Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment Re:Assumes it ever lived (Score 2) 455

While I agree that emulating the parts of the iOS ecosystem that we all hate (the walled garden, and the over-dependence on for-rent services) was their biggest mistake, I just don't have the same loathing for Microsoft as I do for Apple. Apple innovated the walled garden model, and got millions of fanbois to promote it. Apple is like an abusive spouse, constantly telling their users they're too damn stupid to own anything as cool as their gear; and yet those people are grateful. Apple is straight up evil.

Microsoft just copied everything Apple did, stupidly hoping they'd stumble upon some magical formula for success. But it always seemed like somewhere deep inside Microsoft there was a tension caused by really talented people who knew the whole Apple idea was evil, and were trying to do the right thing. So I can't hate them as much.

Comment Re:Nine years of pair programming? (Score 1) 186

You're maybe a better coder than I or people I've worked with. I find the majority of my time isn't spent "writing" it is spent finding the stupid little errors like a != that should be an == or forgetting to do a null check etc.

You'd probably benefit from a good static code analyzer. While they can't catch errors in logic where your code doesn't meet your requirements, even the simple ones can catch a lot of dumb things like skipped null checks, boundary violations, pointer violations, memory leaks, etc. The better tools are very sophisticated and can do deep examinations, and will track your code quality over time. They are also available as IDE plugins, you can run them on a build server, or both. They can save you hours of time checking for those stupid little errors.

Comment Re:You get what you pay for (Score 2) 77

Here's a nice warm thought to keep everyone up at night: What is to keep hackers who enjoy this sort of thing from buying devices at BestBuy, hacking them to insert remote back doors, and then returning them to BestBuy the next day? If they put it back in the packaging, possibly with new shrink-wrap, they could claim they never even opened it, and it would go right back on the shelf for some unsuspecting victim to buy.

But ... that could never happen. There's yellow tape on the box assuring me that it was inspected and repackaged by Best Buy experts. Experts! And we all know only experts are permitted access to the yellow tape dispenser.

I have little doubt the same experts refurbished one of the returned washing machines I was looking at. I wanted to see how the drain filter would work so I opened it, and while I looked disgustedly at the slimy lint still trapped in the filter, about a gallon of water poured into their carpets. I guess that's what karma looks like.

Submission + - Unmasking the Stingray (theverge.com)

plover writes: The Verge has a feature story on the criminal who figured out he was caught due to his prepaid cellular device, and discovered the existence of the Stingray.

Comment Re:We actually don't WANT better ransomware (Score 1) 67

My point was only that publishing this code isn't likely to benefit anyone, even those who have an interest. "Legitimate" anti-virus companies aren't likely to need it, because they generally deal with the binary code anyway. If there are a few such companies that could benefit from it, the code could be made available to them via special arrangement instead of a public publishing process. It certainly doesn't have to be an exclusive deal; if you think Symantec, ESET, Kaspersky, and Trend Micro are all legitimate AV companies that deserve a copy, send them all a copy.

Comment Re:We actually don't WANT better ransomware (Score 3, Interesting) 67

1) Making malware code public helps malware programmers (current and aspiring) write better malware programs.

This request is specific to ransomware, not generic malware. Anyone with poor ethics can deploy either, but ransomware has the potential to make an irreversible impact on victims. Yes, malware can reformat a drive and wipe data, but ransomware provides greater motivation to attackers because of the potential for direct profit.

2) Making malware code public helps anti-malware programmers (current and aspiring) write better anti-malware programs.

Anti-malware code is a specialized field, and there are fewer than 50 companies who have much marketshare. Entry into this field is a high bar, requiring the trust of many people. Even then, many of the products are of poor quality, and/or have their own unethical behavior. An aspiring anti-malware author will have much greater difficulty breaking into the field than an ordinary app developer. There isn't much of a market for specialized anti-ransomware.

Who benefits more? I honestly don't know. However, my bias is towards openness over secrecy, and I think it needs to demonstrated that the risks of making malware code public outweigh any potential benefits.

Publishing the ransomware code creates very specific risks. If perfectly executed, ransomware results in absolute hijacking of the user's data. But as we know from legions of flawed security software, writing perfect code and implementing cryptographic algorithms perfectly is very difficult. Recent ransomware made the news because it was imperfect, allowing investigators to recover the encrypted data for all clients without paying the extortionists. The fear is that publishing the ransomware code will give a working example of properly executed encryption that researchers can't break.

You also have to consider how anti-malware code typically works. Much of it is still signature based, meaning that a working copy of the code can simply be tweaked or recompiled to evade signature detection, and the recompiled code will remain effective. Source code won't help the anti-malware authors much.

So overall, publishing the code will greatly benefit the attackers, and will be of only marginal benefit to anti-malware authors. It is hoped that anyone in possession of ransomware source code already understands these points, and will not be compelled to release the code for "noble purposes", as there would be virtually no nobility in the gesture.

If you are still interested in how ransomware works, I would recommend "Malicious Cryptography: Exposing Cryptovirology", by Drs. Young and Yung (Wiley, 2004.) This book was one of the first scholarly works on ransomware. You don't need the source code to learn about it.

Comment Re:Interesting - (Score 2) 179

Three keys for satellites up in the sky
Seven for the hackers, in their mommies' homes
Nine keys for sysadmins in collusion with the spies
One for the Dark Lord, in his Oval Office.
In the land of Bruce, where the Schneier lies.
One key to crack them all, one key to find them
One key to bring them all and in the HSM bind them.
In the land of Bruce, where the Schneier lies.

Comment Re:Tripping the Light Fantastic (Score 1) 102

Hmmmm....

Interesting. Having been ballroom dancing for years, I have not found the culture to be at all as described. Sometimes people have perceptions of one group or another that comes nowhere near close to the reality of the situation because they rely on stereotypes rather than getting to know those in that group.

Comment Re:There is no regulation against such use. (Score 1) 73

Except that they're saying that the registration for new purchases has to take place at the time of the purchase, before the device is used.

Where exactly are they saying this?

Before it's flown outdoors you must be registered and it must be labeled, yes, but I'm not aware of anything saying it must be done at the point of purchase or that it is needed before it's even flown indoors.

So ... citation?

Comment Re:What the hell is this crap? (Score 1) 73

It's not limited to propeller-aircraft; ultralight rubberband power fixed-wing is a popular indoor option.

Uh... how are those ultraight rubberband-powered fixed-wing powered, if not by propellers?

I've seen model aircraft that were powered by flapping their wings like a bird.

Also, it's not really ultralight or rubberband powered, but turbine (i.e. jet) powered model aircraft are certainly a thing.

And finally ... unpowered gliders are quite popular, even indoors.

But yes, context suggests that the person who wrote that probably meant "multicopters" or "electrically powered aircraft" rather than "propeller-aircraft". You've done us all a great service in drawing attention to the less than ideal choice of words ...

Comment Re:There is no regulation against such use. (Score 2) 73

Especially since going indoors doesn't exempt them from that dubious new registration program anyway: if it flies by remote control and it weighs more than half a pound, it has to be registered before it ever flies

No, the FAA says otherwise.

From their FAQ --

Q22. If I only fly it indoors, do I have to register it?
A. No, the FAA does not regulate indoor UAS use.

Now, given that they haven't even really written the regulations for much of this stuff yet, and it's largely based on advisory circulars and FAQs and such, it's possible that whenever they do get off their butt and write the actual rules that they could say something else, but for now ... they explicitly say you don't have to register anything that only flies indoors.

Also, they aren't registering model aircraft anyways -- they're registering pilots, and then requiring that the pilot's registration information be on the model aircraft. (After all, when you go to your site, do you tell them about your models? No, not a thing -- instead you just tell them about yourself.)

Slashdot Top Deals

Men love to wonder, and that is the seed of science.

Working...