Forgot your password?

Comment: Re:~$7500 per transaction? (Score 1) 69

by DeKO (#47373961) Attached to: Cybercrooks May Have Stolen Billions Using Brazilian "Boletos"

Sounds like they replace the barcode to redirect the payment to an account they own, so they are really stealing the whole amount. Funny thing is, after you enter the code (by scanning or typing) you get a confirmation screen (either on the ATM or on the online system) with the name of the receiving entity; it's hard to imagine the bank would allow somebody to create an account with a name that looks like an utility company or something like that.

I agree, the average amount seems way too high; things at that range are usually paid with credit cards, cheques, or direct transfers between bank accounts. I'm really curious to find out what kinds of transactions average at 100 times the typical boleto value. Was every victim buying a 65" 3D 4k LED TV over the internet?

Comment: Blame the banks (Score 4, Insightful) 69

by DeKO (#47373631) Attached to: Cybercrooks May Have Stolen Billions Using Brazilian "Boletos"

From TFA:

In Brazil, when banking customers access their online banking site for the first time, they are often asked to install a security plugin. [,,,] However, the Boleto malware [,,,] searches for specific versions of client side security plug-ins detects their shared libraries and patches them in real-time to dodge security.

I've closed my account in 3 different banks for pulling this bullshit. So it turned out the "security plugin" is full of security holes; worse than that, they are educating their users that they need to install/update software every time they access their bank online, so most accept plugin installation confirmations right away.

The fact that it attacks boletos is a minor detail, it's a traceable and reversible money transfer once suspicious activity is identified.

Comment: Re:Bad marketing (Score 2) 127

by DeKO (#47194113) Attached to: Sony Overtakes Rival Nintendo In Console Sales

Nintendo's marketing after the Wii was not effective.

I agree with this statement, but for a different reason. I have a Wii U and a 3DS, and none of the competitors'. Google knows that very well due to searches and through the websites I visit. Yet, I only see ads for the other systems, and PC games (my gaming laptop is more than 3 years old, so every "recent" game has to be on lowest settings to be playable... so I don't play on it).

Maybe they are too full of themselves and think they don't need to make the effort? Maybe they don't really understand how to use the internet? My theory is that they didn't learn how to grow. The industry grew, the competitors came from companies that already knew how to grow, yet Nintendo still works centralizing everying in Kyoto with little human resources to manage a global market. Their strategy of disruption from the DS/Wii era went tot heir heads, now they think they can do it again on a whim (like their new "Quality of Life" strategy... heck, let me sync my Fit Meter with my phone or my 3DS, and make my data available on the web) whenever they get cornered.

Comment: Re:OK, before somebody else points it out... (Score 2) 470

by DeKO (#45276227) Attached to: How Your Compiler Can Compromise Application Security

There are actually 3 categories:

  • Implementation Defined: the implementation (compiler, standard library, execution environment) has to document what happens. Code relying on this is not portable.
  • Unspecified: the implementation can choose to do what makes sense, and not tell you. Even reverse-engineering and relying on what you found out, is unreliable. The actual address returned by malloc is unspecified; is it aligned? Does it always grow in value if nothing was free-ed? You shouldn't even care about this detail, so the standard leaves it unspecified.
  • Undefined Behaviour: you wrote something that doesn't make sense, if you get lucky the compiler/standard library/operating system will react in a sensible way, but the standard says it's not the implementation's fault you get something wrong as a result. Things like reading variables before initializing them.

Diagnosing UB can be too demanding from the implementation, so the standard doesn't even require it. How would you diagnose incorrect usage of realloc? Add run-time checks? Write a special rule in the compiler so it knows about realloc? Extend the language with metadata? What if realloc is hidden behind a user-defined function? At some point you have to stop, otherwise you could even solve the halting problem.

Comment: Re:OpenCL (Score 1) 66

by DeKO (#44365161) Attached to: OpenGL 4.4 and OpenCL 2.0 Specs Released

The gpuocelot project has been able to run CUDA in non-NVIDIA hardware for some time now, including x86 CPUs and AMD GPUs.

Too bad the CUDA compiler often segfaults on ordinary C++ libraries even when they are host-only (in which case nvcc is supposed to just forward it to GCC). Hopefully the LLVM-based compiler for OpenCL 2.0 won't be as buggy.

Comment: Re:Easy (Score 2) 332

by DeKO (#43621725) Attached to: Ask Slashdot: How To Handle a Colleague's Sloppy Work?

This. If it's your job to go and fix his mess, do it without complaining. And document all the effort you put into it, to avoid being labeled as someone that just rewrites code without adding anything.

If you are not responsible for cleaning after the senior, then don't do it, let it all rot until somebody (your boss, or even your colleague) makes the decision it's time to clean the mess.


4-Billion-Pixel Panorama View From Curiosity Rover 101

Posted by samzenpus
from the take-a-look dept.
SternisheFan points out that there is a great new panorama made from shots from the Curiosity Rover. "Sweep your gaze around Gale Crater on Mars, where NASA's Curiosity rover is currently exploring, with this 4-billion-pixel panorama stitched together from 295 images. ...The entire image stretches 90,000 by 45,000 pixels and uses pictures taken by the rover's two MastCams. The best way to enjoy it is to go into fullscreen mode and slowly soak up the scenery — from the distant high edges of the crater to the enormous and looming Mount Sharp, the rover's eventual destination."

Comment: In world without copyrights (Score 1) 320

by DeKO (#42739917) Attached to: Pushing Back Against Licensing and the Permission Culture

In a world without copyright laws that would be feasible. But we don't, and it isn't. Commit code with no license and legally nobody is allowed to distribute your software. No company will ever willingly use your code, even if it does something unique and useful.

Grow up you hippie and accept that you have to learn something about laws before you interact with society.


Same Platform Made Stuxnet, Duqu; Others Lurk 89

Posted by timothy
from the what-evil-lurks-in-the-hearts-of-men dept.
wiredmikey writes "New research from Kaspersky Labs has revealed that the platform dubbed 'tilded' (~d), which was used to develop Stuxnet and Duqu, has been around for years. The researchers say that same platform has been used to create similar Trojans which have yet to be discovered. Alexander Gostev and Igor Sumenkov have put together some interesting research, the key point being that the person(s) behind what the world knows as Stuxnet and Duqu have actually been using the same development platform for several years." An anonymous reader adds a link to this "surprisingly entertaining presentation" (video) by a Microsoft engineer, in which "he tells the story of how he and others analysed the exploits used by Stuxnet. Also surprising are the simplicity of the exploits which were still present in Win7." See also the report at Secureist from which the SecurityWeek story draws.

Comment: Re:NOT Ubuntu -- try Mandriva. (Score 1) 622

by DeKO (#36678466) Attached to: Ask Slashdot: Easiest Linux Distro For a Newbie

Wrong. They use different kernel versions, with different kernel patches. And most importantly, the userland apps certainly differ here and there. The most important example is the Mandriva Control Center. It's task-oriented, making it far more friendly than searching for configuration tools by name - in particular, if you have a localized system, where translations are often arbitrary and non-intuitive.

For specific examples, check out Mandriva's wizards for video cards, disk partitioning, network setup, network sharing. Now try to setup those things under Ubuntu without hitting the Ubuntu forums first.

That said, network card compatibility is pretty much hit or miss, as they often depend on binary blobs (either proprietary or windows drivers) that break in different ways with different kernel versions. My dad's current laptop's wifi only works reliably with WEP, not WPA, while mine kernel-panics with WEP. I bet bugs would manifest themselves differently on Ubuntu.

Lisp Users: Due to the holiday next Monday, there will be no garbage collection.