Slashdot Mirror


User: tepples

tepples's activity in the archive.

Stories
0
Comments
68,260
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 68,260

  1. Re: Time-money tradeoff varies by country on World of Warcraft Gold Can Now Be Used To Buy Other Blizzard Games (arstechnica.com) · · Score: 1

    China has Internet (or at least a subset thereof) and low wages. It and the surrounding area used to be the stereotype for gold farming.

  2. Git Large File Storage on The Metropolitan Museum of Art Makes 375,000 Images Available For Free (fortune.com) · · Score: 2
  3. Re:If this is real on Nintendo's Engineers Have Embraced Unreal Engine (engadget.com) · · Score: 1

    Like Unity on the Wii U, you'll still probably need to be a licensed Nintendo dev

    Which isn't nearly as hard as it was back in the late 2000s when Robert Pelloni did the Bob's Game publicity stunt. In July 2016, Nintendo dramatically opened up developer registration. In particular, a small family business operating out of a home office is no longer banned so long it can come up with about 3000 USD for the devkit.

    So nowadays, the route to market for a startup developer of gamepad-oriented games is Itch, then Steam, then PlayStation or Nintendo.

  4. So it's more like PLEX in EVE on World of Warcraft Gold Can Now Be Used To Buy Other Blizzard Games (arstechnica.com) · · Score: 1

    The summary reminded me of an item in EVE Online called "pilot license extension" (PLEX), which represents one month of play time but can be traded for "interstellar kredits" (ISK), the in-game currency.

  5. Time-money tradeoff varies by country on World of Warcraft Gold Can Now Be Used To Buy Other Blizzard Games (arstechnica.com) · · Score: 1

    $15 might be 24 hours' pay in countries where wages are much lower than they are in the United States, Canada, Western Europe, Japan, and Republic of Korea.

  6. Custom services and characteristics on Chrome 56 Quietly Added Bluetooth Snitch API (theregister.co.uk) · · Score: 1

    From the page I linked:

    The lowest level concept in GATT transactions is the Characteristic, which encapsulates a single data point
    [...]
    each service distinguishes itself from other services by means of a unique numeric ID called a UUID, which can be either 16-bit (for officially adopted BLE Services) or 128-bit (for custom services).
    [...]
    you're free to use the standard characteristics defined by the Bluetooth SIG (which ensures interoperability across and BLE-enabled HW/SW) or define your own custom characteristics which only your peripheral and SW understands.

    I was referring to the maker of a GATT peripheral that chooses to create such "custom services" and "custom characteristics" for use only by that device and the proprietary native or web application that accompanies it.

    I just re-read the article on El Reg to see if it says anything about disallowing custom (128-bit) services. Turns out it links to Google's page about the Web Bluetooth API, which states that custom services and characteristics are allowed:

    If your Bluetooth GATT Service is not on the list of the standardized Bluetooth GATT services though, you may provide either the full Bluetooth UUID or a short 16- or 32-bit form.
    [...]
    If you use a custom Bluetooth GATT characteristic, you may provide either the full Bluetooth UUID or a short 16- or 32-bit form to service.getCharacteristic.

  7. Re:Would you prefer that it be exclusive to an OS? on Chrome 56 Quietly Added Bluetooth Snitch API (theregister.co.uk) · · Score: 1

    my complete suite of compatibility tools includes the ability to use whatever OS I need (well, among Windows/OSX/Linux)

    In other words, you bought a Mac and a Windows license to run in VirtualBox for said Mac. Did I guess correctly?

  8. Re:Everybody's complaining about concatenation on You Can Make Any Number Out of Four 4s Because Math Is Amazing (youtube.com) · · Score: 1

    y'all didn't watch the video [...] IF YOU CONTINUE WATCHING

    The problem is that it's a video in the first place. This means I can't skim it and then reread parts in detail. I can't Ctrl+F it. I can't see it at all it with w3m. And because sites use live streaming to discourage downloading a durable copy, I can't open it in a new tab while online and read it later while riding transit, during which I am offline.

  9. Re:Misunderstand the technology on Chrome 56 Quietly Added Bluetooth Snitch API (theregister.co.uk) · · Score: 1

    I'm specifically saying that the bluetooth devices will not be locked to a specific hardware, even without this js. That's all that matters.

    That's fine, so long as the services and characteristics sent by the device are publicly documented services, particularly those meeting a publicly documented profile. Otherwise, if neither the application's source code nor the services and characteristics provided by the device are published, each user of an operating system not supported by the device maker will have to reverse-engineer the proprietary services and characteristics provided by the device in order to write an application from scratch that interprets the characteristics that the device is sending.

  10. Re:Would you prefer that it be exclusive to an OS? on Chrome 56 Quietly Added Bluetooth Snitch API (theregister.co.uk) · · Score: 1

    Can your collection of compatibility tools run the contents of both a .dmg and a .msi?

  11. Re: As an app developer... on Dozens of Popular iOS Apps Vulnerable To Intercept of TLS-Protected Data (arstechnica.com) · · Score: 1

    Really well, your friends/family tell their client to trust your CA by installing the root certificate you provide and boom you are good to go.

    Good luck explaining how to download and install your home CA's root certificate to all visitors, particularly across six different operating systems (macOS, Windows 7, Windows 10, X11/Linux, iOS, Windows Phone/Windows 10 Mobile, Android) plus web browsers that have their own certificate stores instead of using that of the operating system (such as Firefox).

  12. Re: As an app developer... on Dozens of Popular iOS Apps Vulnerable To Intercept of TLS-Protected Data (arstechnica.com) · · Score: 1

    Trusting a self-signed certificate the first time you encounter it is no more dangerous than trusting a signature the first time you SSH into a device.

    Prudent users of a shell account verify the server's key fingerprint out of band, such as by inspecting it manually (if physical access is available) or on the hosting provider's control panel (which in turn is secured by a TLS certificate from a well-known CA). The same is possible for a TLS certificate from an internal CA, provided you control all devices that shall access the server. But visitors to your home are unlikely to take the same care.

  13. Initialisms with more than one meaning on Dozens of Popular iOS Apps Vulnerable To Intercept of TLS-Protected Data (arstechnica.com) · · Score: 1

    Android Debugging Bridge [...] Via ADB one can use a custom hosts file

    What's Apple Desktop Bus got to do with this?

    Nothing, which is why he spelled it out. What's next, a claim that the fellow's initials can only stand for Android Package?

  14. Re: As an app developer... on Dozens of Popular iOS Apps Vulnerable To Intercept of TLS-Protected Data (arstechnica.com) · · Score: 1

    Establish your own CA and issue internal certificate for devices that you don't expose to the Internet. Trust the CA internally.

    How well does that work for friends and family who bring their own devices to view documents, photos, and videos that you're sharing through a NAS on your home LAN?

  15. Incorrect spelling is for luddites on Dozens of Popular iOS Apps Vulnerable To Intercept of TLS-Protected Data (arstechnica.com) · · Score: 1

    Does this luddite need an appboard app to app his spelling?

  16. Because it'd be redundant. Windows Phone (excuse me, Windows 10 Mobile) is already trashed.

  17. I thought "a legit CA cert" could be issued only for a hostname within a purchased domain, not within an internal TLD such as .local or .internal or for an IP reserved for private use (10/8, 172.16/12, or 192.168/16). How do you test before you buy a domain for production?

  18. Only recently has DNSSEC moved on from 1024 bits on Dozens of Popular iOS Apps Vulnerable To Intercept of TLS-Protected Data (arstechnica.com) · · Score: 1

    I thought the security of DANE relied on that of DNSSEC, and the security of DNSSEC was limited by the 1024-bit RSA zone signing key on the root zone until October of last year. The deprecation of 1024-bit RSA is why, for example, web browser publishers haven't added support for DANE.

  19. Re: As an app developer... on Dozens of Popular iOS Apps Vulnerable To Intercept of TLS-Protected Data (arstechnica.com) · · Score: 1

    connecting to user-owned devices with self signed certs

    Now that Let's Encrypt exists, why are "user-owned devices" even using "self signed certs" anyway, as opposed to buying a domain and using an ACME client to obtain a certificate that's trusted by default? Though the Certbot client requires a device to run a web server reachable from the Internet because it uses the HTTP challenge, the Dehydrated client also supports the DNS challenge, which requires only the domain's DNS server to be reachable.

    The only case I can see where LE wouldn't work is Sandstorm, which requires a wildcard certificate because it uses a different subdomain for each user session. Using LE with Sandstorm would hit LE's rate limit very quickly.

  20. Re:Misunderstand the technology on Chrome 56 Quietly Added Bluetooth Snitch API (theregister.co.uk) · · Score: 1

    Good luck building a program that uses a Cocoa GUI on or for anything other than a Mac.

  21. Re:Would you prefer that it be exclusive to an OS? on Chrome 56 Quietly Added Bluetooth Snitch API (theregister.co.uk) · · Score: 1

    Once you download a program, how do you go about porting it to the operating system that your PC or smartphone uses so that you can run it?

  22. Re:Compiled a Windows app for your Mac lately? on Chrome 56 Quietly Added Bluetooth Snitch API (theregister.co.uk) · · Score: 1

    I have heard of porting. It requires either A. the application's publisher to be willing to do so, or B. the application to be free software and the user to have the resources and skills to do so, including a corporation or LLC to qualify for an EV code signing certificate in the case of something whose Windows port would need a driver.

  23. Re:There is no debate on Overwatch Director Speaks Out Against Console Mouse/keyboard Adapters (arstechnica.com) · · Score: 1

    PlayStation 2, 3, and 4 all have at least one game that supports the standard USB mouse and keyboard HID classes.

  24. In theory, a controller lets more than one team member play on the same machine, as opposed to having to buy a separate license for each player.

  25. Re:Eval is a Beginners' Trap and a Huge Security H on Developer Argues For 'Forgotten Code Constructs' Like GOTO and Eval (techbeacon.com) · · Score: 1

    It is rarely "the right thing," typically because it is super inefficient.

    In compiling implementations of programming languages, it's anything but inefficient.

    More and more platforms have begun to establish Data Execution Prevention (W^X) policies that give third-party applications no way to flip a page from writable to executable. These include iOS, Windows Runtime, and current-generation game consoles and gaming handhelds. Thus all compilation to native code must be either done ahead of time before packaging or done by an operating system component, such as WebKit JavaScript in iOS.