Slashdot Mirror


User: fuzzyfuzzyfungus

fuzzyfuzzyfungus's activity in the archive.

Stories
0
Comments
15,204
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 15,204

  1. The only Irony Appropriate(tm) result... on Scientist Infects Self With Computer Virus · · Score: 2, Funny

    Is for this researcher to be the first to contract the metavirus when it arrives...

  2. Re:Slashdotter's rejoice! on Secure Communication Comes To Android · · Score: 1

    I'm guessing that, in the dystopian future, the list of evil governments that would suppress speech but not ban encrypting it will be very short.(for commercial reasons, of course, various sorts of "tame" encryption, useful for keeping criminals out of banking sessions; but transparent to the authorities will be permitted, even encouraged)

    It isn't all that hard to hide exactly what you are up to. It is harder to hide that you are hiding something. Any sufficiently evil regime will just make hiding something a crime(and we aren't talking purely theoretical, or confined to the former soviet republic of fascistan. Britain is basically there already.)

  3. Re:WebOS on Why Windows 7 "Slate" Tablets Won't Happen · · Score: 2, Insightful

    Sounds like you missed the news of the availability of a native development plugin system...

  4. Re:Umm... on Tabnapping Scams Around the Corner? · · Score: 1

    Depending on the market they happen to live in, any power user who wants a bank...

  5. Re:disabling scripts on unfocused tabs? on Tabnapping Scams Around the Corner? · · Score: 1

    Technologically, yes. From a human interaction perspective, not really.

    Unless you want an audience of only security enthusiasts, having your browser break all sorts of common and legitimate websites by default is a no-go.

    If a site is convincing enough to phish somebody, it is probably convincing enough to get them to whitelist it(unless you make whitelisting such a pain in the ass that the bottom 20% of your users can't even figure it out).

    If you ship your own whitelist, you face the endless time-and-money-sucking battle of having to enumerate goodness on the internet.

    If you try to piggyback on some other mechanism(say, any site with a valid SSL cert gets on the whitelist), you still break legitimate sites that don't use or need SSL and don't break malicious sites that use innocuous URLs and simply depend on the user not checking them carefully(ie. getting a reputable cert authority to give you a cert for "bankofam3rica.com" shouldn't be possible. That is an obvious phishing tool. Getting one for "blandurl.com" should be no problem, and nothing stops you from hosting a picture-perfect copy of the Bank of America login page on a blandurl.com subdomain.)

    Whitelisting only really works, behaviorally, in situations where a competent and dedicated decision-making authority exercises control over the user. Unfortunately, being such an authority is either a thankless task, or an all-too-rewarding one(either in terms of censorship potential, rent-extraction potential, or both.)

  6. Re:That's very nice of you Adobe on Adobe Founders On Flash and Internet Standards · · Score: 2, Informative

    In retrospect, my comma use there was a touch ambiguous. My understanding is that Adobe's implementation of h.263 in ".flv" is a bit weird and proprietary(though fully understood at this point). Their applications of VP6 and h.264 are orthodox, to the best of my knowledge.

    The scope of "proprietary variant" was supposed to extend only to the first comma, not to the entire list.

  7. Re:Umm... on Tabnapping Scams Around the Corner? · · Score: 3, Interesting

    P.T. Barnum, expert applied scamologist, is said to have observed that you can "fool some of the people all of the time and all of the people some of the time."

    Arguably, that will be the case here. Your basic clueless noobtard will click on just about anything that looks vaguely plausible, and a lot of stuff that doesn't. This technique will be overkill for them, since straight phishing still works just fine.

    Your competent power user, on the other hand, may not fall for the trivial cases(two or three tabs, "innocuous-linkfarm.typosquatter.com" changes into "evil.ath.cx/yourbankherereallyhonestly.html" in front of your eyes); but they are the ones most likely to have 10 firefox windows open, each with 20 or 30 tabs, possibly on multiple monitors. Unless you possess an inhuman ability to maintain state tables in your head, you could easily assume that "yourbank.scam.com" on browser window 5, tab 15, is the "yourbank.com" that you actually did open, on browser window 7, tab 19. That'd be totally understandable mistake, some percentage of the time, especially if you were tired, distracted, multitasking, or getting sauced enough to face a legacy refactoring project.

    Again, tab-related trickery is of no particular use against SSL and cert validation, so the clueful user could detect it that way(unless combined with some attack on SSL, the browser's implementation of it, or the integrity of a trusted certificate authority); but there is no particular reason to suspect that any but the most paranoid user would detect the tab-substitution attack itself.

  8. Sneaky... on Tabnapping Scams Around the Corner? · · Score: 3, Interesting

    Obviously, this won't subvert SSL certs or anything; but studies consistently demonstrate that users oscillate between "don't know" and "don't care" about those, so that isn't much comfort.

    And, since pages reloading themselves, or even forwarding to a different domain and URL entirely, after a delay is fairly common(if generally annoying) in a wide variety of legitimate applications, you can't really just break the ability to do that. Sure, you could add it as an advanced option somewhere, or get it largely for free with the right NoScript settings; but there is no way you can break it by default.

    You pretty much just fall back on the phishing filter, which is a lame, AV-esque "solution". This would seem to apply to all tabbed browsers, as well.

  9. Don't you understand? on Patents On Synthetic Life "Extremely Damaging" · · Score: 5, Funny

    Craig Venter's dream is to use the tools of science to create the world's first true patent troll. Not a mere shell corporation; but a living, breathing creature, equal parts mythological tusks and contemporary instinct for ruthless litigation. Natural habitat? The Texas rocket-dockets...

  10. Re:That's very nice of you Adobe on Adobe Founders On Flash and Internet Standards · · Score: 4, Interesting

    Have you taken a look recently at what is going over the wire when you play a "flash" video?

    In the substantial majority of cases, it'll be a tiny little .swf object, providing the controls, followed by a .flv or .mp4 video(with the latter becoming more common as time goes on), more often over http, sometimes over rtmp.

    Depending on the exact whim of the publisher, "flash video" is almost always a proprietary variant of h.263, VP6, or h.264.

    With the exception of the old-style vector-animated .swf stuff, there is no such thing as "flash video", just video codecs that Flash Player has decode support for. Pretty much all of which are proprietary, patent-encumbered, or both.

  11. Re:This depends on the site... on Adobe Founders On Flash and Internet Standards · · Score: 4, Insightful

    I'm honestly not sure, at this point, if they are just self-serving whiners or if they have been wrapped up in adobe so long that they've acquired a capacity for sincere delusion on par with the guy outside 7-11 who rants about the Second Coming...

    "Gosh, it sure is terrible that some sites only work properly in Firefox. And other demand IE. There are even a few that only work in Safari. Wouldn't it be better if every site just required Adobe Flash 10? Things would be so simple!"

  12. Re:What? on NASA's Phoenix Mars Lander Killed By Ice · · Score: 1

    I don't know offhand; but, looking at its phase diagram, it struck me that there is probably some lurking somewhere dark and cold in the very deep ocean, or possibly at a few PPM among the normal snow in the coldest terrestrial regions. I know of nowhere where it has ever been observed in any quantity, outside of manufactured environments.

  13. Re:What? on NASA's Phoenix Mars Lander Killed By Ice · · Score: 2, Informative

    Umm... Even on our rather aqueous planet, where the only CO2 ice is either synthetic or located in seriously inhospitable places, the term "dry ice" has been in common use for ages.

    On a substantially drier and colder planet, it seems even more appropriate...

  14. Re:Small publishers on Twitter To Block Third-Party Paid Tweets · · Score: 2, Interesting

    Well, marketers deserve neither pity nor mercy, nor acceptance in civilized company. However, that doesn't really change the (potentially invidious) little business cycle of our time:

    Thanks to network effects, the bigger the player the more valuable the property(architecturally, making your own Twitter, with blackjack, and hookers, and slightly more characters per message would be trivial. Getting anybody to care would be an uphill slog. Same goes for something like Facebook.) Thanks to the ever more nuanced access control, cryptographic restriction, and analytics schemes available, the incumbent is in an excellent position to extract rents. Rent-seeking is generally a bad thing for everyone who isn't the rentier.

    Now, I'm hard-pressed to shed a tear for the poor would-be twit-marketing millionaires who will be sucked dry by this; but the strong incentives to build structures from which rents can easily be extracted has its downsides. On the services side, outfits strive for lock-in; both in data portability issues, and in not integrating well with third parties, reducing effective customer choice. On the hardware side, we see the dangerous trend toward the manufacturer retaining cryptographic control over the device in perpetuity, and extracting fees for the privilege of doing various things(like selling software for the platform, or being able to play multiplayer games on your own hardware, with your own internet connection, that were once simply part of owning a computer).

    The marketers might be the first to bleed(and they will, given their professional specialization in noise-making, certainly be the loudest); but they will not be the last.

  15. This is our turf... on Twitter To Block Third-Party Paid Tweets · · Score: 4, Funny

    And here, the competition sleeps with the failwhale.

  16. Re:I've seen this before... on Copernicus Reburied As Hero · · Score: 1

    Are you implying the existence of a set of truths that are not facts, a set of facts that are not truths, or both, or something else entirely?

    If so, what would the contents of those sets look like?

  17. Re:WebOS gets a bad rap on HP Confirms Slate To Run WebOS · · Score: 2, Informative

    I believe that the numbers typically quoted come from Pinch Media, who is the fairly big player in 3rd party analytics on the various iDevices, and who attempts to collect numbers on jailbroken devices and pirated application installs, among numerous other variables.

  18. Re:Arrest! on Scientific R&D At Home? · · Score: 1

    Were it not for the risk of being struck repeatedly by Poe's law, a T-shirt with "Guns don't kill people, Science kills people" on the front, and Page 2 of the controlled glassware form on the back would be fairly entertaining...

  19. Re:Arrest! on Scientific R&D At Home? · · Score: 1

    Given that they do have a permit process for handguns, I'm guessing that constitutional concerns aren't responsible for there not being one for rifles or shotguns(though, I assume, they would prevent your being denied a handgun permit without suitably compelling cause).

  20. That depends, really... on Fragmentation vs. Obsolescence In the Android Ecosphere · · Score: 4, Insightful

    Arguably, there are two broad classes of users/applications for Android: the ones that need a cheap phone OS that sucks less than your average "dumbphone" or "featurephone" OS(both in terms of general usability, and in terms of the dev team's ease of getting things going) and the ones who want an "Android smartphone", and wish to run "Android applications" on it, and so forth.

    You would expect the former group to be heavily fragmented; but for that fragmentation not to matter very much. For any device where Android is simply being used as a cheaper or easier alternative to a dumbphone/featurephone OS, or even to some other embedded operating system(as with a cheap digital photoframe or GPS or something), the version, and most likely the applications, the device ships with will be the ones it dies with. Fragmentation will be inevitable; but also won't matter much(upgrades will generally not be expected, outside of a few tinkering geek who can roll their own, device developers will use the Android version of their choice when developing. No big deal.)

    The trickier case is the part of the market that directly competes with iPhones. Here, updates are generally expected, adding applications and having things work is a prerequisite for success, and fragmentation is a bad thing. Google's own blessed handsets seem to be avoiding this reasonably well(within the limits of hardware advance. The G1 is starting to show its age; but so is the gen-1 iPhone); but some of the tier-2 carrier stuff is looking a little more doubtful.

    Personally, I suspect that the critical thing will be whether or not expectations are correctly matched to devices. Having more or less fixed-spec "featurephones" being based on Android isn't bad for Android unless those phones are then sold to unwitting buyers as being equivalent to the high-end, frequently updated, fully app-compatible "Android Phones". If they are just sold as featurephones with decent browsers and mail clients, no harm, no foul. If they are (essentially dishonestly) sold as cheaper-but-equivalent alternatives to the properly updated Android devices, there will be a lot of unhappy customers stuck with outdated firmware.

  21. Re:Find an author on Do Build Environments Give Companies an End Run Around the GPL? · · Score: 4, Informative

    In the case of embedded devices, BusyBox license violations are generally the order of the day...

  22. Re:WebOS gets a bad rap on HP Confirms Slate To Run WebOS · · Score: 2, Insightful

    Given that the quoted percentage of iDevices that are actually jailbroken tends to float between 5 and 10 percent(depending on how recently there has been a not-yet-jailbroken update, and how desirable that update is) "so small as to not be measurable" seems implausible.

    More to the point, though, there has definitely been some high-profile bitching from various developers, some of them fairly notable. That is exactly the sort of thing that you can get away with if you are well positioned(What're you going to do about it, huh? Go write for Windows mobile?) but have to pay attention to if you aren't.

  23. Re:Meh... on HP Confirms Slate To Run WebOS · · Score: 1

    Given that the Wintel integrators have been cutting one another's throats on margins for years now(IBM fled the PC market entirely, HP makes most of its profit on consulting and overpriced ink, etc.) I find it hard to believe that the price of tablet PCs has been maintained merely by what the vendors want to charge. Unless there is something about tablets that makes them uniquely cartel friendly, they would have faced the same knife-fight-in-a-telephone-booth process that does the pricing elsewhere.

    I assume that being relatively low-volume items hasn't helped, nor has the fact that(until quite recently) low-power x86s either sucked pretty painfully (sorry, Transmeta and VIA...) or cost a king's ransom (remember what Pentium Ms used to cost, back when Intel was still pretending that the "Pentium 4m" was a mobile processor?). Engineering around a high-TDP processor is cake in a 15-17inch diagonal, 1.5-2inch thick laptop. It isn't in something you'd want to hold like a slate, so you need to shell out for one of the pricey ULVs, or suffer through a seriously gimped processor.

    With the rise of netbooks, getting x86 tablets in the 10-14inch range for the kind of money you want seems rather more plausible. Just not, apparently, from HP.

  24. Legally, no. Practically, yes. on Do Build Environments Give Companies an End Run Around the GPL? · · Score: 5, Interesting

    As others have pointed out, GPLs 2 and 3 both require the release of the build-prerequisites. If, as one of the unnamed companies claims, they used GPL code and proprietary build prerequisites that they cannot legally release, than their lawyer(s) fucked up big. Just because the GPL doesn't ask for money, and some of its friends have long hair, doesn't make it any less binding than whatever license governs their build environment. They've put themselves in the untenable situation of having two binding licenses that cannot both be satisfied(and losing redistribution rights for their firmware would probably hurt if they don't have the resources to re-do their build environment).

    However, in practice, to uphold a right, no matter how solidly enshrined in law, generally takes time and money(particularly in civil cases, where the state won't provide you even a shitty lawyer). As long as they aren't the most blatant, the SFLC and their ilk probably won't go after them(especially if their hardware is uncommon or obscure; from a strategic standpoint, the SFLC probably cares more about improvements to OSS software flowing back to the community, and buildability on common devices than they do about buildability on obscure stuff). You might have slightly better luck if you can identify the specific authors/copyright holders of all the GPL code used in the firmware. Particularly for the company that put itself in a license bind, any of the authors could decide to sue them, possibly for real money, if they so chose.

    For you personally, though, you are probably SOL. If you have to ask slashdot, you probably don't have the lawyers you need. About all you can do is make noise about the situation, naming names, ideally, and hope that somebody with firepower takes interest.

  25. Re:Arrest! on Scientific R&D At Home? · · Score: 1

    Oh, the "War on Drugs" has been an unmitigated disaster for freedom in the US across jurisdictions. I just find it ironic that an ostensibly "small government" state, which(among other things) does not require permits for rifles or shotguns, does require a permit for all sorts of basic laboratory glassware(not esoteric stuff here, you couldn't have made it through high-school chem without it), despite the fact that you can cook meth in kitchen glassware easily enough.