Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Chinese Vendor Could Pay $34.9M FCC Fine In Signal-Jammer Sting

synthesizerpatel My aching back! (188 comments)

This means I have to go back to carrying around a microwave oven and a car battery doesn't it?

about 2 months ago
top

Tesla Releases Electric Car Patents To the Public

synthesizerpatel "In good faith" (211 comments)

At the point where you actually would be considered competition for Tesla is the point at which you would not be acting in good faith I assume?

Yeah.. Nice PR move, but effectively pointless.

about 3 months ago
top

Mozilla Ditches Firefox's New-Tab Monetization Plans

synthesizerpatel Article is misleading... (195 comments)

They don't say they're ditching the plan.

They say 'we will experiment.' meaning:

'bit by bit we're going to achieve our goal, just so slowly that you won't all notice at the same time'.

about 4 months ago
top

BMW Created the Most Efficient Electric Car In the US

synthesizerpatel Re:Tesla still wins (258 comments)

At $43k, it's a bit cheaper than the Tesla @ $79k.

I'd have to charge it at my office, but as a commuter car the BMW seems a lot better fit for my budget / needs than a Tesla.

about 4 months ago
top

Previously Unknown Warhol Works Recovered From '80s Amiga Disks

synthesizerpatel Re:uh..really? (171 comments)

http://amiga.filfre.net/wp-con...

There's the original. I was wrong, it wasn't a full reproduction - but it was a Deluxe Paint marketing image for sure.

about 4 months ago
top

Previously Unknown Warhol Works Recovered From '80s Amiga Disks

synthesizerpatel uh..really? (171 comments)

http://news.bbcimg.co.uk/media...

That Venus is not the work of Andy Warhol if I remember correctly. (Well, he might have done the HAM-fisted cut and paste of the third eye in the middle of her forehead..)

I remember seeing it on the cover of one of the Amiga magazines as the full reproduction. I realize that Warhol stole most of what he did from other artists, but surely this has to be a joke.

about 4 months ago
top

Clam That Was Killed Determining Its Age Was Over 100 Years Older Than Estimated

synthesizerpatel Re:Science is Inherently Destructive (366 comments)

And this is why the incredible Hulk is, and will always be our greatest scientist.

about 10 months ago
top

Cyborg Cockroach Sparks Ethics Debate

synthesizerpatel Re:Missing the reality of what kids do to insects (512 comments)

If I recall correctly, the Donner Party didn't undertake cannibalism because it was entertaining or educational.

And while arguments can be made against the necessity of killing animals for sustenance - there are many mechanisms that we employ to make life better on what ultimately ends up on our dinner table. (Free range whatnot, humane slaughtering, etc)

about a year ago
top

Ask Slashdot: Has Gmail's SSL Certificate Changed, How Would We Know?

synthesizerpatel Re:Why do we trust SSL? (233 comments)

With regards to the question about becoming your own signing authority - it's not that difficult really from a technical standpoint. If you've ever generated a self-signed certificate you've satisfied the most basic mechanics of the operation.

The rub is getting your root certificate onto clients. A good example of this is the process that Microsoft requires - you must have infrastructure that meets certain criteria with regards to security (physical and digital), submit to third party auditing once or twice a year, etc etc. None of which is very difficult as long as you have the money and tick off all the boxes on the checklist.

However, consider for a moment that it's not just Microsoft you have to deal with, but Apple, Firefox, Opera, Chrome/Google, Android, Nokia, WaWei(sp?), etc.

There's no guarantee that an application will utilize an OS-wide keystore, and in some cases they don't - but ship their own list of 'trusted root ca' certs.

So with each vendor that provides an application or operating system you have to then convince them that you're (1) trustworthy (2) a big enough player that they should even bother. And even then, what motivation do they have to do YOU the favor of shipping your cert? There's more than likely for lack of a better term "distribution fees", (rhymes with payola) to get your cert out there into the world.

An alternative to this is that you get an intermediate CA certificate from an existing CA (which negates any security you would bring to the table being a sub-root to someone else who could just create a cert pretending to be you) - but there's very little motivation aside from providing a skeleton key to your certs as a root ca because if you're reselling certs that's less certs for them to sell anyway.. why would they dilute the market like that?)

Long story short - the SSL certificate business is essentially a money printing operation that if you want a slice of, you'd need to grease a lot of palms (some of which are probably ungreasable), spend a lot of money.

This will likely never change because there's no motivation for existing players to change it and plenty of motivation for them to keep it as is.

If you want the security of rolling your own keys and don't have the infrastructure to deploy them to clients through an installer (i.e. you're an online vendor that accepts 'walk-in' internet traffic) - you're screwed.

If you run your own network and want to provide SSL services without using any upstream providers - just make deployment of your cert part of machine imaging / bring-up / maintenance.

about a year ago
top

T-Mobile Ends Contracts and Subsidies

synthesizerpatel Just wait.. (404 comments)

If they really were thinking about customers, the contract would be a no-penalty cancel-anytime-you-want contract that would lock you in for a specific price for a non-trivial amount of time.

I'm skeptical and will stick with AT&T out of laziness for a while. Prove me wrong T-Mobile and I'll switch. But even though cellular has been one-sided customer-screwing contracts since the inception of the service - contracts can actually protect _both_ parties if you do them right. No contract == No guarantee.

about a year and a half ago
top

Firefox and Chrome Can Talk To Each Other

synthesizerpatel Re:Are you KIDDING me? (121 comments)

Yeah - when the user tells the browser where to go.

Javascript being able to run off and talk to whoever it wants? And that being an expected pattern?.. That's different.

about a year and a half ago
top

Firefox and Chrome Can Talk To Each Other

synthesizerpatel Are you KIDDING me? (121 comments)

Web-browsers being able to both open socket connections to arbitrary remote end-points, and be listening / processing data for incoming connections?

Worst idea ever. If anything ends up being responsible for destroying the internet - this is it. It's just going to be a giant mesh of infected browsers constantly doing battle, like the dust-clouds of dead nanites from the Diamond Age.

You fucking web guys. Take WebRTC, Flash, PHP, JSON, Flash, native browser plugins and all the other half-baked non-standard make-it-up-as-you-go-along "technologies" and go fuck yourselves.

about a year and a half ago
top

Ask Slashdot: To AdBlock Or Not To AdBlock?

synthesizerpatel Ads are for the lazy and ignorant (716 comments)

Either they're so lazy they don't care or they don't know how to get rid of them.

If you feel bad about circumventing their terrible business model, just wait until they're broadcasting commercials directly into your dreams.

And they laughed at me for wearing the tinfoil hat! Who's laughing now!

about 2 years ago
top

OS X Mountain Lion Out Tomorrow

synthesizerpatel Re:designed to fend off malware (230 comments)

But, but, but, it's a MAC! We don't GET malware!

Oh you might want to rethink that, apparently Macs (and Linux boxes for that matter) tend to be crawling with malware making them a very significant threat vector according to the windows admins where I work. .

... Yeah. Windows admins usually are the uncontested experts about OSX and Linux malware ...

more than 2 years ago
top

Is Stratfor a "Joke"?

synthesizerpatel Well, since they don't encrypt their email.. (211 comments)

I think the answer is basically just 'yes', regardless of the veracity of any of the claims in the article, regardless of what you may think of their practices or the quality of their product.

If you work in intelligence and you don't encrypt your email, you are a joke.

more than 2 years ago
top

GNOME 3: Beauty To the Bone?

synthesizerpatel Re:To the Bone! (647 comments)

Sarcasm aside, drawing the distinction between why one would do this on a printer vs. why one wouldn't want to do it on a desktop UI.

The reason printers have less and less buttons (when possible) can more accurately be attributed to a cost-cutting feature (less buttons == less hardware to manufacture, less moving parts to replace when they break in the field, less warranty problems, etc). If you don't get bothered by having to hold buttons down to get them to exercise new behaviors - this is all fine and good.

If I had to click and hold anything for 10 seconds in a UI I'd find a new UI. While pixels are finite on a desktop, they're still free.

more than 2 years ago
top

IT Pros Can't Resist Peeking At Privileged Info

synthesizerpatel This report brought to you by... (388 comments)

Lieberman Software, a security and identification software vendor.

Yeah. Sounds like a completely scientific report with no bias to me.

more than 2 years ago

Submissions

top

Boxee Box having difficulty with GPL?

synthesizerpatel synthesizerpatel writes  |  more than 3 years ago

synthesizerpatel (1210598) writes "For those of you unfamiliar with the XBMC fork Boxee, it's recently been released as an appliance in the form of D-Link's Boxee Box (retail: ~$200 USD). The Boxee Box has an Intel CE4100 Atom processor and runs the Boxee fork on top of a Linux based operating system. However it seems that they're having some difficulty with the GPL.

While Boxee does commit their code back to XBMC, XBMC's SCM doesn't seem to include their CE4100 code (or doesn't yet? I'll give them the benefit of the doubt). Boxee's SVN (svn.boxee.tv) server is password protected so you can't download from their SCM — You can download tarball that is preported to be the source code for the CE4100 port from their webpage. Their documentation seems to cover their developer environments and doesn't take into account a fresh install. There's a fair amount that is right but it's mixed in with incorrect or out-of-context information and requires a bit of time to pick through.

Boxee also provides a link to the Intel CE4100 Environment 13.7.10304.125504, which comes with a broken installer stating that an unnamed (NULL) dependency is not met. You can unpack the SDK by hand with a little bit of effort and if you understand how cross-compiling works you'll eventually figure out how to start a build.

You then run into another problem.

Both the SDK and the Boxee source code are missing the drivers for the Intel CE4100 platform. Neither source or binary are provided even though the Boxee binary links against them (in their GPL code) and ships them on their Linux based platform. Its very difficult to find documentation on the CE4100. Intel's public website seems bereft of any information on it beyond press releases. You can sign up for an embedded products account but without a corporate backed account (NDA anyone?) you won't get access to the good stuff design guide, platform SDK, etc.

A word of warning in regards to people interested in hacking the Boxee — its made some efforts to be a closed product. They sign their filesystems which get checked before mounting, any root-shell acess methods that are published seem to get quickly fixed. After the latest root access methods were documented the holes were patched fairly quickly. . That being said, it's still fairly simple to get access to the root filesystem and to execute arbitrary code.

Lets all root for Boxee and D-Link to make things right. I'm sure it's simply an oversight but given that their product is based on the GPL software — I think it's reasonable to ask for the source code we're entitled to as customers."

Journals

synthesizerpatel has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>