Slashdot Mirror


User: swillden

swillden's activity in the archive.

Stories
0
Comments
18,006
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 18,006

  1. Re:Inject adds in my pron? on Google Announces a Router: OnHub · · Score: 1

    How often do you check the entire signing chain of a certificate?

    Doesn't matter... because it only takes one person, somewhere, to notice it and raise a stink. And do you really think the press wouldn't be all over it?

  2. Re:OSX in 2013. on Windows Memory Manager To Introduce Compression · · Score: 2

    Some Android devices ship with zram enabled. It may not be easy for you to use, but it is usable.

  3. Re:Inject adds in my pron? on Google Announces a Router: OnHub · · Score: 2

    Easy. Google has a trusted CA. If they get between any connection, they can MITM it.

    Right, because no one would ever notice if Google's CA signed a certificate for amazon.com.

  4. Re:Oh hell no ... on Google Announces a Router: OnHub · · Score: 2

    Because you can bet your ass they're going to get a lot more visibility into everything you do, and use it for their own purpose.

    From https://support.google.com/onh...: "the Google On app and your OnHub do not track the websites you visit or collect the content of any traffic on your network".

  5. Re:Interesting, from someone other than Google. on Google Announces a Router: OnHub · · Score: 3, Interesting

    It's an interesting concept, but I don't think I want to turn my router over to a company like Google or Facebook that makes their money Hoovering up every last bit of data they can get about me.

    From https://support.google.com/onh...: "the Google On app and your OnHub do not track the websites you visit or collect the content of any traffic on your network".

    As an aside, I suspect this sort of issue is part of the reason for the Alphabet reorganization. Too often, assumptions that Google's only business model is driven by data collection interfere with the launch of products which do not do any data collection. Alphabet may provide more flexibility to move those products out of Google, Inc. when it's helpful.

  6. Re:Standing up for American workers on Trump Targets the Abuse of H-1B Visas · · Score: 1

    Please note, Warren Buffett is for higher income tax on the rich. Most billionaires don't have very large incomes and as such would not be hit very hard by it. Now when he starts screaming about capital gains being taxed higher, then I'll start listening to him.

    Start listening, then, because that's exactly what he has proposed. In addition, he also proposes a loophole-free minimum tax on high incomes, where "income" is from any source, including capital gains. The idea is similar to the Alternative Minimum Tax. If you make more than, say $1M (from any source, including long-term capital gains) then your minimum tax is 30% of your total income. You also calculate your taxes the normal way, and pay whichever number is higher.

  7. Re:Might as well ... on Google's Project Sunroof Tells You How Well Solar Would Work On Your Roof · · Score: 1

    What will affect your particular system are things like local shading, roof pitch and orientation

    This is the data that Project Sunroof attempts to estimate, based on Google Maps' 3D models of buildings, nearby trees, etc. Getting a local installer out to look at your house will (probably) give you a better estimate, but it's a lot more effort than going to a web site.

  8. Re:Strange limitations on Google's Project Sunroof Tells You How Well Solar Would Work On Your Roof · · Score: 3, Informative

    Annual insolation, even after considering weather, counts as a well-documented stat across the entire US. Why would they limit this to just a few key cities?

    Because this provides dramatically more detail than regional average insolation. It tells you how much insolation each portion of your roof receives, accounting for local geography, flora and other buildings. That takes some moderately-detailed 3D models and heavy number crunching. The 3D models come from Google's project to build 3D models of all population centers using low-flying aircraft with angled cameras, so Sunroof will only be available in regions where the models are available (zoom in in Google Maps in your area to see if it's already 3D-ifiied) and even then it will take time to crunch all the data.

  9. Re:Have they fixed non-secure FAT32 access yet? on Android M's Official Name Is Marshmallow · · Score: 1

    Broken in Kitkat, still broken in Lollipop. Not every Android device will live its whole life in sight of the cloud! Portable file system access is a must!

    Android has portable file system access but it is not the obsolete FAT32. Use UDF, it doesn't have the file or volume size limitations and it's supported by all major operating systems.

  10. Re:It's a union thing on Police Training Lacks Scientific Input · · Score: 1

    I always get concerned whenever a police captains/spokemen/union reps says something to the effect of "our first priority is going home safely at night". Police's first priority should always making sure members of the public go home safely at the end of the day.

    I don't think this is realistic. You really can't blame people for wanting to protect their own lives. People who choose to sacrifice themselves for others are lauded because what they've done is extraordinary, heroic, above and beyond what can reasonably be expected. You're saying that we should expect extraordinary heroism. That's not just unreasonable and unrealistic, it's unsustainable. Heroes die.

    What if you had a fireman who said, "I'm not going into that building. I could get killed."

    Firemen do that all the time. They also prioritize their safety.

    Or if you had a soldier who said, "I'm not going to fight at the front. I could get killed."

    That one we solve by saying "If you don't go fight at the front, we'll shoot you for disobeying a direct order." I suppose you could try the same with cops.

    They can't just shoot anybody who might be a danger (or might be an innocent person making a call on his cell phone).

    Of course not. There is a threshold. Where that line falls is the subject for valid debate. Expecting police to prioritize their own lives below those of others is not.

  11. Re:It's a union thing on Police Training Lacks Scientific Input · · Score: 3, Insightful

    I always get concerned whenever a police captains/spokemen/union reps says something to the effect of "our first priority is going home safely at night". Police's first priority should always making sure members of the public go home safely at the end of the day.

    I don't think this is realistic. You really can't blame people for wanting to protect their own lives. People who choose to sacrifice themselves for others are lauded because what they've done is extraordinary, heroic, above and beyond what can reasonably be expected. You're saying that we should expect extraordinary heroism. That's not just unreasonable and unrealistic, it's unsustainable. Heroes die. If you demand that police de-prioritize their own safety, they won't last long because their job does regularly place them in dangerous situations. I'm not making that fatuous old claim that being a police officer is an extraordinarily dangerous job -- but the only reason it isn't extraordinarily dangerous is because officers are allowed to put their own safety first.

    Stop being law enforcement officers. GO back to being peace officers.

    This I agree with, though in some cases that means not enforcing some of the laws -- which means the laws are wrong.

  12. Re:I'd like to see a comparison on Donald Trump Thinks Going To Mars Would Be "Wonderful" But There Is a Catch · · Score: 1

    The "illegals" are employed by someone in the USA. So we can solve that problem by punishing the companies that hire -- not the poor shmoe who just wanted to feed his/her family.

    Want to pretty much end illegal immigration overnight? Two changes to the law:

    First, require non-trivial jail time for anyone convicted of hiring a worker he knows or should have known is illegal. This will give employers motivation to avoid hiring illegals.

    Second, give permanent resident alien status (green card) to any undocumented worker who turns in his boss. This will make it virtually certain that anyone who hires illegals gets caught.

    Milder approaches would work, too, but the key is to do more than slap employers' hands and to avoid giving employees reasons to protect the employers.

  13. Re: Oracle's monopoly? on Oracle: Google Has "Destroyed" the Market For Java · · Score: 1

    Ok then, list a few examples of where it's fair-use to re-implement an API, and where it isn't.

    The thing about Fair Use is that there are a set of guidelines, but no hard and fast rules. Everything is a case by case, situational analysis. Further, since it just recently became the law that APIs are copyrightable, there isn't yet any body of legal opinions on what does and doesn't constitute Fair Use.

    Those facts mean that this is green field new law territory and, even worse, that it will never become thoroughly-settled law. The nature of Fair Use ensures that every single implementor of an API will end up in court unless the owner of that API gives them explicit permission to use it.

    My position is that this won't be as disruptive to the industry as people expect, because once it's known that implementing an API without explicit permission can land you in court, no one will implement APIs without explicit permission. If that had been known in the early days of Android, Java wouldn't have been used... except actually it would have because Sun was quite happy with Android's use of Java, and encouraged it. So Sun would have given Google a blanket license and we'd have no issue.

    So, that's what the copyrightability of APIs is going to mean to the industry: Everyone who has an API they want others to use and implement will give blanket licenses. Everyone who doesn't liberally license their APIs will find that no one uses them.

  14. Re:JAVA FTW on Oracle: Google Has "Destroyed" the Market For Java · · Score: 1

    On a decent OS, you get something better than a stack trace... you get a core dump. It takes more knowledge to use and work with, but it contains a great deal more information.

  15. Re:Physical books are better on Physical Books Successfully Coexisting With Ebooks · · Score: 1

    Also, getting a little wet doesn't ruin a paper book, but can brick an ereader.

    Two words: Ziploc baggie.

  16. Re:Physical books are better on Physical Books Successfully Coexisting With Ebooks · · Score: 3, Insightful

    When I want to read in the tub, ebooks fail.

    To be fair, if you drop your physical book in the tub, it won't fare much better than the eBook. Actually, the eBook would fare better in a sense since you would be able to view it from another device.

    Put the eBook reader in a big ziploc baggie. You can read in the tub without fear of damage. You can't do this with a dead tree book; too hard to turn the pages without opening the baggie.

  17. Re:That's stupid on Climatologists: By 2100, the Earth Will Have an Entirely Different Ocean · · Score: 4, Interesting

    Man's 3% of emissions seems to matter more than nature's 97%. Anyone who believes the climate change crap is not using their brain.

    When the 97% of nature is in balance, then the 3% of mankind's emissions will be enough to put it out of balance.

    It seems that someone doesn't understand how an equilibrium works. You can use your brain and still be wrong if you don't understand the problem in the first place.

    Moreover, the anthropogenic nature of the changes (or not) is irrelevant. Other than providing clues for how to counter the changes, the source of the changes doesn't matter. If we don't do something about them, it's gonna suck. It's also important that we realize that our options for "doing something" are not limited to merely trying to limit our contribution to change. We can also act to directly oppose or reverse the change.

  18. Re:Exodus is wrong on Stagefright Patch Incomplete and Zero Day in Android Google Admin App Found · · Score: 1

    Patches are sent to OEMs before they're merged to AOSP.

  19. The second one is easily exploitable, but requires that an app send a malicious URL to the admin app. In other words, for it to work, you need to either install a malicious app, or have another app on your device with its own vulnerability.

    You're talking about the Certifi-gate vulnerability. Another requirement for it to be exploitable is that your device has to have an exploitable remote admin tool installed by the OEM.

    The first one can be exploited by sending an SMS to a vulnerable device, according to this report [exodusintel.com]. The fundamental flaw here is running the MPEG decoder as a trusted user. Until that changes, there will likely be a steady stream of vulnerabilities.

    That is the stagefright vulnerability. It's exploitable on ICS and below. The patch being pushed to many OEM devices right now fixes it. Exodus is wrong about that because they're looking at only one of the patches applied. Jduck's original patch had a bug, which Google fixed. All of this is visible in AOSP.

  20. My question is, has there actually mean a successful exploit of the vulnerability? From the sounds of it address space layout randomisation, present since Android 4.0, would make it very hard if not impossible to execute an exploit. Just interested in what the real threat is and not the hyped up media version.

    The weak ASLR in ICS can be worked around, and jduck (finder of the bug) has demonstrated exploiting it. Exploiting it on Jelly Bean or later, which have much better ASLR, would require sending many, many malformed videos trying to randomly hit on an useful address. No one has had any success at that.

  21. Exodus is wrong on Stagefright Patch Incomplete and Zero Day in Android Google Admin App Found · · Score: 5, Informative

    Exodus is wrong.

    The flawed patch they mention in their post isn't the one being pushed to devices. What makes this funny is that the correct patch is in AOSP, for everyone to see. What Exodus posted is the patch that jduck suggested. And it's in AOSP here. But Google further updated it with this, which fixes the flaw Exodus noticed in jduck's fix.

    There are still some known ways to crash libstagefright, but they're assertion crashes. They crash safely, no possibility of exploitation.

  22. Their tool isn't a fuzzer, it's a run-time cast checker -- to find the real error.

  23. Re:It really does look like a calculator watch on Fossil CEO: Wearables Smothering Swiss Watch Business · · Score: 1

    I'm not sure what aesthetic they were going for, but they missed the mark. You can argue about features and such, but it is ugly.

    +1

    If you want a decent-looking smart watch, Android has much better offerings than iOS.

  24. 1) learn something that older people learned decades ago

    2) write document warning people, who ignored history..., of the dangers!!

    3) profit!

    They also built a tool to check potentially-dangerous casts. One we haven't had before.

  25. Re:Law of large numbers on The Fastest-Growing Tech State Is... Minnesota · · Score: 2

    Then you haven't met many.