Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment Re:Roll-back as in play-back? (Score 1) 57

Like, they record how the ATM communicates the authentication portion of the transaction, and replay that same communication with the ATM until its stored cash has all been dispensed and it's now empty?

Had this fantasy in the 1980s when I noticed the student union ATM had what looked like an exposed Cat-3 phone cable sticking out of it. I naively thought "what if it's a modem, and you tapped the line, reverse engineered a withdrawal transaction, and then replayed the withdrawal ACK endlessly until you sucked all the money out."

As it happened, 20-odd years later, I ended up at dinner with the guy that ran that ATM network at the time. One, he said that was most likely a leased line, not a dialup, making the interception of the more complicated than an analog modem. Two, he said there was anti-replay and encryption built into the system even then.

His advice was to just steal the entire ATM.

Comment Re:static linking on windows (Score 1) 106

It does leave you permanently vulnerable to any flaws in the particular version of the library you linked against, or such is my understanding.

The assumption being that anyone (for most definitions of anyone) knows what DLLs their application loads and what the status of their patch levels are.

I still static link though because whenever I upload something (using a video filtering plugin) at least one person won't have the right runtime installed at all.

Which IMHO is the main mitigating factor -- what's the actual security risk versus the functional risk of the wrong library breaking the program?

I don't know if its technically possible, but it would be interesting to use a computer where everything was statically linked to see how much worse resource usage really was.

Comment There's the economics, too (Score 1) 153

Then there's the value economics, too.

Endurance testing have revealed modern SSDs to be remarkably reliable -- this guy wrote 7 PB to an 850 Pro.

But let's say the failure rate is N% higher than HDDs for a given application. But the drive itself is much faster and uses less power than a HDD. What number N is acceptable as an increased failure rate in exchange for the vastly improved performance?

In an array, the performance increase may allow the use of single parity over double parity due to the increase in rebuild times and reduced stress on the other members, resulting in better overall storage efficiency through reduced redundancy. Then there's power savings, too, if you're spinning and cooling a large number of HDDs.

My wild guess is that drives like the 850 Pro already have a dollar cost and failure rate low enough that the performance improvement is so great over HDDs that for most applications it's already superior to HDDs. The only places it may not be are weird corner cases requiring extreme storage densities at very low costs.

Comment Re:Whatever happened to the micropayment idea? (Score 1) 302

Computationally, the overhead is kind of trivial.

If you're relying on the traditional credit card payment network then the cost overhead is high along with all the attendant accept credit card payment overhead.

But if you had a centralized micropayment service, the overhead gets down to a much lower level.

In an ideal world, such a service would be run as a non-profit (whatever skim would just go to running the service). Users would add funds to their micropayment account via normal methods to consolidate the usual banking transaction costs. The micropayment system could have some built-in checks, ie, users could set a maximum micropayment per site, or per time period, etc.

All of this sounds suspiciously like a clone of paypal with some added features for a micropayment system.

I think the bigger issue is establishing pricing and its attendant value. What's an article or web site visit *worth*? How much are you willing to spend per month and what kinds of quality expectations do you have over free, and how much quality can a site expect to deliver for some kind of micropayment? Is it just ad-free content, or is there some expectation of more quality by consumers to make it even worth 10 cents per site visit?

Comment Re:No such thing (Score 2) 302

There seems to be some outer limit to this, at least at more legitimate sites because I see a lot of fake articles labeled as "sponsored content". Maybe I'm dreaming this, but didn't the commerce department make some noise about needing to label sponsored content as sponsored content? Or is this something that more legitimate news sites are doing to not totally alienate their readers?

Comment Whatever happened to the micropayment idea? (Score 1) 302

Why didn't this concept take off?

Did it just get co-opted by Google making it relatively easy to collect micropayments for your site with mostly non-intrusive advertising?

Lack of a centralized micropayment infrastructure and some method of subscribing and collecting payments that couldn't be trivially gamed? Lack of any agreeable billing model -- ie, unlimited use subscription vs. per visit/content, inability to calculate pricing model due to volatile perception of value?

Perhaps a general user objection on sites dominated by user-created content (eg, forums) where, in theory, adding content adds value to the site?

It seems like a reasonable idea, especially if it can be combine a lack of advertising with financial support.

Comment Re:No such thing (Score 4, Interesting) 302

Maybe a generation change will fix this.

I worked at an ad agency at the dawn of the commercial Internet. The people on the advertising side of the business had all kinds of problems adapting.

The print people wanted it to be another print medium and were frustrated by their lack of layout control and font selection. Their tool was giant images with click regions because they could basically export an Illustrator file as a graphic, so you'd end up with sites that were just a giant collection of images with click regions that led you to more images with more click regions.

The TV people treated it like another TV set, at first with just inserted videos, next with semi-interactive Flash animations that still had all the intelligence of a one-way TV commercial.

Perhaps in the not-too-distant future the people who didn't grow up on standard, commercial television or tweaking print layouts down to the pixel AND who came of age frustrated by overlays, popups, interstitials and understand ad blocking will become ascendant and stop imposing old thinking on the web.

Comment Re:"people are more connected today", really? (Score 1) 88

Maybe "connectedness" contributes to the partisanship.

The most stable societies often seem to be the ones with the least diversity. It seems like the fewer the internal differences among the population, the fewer reasons to be partisan -- the other guy looks like you, speaks like you, prays the same, eats the same, lives the same.

Connectedness makes people aware of differences -- the other guy looks different, talks different, prays different, eats different, lives different.

Something about humans makes the other a competitor or an enemy.

Comment Does it affect functionality at all? (Score 1) 553

In true Slashdot fashion, I didn't read TFA just the TFS. Assuming that the source is capable (ie, did everything practical to disable telemetry, including any weakly published registry settings, etc) and is accurately counting firewall hits (how many of these are one telemetry source retrying relentlessly?) and not attempting to be an anti-MS shill, this really sucks that disabling it per MS instructions doesn't actually disable it.

That being said, does it affect functionality? Does stuff not work (for all definitions of not work -- from not all to pokey slow because it's trying and faiiling to hit a telemetry server)?

While I would expect corporations with an eye on security to object, I would also expect places like that to have a fairly stern outbound firewall policy and filtering system that would block a lot of telemetry by default, mitigating some of this but still not eliminating the annoyance of a machine that does what it wants.

I'm also curious how much analysis of telemetry has been done. Do we know what processes on the machine are responsible for telemetry, and are there any ways to disable them? Have the telemetry messages been analyzed to develop firewall rule groups to block them by IP, URL or DNS?

Comment Re:Why? (Score 2) 65

Sorry, but I just don't understand what the purpose is, and it isn't stated in the thread linked -- other than a few ... (maybe) benchmarks that don't cover many real-world use cases.

With CFQ, an high disk-IO task will block every other process on the system from getting any time. This can be a big file cp, but I see it most often when writing to slow USB thumb drives... Queue up a copy/rsync/etc. of a few GBytes of data to a slow thumb drive, and after your RAM/buffer cache is filled, your system will be almost completely unresponsive.

Change your scheduler from CFQ to deadline and your system will spring back to life. I don't specifically know that BFQ does any better, but it couldn't possibly be worse... CFQ is crap.

Slashdot Top Deals

Power corrupts. And atomic power corrupts atomically.