cnet.com · Domains · Slashdot Mirror

Re:patented keyboard technology? by arglebargle_xiv · 2014-03-30 18:30 · Score: 3, Informative · on Typo Keyboard For iPhone Faces Sales Ban

What advancement? The typo keyboard is virtually a 1 for 1 copy of the Q10 keyboard. They didn't even bother changing the colour of the frets.

Just a illustrate how blatant a knock-off it is, here's the Typo keyboard from the linked news story, and here's what Typo copied to create it.

Re:no more OS changes means potentially more secur by terrab0t · 2014-03-28 03:25 · Score: 1 · on Ask Slashdot: Preparing For Windows XP EOL?

Someone mentioned it above. There is software called Windows Steadystate that keeps the base file system unwritable to regular users and instead lets them write changes to a journaled file system that can be selectively restored from the base.

Windows SteadyState by benjymouse · 2014-03-27 09:12 · Score: 4, Informative · on Ask Slashdot: Preparing For Windows XP EOL?

Windows SteadyState from Microsoft is available for Windows XP.

SteadyState virtualizes the OS directories transparently on the disk. File writes/updates are directed to a secluded area. You can set it to simply delete those journaled updates upon restart/signoff. Any malware will be effectively gone. Windows Update would still be possible when signing in as the SteadyState administrator (creating an updated image), but that's kind of moot at this point.

Re:Who'll spit on my burger?! by Sarius64 · 2014-03-25 22:37 · Score: 1 · on Job Automation and the Minimum Wage Debate

Gonna be a long while till robots will be able to do all the shitty things nomadic, entry-level employees do.

It will be a while before robots can do all of those jobs, but many of them will soon be automated. If you go into a McDonald's, half the employees are taking orders, and the other half are fulfilling them. The people taking the orders could easily be replaced: Just turn the touchscreens around so that customers can enter their own orders, and then swipe a card to pay. Grocery stores have already done this, and so have banks. Fast food is next.

The only reason robots are not in the fields now is that farmers are ill-prepared to understand the shifts they'll need to operate under. Picking robots already exist on the indiviidual plant levels and are cheaper than human labor.

Berry nice: The robot can harvest strawberries every 8 seconds and works while farmers sleep.

Re:Makes perfect sense by Megol · 2014-03-23 23:50 · Score: 1 · on Why US Gov't Retirement Involves a Hole in the Ground Near Pittsburgh

COBOL. On a mainframe.

I read about this several years ago - still was able to find this post from 2007. I would assume they made some progress since then but surely not that much (if I recall there was some noise last year about fraud with IRS contract to buy new mainframe but I am too lazy to find link).

Why would they need to "progress" from a working system? COBOL works and mainframes works. The most used mainframe series are still developed and are in most cases more cost efficient than porting or emulating.

So again why the need to "progress"? Try to answer that without any technical prejudices please.

Re:Makes perfect sense by Anonymous Coward · 2014-03-23 18:15 · Score: 0 · on Why US Gov't Retirement Involves a Hole in the Ground Near Pittsburgh

COBOL. On a mainframe.

I read about this several years ago - still was able to find this post from 2007. I would assume they made some progress since then but surely not that much (if I recall there was some noise last year about fraud with IRS contract to buy new mainframe but I am too lazy to find link).

Re:Stupid by Anonymous Coward · 2014-03-21 20:40 · Score: -1 · on Oppo's New Phone Hits 538 PPI

This is a stupid race for the higher number.

This is a $599 phone with a titanium frame and generally good specs, not some crazy-expensive hipster toy. And there's a version of it with standard HD for $100 less if you're desperate for something more mundane...

http://reviews.cnet.com/smartp...

Re:Next they'll give internet explorer free by StripedCow · 2014-03-18 04:51 · Score: 4, Insightful · on Microsoft Releases Free Edition of OneNote

Apple, in constrast, makes sure any competitive app never sees the light of day:
http://news.cnet.com/8301-1384...

Re:Ignorance... by SlaveToTheGrind · 2014-03-12 02:49 · Score: 1 · on Apple Demands $40 Per Samsung Phone For 5 Software Patents

Even if that's what he meant, at the end of the day it gets us to exactly the same place -- he's effectively ordering Apple to assign an arbitrary value to its patent portfolio that may not reflect its actual value, apparently based on a distorted understanding of how patent valuation and licensing actually works.

Here's a little thought experiment. For the sake of the hypothetical, please assume all patents are in the same or similar technology space:

Scenario 1: I'm a company with 5 patents. I approach Samsung and say "hey -- I've seen all those 'small price + cross licensing agreement' deals you've done with other companies.* I want the same deal. Here's my 5 patents and a "small price" -- cough up your 100,000 patents." Proper result?

Scenario 2: I'm a company with 1,000,000 patents, including a broad, pioneering patent on logic circuits made from room-temperature superconductors. Samsung approaches me and offers its 100,000 patents and a "small price," and demands a cross-license to my 1,000,000 patents, including the superconductor patent. Proper result?

Big companies have disagreements about the actual value of their patents all the time. Companies decide to cross-license -- or not -- with other companies all the time. The OP presented no evidence that Apple is doing anything fundamentally different.

* Which I probably haven't, because many companies tend to be highly secretive of the exact terms of these agreements -- for obvious reasons.

Re:Tablet + keyboard + trackpad by Bing+Tsher+E · 2014-03-09 06:54 · Score: 1 · on Google Blocking Asus's Android-Windows "Duet"?

My tablet, when I add a bluetooth keyboard and mouse to it, becomes a full Windows desktop machine if I wish. I even have Minecraft installed on it now. Installing the JVM and the Minecraft program was as easy as it was on every other Windows machine I've had. I also added emu8086 which is one of my favorite toys. Any Win32 binary will do (if it runs on Windows 7 or later)

To supplement hosts (this rocks) by Anonymous Coward · 2014-03-07 10:50 · Score: 0 · on Snowden's NSA Leaks Gave IETF a Needed Security Wake-up Call

Monitor you connections to Slashdot to supplement hosts using NIRSOFT's Network Latency Viewer -> (essentially a timer driven gui based netstat -ano++) http://download.cnet.com/Netwo... for FIREWALL LEVEL RULESETS (vs. you wouldn't BELIEVE how much there is that you DON'T SEE like ads, by the hundreds)... for more speed, & my guess is FAR less tracking/webbeacons-webbugs, etc. - et al actually.

* Adding them to a NEW custom firewall rule (by IP or ranges)? Cake in Windows 7...

APK

P.S.=> I tell you: It even made surfing using IE 11 fast, WITH scripts on here (but yes, faster than when not as you said too also) - all that & hosts before it in the IP stack + FAST kernelmode ops + caching in kernelmode too (vs. usermode services)? Flies...

... apk

Re:Severe, and yet not severe. by Frobnicator · 2014-03-04 13:46 · Score: 2 · on Bug In the GnuTLS Library Leaves Many OSs and Apps At Risk

SSL/TLS communications are just as secure as they always were.

No, it is not.

CA model is much more important than the public CA "trust". There is nothing stopping an application designer from using private CAs for their application. This bug breaks the trust to any CAs, including the private ones.

Let's think about it (as a thought experiment) what is required for this to be an effective attack.

SSL spoofing is already a common attack. Not just France and the NSA but also regular old password-sniffers. This vulnerability falls under the same class of attack as SSL spoofing; a trusted certificate is secretly replaced by an untrusted certificate.

There were some common examples right after unicode was allowed in domain names and people came up with similar-looking links for major companies with unicode symbols that look identical to the ascii glyphs. That will be one comparison. The other comparison will be for a government-style ssl spoof attack.

First, the attacker must redirect you from the legitimate site to their illegitimate site. This is equally difficult with or without the TLS attack. The government-style attack could intercept the traffic over the wire and redirect you to the bad MitM manually. The fake link version could use bad links in phishing emails or spamming the internet with the fake link to the MitM server. Other options include host entries and software secretly installed on the machine. In any event, the bug does not affect this most difficult step.

Second, they need to appear as a valid connection. For the TLS bug, the attacker must create a false certificate that will test as valid. With the bug being known, that is pretty easy. Then they must use this when the certificate is requested during TLS handshaking. Now contrast this with a traditional attacker who must get their certificate signed by a CA for the fake domain; this is also fairly easy to do in practice. Many fake-name certs have been issued over the years and successfully used in news-reported attacks. Sometimes certificates have been forged in other ways, such as the Flame virus. Similarly the spy agencies have no difficulty getting their fake certificates signed by a CA.

Finally, the attacker needs to make a connection with the legitimate host. This is the same in all conditions, and has been successfully been used in SSL spoof attacks for years. When there is secondary authentication required the MitM just requests the data from the client. Complex attacks can sometimes permit a second connection directly to the victim where two-factor authentication across servers is required in such a way that the authentication passes. Nothing new here.

So really, the only thing the bug makes easier is the task of getting a fake certificate. Since this was arguably the EASIEST step in SSL Spoofing to begin with, and because SSL Spoofing is long-established as an easy attack that is difficult for lay people to detect, it means the attack really is a relatively small issue.

Windows by Killerfishmonkey · 2014-03-02 02:09 · Score: 0 · on Ask Slashdot: What Software Can You Not Live Without?

First off... Windows 7 is the only way to go. It is stable, and you get to access all those sweet videogames. But before all that, the standard software. Your specific hardware drivers. The latest ones. set the schedule now. Defrag should run once a week, I run mine in the night on Wednesday. if you shut the PC down after every use though. get AUSLogics Defrag. It will run if the computer is idle for 15 mins. Google Chrome - https://www.google.com/intl/en... Google Picasa - https://www.google.com/picasa/ Ccleaner - http://download.cnet.com/CClea... Try and find a version of Office that does not require a monthly bill. Office 365 is a very horrible idea and I have no idea why someone would pay for it monthly. then again there is open office which is free.

Isn't there, though? by QuasiSteve · 2014-02-28 12:59 · Score: 5, Informative · on Apple's Messages Offers Free Texting With a Side of iPhone Lock-In

That's not how it works.

Good. Please explain how it does work.

Per this old article:
http://asia.cnet.com/faq-whats...

It seems to work like this.
You go to the messaging app. This is the default messaging app. It does text messages (SMS), and it does iMessages. So far so good.

You enter a number or directly a contact. It checks if that contact is believed to use iMessage by way of the phone number. If it believes the contact uses iMessage, it will send it as an iMessage, otherwise it will send it as a text message.

Still so far so good.

Now that contact stops using iMessage - the example given being that they switch devices, keeping the same number. They didn't "turn iMessage off", because why on Earth does that seem like a logical thing to have to do? Especially if, say, they switched devices because their iPhone died; in which case, they can't turn it off (or can they? Oh yes, they can contact Apple Support; http://support.apple.com/kb/TS... ).

Now you send them a message. The iMessage app is clueless and sends an iMessage because hey, nobody ever told it that the contact is no longer using iMessage. iMessage will eventually come back and say that it failed, and you as the sender either send again or shrug it off, but it might not occur to you to send as a text message instead. If you even can. Yes, if it already failed, you can hold the text and force that to send as text message. But the very next one you send is going to be an iMessage again. Of course, you can disable iMessage on your end, but that disables sending iMessage to all of your contacts. Short of deleting pre-existing iMessages for a given contact, it doesn't seem there's a way to just flip the "this contact uses iMessage" bit.

But here's the rub.. they shouldn't have to explicitly set anything at all.
A. Receive iMessage from contact -> set iMessage bit on contact.
B. Receive text message from contact -> clear iMessage bit on contact if present.
C. Failed iMessage -> re-send. Failed again? -> re-send as text. Delivered? (if supported by the networks) -> clear iMessage bit. Otherwise, see A/B.
D. User enables / disables iMessage explicitly -> set state in central registry (Apple ID is involved, right?).
E. Every once in a while, send as an iMessage anyway if the central registry suggests that the user really should have iMessage because they never turned it off. Worst case: the send ends up with situation C said 'every once in a while', which would be transparent to them. Best case: after a few of those, even the central registry could get a clue and disable the iMessage bit on their end, allowing it to propagate.
Having the onus of 'iMessage bit' state at the sender's side be solely on the end of the recipient is stupid.

I wouldn't say that it is a case of lock-in, though. Just a suboptimal approach. (And yes, I realize there's potential issues with A-E above as well). The bit that makes it peculiar, to say the least, is that this problem has been complained about since at least the end of 2011. Just not by enough people for it to be "an actual story", I guess.

Correct me if any of the above is wrong - I'm certainly not an iPhone user so I've only got the most basic of google search results as my sources.

Re:No free lunch by timeOday · 2014-02-28 10:36 · Score: 1 · on Open Source Brings High-End Canon Camera Dynamic Range Closer To Nikon's

Ah, this reminds me of another innovation that slashdot doesn't seem to have reported on yet: "Corephotonics' dual-camera tech will change smartphone imaging." It gives cellphones more telephoto capability by having a color sensor with a wide-angle lens, and a monochrome sensor with a telephoto lens. The idea being that you're more sensitive to details in luminance than chrominance. (In fact many image formats allocate more bits to storing luminance than chrominance). It also makes sense since the longer focal length lens cannot be much larger (this is in a cellphone) so it gathers less light, and monochrome sensors are more sensitive (no color filter to absorb it). At close distances you would have a parallax problem, except then you're using the wide angle and probably don't use the telephoto image at all. I think it's really clever.

Re:not in use? by NeverVotedBush · 2014-02-27 04:06 · Score: 3, Informative · on Woman Attacked In San Francisco Bar For Wearing Google Glass

No light. Here - see for yourself: http://news.cnet.com/8301-1023...

"There is no tiny red LED light flashing when Glass is in recording mode. However, the Glass display is on when recording, and people in close proximity on the other side of the lens can see the tiny reverse image of what's on the display. But the act of recording video or picture taking may not be that obvious from a distance or to the uninitiated. It's clearly less obvious than someone pointing a phone in your direction."

stfu and learn noob by fluffythdestroy · 2014-02-25 08:46 · Score: 2 · on New iOS Keylogging Vulnerability Discovered

http://news.cnet.com/8301-2707...

OMG! Ponnies! by Tablizer · 2014-02-20 12:28 · Score: 1 · on Why Your Online Impersonation of a 16-year Old Girl Won't Last Long

OMG!!! Ponnies!

Perspective:Inside Cisco's eavesdropping apparatus by Anonymous Coward · 2014-02-20 05:47 · Score: 0 · on Are Bankers Paid Too Much? Are Technology CEOs?

Perspective: Inside Cisco's eavesdropping apparatus

April 21, 2003 4:00 AM PDT

http://news.cnet.com/2010-1071...

By Declan McCullagh

"Cisco Systems has created a more efficient and targeted way for police and intelligence agencies to eavesdrop on people whose Internet service provider uses their company's routers.

The company recently published a proposal that describes how it plans to embed "lawful interception" capability into its products. Among the highlights: Eavesdropping "must be undetectable," and multiple police agencies conducting simultaneous wiretaps must not learn of one another. If an Internet provider uses encryption to preserve its customers' privacy and has access to the encryption keys, it must turn over the intercepted communications to police in a descrambled form.

Cisco's decision to begin offering "lawful interception" capability as an option to its customers could turn out to be either good or bad news for privacy.

Because Cisco's routers currently aren't designed to target an individual, it's easy for an Internet service provider (ISP) to comply with a police request today by turning over all the traffic that flows through a router or switch. Cisco's "lawful interception" capability thus might help limit the amount of data that gets scooped up in the process.

On the other hand, the argument that it hinders privacy goes like this: By making wiretapping more efficient, Cisco will permit governments in other countries--where court oversight of police eavesdropping is even more limited than in the United States--snoop on far more communications than they could have otherwise.

Marc Rotenberg, head of the Electronic Privacy Information Center, says: "I don't see why the technical community should hardwire surveillance standards and not also hardwire accountability standards like audit logs and public reporting. The laws that permit 'lawful interception' typically incorporate both components--the (interception) authority and the means of oversight--but the (Cisco) implementation seems to have only the surveillance component. That is no guarantee that the authority will be used in a 'lawful' manner."

U.S. history provides many examples of government and police agencies conducting illegal wiretaps. The FBI unlawfully spied on Eleanor Roosevelt, Martin Luther King Jr., feminists, gay rights leaders and Catholic priests. During its dark days, the bureau used secret files and hidden microphones to blackmail the Kennedy brothers, sway the Supreme Court and influence presidential elections. Cisco's Internet draft may be titled "lawful interception," but there's no guarantee that the capability will always be used legally.

Still, if you don't like Cisco's decision, remember that they're not the ones doing the snooping. Cisco is responding to its customers' requests, and if they don't, other hardware vendors will.

Cisco's Internet draft may be titled "lawful interception," but there's no guarantee that the capability will always be used legally.

If you're looking for someone to blame, consider Attorney General John Ashcroft, who asked for and received sweeping surveillance powers in the USA Patriot Act, along with your elected representatives in Congress, who gave those powers to him with virtually no debate.

I talked with Fred Baker, a Cisco fellow and former chairman of the Internet Engineering Task Force (IETF), about his work on the "lawful interception" draft.

Q: Why did Cisco decide to build "lawful interception" into its products? What prompted this?
A: Cisco's customers, no

Perspective: Inside Cisco's eavesdropping apparatu by Anonymous Coward · 2014-02-20 02:09 · Score: 0 · on How Jan Koum Steered WhatsApp Into $16B Facebook Deal

Perspective: Inside Cisco's eavesdropping apparatus

April 21, 2003 4:00 AM PDT
OLD ARTICLE but it still RINGS TRUE today!