Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Comment But it's running Windows. (Score 1) 100

"The worm is detected by almost all security vendors, but it seems that it is still being used because modern day IoT devices can't yet run security products."

I thought Conficker worked on *Windows* OS. That can run antivirus.

"but it seems that it is still being used because modern day IoT devices can't yet run security products."

I'll allow you to say this when a worm is targeting Receivers or Fridges. Or even Raspberry PI. Not when the targeted item is running Windows.

Comment Math.... (Score 2) 616

Personally, I think humanities majors should be good at math too. (And, for that matter, journalists and politicians.)

Of course the level of math you need to have varies. But I don't think you can be a "good" programmer without understanding logic.

Certainly you don't need the single spearhead knowledge of a single or a few topics that a "math major" gets. And you can probably ignore most of calculus and analytic algebra. But knowing trigonometry and signal theory will most likely make you better and higher paid pretty quickly. Being able to look up and study the math you need at the moment, quite certainly so.

But that doesn't mean that a lot of girls that think they are bad at math should stay away from trying programming. Girls specifically have a tendency to undervalue their own knowledge. (While guys tend to overvalue.) (I personally think this behaviour is social training.)

If you think you are bad at math but programming comes easy, you might find that you weren't actually bad at math.

Comment third party (Score 1) 259


A problem I have (and a temporary solution) is that ads come from a third party site. Usually the same few networks. I don't like being tracked by third party sites and I see no reason to view their content, so I simply DNS block common ad networks and third-party-content block them in the browser. This is causing the problem that I don't pay for the sites I visit (the adblock problem) and of course I can't visit sites that demand the third party site content to show (DNS block),
but there is at least very low risk for tracking and third party malvertising.

A solution as I see it would be that ads are given as images and reported as statistics, so that the main site can repack them (removing any exploits), display them without tracking me more than usual and report the displays to the advertisement network. (It would also have the benefit that any annoying flash ads and popups would go away, which would benefit the advertisers in the long run - less ad blocking.) (I presume clickthroughs can go to the advertisement network so they can keep track of that part.)

Comment well, if they were interested in focus... (Score 1) 170

...they could start by eliminating everything that makes it hard to concentrate and focus when you actually want to.

I have a hard time concentrating when the environment is noisy.
Interruptions can totally ruin my _day_ of production.
Lack of motivation ruins my creativity.

So if you want a productive environment, I really don't think forcing people to stare at an IDE is the solution.
Get rid of the cubicles, let people be in personal spaces (rooms) with 1-2 people. Make sure fans and other noise sources are silent. Get rid of drafts. Make the environment friendly and not sterile.
Make sure you don't schedule meetings during the day when people need to stay focused. Put them in mornings or late afternoons (before or after a long creative period).
Make sure your people feel involved in the project and the company. Give praise on any progress. Get involved and try to understand what's going on (details are not needed for this). Listen to them, the needs (for projects and for the workplace environment and need for time off). Send people on educations, workshops and courses to keep the skills updated (after their needs and wishes).

Trust them or the motivation is lost. Never micromanage. Get bosses and leaders that are good at being bosses leaders. (Don't promote to incompetence.)

It's not that hard.

Comment Re:potentially (Score 1) 160


Although there's lots of easier methods if you have access to the physical car.

(Just like breaking a bluetooth lock is possible, but it's also possible to use a normal untraceable chainsaw on the wall next to the door.)

(Also: Never attribute to malice that which is adequately explained by stupidity. I'm personally more worried about bugs in cars than security holes.)

Comment potentially (Score 4, Interesting) 160

"Because infotainment systems processed DAB data to display text and pictures on car dashboard screens, he said, an attacker could send code that would let them take over the system.

Once an infotainment system had been compromised, he said, an attacker could potentially use it as a way to control more critical systems, including steering and braking."

Well, yeah.

Normally it's not that easy. Sure, the car stereo sits on a can bus with nice information (ACC, backing signals to turn on the back camera, speed information so the volume can be automatically adjusted, etc). But it's not on the vital CAN bus (at least not on most cars).

But yes, it's an entrance point. So is the 3g/wifi receiver in the stereo, or the bluetooth connection to the handsfree that it can do.

But you would have to:

1. crack an entrance point to the stereo (any of the above)
2. control the stereo CAN transmitter (if it has one)
3. using that CAN to crack an entrance point to another system that talks to a vital CAN bus
4. control that system enough to transmit CAN on the vital bus
5. and then use this system to send bad messages to brakes or steering

and all cars use different firmware with different security holes and different CPUs.
But with enough research you could probably crack a specific vulnerable car model.

Cracking modern airplanes seems easier, actually.

Bell Labs Unix -- Reach out and grep someone.