Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Or the malware might cover its tracks. (Score 1) 227

by Ungrounded Lightning (#49158963) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

If you ask the drive to read out the whole flash.
The maybe the firmware would have to go to the platter to get the real image.

Or the malware could regenerate the un-attacked version.

For instance: If it's a patch that loads into an otherwise cleared-to-known-vallue region it can detect that region while reporting flash content and report the cleared value, instead. Add a couple other tiny regions where it saved (or alread knew) the previous contents where it "sank it's hooks" and you can't tell it's there from its replies to dump requests.

JTAG seems safer.

Yep. JTAG, in principle, could be corrupted. But it would require substantial hardware support that almost certainly isn't there (yet!)

Comment: Hashes can be useful. (Score 1) 227

by Ungrounded Lightning (#49158915) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

Which is why I always laugh my ass off at all these people who use PGP to sign things and put a hash on the same website you download it from ... look you can verify this file you downloaded from the website hasn't changed because theres no way anyone would be smart enough to update the hash as well!

That's why you SIGN the hash. Then only the public key needs to be published by a different route.

And it doesn't HURT to publish it on the web site as well: Then someone tampering by substituting a different public key sets off alarm bells when that differs from the public key obtained from another site or by another path. Blocking that makes man-in-the-middle more complex: The attacker has to have essentially total control of the path to the victim and be able to recognize and substitute the public key whenever it shows up. One slip-up and somebody may raise the alarm.

Meanwhile: Even if publishing hashes on the same site may not provide additional security against MITM, it DOES let you check the download wasnt corrupted in transit (in ways other than malicious substitution). With modern protocols that's less of a problem these days than it used to be, but a check would be comforting.

Comment: Re:Soshill Justus (Score 0) 96

by squiggleslash (#49156323) Attached to: Twitter Adds "Report Dox" Option

but feel free to go back to Kotaku, which came out and actually BRAGGED about how corrupt they were

No, this never happened.

ignore the chat logs of GameJournoPro, where they literally got together to formulate a response when they got caught accepting both monetary and sexual favors

No. Two members of GJP did have a discussion about whether or not reporting on the harassment campaign against Zoe Quinn might be counter productive. GamerGate/Milo spun that as the drivel you just posted.

Bonus GG points for misusing the word "literally" in classic GG fashion BTW.

(which is why no less than 13 different websites all printed the EXACT SAME ARTICLE about how "gamers are dead" within an 18 minute span of each other)

No. This never happened. There was never a post claiming "gamers are dead". An article in Gamasutra was spun by those harassing Zoe Quinn as claiming that, but was actually about the market for games widening beyond the small set of violent insular males the industry has traditionally targeted. No article was posted in 13 different websites. Several articles expressing a similar point of view to the Gamasutra piece were posted within a 24 hour period, but the Gamasutra piece and the others were responses to current events, noteably the escalation of the attacks on Zoe Quinn, which had, before the articles had been published, been labeled "Gamergate" by prominent C-list right wing actor Adam Baldwin.

I'm not even going to bother continuing here. Every single statement made in the first few sentences of your piece is an outright lie, dating back to the false narrative posted by Gamergate supporters a month or so after Baldwin's coining of the term where, at Eron Gjoni's partial prompting, the phrase "Actually it's about ethics in gaming media" became GamerGate's defense.

We know GamerGate is about harassment. Other than a small number of women journalists, none have suffered harassment, not even the one supposedly at the center of the "Quinnspiracy". Meanwhile female gamedevs, and feminists posting critiques of the gaming industry, continue, today, to receive violent threats and other abuse. From you guys.

Stop whitewashing your repulsive movement, and grow up.

Comment: Re:Soshill Justus (Score 1) 96

by squiggleslash (#49156019) Attached to: Twitter Adds "Report Dox" Option

(Original post has disappeared apparently due to abusive moderation. If you don't like what I'm saying, respond. The fact is everything stated below is true. I know many don't like terms like "Hate group", but it's the only way to describe groups like it, Stormfront, and other extremists.)

Nah, he said what happened and suggested people who don't believe him look at the evidence pointing out what persuaded him. That's a fairly normal way of arguing.

Let's be honest here: Gamergate is a hate movement. A few minutes of Googling, watching Twitter feeds, and even spending some time in KIA - the "Clean face" of GamerGate designed to lure in useful idiots, forget 8chan where the actual organization is - shows that fairly conclusively. I've delved in. I've seen major GamerGate figures in the early days promoting stories like "How to rape a woman and get away with it" and "How to break a woman". I've seen major GamerGate figures harass a woman developer who'd had the audacity to fight back against earlier harassment taunting her because her dog just died.

That's why pretty much the entire mainstream media is calling GamerGate a hate group. They're not doing it because some female gamedev had sex with them. They're calling it a hate group because it is.

Comment: Re:Headline/summary discord (Score 2) 152

by squiggleslash (#49155275) Attached to: Hyperloop Testing Starts Next Year

You have to be a special kind of idiot to ignore the general success that HSR projects have had across the world. CAHSR isn't a perfect project, it's plagued by politics and would probably cost a fraction of the price if they didn't have to get buy in from 51% of the State.

But profitable? Why wouldn't it be? Acela Express, a relatively crappy HSR system that manages an average speed of 70mph gets half a billion dollars a year in revenues, an amount that's still increasing year-on-year. It has around 80% of the Air-Train market it serves.

There's no reason to believe that CAHSR, a faster "purer" system, wouldn't make more money than Acela Express. And the infrastructure doesn't have to be limited in use to just the four stops currently covered.

It's not perfect, but don't let perfect be the enemy of the good enough. I'd prefer a private project, but looking at the progress of the all-private All Aboard Florida in Florida, I'd say the problems with politics fucking everything up and virtually coercing good projects to do crappy things are going on there too. Texas's HSR is similarly being attacked by NIMBYs in those areas it passes through but doesn't serve. It'll be interesting to see how all three projects progress.

Comment: &is "teal" blue with greenish tinge or vice-ve (Score 1) 356

by Ungrounded Lightning (#49155217) Attached to: Is That Dress White and Gold Or Blue and Black?

... blue and brown. Just now, I opened the Washington Post link on my 24" screen in a sunlit room, and it was clearly white and gold.

Though the sensations are vastly different, brown is really dark yellow. The underlying color of that part of this dress seems to be very near the perceptual boundary (probably just on the yellow side of it). This picture seems to have the dress in a non-obvious shadow, so when it is viewed by someone whose visual system doesn't adequately pick up the shadowing and compensate, it crosses the boundary and appears light brown rather than dark yellow.

Another perceptual oddity is that a very slight bluish tinge to white makes it appear "whiter than white", especially in sunlight or other strong lighting. (I suspect this works by mimicing the differential response of the various color sensors in the eye when exposed to very bright light, though blue may also "cancel out" a bit of the yellowing of aging cloth.) Laundry products up through the 1950s or so included "bluing", a mild blue dye for producing the effect. (It fell out of use when it was replaced by a fluorescent dye that reradated energy from ultraviolet as blue, making the cloth literally "brighter than white" {where "white" is defined as diffuse reflection of 100% of the incoming light}, and which, if mixed with detergent products, would stick to the cloth while the surficant was rinsed away.) I suspect some of the "blueish is brighter" effect is going on here.

When I view the picture straight-on on my LCD display, the light cloth on the upper part of the dress appears about white and the image appears somewhat washed out. Meanwhile the lower half has a bluish tinge. So I suspect the cloth is actually nearly-white with a bit of blue. (Viewed off-axis it's very blue, but the other colors are over-saturated and/or otherwise visibly off-color. So off-axis viewing makes it look more blue and this probably adds to the controversy.)

Another color-perception issue is "teal", a color between blue and green. There are paint formulations of this color that give the sensation of "distinctly blue with a greenish tinge" to some people and "distinctly green with a bluish tinge" to others, even under the same lighting and viewed from the same angle. (I'm in the "slightly-bluish-green" camp.)

The first place I encountered this was on the guitar of the filksinger Clif Flint. (On which he played _Unreality Warp_: "... I'm being followed by maroon shadows ..." B-) ) Apparently his fans occasionally had arguments about whether his guitar was blue or green, so he sometimes headed this off (or started it off on a more friendly levl) by commenting on the effect.

Comment: Re:Soshill Justus (Score 0, Troll) 96

by squiggleslash (#49154705) Attached to: Twitter Adds "Report Dox" Option

Nah, he said what happened and suggested people who don't believe him look at the evidence pointing out what persuaded him. That's a fairly normal way of arguing.

Let's be honest here: Gamergate is a hate movement. A few minutes of Googling, watching Twitter feeds, and even spending some time in KIA - the "Clean face" of GamerGate designed to lure in useful idiots, forget 8chan where the actual organization is - shows that fairly conclusively. I've delved in. I've seen major GamerGate figures in the early days promoting stories like "How to rape a woman and get away with it" and "How to break a woman". I've seen major GamerGate figures harass a woman developer who'd had the audacity to fight back against earlier harassment taunting her because her dog just died.

That's why pretty much the entire mainstream media is calling GamerGate a hate group. They're not doing it because some female gamedev had sex with them. They're calling it a hate group because it is.

Comment: Re:do no evil (Score 2) 175

by Ungrounded Lightning (#49154693) Attached to: Google Taking Over New TLDs

Perhaps they should be asking for a ".google" gTLD, for that purpose, instead of trying to monopolize a generic identifier.

I was about to suggest the same, but with ".goog", to make it shorter. (Can't think of a less-than-three-letter symbol that points to them as strongly.)

(It's also their stock ticker symbol, so maybe it's not such a good idea - it could cause a land rush and litigation from all the other publicly traded companies.)

Comment: Re:Headline/summary discord (Score 2) 152

by squiggleslash (#49154653) Attached to: Hyperloop Testing Starts Next Year

It's bizarre hype. The articles I've read have quoted the project leaders as claiming this is the real thing, followed by a claim that it's a small scale prototype to test the concept. Uh. OK. Not what most people would say is the "real thing", but whatever.

I'd be more enthusiastic about the project if it didn't appear to be solely a dishonest attempt to kill a high-speed rail project, by claiming an unproven, non-existent, technology that, if implemented as proposed, would only link up two of the four cities CAHSR joins, has a fraction of the capacity, would have a total travel time (that is, downtown to station to station to downtown) that's longer than CAHSR's, is "cheaper". Amazingly enough, CAHSR would cost much less if it didn't have to do those things either.

Which is a shame because I shouldn't be looking at the ugly agenda behind the project. It'd be nice to see it in isolation, as a concept that could join cities in future.

Comment: Re:It still helps (Score 1) 96

by Cyberdyne (#49152807) Attached to: Twitter Adds "Report Dox" Option

And it would be trivial to keep any "clean" account(s) they have on a separate IP,

Trivial, perhaps... but over time it's easy to slip and use an IP that's more traceable to you, which is why I said to publish all of the IP's that handle has posted from.

I can see some appeal to that, but surely any sane leaker will post using a restaurant's free wifi or similar - meaning their doxing gets associated with any other innocent user who happens to have posted updates from that restaurant, with no apparent link to their own isolated accounts?

Personally, I'd probably use the free wifi at the railway station on my daily commute - indeed, I do use it most days, for innocent purposes - or if I wanted to do something that might be traced, ride an hour or so on one of the lines and use another station on the network, using a randomised MAC address on a laptop. Anyone who was identified as associated with me then is completely uninvolved. Yes, maybe you'd catch a few low-level trolls, but you'd be falsely smearing a whole lot of innocent third parties - making the identification worthless anyway.

User Journal

Journal: Web Dev on the Mac 1

Journal by stoolpigeon

I've been working on a little side project. I would like to have an app where people can read updates that I send out. It seemed like a fun way to learn more about programming mobile apps and it's something I could actually use if I can get it to a decent state.

I'm keeping it simple. I decided the app would just be an rss feed reader. And that meant I need a feed. I want it to be very specific to my app so I decided the way to go would be to just create my own back end for cre

Comment: Re:file transfer (Score 2) 448

by ncc74656 (#49144359) Attached to: Ask Slashdot: Old PC File Transfer Problem

The new machines lack LPT ports? WTF kind of machine did you buy without an LPT port? A laptop, sure, a desktop? You have to look hard, even today to find a machine that doesn't have a printer port.

Pretty much anything built in the last five or so years won't have serial or parallel ports. If you're lucky, you might have some headers on the motherboard that can be brought to the slot cage with connectors in brackets like what were common before ATX, but I've run across plenty of motherboards that don't even have those. Notebooks are even less likely to have them. This Dell Inspiron E1505 I'm typing on is a bit long in the tooth...main reason I'm keeping it going is its 15" 1680x1050 screen. No serial or parallel ports on it.

When I saw a sufficiently-old notebook come through my office a while back that had a serial port on it, I hung onto it for talking to our switches and routers. I forget what model of HP it is, but it's old enough that it runs on an Athlon XP. It's probably the better part of 10 years old at this point. The last emerge -uND world took a couple of days to run, but it's fast enough to run Minicom and Firefox, and to do traffic captures from the switch: serial connection to the management port to enable SPAN, Ethernet to the SPAN port for capture, and WiFi to talk to the whole thing from my office instead of the server room.

Comment: Re:Well someone has to do it (Score 1) 342

by jdavidb (#49144329) Attached to: The Programmers Who Want To Get Rid of Software Estimates

Business can't plan or talk to customers or have any strategy whatsoever without at least some estimate...that's just the real world. If devs don't give estimates, managers have to make estimates. If managers don't make estimates, business makes estimates. You want devs to do the estimating.

I just don't want the boss to be disrespectful to me when the estimate is not accurate. Get us some estimation training or something. Don't give me a lecture. I'm too old for lectures.

"Consequences, Schmonsequences, as long as I'm rich." -- "Ali Baba Bunny" [1957, Chuck Jones]

Working...