xonen - Slashdot User

Submission + - Software error caused Soyuz/Galileo failure 3

Submitted by schwit1 on Thursday August 28, 2014 @02:09PM

schwit1 writes: A report today in Russia says that the investigation into the Soyuz launch failure last week that while the Russian Fregat upper stage fired correctly in attempting to place the two Galileo GPS satellites into orbit, its software was programmed for the wrong orbit.

Submission + - C++14 Is Set In Stone

Submitted by jones_supa on Tuesday August 19, 2014 @09:17AM

jones_supa writes: Apart from minor editorial tweaks, the ISO C++14 standard can be considered completed. Implementations are already shipping by major suppliers. C++14 is mostly an incremental update over C++11 with some new features like function return type deduction, variable templates, binary literals, generic lambdas, and so on. The official C++14 specification release will arrive later in the year, but for now Wikipedia serves as a good overview of the feature set.

Comment Re:Huh? (Score 0) 406

by xonen on Thursday August 07, 2014 @04:11AM (#47620827) Attached to: Idiot Leaves Driver's Seat In Self-Driving Infiniti, On the Highway

You are missing the facts that:

* Trees are a wind barrier, making it easier and safer to drive in windy weather

* Trees block sunlight especially when the sun is low, making driving a lot more safer

* Trees reduce noise from the vehicles so people living nearby the road perceive less hinder

There are many good reasons to have trees near the roads. Also, falling leaves is a seasonal effect and falling branches/trees only happens during stormy weather (assuming the trees are well maintained).

Of course situations may differ from place to place, but there are good reasons for the trees to be there and they may actually make the roads safer for the driver. Added bonus for pedestrians and bicylists if they are on a lane seperated by trees from the cars.

The only real exception i can think of when trees block sight on crossroads. But to solve that you certainly not have to remove all trees. [And playing advocate of the devil: some people say this actually makes the crossroad safer as people really have to stop and look carefully]

Comment Real time clock (Score 1) 47

by xonen on Wednesday July 30, 2014 @03:07PM (#47568671) Attached to: Raspberry Pi-Compatible Development Board Released

The board integrates a real time clock. This makes it ideal in remote, disconnected or power-safe configurations. From a wild-life camera to an embedded dishwasher controller. Being compatible, low-cost, running Linux and 'just works an community supported' is a big plus. I'd say, bring more of those clones.

Submission + - Book review: Introduction to Cyber-Warfare: A Multidisciplinary Approach

Submitted by benrothke on Monday July 28, 2014 @12:01AM

benrothke writes: Introduction to Cyber-Warfare: A Multidisciplinary Approach

Author: Paulo Shakarian, Jana Shakarian and Andrew Ruef

Pages: 336

Publisher: Syngress

Rating: 9/10

Reviewer: Ben Rothke

ISBN: 978-0124078147

Summary: Outstanding overview and guide to cyberwarfare

Cyberwarfare is a controversial topic. At the 2014 Infosec World Conference, Marcus Ranum gave a talk on Cyberwar: Putting Civilian Infrastructure on the Front Lines, Again.

Whether it was the topic or just Marcus being Marcus, about a third of the participants left within the first 15 minutes. They should have stayed, as Ranum, agree with him or not, provided some riveting insights on the topic.

While a somewhat broad term, in Wikipedia, cyberwarfare (often called information warfare)is definedas politically motivated hacking to conduct sabotage and espionage. It is a form of information warfare sometimes seen as analogous to conventional warfare.

The authors define cyber war as an extension of policy by actions taken in cyber space by state or nonstate actors that either constitute a serious threat to a nation's security or are conducted in response to a perceived threat against a nation's security.

As to a book on the topic, for most readers, cyberwarfare is something that they may be victims of, but will rarely be an actively part of.

In Introduction to Cyber-Warfare: A Multidisciplinary Approach, authors Paulo Shakarian, Jana Shakarian and Andrew Ruef provide an excellent overview of the topic. The book takes a holistic, or as they call it multidisciplinary, approach to the topic. It looks at the information security aspect of cyberwarfare, as well the military, sociological and other aspects of the topic.

The book is divided into 3 parts and 13 densely packed and extremely well-researched and footnoted chapters, namely:

Part I: Cyber Attack

Chapter 2: Political Cyber Attack Comes of Age in 2007

Chapter 3: How Cyber Attacks Augmented Russian Military Operations

Chapter 4: When Who Tells the Best Story Wins: Cyber and Information Operations in the Middle East

Chapter 5: Limiting Free Speech on the Internet: Cyber Attack Against Internal Dissidents in Iran and Russia

Chapter 6: Cyber Attacks by Nonstate Hacking Groups: The Case of Anonymous and Its Affiliates

Part II: Cyber Espionage and Exploitation

Chapter 7: Enter the Dragon: Why Cyber Espionage Against Militaries, Dissidents, and Nondefense Corporations Is a Key

Component of Chinese Cyber Strategy

Chapter 8: Duqu, Flame, Gauss, the Next Generation of Cyber Exploitation

Chapter 9: Losing Trust in Your Friends: Social Network Exploitation

Chapter 10: How Iraqi Insurgents Watched U.S. Predator Video—Information Theft on the Tactical Battlefield

Part III: Cyber Operations for Infrastructure Attack

Chapter 11: Cyber Warfare Against Industry

Chapter 12: Can Cyber Warfare Leave a Nation in the Dark? Cyber Attacks Against Electrical Infrastructure

Chapter 13: Attacking Iranian Nuclear Facilities: Stuxnet

The book provides numerous case studies of the largest cyberwarfare events to date. Issues around China and their use of cyberwarfare constitute a part of the book. Chapter 7 details the Chinese cyber strategy and shows how the Chinese cyber doctrine and mindset is radically different from that of those in the west.

The book compares the board games of chess (a Western game) and Go (a Chinese game) and how the outcomes and strategies of the games are manifest in each doctrine.

The chapter also shows how the Chinese government outlawed hacking, while at the same time the military identified the best and most talented hackers in China, and integrated them into Chinese security firms, consulting organizations, academia and the military.

One of the more fascinating case studies details the cyber war against the corporate world from China. The book provides a number of examples and details the methodologies they used, in addition to providing evidence of how the Chinese were involved.

For an adversary, one of the means of getting information is via social networks. This is often used in parallel by those launching some sort of cyberwarfare attack. LinkedIn is one of the favorite tools for such an effort. The authors write of the dangers of transitive trust; where user A trusts user B, and user B trusts user C. Via a transitive trust, user A will then trust user C based simply on the fact that user B does. This was most manifest in the Robin Sageexercise.

This was where Thomas Ryan created a fictitious information security professional names Robin Sage. He used her fake identity and profile to make friends with others in the information security world, both commercial, federal and military and he was able to fool even seasoned security professionals. Joan Goodchild wrote a good overview of the experiment here.

In chapter 10, the book details how Iraqi insurgents viewed Predator drones video feeds. Woody Allen said that eighty percent of success is just showing up. In this case, all the insurgents had to do was download the feed, as it was being transmitted unencrypted. Very little cyberwarfare required.

When the drone was being designed, the designers used security by obscurity in their decision not to encrypt the video feed. They felt that since the Predator video feeds were being transmitted on frequencies that were not publically known, no access control, encryption or other security mechanisms would be needed.

The downside is that once the precise frequency was determined by the insurgency, in the case of the Predator drone, the Ku-band, the use of the SkyGrabber satellite internet downloader made it possible for them to effortless view the video feeds.

The only negative about the book is a minor one. It has over 100 pictures and illustrations. Each one states: for the color version of this figure, the reader is referred to the online version of the book. Having that after every picture is a bit annoying. Also, the book never says where you can find the online version of the book.

How good is this book? In his review of it, Krypt3ia said it best when he wrote: I would love to start a kickstarter and get this book into the hands of each and every moron in Congress and the House. The reality is that this book should indeed be read by everyone in Washington, as they are making decisions on the topic, without truly understanding it.

For most readers, this will be the book that tells them everyone they need to know that their congressman should know. Most people will never be involved with any sort of warfare, and most corporate information security professional will not get involved with cyberwarfare. Nonetheless, Introduction to Cyber-Warfare: A Multidisciplinary Approachis a fascinating read about a most important subject.

Reviewed by Ben Rothke

Submission + - "Canvas Fingerprinting" Online Tracking Difficult To Block (propublica.org)

Submitted by globaljustin on Monday July 21, 2014 @08:43PM

globaljustin writes: First documented in a forthcoming paper by researchers at Princeton University and KU Leuven University in Belgium, this type of tracking, called canvas fingerprinting, works by instructing the visitor’s Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user’s device a number that uniquely identifies it.

[The] fingerprints are unusually hard to block: They can’t be prevented by using standard Web browser privacy settings or using anti-tracking tools such as AdBlock Plus.

The researchers found canvas fingerprinting computer code, primarily written by a company called AddThis, on 5 percent of the top 100,000 websites.

Submission + - WebODF: An ODF text editor in pure client-side JavaScript (themukt.com)

Submitted by oever on Wednesday July 02, 2014 @06:59AM

oever writes: TheMukt chides Google for not supporting OpenDocument Format well and claims that the newly released WebODF 0.5.0 in combination with ownCloud is the answer to this deficiency.

A WebODF developer blog highlights all the goodies in the first WebODF release where the text editor is considered stable and made available as an easy to use component. These include extensive benchmarking, unit testing, and advanced HTML5 techniques to give the editor a native feel.

Submission + - KDE's Krita gets 100% funding through Kickstarter (themukt.com)

Submitted by sfcrazy on Tuesday July 01, 2014 @05:54PM

sfcrazy writes: It's an interesting day for the KDE community. At one hand they announced the death of two projects — Vivaldi tablet and Improv board, on the other hand Krita (a KDE software) has reached its goal of raising Euro 15,00 on Kickstrater, which means they can now hire the developer, designer they needed to further improve the image editing software. The campaign is not over yet and there are eight more days left so the project will continue to get more money.

Submission + - Experimenting With Motivational Passwords

Submitted by jones_supa on Tuesday July 01, 2014 @09:03AM

jones_supa writes: At Mauricio Estrella's workplace, the Microsoft Exchange server is configured to ask thousands of employees around the planet to change their passwords every 30 days. Mauricio often approached the situation with an angry grandpa voice in his head: "The damn password has expired." This input field with a pulsating cursor, waiting for him to type a password that he will have to re-enter for the next 30 days. Many times during the day. Then a lightbulb went on inside his head: "I'm gonna use a password to change my life." His passwords became little motivational snippets, every one being a condensed phrase for a goal or dream. He set his first motivational password to be Save4trip@thailand. Guess where he went 3 months later. Mauricio kept doing this and found the method to work surprisingly consistently for various goals, which he lists in his blog post. To summarize, this might be one way to make your passwords a bit more fun and to remind about good habits. Just for added security he recommends scrambling the passwords a bit more than in his examples.

Submission + - The Next Big Thing in FOSS, according to the author of Linux Cookbook (linux.com)

Submitted by trogdoro on Friday June 27, 2014 @02:11PM

trogdoro writes: Command-line lovers, allow me to introduce you to Xiki, the incredibly interactive, flexible, and revolutionary command shell. I do not use the word "revolutionary" lightly. The command shell has not advanced all that much since the ancient days of Unix. Xiki is a giant leap forward. If you're looking for the Next Big Thing in FOSS, Xiki is it.

Submission + - Exploiting Wildcards On Linux

Submitted by Anonymous Coward on Friday June 27, 2014 @08:11AM

An anonymous reader writes: DefenseCode researcher Leon Juranic found security issues related to using wildcards in Unix commands. The topic has been talked about in the past on the Full Disclosure mailing list, where some people saw this more as a feature than as a bug. There are clearly a number of potential security issues surrounding this, so Mr. Juranic provided five actual exploitation examples that stress out the risks accompanying practice of using the * wildcard with Linux/Unix commands. The issue can be manifested by using specific options in chown, tar, rsync etc. By using specially crafted filenames, an attacker can inject arbitrary arguments to shell commands run by other users — root as well.

Submission + - Visualizing Algorithms (ocks.org)

Submitted by Anonymous Coward on Friday June 27, 2014 @08:04AM

An anonymous reader writes: Many people reading this site probably have a functional understanding of how algorithms work. But whether you know algorithms down to highly mathematical abstractions or simple as a fuzzy series of steps that transform input into output, it can be helpful to visualize what's going on under the hood. That's what Mike Bostock has done in a new article. He walks through algorithms for sampling, shuffling, and maze generation, using beautiful and fascinating visualizations to show how each algorithm works and how it differs from other options. He says, "I find watching algorithms endlessly fascinating, even mesmerizing. Particularly so when randomness is involved. ... Being able to see what your code is doing can boost productivity. Visualization does not supplant the need for tests, but tests are useful primarily for detecting failure and not explaining it. Visualization can also discover unexpected behavior in your implementation, even when the output looks correct. ...Even if you just want to learn for yourself, visualization can be a great way to gain deep understanding. Teaching is one of the most effective ways of learning, and implementing a visualization is like teaching yourself.

Submission + - Sharp introduces free-form LCD screens (autoweek.com)

Submitted by BobandMax on Friday June 20, 2014 @10:30AM

BobandMax writes: Sharp has integrate the gate driver into individual pixels, reducing bezel size and freeing designers from shape constraints. This bodes well for folks who dislike rectangular screens in their cars.

Submission + - Grace Hopper, UNIVAC, and the First Programming Language

Submitted by M-Saunders on Friday May 16, 2014 @10:58AM

M-Saunders writes: It weighed 13 tons, had 5,200 vacuum tubes, and took up a whole garage, but the UNIVAC I was an incredible machine for its time. Memory was provided by tanks of liquid mercury, while the clock speed was a whopping 2.25 MHz. The UNIVAC I was one of the first commercial general-purpose computers produced, with 46 shipped, and Linux Voice has taken an in-depth look at it. Learn its fascinating instruction set, and also check out FLOW-MATIC, the first English-language data processing language created by American computing pioneer Grace Hopper.

Submission + - Supermassive Black Hole At The Centre Of Galaxy May Be Wormhole In Disguise (medium.com)

Submitted by KentuckyFC on Wednesday May 14, 2014 @05:13AM

KentuckyFC writes: There is growing evidence that the centre of the Milky Way contains a mysterious object some 4 million times more massive than the Sun. Many astronomers believe that this object, called Sagittarius A*, is a supermassive black hole that was crucial in the galaxy's birth and formation. The thinking is that about 100 million years after the Big Bang, this supermassive object attracted the gas and dust that eventually became the Milky Way. But there is a problem with this theory--100 million years is not long enough for a black hole to grow so big. The alternative explanation is that Sagittarius A* is a wormhole that connects the Milky Way to another region of the universe or even a another multiverse. Cosmologists have long known that wormholes could have formed in the instants after the Big Bang and that these objects would have been preserved during inflation to appear today as supermassive objects hidden behind an event horizon, like black holes. It's easy to imagine that it would be impossible to tell these objects apart. But astronomers have now worked out that wormholes are smaller than black holes and so bend light from an object orbiting close to them, such as a plasma cloud, in a unique way that reveals their presence. They've even simulated what such a wormhole will look like. No telescope is yet capable of resolving images like these but that is set to change too. An infrared instrument called GRAVITY is currently being prepared for the Very Large Telescope Interferometer in Chile and should be in a position to spot the signature of a wormhole, if it is there, in the next few years.

Slashdot Top Deals