Follow Slashdot stories on Twitter


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Comment But That's How We've Always Done It! (Score 2) 57

The significance of the advisory isn't that the initial firmware can be replaced. As indicated, that's a standard feature not only with Cisco gear but just about any computing device.

This is what should change. Firmware being read-write without some significant intervention is a huge factor in the current generation of vulnerabilities. Why is ROMMON write-enabled without moving a jumper or flipping a physical switch on the chassis?

Why can we update firmware on our PCs without needing to reboot into some special mode first? That stuff should be read-only (preferably with a hardware latch on the write-enable pin that's only cleared by a processor reset) as early as possible in the boot sequence.

The general case is that we do not update firmware while running the device. Even if you did that thirty times in the lifetime of the computer, they'd still be relatively exceptional cases. Why is the default behavior to trust that the OS will be bug-free enough to protect something so critical?

Or maybe I'm just getting old. Break out the UV EPROM-eraser and get off my lawn!

Comment Re:This is not how you inspire confidence (Score 2) 151

In this particular case, yes. There will always be non-exploitable bugs.

The problem is that when you begin to dismiss bugs as non-exploitable (whether you've fixed them or not) and their reports as "overblown," you put yourself in the unfortunate position of only needing to be wrong once. Specifically, dismissing bug reports with the notion that the bug would never be exploitable—not because the bug is "beyond the airtight hatchway," but because no one would be dumb enough to write an application in a particularly boneheaded way discounts decades of examples of people writing software in amazingly boneheaded ways.

Whether it's true or not (and, in this case, it seems true), this is not a way to inspire confidence, and an SSL implementation needs every bit as much community confidence as it does technical correctness.

Comment Re:That's strangely sane and oddly normal. (Score 1) 229

The person penalized did, or allowed to be done, something illegal but not especially malicious or very damaging. They face a penalty which will certainly be unwelcome and which will probably encourage them to act within the law. No huge court case, no lives wrecked, no lawyers riding the gravy train. *This is how a legal system is supposed to be.*

Granted, that's a far sight better than how things are here in the US, but to say that's how things are "supposed to be" is aiming pretty low. That's still a legal system that spends taxpayer money to defend the "property" of copyright holders from nebulous threats, and punishes people for activities that have no provable harm to anyone. Wouldn't it be far more preferable to have a system that spends its time restituting actual victims instead of collecting arbitrary fines from people who aren't hurting anyone, perhaps a system that considered impact instead of looking at who's coloring outside the lines drawn by politicians?

I will furthermore submit that "The Rule of Law" will always be "The Rule of Lawyers" so long as the lawyers are the ones constructing laws prohibiting whatever behavior the well-connected consider inappropriate.

Comment Re:It depends - Sticktion Y2K Repair (Score 1) 504

"Back in the day" (mid-90s) when that was more common, the term for it was "stiction." I don't know if it's less common these days because disk mechanisms are more reliable, the lubricants are better, or machines have much shorter average service lifetimes.

SGI field-service engineers actually had a rubber mallet specifically dedicated to coaxing stictioned drives to run for long enough to get the data off them. The Micropolis disks they shipped in their workstations back then were notorious for that (among many other problems). The company I worked for at the time had such a service call, and the technician told me that the hard part wasn't getting the disk running again, but convincing the disk that whanging the disk with a hammer was a sane thing to do!

Comment Re:Actually sounds interesting... (Score 3, Informative) 83

Have you heard of the Software Engineering Radio podcast? I've been listening to it for a few years, and I really enjoy it—even if I don't share Markus' enthusiasm for model-driven software. The web site is at, and even the back issues are worth listening to (processes don't get dated nearly as rapidly as tools).

Comment They're ALL Betas (Score 5, Informative) 237

From the big Bugzilla thread about version numbers earlier this week:

Users cannot sit on Firefox 4.x They will be updated to the latest version when they open the About dialog (or sooner) because all* but the current Firefox release are unsupported versions in the new rapid release cycle. Those not current versions do not not get critical security updates except via the current version. Firefox users will not be spread across Firefox 4, 5, 6, etc. They will be on the latest version or they will be about to be on the latest version.

Effective expiration, lack of bugfixes, and rapidly replaced by newer versions with bugfixes? By any practical definition, there is no stable version. They're all betas from here onwards. The whole notion of a release isn't that it's bug-free, but that it's supported for a reasonably-long period of time.

Comment Re:St. Reagan (Score 1) 788

One of the few constants in government is the "It's not <bad-thing> when we do it" trope.

Asset forfeiture? It's not stealing when we do it. Beating an unarmed man because he was videotaping police misconduct? It's not battery when we do it. Shooting a deaf whittler in the back? It's not murder when we do it.

The opposition party always does thoughtless, foolhardy, destructive, tyrannical things. However, they're not bad when we do them. "Small government" Republicans got the country further into debt in the last ten years than it'd been in fifty, and "peace prize" Democrats still wage war overseas. Thugs, the whole lot of them.


Submission + - Rogue Brown Dwarf Lurks in Our Cosmic Neighborhood (

astroengine writes: "The UK Infrared Telescope (UKIRT) in Hawaii has discovered a lone, cool brown dwarf called UGPSJ0722-05. As far as sub-stellar objects go, this is a strange one. For starters, it's the coolest brown dwarf ever discovered (and astronomers using the UKIRT should know, they are making a habit of finding cool brown dwarfs). Secondly, it's close. In fact, it's the closest brown dwarf to Earth, at a distance of only 10 light years. And thirdly, it has an odd spectroscopic signature, leading astronomers to think that this might be the discovery of a whole new class of brown dwarf."

Submission + - Leopard's Unix conformance is spot on (

WirePosted writes: "Both the desktop and server versions of Leopard have been awarded a certificate of conformance to the latest Unix standard, making these the first operating systems derived from the open source BSD base of historical Unix products to meet the certification requirements."

Submission + - Universal blocks Trent Reznor's fan remix web site (

cLive ;-) writes: "Trent Reznor's recent departure from Universal was meant to leave all this crap behind but, even now, the suits are stopping him from helping to bring the music industry into the 21st century (eg, with new distribution models). Having previously fallen out with his record company by urging fans to steal his music when he thought his CDs were overpriced, now he's being "lawyered" over his upcoming fan remix web site. The main gist of the problem is that Universal are scared to host his remix site when fans could be submitting mashup tracks that would infringe on other artists' rights, as this would affect the industry's ongoing lawsuit against YouTube et al...

When will these dinosaur industries get it?"

"Everybody is talking about the weather but nobody does anything about it." -- Mark Twain