interpretation of the law?

In order to avoid getting into yet another fruitless political flame war and keep the discussion factually focused, please provide citations where possible."

Link to Original Source
top

Linux based drone copter goes mainstream, fully hackable with HD for under $300

raymorris raymorris writes  |  about a year and a half ago

raymorris writes "The recently released AR.Drone 2.0, running Linux 2.6 brings hackable drones mainstream at under $300. The wifi controlled drone copter running open source software includes a 1Ghz processor, an HD video camera, and a second downward facing camera onboard."
Link to Original Source

Journals

raymorris has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...