Hanji - Slashdot User

Submission + - Analysis of a hardware backdoor (ksplice.com)

Submitted by Anonymous Coward on Wednesday October 27, 2010 @04:41PM

An anonymous reader writes: Remember Reflections on Trusting Trust? We know we can't trust our compilers, or our operating systems, or our userspace software. Now even our hardware might be out to get us. This post describes how to install a backdoor in the "expansion ROM" of a PCI card, which patches the BIOS to patch GRUB to patch the Linux kernel to give the controller remote root access. The upshot is that even if the compromise is detected and the victim reinstalls the operating from CD, the backdoor will still be there. Now you know why the NSA builds all its own hardware!

Submission + - Linux kernel exploit aggressively rooting machines (seclists.org)

Submitted by Anonymous Coward on Sunday September 19, 2010 @09:53PM

An anonymous reader writes: Running 64-bit Linux? Haven't updated yet? You're probably being rooted as I type this. CVE-2010-3081, this week's second high-profile local root exploit in the Linux kernel, is compromising machines left and right. Almost all 64-bit machines are affected, and "Ac1db1tch3z" (classy) published code to let any local user get a root shell. Ac1db1tch3z's exploit is more malicious than usual because it leaves a backdoor behind for itself to exploit later even if the hole is patched. Luckily, there's a tool you can run to see if you've already been exploited, courtesy of security company Ksplice, which beat most of the Linux vendors with a "rebootless" version of the patch.

Submission + - Is Twitter screwing over open-source developers?

Submitted by on Tuesday September 14, 2010 @11:39AM

An anonymous reader writes: A developer of a small open-source Twitter client has posted a vicious critique of Twitter's new OAuth authentication scheme, alleging that they are making life difficult for small and open-source developers, while applying double standards to themselves and their large corporate partners. He even describes a back-door in Twitter's API that allows Twitter's own applications to bypass the requirements Twitter places on other developers. Have other open-source Twitter developers had similar problems, or is he just venting because he doesn't want to follow Twitter's rules?

No More Need To Reboot Fedora w/ Ksplice 262

Posted by CmdrTaco on Tuesday August 31, 2010 @04:10PM from the stacking-your-nines dept.

An anonymous reader writes "Ksplice, the technology that allows Linux kernel updates without a reboot, is now free for users of the Fedora distribution. Using Ksplice is like 'replacing your car's engine while speeding down the highway,' and it can potentially save your Linux systems from a lot of downtime. Since Fedora users often live on the bleeding edge of Linux development, Ksplice makes it even easier to do so, and without reboots!"

Submission + - Writing filesystems now as easy as Web apps (reddit.com)

Submitted by Anonymous Coward on Thursday July 08, 2010 @02:45PM

An anonymous reader writes: Remember the old days of writing Web apps, when you had to parse the CGI arguments separately, do all the safety checks yourself and implement everything manually? Neither do I, but it looks like all the cool stuff from Web apps is making its way to writing filesystems. This guy shows how to writing an entire Linux filesystem in 50 lines of Python using "dispatch" techniques totally stolen from Ruby on Rails. Are we ready to give up the Web and go back to just using the filesystem for everything, the way Unix intended?

Submission + - Let's Play Security Vulnerability Bingo! (ksplice.com)

Submitted by Anonymous Coward on Thursday July 01, 2010 @01:19PM

An anonymous reader writes: Ben Bitdiddle of MIT fame sends an open letter to system administrators encouraging them to stop patching their systems so they can play "Security Vulnerability Bingo".

Submission + - Blogger shows that cosmic rays are a real problem

Submitted by Hanji on Thursday June 24, 2010 @03:14PM

Hanji writes: We have discussed the potential effects of and protections against cosmic ray radiation here before, but for the average computer user, it's an obscure threat that doesn't affect them in any real way. Well here's a blog post that describes a strange segfault and, after extensive debugging, traces it down to a single bit flip, probably caused by a stray a cosmic ray. Lots of helpful descriptions of Linux debugging techniques in this one, and a pretty clear demonstration that this can be a real problem. I know I'm never buying a desktop without ECC RAM ever again!

Submission + - Query Planners and Baseball (ksplice.com) 1

Submitted by Anonymous Coward on Thursday June 10, 2010 @03:05PM

An anonymous reader writes: A baseball-noob computer nerd discovers baseball1.com and uses the data to illustrate the decisions a database's query planner makes. Finally, someone explains to me what the hell a bitmap heap scan is.

Submission + - Kernel prog shows how to exploit NULL pointers (ksplice.com)

Submitted by Anonymous Coward on Tuesday April 13, 2010 @02:10PM

An anonymous reader writes: Ever wondered what was so bad about NULL pointer exceptions? An MIT Linux kernel programmer explains how to turn any NULL pointer into a root exploit on Linux. (There was also a previous installment about virtual memory and how to make NULL pointers benign.)

Submission + - International Longest Tweet Contest seeks entries (ksplice.com)

Submitted by Anonymous Coward on Thursday March 25, 2010 @02:25PM

An anonymous reader writes: The 1st International Longest Tweet Contest is open for submissions until April 12. It looks to be a take-off of the famous Obfuscated C Contest. So far the record is 4.2 kilobits encoded per tweet, based on exploiting the fact that Twitter actually passes the full 31 bits of ISO 10646 (the international standard that Unicode is based on), not the roughly 20.08 bits/character of Unicode itself.

Simpler "Hello World" Demonstrated In C 582

Posted by kdawson on Tuesday March 16, 2010 @10:03PM from the non-obfuscated dept.

An anonymous reader writes "Wondering where all that bloat comes from, causing even the classic 'Hello world' to weigh in at 11 KB? An MIT programmer decided to make a Linux C program so simple, she could explain every byte of the assembly. She found that gcc was including libc even when you don't ask for it. The blog shows how to compile a much simpler 'Hello world,' using no libraries at all. This takes me back to the days of programming bare-metal on DOS!"

Submission + - Simpler "Hello World" demonstrated in C (ksplice.com)

Submitted by Anonymous Coward on Tuesday March 16, 2010 @03:12PM

An anonymous reader writes: Wondering where all that bloat comes from so even the classic "Hello world" now takes 11k? An MIT programmer decided to make a Linux C program so simple, she could explain every byte of the assembly. She found gcc was including libc even when you don't ask for it, and shows how to compile a much simpler "Hello world" — using no libraries at all. This takes me back to the days of programming bare-metal on DOS!

Submission + - "Mythical Man-Month" supposedly busted by MIT firm (ksplice.com) 2

Submitted by Anonymous Coward on Wednesday March 10, 2010 @03:08PM

An anonymous reader writes: We all know about the Mythical Man-Month, the argument that adding more programmers to a software project just makes it later and later. A Linux startup out of MIT claims to have busted the myth of the myth, using an MIT holiday month to hire 20 college student interns to get all their work done in a month and quadrupling its productivity. This picture shows the interns jammed in like sardines to a tiny room. We've written about them previously, but is this really who you want working on your kernel?

The Guardian Shifts To Twitter After 188 Years of Ink 211

Posted by Soulskill on Wednesday April 01, 2009 @10:53AM from the save-the-trees dept.

teflon_king writes with news that renowned British newspaper The Guardian will be abandoning its paper-and-ink distribution scheme and publishing all articles and news as Tweets. Quoting: "A mammoth project is also under way to rewrite the whole of the newspaper's archive, stretching back to 1821, in the form of tweets. Major stories already completed include '1832 Reform Act gives voting rights to one in five adult males yay!!!;' 'OMG Hitler invades Poland, allies declare war see tinyurl.com/b5x6e for more;' and 'JFK assassin8d @ Dallas, def. heard second gunshot from grassy knoll WTF?' Sceptics have expressed concerns that 140 characters may be insufficient to capture the full breadth of meaningful human activity, but social media experts say the spread of Twitter encourages brevity, and that it ought to be possible to convey the gist of any message in a tweet. For example, Martin Luther King's legendary 1963 speech on the steps of the Lincoln memorial appears in the Guardian's Twitterised archive as 'I have a dream that my four little children will one day live in a nation where they will not be judged by the colour of their skin but by,' eliminating the waffle and bluster of the original."

Submission + - MIT hacks XKCD talk with AACS key

Submitted by Hanji on Tuesday May 15, 2007 @03:48PM

Hanji writes: During a talk by popular webcomic author XKCD author Randall Munroe, MIT hackers dropped hundreds of labelled playpen balls onto the audience from hatches in the ceiling. The labels bore XKCD's logo as well as the recently discovered 16-byte AACS processing key.

Slashdot Top Deals