Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment: Re: accounts (Score 1) 269

by Macman408 (#49276631) Attached to: Fraud Rampant In Apple Pay

Ditto here. I forget what I had to do to verify, but it was basically the same as if I had called in and wanted to do something with my account. In fact, that's exactly what it was! At the end of entering the card into my iPhone, it prompted me to call the card's service phone number, where I verified my identity, and then they activated Apple Pay. This was in December, well before the rash of articles on this topic, so wasn't just a knee-jerk reaction by my bank.

True, it wasn't as much security as the bank wanted when I wired a down payment for my house; after receiving that fax, they asked no fewer than TEN security questions. I didn't know they had that many pieces of knowledge about me!

Comment: Re: ECC Memory (Score 5, Interesting) 180

by Macman408 (#49222947) Attached to: Exploiting the DRAM Rowhammer Bug To Gain Kernel Privileges

I hadn't heard of this either, but a quick google turned up a description of false parity RAM:
TLazy;DR: To save cost where parity RAM was required by the hardware but not by the operator, modules existed that would calculate the parity bit upon reading the RAM, rather than storing the parity bit. I don't see any evidence that this type of module ever existed for ECC though.

To make sure memory is ECC, it's probably sufficient to count the memory chips on a DIMM. If there are 9 or 18 (or even 36, if it's a particularly large DIMM) identically-marked chips, that's ECC. If there are 4, 8, 16, or 32 chips, then it's probably not. If one of the chips is marked differently than the others, it might be a little more complicated; it might be possible that it's a different memory chip (e.g. if there are 4 x16 memory chips, you'd only need one x8 to get a x72 ECC DIMM, so that last chip would be different). But it's also possible that it's buffered/registered memory, and the different chip is the buffer/register.

And an aside on the topic of buying RAM for yourself:
In general, I'm not a fan of cheaping out on memory. I did computer repair for a while, and it shocked me how many problems were caused by bad RAM - from the obvious ("my computer crashes every time I boot it") to less obvious ("every few days, an application crashes") to the rather insidious ("it was running fine, and now I can't mount my hard drive any more"). It got to the point where, when a computer came in with nonspecific symptoms like that, I'd open up the computer and peek at the RAM chips first. If they had no recognizable manufacturer, they were certainly garbage. If they were recognizable but not top-tier, they probably needed some stress testing on our RAM tester. And if they were the good stuff (Samsung always had my vote there, though it's hard to find because they don't sell directly to consumers), then it was probably something else.

That's also where I learned that things like memtest86 or other software diagnostic tools were basically useless too. Only the absolute worst memory would fail a test, even a looped test run for days. Most bad RAM was marginal - after all, it probably passed some manufacturing tests. We had a rather expensive (~$4k-8k) box that would test memory, doing things like varying the supply voltage or self-heating the RAM. When RAM is installed in your PC, you're still limited by the hardware - i.e. the voltage regulator and the memory controller - which probably keep the memory as close to nominal conditions as possible. Obviously, those machines are rather hard to come by, so you have to make do with software tests instead - but a pass on those just means I can't prove it's bad; it doesn't mean the memory is good. Even if I pass all memory testing, I'll still swap/remove/replace DIMMs in an attempt to find which one is bad, because it's often not obvious.

Comment: Re:"Free" exercise (Score 1) 304

by Macman408 (#49125343) Attached to: I ride a bike ...

That description basically sounds like the San Francisco Bay area to me...

If you're interested in riding, find someone else who does it, and they may have helpful tips on where to ride. As you get more experienced, you might find yourself more comfortable sharing the road with cars - but certainly initially, most people prefer to take quiet residential streets or sidewalks. (Personally, I think sidewalks are a terrible idea for bikes - nobody is looking for you, and there are lots of driveways and obstacles. But if that's the only way that people feel safe riding, so be it.)

Comment: Re:Changes based on the Season (Score 1) 304

by Macman408 (#49125305) Attached to: I ride a bike ...

I used to ride a hybrid in the snow with nearly-bald medium-width tires (28-32 or so, I moved narrower over several years). I usually avoided the 8-mile commute when it was actually snowing and cars were sliding around everywhere, though. Only fell twice on those skinny tires; both were when I tried to make ~90 turns at low speed. At higher speeds, the bike still wants to stay upright, even if there's no traction.

Layers are good, but nothing helps when the temperature is negative (F) and you start breathing hard when you go up a steep hill... I could feel my alveoli freezing with every breath. Never stopped me, though...

Comment: Re:"Free" exercise (Score 1) 304

by Macman408 (#49125279) Attached to: I ride a bike ...

Yes. There's a group of people that rides from San Francisco to Google in Mountain View; roughly, it's 42.5 miles, though it's a bit different for each person, because most riders: 1. don't live at the coffee shop(s) where they meet up to start the ride, and 2. don't necessarily work at Google. Once they get to Google, smaller groups branch off in the directions of all the other area tech companies.

Just from hearsay, though; I've never ridden it myself (my commute is a bit tamer), though I've considered trying their route out for fun sometime.

In case the 42.5-mile ride is not to your liking, there are alternate scenic routes that go 48 or 62 miles, at a cost of more hills.

Comment: Re:Sheesh! I thought Reiser had a bad defense... (Score 1) 73

As a follow up, I saw something today after the verdict was announced that quoted his attorney; apparently the pre-trial negotiations didn't offer anything meaningful in terms of a reduced sentence if he were to plead guilty, so they didn't take it.

Comment: Re:Terrible lawyering by the defense (Score 1) 257

by Macman408 (#48985241) Attached to: Ross Ulbricht Found Guilty On All 7 Counts In Silk Road Trial

I found this Ars article rather illuminating:
Specifically, this quote at the end:

Ulbricht received a fair trial. The judge was hard on the defense, but that is largely due to how the defense acted and their strange tactical decisions.

In one of the judge's orders (I believe the one excluding his expert witnesses), the Judge blasted the defense as having made a calculated risk - they didn't want to show their hand so that the prosecution couldn't show evidence to counter the defense strategy, so they waited until the last minute to add their experts to the trial. However, the prosecution saw some of this coming and dropped a ton of evidence on the jury - and the judge saw through the defense's strategy and ruled against them:

If defense counsel truly planned his trial strategy around his ability to bend the rules and examine witnesses outside of the scope of their direct, then he should have had a “Plan B” that included complying with the rules. Defense counsel took a calculated risk.

I'm sure that this will get stuck in appeals for quite a long time. The best thing the defense can do in a situation like this where all the evidence points to guilt is to try and stir up confusion by throwing everything at the wall, and waiting to see what sticks. They only have to get lucky once to get a "not guilty" that will forever absolve Ulbricht, thanks to protection from double jeopardy.

Comment: Re:Sheesh! I thought Reiser had a bad defense... (Score 2, Interesting) 73

They might not have offered him a deal, or he might've been too stupid to take it. The prosecution apparently accused him of thinking he's too smart to be convicted (speaking of Hans Reiser...), and Ars Technica had an Op-Ed speculating that he might not be taking the advice of his lawyer as much as he should be - or his lawyer isn't doing a good job.

Reading Ars Technica's great day-by-day coverage of the trial, I think the prosecution has probably done a great job of tying up all the evidence in a beautiful package for the jury, while the defense laid out a haphazard tale meant to distract and confuse the jury. This is exactly what happened when I served on a jury a couple years ago - maybe 3 of the people on the jury were somewhat swayed by the defense's arguments, but after a little deliberation, the rest of us convinced those 3 that he was guilty beyond a reasonable doubt.

I think the defense attorney probably did his job here in trying to confuse things - but seeing how the evidence was presented in Ars's articles, I think that he'd have to get really lucky with the jury to get an acquittal at this point.

Comment: Re:Malicious code can cause computers to crash (Score 1) 138

by Macman408 (#48669711) Attached to: Many DDR3 Modules Vulnerable To Bit Rot By a Simple Program

It depends a bit on the physical structure of the RAM, but for the most part, the errors fall on logically adjacent rows (i.e. nearby memory addresses) in the RAM. So most of the time, you'll only affect other RAM inside your sandbox, and if you affect something outside the sandbox, it won't be far outside.

I remember encountering a similar failure when designing a system; the particular memory controller and the particular DRAM module we were using both met all applicable specs, but when used together in a particular manner, they would fail miserably. The specific test was to alternate writing all zeros and all ones at different addresses. The RAM controller had an oddity where it would enable the drivers for the RAM data pins a very briefly before the data was known. For that particular data pattern, that meant that it would drive all ones on the data pins to the RAM for less than a nanosecond, before starting to drive all zeros (or the reverse). There's nothing really against that in the spec; the data was all correct for all the relevant setup and hold time requirements relative to the control signals. However, it caused a lot of noise on the ground plane of the DRAM module; we measured as much as 0.75V or so. (That's measuring the ground voltage on one side of the SO-DIMM to the ground voltage on the other side; it's shorted by a mostly-solid layer of copper, but that just wasn't enough to carry all the current with this particular access pattern.) So from the point of view of the RAM chips, it's a little like having your 2.5V supply voltage suddenly drop to 1.75V. It messes up all the reference voltages, so a 1 might be interpreted as a 0, or vice versa. The memory controller manufacturer refused to do anything about it (and it would've taken them many months to redesign and respin the chip anyway), but the RAM module manufacturer was friendly to us, and they beefed up the ground plane so that the noise level was much more manageable.

In any case, I'm sure there are thousands of faults like this that are just waiting to be found and exercised in any given system. No modern computer is 100% tested, they're far too complicated. There will always be some weird sequence of things that could happen and trigger some failure - but hopefully that sequence is so odd, it'll never happen.

Comment: Re:Not seeing the issue here (Score 2) 209

by Macman408 (#48650507) Attached to: Judge: It's OK For Cops To Create Fake Instagram Accounts

Negative. When I served on a jury, the judge *specifically* instructed us that we were not to lend any more credence to the testimony of a police officer than to any other person, solely because he/she was an officer. During jury selection, anybody who either would never trust a cop *or* would *always* trust a cop was dismissed.

That said, we trusted the cops anyway, because their story made a lot more sense than the guy and his wife saying "nuh-uh, that meth wasn't mine, bro," with no other evidence or witnesses to prove it. Meanwhile, the police presented evidence such as the meth pipe, the letters addressed to him that the pipe was sitting on top of in his bedside table, the meth that was in it, and a record from his roommate/alleged dealer/meth cook that he was indebted (the presumption being that it was for meth).

I won't disagree that they are probably trusted by a jury more often than other witnesses for a variety of reasons (a lack of obvious motivation to lie, an appearance of professionalism, a calm demeanor under pressure, etc.), but the court itself does not hold them up as model witnesses.

Elegance and truth are inversely related. -- Becker's Razor