Slashdot Mirror


User: dgatwood

dgatwood's activity in the archive.

Stories
0
Comments
14,277
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 14,277

  1. Re:The war that no one wanted on Ask Slashdot: What Smartwatch Apps Could You See Yourself Using? · · Score: 1

    That's certainly a reasonable way of looking at it, too. The thing is, though, it's the base price that determines how quickly and broadly something will be adopted; the price of the top model mainly just affects the profitability. :-)

  2. Re:The war that no one wanted on Ask Slashdot: What Smartwatch Apps Could You See Yourself Using? · · Score: 1

    And although the drop happened more slowly, the iPad line, originally starting at $499, now starts at $299 in a smaller form factor, or $399 in a full-size version. One reason its price wasn't inflated much at launch is that it was relatively mature technology when first released—other than software differences, it's basically an iPod Touch or iPhone with a larger screen, and as we all know, making things bigger is a lot easier than making them smaller. :-)

  3. Re:The war that no one wanted on Ask Slashdot: What Smartwatch Apps Could You See Yourself Using? · · Score: 1

    I don't think Apple generally reduces prices. Usually they keep the price and margin steady but improve the hardware.

    Let's see.

    • The iPod started at $400. Within a year or so, the price had dropped to $300. Four years later, you could get one for $200, and $150 just a year after that.
    • The original iPhone started at $500 and $600 (subsidized price). Within a couple of months, they killed the $500 version and lowered the $600 version to $400. One year later, they released the iPhone 3G that started at $200 (for the same capacity as the original $600 version). And of course, you can now get much better iPhone hardware for free.

    So then there may be hope for this product, because somewhere out there is a richer/foolhardier version of yourself who thinks of $350 just like you think of $100.

    Doubtful. I'm in the Silicon Valley, where we already think of $350 like an average person thinks of $100. It's hard for most people to justify spending more for an accessory than they spent on the phone they're using it with. :-)

    Like I said, I'll probably buy one after the inevitable price drop.

  4. Re:The war that no one wanted on Ask Slashdot: What Smartwatch Apps Could You See Yourself Using? · · Score: 2

    If price is the only hurdle, then Apple will be fine. Your line of $100 is someone else's line at $350.

    Not necessarily. I drew my line at $100, too, and I've spent somewhere in the neighborhood of $300 on a watch before. Based on Apple's product history, there are likely to be several major differences between this and a nice watch that diminish its value from my perspective:

    • Most people who can afford a nice watch already own one. So to justify its cost, it would need to be worth as much as its purchase price plus the cost of the nice watch you'll no longer be using. For me, with an atomic-clock-synchronized watch, that's a hard problem to overcome.
    • Nice watches that cost $300 typically have warranties that start at five years, because people wear them for decades. This will probably have a one-year warranty.
    • Nice watches will be usable for decades. You can expect this one to become unsupported in the first OS after its third birthday. At that point, its usefulness will begin to diminish rapidly, as the unpatched security holes and lack of new app support turn it into an anachronism.
    • Nice watches are timeless in their design. Their design changes at a speed that can only be described as glacial by tech standards. I'd expect this watch, by contrast, to be supplanted by a thinner version within about a year.
    • Nice watches don't have to be charged every night, or even every couple of days. This watch would mean one more device-specific charge cable to carry with me on every trip, one more poorly made cable to break where the wire goes into the plug on either end, one more power outlet that I have to find in a hotel that tries to hide them from you, one more outlet adapter if I'm in Europe, one more thing to remember to pick up when I leave.... Every extra rechargeable device adds a lot of hassle.

    This is how I arrived at a hundred bucks—maybe $125 if it had a camera and reliably ran for at least two or three weeks on a single charge. Mind you, this is all speculation about a product that doesn't exist yet, so there's a small chance that Apple will prove me wrong on many of these points.

    Of course, what most folks here are missing is that this is a first-generation product. Apple builds those mostly as a proof of concept. Not many people buy them, but the products get them real-world testing, and they get a year or so to find ways to cut manufacturing costs. Then, they release a second-generation product at a third the price, and pull in several times the volume. For me, it will start to be interesting at that point.

    But I'm not sure I'd bother wearing it after the first few days even if it was given to me. That is a bigger problem than "too expensive".

    As one of the few people on Slashdot who still wears a watch, I'd definitely use one, but I can't see myself buying the first generation—particularly given that you just know they're working on a second-generation version with a camera, and if they release such a product, the resale value on the first-generation version will drop to almost nothing.

  5. Re:left on Apple Announces Smartwatch, Bigger iPhones, Mobile Payments · · Score: 1

    Or heck, swap the band and use the orientation sensor to automatically rotate it appropriately.

  6. Re:Any removable storage yet? on Apple Announces Smartwatch, Bigger iPhones, Mobile Payments · · Score: 1

    And no, at least in my book, removable storage is just a "nice to have". It makes archiving a little easier, assuming it is robust, but otherwise it makes little difference. With that said, I'm not actively engaged in ENG/EFP work. If I were, I might find it more important than I do now.

  7. Re:Any removable storage yet? on Apple Announces Smartwatch, Bigger iPhones, Mobile Payments · · Score: 1

    I'm just guessing, of course, but I strongly suspect you have never sold a picture or video, so why do you think your judgement on what makes a toy is remotely valid? When you make your first photo sale to NatGeo or feature film you let us know.

    Speaking as someone who spent many years shooting video and selling it, I agree with the GP's assessment. The lack of an optical zoom makes cell phones good enough for selfies and pictures of cats—arguably, maybe even for basic portraiture—but completely useless for a wide range of videography and photography purposes:

    • You can't use them to usefully shoot a concert, stage play, dance recital, or any of the things that clued-in folks still use camcorders for, because all you'll see is a tiny white smudge where your kid should be. And if you walk out on stage to get close enough, they'll eject you from the theater.
    • And you can't shoot photos of birds in flight, or go whale watching with them, or do pretty much any other kind of nature photography unless you get spectacularly lucky.
    • You can't realistically do news gathering with them unless you have a mob of a thousand people who can all be in different places just in case the interesting action happens to occur near those spots.

    So essentially, the fact that most people don't use camcorders anymore doesn't mean that phones have gotten good enough, but rather that most camcorder users never took the time to learn how to use their gear in the first place, and thus don't know the difference. For anyone who took the time to learn how to zoom, cell phones really are toys by comparison.

    That's not to say that people don't get lucky and take some amazingly cool photos with phones on occasion, and that's not to say that you can't create an artificial shooting environment where a cell phone would be a usable tool, but in the real world, you'll still be missing 90% or more of the great shots because you're too limited by the hardware.

    When cell phones become at least a usable approximation of a 24–105mm lens on a DSLR (without being a low-res, digitally zoomed mess), they'll graduate from toys to tools in my book. Until then, it's worth the extra weight of my 6D and my bag of L glass if I know I'm going to be taking pictures, and it's worth the weight of my XH-A1 and a video tripod if I'm shooting video.

  8. Re:One day battery life in Apple Watch too? on Apple Announces Smartwatch, Bigger iPhones, Mobile Payments · · Score: 1

    A three day battery life isn't worth the sacrifices you'd have to make to get it.

    What sacrifices? Design extra battery capacity into the watch band.

  9. Re:CC system is flawed on Home Depot Confirms Breach of Its Payment Systems · · Score: 1

    No, it really isn't easier than that. If an attacker is in control of the device that controls the screen, they can make it show you anything that they want, including showing the right text for the transaction you're actually making. Then, when you enter the PIN, they can perform your transaction, and repeat the process for a second one using the PIN data that they already captured. If a device vendor manages to somehow make it physically impossible to perform two transactions without entering the PIN twice, they could display something that looks like a legitimate error message (e.g. a communication error), causing the user to enter the PIN twice. Either way, you've gained nothing.

    For that matter, they could show you your actual purchase, but really perform a transaction for airline tickets to Barbados, then not perform your actual purchase, but tell the register that they did. Then, to make the balance sheets look right from the store's perspective, they could add ten cents to the next few dozen transactions to cover the cost of your actual purchase. The error would only be caught on the store side through a thorough audit, and because the stolen card would not have a transaction for the store, there would be nothing suspicious about the transactions to draw the CC companies' attention towards that store, because after all, no consumer is likely to notice a missing transaction.

    Securing the transaction between the consumer and the bank is hard, because the merchant's systems are inherently untrusted. The second that display screen ceases to be absolutely trusted, you've lost the security battle.

  10. Re:CC system is flawed on Home Depot Confirms Breach of Its Payment Systems · · Score: 5, Insightful

    Even chips are bullshit. Why aren't CCs issuing one time tokens per a transaction - this rendering subsequent transactions useless? (Or tying the token to a retailer for subscriptions / etc)

    You'd have to do better than that. If the payment terminal is compromised, an attacker could just sit there and wait for a card to be available at one of the payment terminals, then process two transactions in a row very quickly, one of which is the real one, and the other of which is an arbitrary transaction. There's a fundamental law in computing—not sure if it has a name—that goes something like this: If you cannot fully trust both endpoints of a communication channel, you cannot trust the communication channel itself. Period.

    The only way to really improve the situation is to have credit cards treat the payment terminal as an untrusted network connection. Put a screen on the card itself, and require the user to push a button on the card itself to approve the transaction. Then use some form of PK crypto in the device itself to sign the transaction and send the response back to the payment processor's servers, which can then send a confirmation code to the register as proof that the transaction was accepted.

    And no, I don't mean cell phones here. Cell phone payment systems certainly have the potential to be an easier way of paying for things, but security-wise, they just replace one attack target with another, without any obvious security benefit. Why? Because they're general-purpose computers that are constantly in use for other purposes like web browsing, so if they contain any security holes, the risk of them getting compromised is non-negligible.

    More to the point, the risk of compromise for a cell phone is orders of magnitude higher than the risk of somebody finding a bug in a specialized card in your billfold and attacking it using nothing but NFC (because an attack on a cell phone doesn't require you to be in the same country as the victim, much less within a few feet).

    And assuming all things are equal, the odds of a cell phone being compromised should be higher than the odds of a payment terminal being compromised (ignoring the "physically swap it out" risk), because the payment terminals should be segregated onto their own private network, and shouldn't be communicating with unrelated Internet servers for unrelated purposes. This does not appear to be the case in practice (as far as we know), but then again, until enough payments happen on cell phones, they won't be a high-priority target, so such comparisons may or may not really be valid.

    Now it is theoretically possible to make a cell-phone-based solution as secure as a card with a screen, but the minimum requirements would be:

    • A separate CPU that handles the transaction processing and signing.
    • A means for that CPU to take over the display and input system in such a way that guarantees that the data shown on the screen is from that crypto chip even if the software running on the phone's main CPU is completely compromised.
    • A physical light on the front panel of the device to indicate that the data on the screen is coming from the payment chip.

    Anything short of that improves security only to the extent that the odds of simultaneously compromising a payment terminal and the phone that's talking to it are less than the odds of compromising one or the other, and there's a small chance that the customer might notice if the screens don't match, so an attacker really ought to compromise both of them. With that said, when there's a mass compromise of the payment systems of a major national company, it doesn't take a very high percentage of compromised cell phones before you would start seeing situations where both devices are compromised, at which point the cell phone doesn't make things appreciably more secure than a chip-and-pin system, which is, in turn, not all that much more secure than a magstripe system, whereas a mostly dumb crypto card with a screen and a pushbutton does.

  11. Re:autoplay sucks anyway on Facebook's Auto-Play Videos Chew Up Expensive Data Plans · · Score: 1

    There is a legal obligation to focus on profits.

    No, there is a legal obligation to act based on another party's interests, not based solely on another party's financial interests. Shareholders have interests other than money—having clean drinking water for their kids, supporting cultural growth, improving the quality of education, not getting buried in lawsuits from the government when you cross a legal line (though this one arguably is financial, just over the longer term), and so on. That's why you don't see shareholders suing companies for giving money to charities, for example. A purely financial misinterpretation of the word "fiduciary" would make such donations illegal.

  12. Re:Bah humbug censorship on Responding to Celeb Photo Leaks, Reddit Scotches "Fappening" Subreddit · · Score: 1

    IMO, it's 33% of a roughly 3x larger pie.

  13. Re:Autoplay is EVIL on Facebook's Auto-Play Videos Chew Up Expensive Data Plans · · Score: 1

    400 kilobytes? For 30 seconds of video? That's barely a hundred kilobits per second. Are you sure that wasn't a reference movie to content at a different URL? Because that's not likely to be anything approaching what most people would call "full quality" unless the content started out as a postage-stamp-sized cell phone video....

  14. It is a government actions, specifically this lawsuit is based on the federal anti-trust laws, which are completely unconstitutional and illegal and detrimental to the economy in every way.

    You're joking, right? Antitrust laws are only detrimental to one aspect of the economy: the unregulated ability for a few individuals or corporations to make an obscene amount of money at the expense of everyone else. When a monopoly exists, it gains an incredible amount of power over the free market that is not easy to overcome. At that point, a free market no longer realistically exists without government intervention, because the ability to break into that market becomes hopelessly compromised. To the extent that free markets are generally considered to be the epitome of a good economic system these days, clearly any government intervention required to ensure that such free markets continue to exist is justified, legal, and constitutional.

  15. Re:ISS carrying rogue packages on Space Station's 'Cubesat Cannon' Has Gone Rogue · · Score: 1

    I'm pretty sure the headline "ISIS attacks ISS" would confuse so many people that the world would never recover.

  16. Re:This is also how Sarah Palin's email got "hacke on Apple Denies Systems Breach In Photo Leak · · Score: 1

    The solution isn't random info. It's questions you create with personal information that is memorable enough that you're remember in an instance, but only you, or a very small handful of intimate people, would know. Ie, 'Who was that girl you had a really secret crush on in grade 10?"

    This is a great example of why security questions are inherently dangerous. Most people—even geeks—have no idea what makes a good security question. Cracking an account secured with this question is almost always very, very easy:

    • Determine what high school the person went to.
    • Iterate through all the girls who attended that school that year, providing both first-name form and a couple of first-and-last-name forms, beginning with the ones who were in your grade, then moving on to other grades. Include teachers.

    Better than 95% of of the time, this will result in a successful compromise of the user's account. And if you branch out from there into organizations that the person was in, churches, etc., you'll rapidly approach 100% coverage. And of course if someone really knew you or your crush back in 10th grade, it probably wasn't nearly as much of a secret as you thought it was, which could mean that it won't take many tries at all.

    To be fair, unless you're someone famous or there's a significant financial incentive to do so, it probably wouldn't be worth someone's time to type in the names of all the several hundred girls who attended your school, but once you have that information in electronic form, it would probably take a matter of seconds to crack such a security question in the absence of mechanisms to prevent repeat guessing. And even those mechanisms only slow down the process.

  17. Re:Seemed pretty obvious this was the case on Apple Denies Systems Breach In Photo Leak · · Score: 1

    Do you mean Yorkshire Pudding Purple Monkey Dishwasher or her sister, Idaho Potato Purple Monkey Dishwasher?

  18. Re:Seemed pretty obvious this was the case on Apple Denies Systems Breach In Photo Leak · · Score: 1

    A cell phone is not a second factor, or at least not a meaningful one. If somebody hacks your phone to install a keylogger, they'll be able to convince any software running on your phone to do their bidding as well. Either you trust the device or you don't. If you do, you don't need a second factor. If you don't, then all bets are off.

    For a reasonably strong second factor, you need a device that has basically no network connectivity whatsoever, like a CryptoCard token. And even then, you're potentially at the mercy of man-in-the-middle attacks stealing your credential, using it elsewhere, and temporarily providing bogus credential to the site that's requesting authentication, thus forcing you to generate another new number and concealing the fact that it just hijacked your second factor....

    For a truly strong second factor, you need a device that communicates using a dog-simple protocol, does nothing more than verifying the signature on a signed authentication request, displaying the signer's identity on a screen, waiting for the user to approve the transaction, signing the request with its own private key, and sending it back as the response. And even that isn't without its security risks.

  19. Re:Seemed pretty obvious this was the case on Apple Denies Systems Breach In Photo Leak · · Score: 1

    I'm unconvinced that an attack based on manipulating the secret questions is not Apple's fault. As others have pointed out, this is useless for celebrities whose lives are relatively public. Birthplace, pet names, mother's maiden name, etc. are the kind of things that are relatively easily collected from fluff interviews. For non-celebrities, such information may only require a personal meeting.

    Yes. The mere existence of security questions is a fundamental security hole—doubly so when users are forced to provide answers to those questions. Users have only two choices:

    • Answer truthfully, which catastrophically weakens security on their account, because quite frankly, everybody on my Facebook friends list knows the answers to about half of those questions; anything that I'm guaranteed to remember is also something that anyone I know also knows.
    • Make up answers, which is now a secret piece of information that is no better than a password, and no more likely to be remembered, but still weakens security by virtue of the fact that there are now five or six of those secret answers that magically unlock the account, rather than just one.

    IMO, not only should security questions not be required, they should not even be an option, precisely because most people don't understand enough about security to recognize just how horribly dangerous it is to answer the questions truthfully, leading to unfortunate incidents like these.

    As far as I'm concerned, there are only three safe ways to allow a user to regain access to accounts without knowing the password:

    1. Callback/email-back to a registered phone number or email address.
    2. Presenting proof of death along with proof of executorship.
    3. Presenting multiple forms of ID, either in person or with a combination of fax/email and video chat. Ideally, one of these forms of ID should be a photo ID, and the other should be a credit card (the physical card or a photocopy thereof, not just the number). The company should charge a $1 fee, both to discourage people from forgetting their password repeatedly and to ensure that the credit card was not stolen and used to impersonate the account holder. If the password was changed by someone else, the fee could be refunded after it goes through. Then, the company should provide a temporary password to the user, lock the account, and wait for the charge to go through before unlocking it again.

    And users should have the option of disabling the first one, precisely because some of those external accounts may require security questions, and thus may be easier to compromise, allowing a springboard attack.

  20. Re:Local storage on Ask Slashdot: What Old Technology Can't You Give Up? · · Score: 2

    Definitely not true. Backwards, in fact. POP defaults to removing messages from the server and must be explicitly configured to leave the messages on the server. IMAP leaves them on the server by default, and IIRC, most IMAP clients don't even provide the option of removing messages from the server until you delete them.

  21. Re: Rosetta on Ask Slashdot: What Old Technology Can't You Give Up? · · Score: 3, Funny

    Dead animals and a cave wall.

  22. Re:Extraordinary rendition on US Government Fights To Not Explain No-Fly List Selection Process · · Score: 1

    That's a pretty scary abuse of power. By Canada. Diverting the plane to Canada was okay, because the U.S. has jurisdiction over what air traffic may enter its airspace. However, the Canadian government had no legitimate legal right to arrest any person so diverted, because as a passenger on an international flight, he did not legally enter Canada, and a landing forced by the inability to reach your destination due to circumstances beyond the pilot's control constitutes an emergency landing, which is subject to various legal protections in all civilized countries.

    Unfortunately, I've read that the Canadian government did a lot of that sort of thing for international passengers diverted on 9/11, too. Apparently Canada has little respect for international law regarding air travel—specifically, Articles 5 and 25 of the Chicago Convention (of which Canada was originally a signatory, but later withdrew from).

    What the U.S. did was rather bizarre, but legal. What Canada did was unconscionable. Want to ensure that this never happens again? Write your MPs and demand that Canada re-sign the International Air Services Transit Agreement (IASTA).

  23. Re:Loose Lips Sinik Ships on US Government Fights To Not Explain No-Fly List Selection Process · · Score: 1

    The criteria themselves should not be secret. The details of what actions meet the criteria might be. Of course, once a person is dead, there's likely no reason to keep that person's details secret. So they should disclose the way that the guy who was fighting against us in Iraq got on the no-fly list. Wait, what? He wasn't on the list? Seriously? Then what the f*** good is it?

  24. Re:It'd be nice... on US Government Fights To Not Explain No-Fly List Selection Process · · Score: 1

    I'm pretty sure the last time the news media was competent at holding the federal government responsible was under Nixon. Since then, they've only held individuals accountable for their sex lives... because sex sells papers.

  25. Re:It's not the knife... on PHP 5.6.0 Released · · Score: 1

    Nah, that's part of its charm. PHP is C with dollar signs.... :-)