Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Breakthrough? (Score 3, Interesting) 253

by JanneM (#49184159) Attached to: Microsoft Convinced That Windows 10 Will Be Its Smartphone Breakthrough

Smart article yes, but it's still incredibly stupid to buy a lottery ticket.

Unless you think it's fun to play. Idle daydreaming about what you'd do if you won; the excitement as the numbers are called; the rollercoaster of emotion as you realize you may win - no you won't - oh but you did get a small price.

It's only stupid if you see it as an investment. See it as entertainment and it's no more dumb than paying to watch a movie.

Comment: Hashes not useful (Score 5, Informative) 321

by IamTheRealMike (#49157781) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

Seagate is correct. Putting a hash on the website doesn't improve security at all because anyone who can change the download can also change the web page containing the hash.

  The fact that this practice is widespread in the Linux world originates from the usage of insecure FTP mirrors run by volunteer admins. There it's possible for a mirror to get hacked independently of the origin web page. A company like Seagate doesn't rely on volunteers at universities to distribute their binaries so the technique is pointless.

A tool to verify the firmware is poetically impossible to write. What code on the drive would provide the firmware in response to a tool query? Oh right ..... the firmware itself. To make it work you need an unflashable boot loader that acts as a root of trust and was designed to do this from the start. But such a thing is basically pointless unless you're trying to detect firmware reflashing malware and that's something that only cropped up as a threat very recently. So I doubt any hard disk has it.

BTW call a spade a spade. Equation Group == NSA TAO

Comment: Re: Great, fully owned by Silent Circle (Score 4, Interesting) 59

The issue with Silent Circle isn't their jurisdiction. It's that their code is of deeply questionable quality. They recently had a remote code execution exploit that could be triggered just by sending a text message to their phone. It's been literally years since one of these affected mainstream software stacks, so how was that possible?

Well, they wrote their own SMS parsing code, in C, and used JSON to wrap binary encrypted messages and there was a bug that could cause memory corruption when the JSON wasn't exactly in the form they expected.

The amount of fail in that sentence is just amazing. They're a company which justifies its entire existence with security, writing software to run on a smartphone where the OS itself is written in a memory safe language (Java) and yet they are parsing overly complex data structures off the wire ..... in C. That isn't just taking risks, that's playing Russian roulette over and over again. And eventually it killed them. Remote code execution via SMS - ye gods.

After learning about that exploit and more to the point, why it occurred, I will strongly recommend against using Silent Circle for anything. Nobody serious about security should be handling potentially malicious data structures in C, especially not when the rest of the text messaging app is written in Java. That's just crazy.

Comment: Re: Cost savings (Score 1) 104

by JanneM (#49144065) Attached to: Argonne National Laboratory Shuts Down Online Ask a Scientist Program

It is ridiculous of course. It is also a common attitude among PI's toward their postdocs and students, especially in high-profile, high-pressure labs.

This letter from a PI to a worker made the rounds a few years ago. The PI claimed later it was a joke. It doesn't read like a joke, and the exact same attidude is not uncommon at all:

http://www.chemistry-blog.com/...

Comment: Re:I live in the Netherlands (Score 1) 303

by JanneM (#49134991) Attached to: I ride a bike ...

I used to ride every day. But my place of work changed, so now I walk and take the train instead. Around home we generally walk as well, so my bike sits unused for months on end.

Walking is also good exercize of course, but it does limit the range of places to go. I should fix up the bike and start using it again come spring.

Comment: Re:Black Mirror (Score 5, Insightful) 257

by JanneM (#49134869) Attached to: 5 White Collar Jobs Robots Already Have Taken

Automation changes the source of production from workers to machines. And that separates the source of production from the source of consumption.

To put it simply, robots produce wealth but does not consume it. Humans consume wealth, but (in this possible future) can no longer produce it. Robots have owners of course, but even if you ignore what happens to the majority of people, a few extremely wealthy people can not possibly make up for the consumption shortfall. Ten-thousand people with 10k each vastly outconsume (by necessity) a single person worth 100M.

So, if the entities making wealth and those using wealth become separate, you need a way to transfer wealth from one to the other. If not, you will see a slow-moving economic collapse, as lack of demand and cost-cutting automation drive each other down.

A basic income, generated from a tax on production (transaction tax, energy tax, direct tax on machinery) is one way, and has the benefit of being simple, straightforward and having low administrative overhead.

Comment: Re:Sounds pretty awesome... (Score 2) 131

by JanneM (#49133731) Attached to: Developers Disclose Schematics For 50-1000 MHz Software-Defined Transceiver

That said, I spend several years of my life helping to get rid of the Morse Code test for radio hams, so that smart folks like you could just take technical tests to get the license.

I'm currently assembling a Softrock Ensemble receiver just to play with SDR. I'm starting to become interested in more than passive receiving â" but a major part of my curiousity is about Morse, not voice. I can talk to anybody over the net after all, while Morse code communication feels like a very different kind of thing.

Comment: Re:Politics? (Score 4, Insightful) 104

by JanneM (#49133663) Attached to: Argonne National Laboratory Shuts Down Online Ask a Scientist Program

[...] and rather than cutting the least important program, they cut the most visible program, in an attempt to get their funding restored.

Honestly, though, a qestion-answer service for school children probably does rank among the least important programs for a research lab. I very much doubt this is part of their written remit (as opposed to communicate their actual research to the public), and the people spending time at work answering the questions certainly get zero professional recognition for it.

It does sound like a very nice, fun service. And I do agree that this kind of outreach is important. But if this is not part of what their funders want them to do, then it should come as no surprise if it's among the first things to go when money becomes tight.

You want this kind of thing to continue? Make sure there's funding (and paid time) earmarked for doing it. In fact, that may be a good idea in general: add a small fraction (.1% or even less) to any research grant over a certain size for general science outreach. If it's part of your funding, that also removes the career obstacles toward doing outreach we too often have now.

Comment: Re:When groups like this attack you... (Score 0) 99

I think the Gemalto response seems reasonable, actually. The documents suggest they weren't doing anything more sophisticated than snarfing FTP or email transfers of key files, which Gemalto say they started phasing out in 2010. And the documents themselves say they weren't always successful.

NSA/GCHQ are not magic. They do the same kind of hacking ordinary criminals have been doing for years, just more of it and they spend more time on it. If Gemalto are now taking much better precautions over transfer of key material and the keys are being generated on air gapped networks, then it seems quite plausible that NSA/GCHQ didn't get in. Not saying they could NEVER have got in that way, but these guys are like anyone else, they take the path of least resistance.

Besides, it's sort of hard for them to do something about a hypothetical hack of their core systems that they can't detect and which isn't mentioned in the docs.

Comment: Re:Ugh. Just ugh. (Score 5, Insightful) 406

by IamTheRealMike (#49121137) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

It's hilarious. For a moment I wondered if the transcript is even real. This makes Eliza look sophisticated.

Q: Which of those countries should we give backdoors to?

MR: So, I’m not gonna I mean, the way you framed the question isn’t designed to elicit a response.

AS: So you do believe then, that we should build those for other countries if they pass laws?

MR: I think we can work our way through this.

AS: I’m sure the Chinese and Russians are going to have the same opinion.

MR: I said I think we can work through this.

He seems to believe, "I think we can work through this" is an acceptable answer to a simple yes/no question. The guy doesn't even have a coherent answer to one of the most basic and obvious questions he could possibly be asked. I thought Comey did a poor job of explaining his position but this takes it to a whole other level.

Comment: Re:Terrorists steal registered SIMs (Score 1) 134

by IamTheRealMike (#49119617) Attached to: Pakistanis Must Provide Fingerprints Or Give Up Cellphone

Why would people not report a SIM as stolen currently? They have every incentive to. They'd need to do so, to get their old number back anyway.

But seriously, if you're a terrorist, you're not going to be fazed by just doing some street muggings to obtain cell phones first. It doesn't matter much if the cards get de-activated a day later. Heck, just point a gun at a SIM vendor and force them to activate the cards with fake data. If the vendor doesn't have the IMSI codes for every SIM in their inventory, they can't even report them as stolen.

Comment: Re:amazing (Score 4, Interesting) 279

by JanneM (#49117441) Attached to: Intel Moving Forward With 10nm, Will Switch Away From Silicon For 7nm

I'm talking about the silicon chips doing the things that our brain can do, such as designing the next intel chip.

The major stumbling block isn't processor speed or capacity. It's that we don't know how to architect such a system in the first place.

And if you think about it, a lot of the "smart" things we want to automate really don't need anything like human-level or human-like intelligence. A car with the smarts of a mouse would do great as an autonomous vehicle. Real mice manage to navigate around a much more difficult, unpredictable and dangerous environment, using a far more complex and tricky locomotion system, after all.

Due to lack of disk space, this fortune database has been discontinued.

Working...