Forgot your password?
typodupeerror

Comment: Texas Instruments calculator (Score 1) 202

by smooth wombat (#46789647) Attached to: Ask Slashdot: What Tech Products Were Built To Last?

TI-36 solar version. Came with the vinyl flip case which still has part of its spine holding on like grim death.

Bought it just out of high school (back in the day) and recently used it for my stats class (about 2 years ago).

I still take it with me every time I go grocery shopping to keep track of how much I'm spending.

Comment: Re:That's where you are wrong. (Score 1) 147

by khasim (#46789043) Attached to: Bug Bounties Don't Help If Bugs Never Run Out

Do you really believe that if you offered a $10 million prize to anyone who could find a vulnerability in the Apache web server, that you would reach the point where people weren't finding and reporting new ones...

From your inclusion of "really believe" I'd say that your question was rhetorical.

And wrong.

At $10 million per buffer overflow? Yes. There would be a finite number of buffer overflows that would be found and fixed.

At $10 million per X category of bug? Yes. There would be a finite number X's that would be found and fixed.

Therefore, unless you assume an infinite number of categories of bugs, all the bugs would eventually be fixed.

Because the code base comprises a finite number of bits and there is a finite number of ways that those bits can be run.

Comment: That's where you are wrong. (Score 1) 147

by khasim (#46788717) Attached to: Bug Bounties Don't Help If Bugs Never Run Out

My point is that if there are (effectively) infinitely many bugs...

No need to read any further because that is an incorrect assumption.

There cannot be an infinite number of bugs (effectively or otherwise) because there is not an infinite about of code NOR an infinite number of ways to run the finite amount of code.

From TFA:

(He confirmed to me afterwards that in his estimation, once the manufacturer had fixed that vulnerability, he figured his same team could have found another one with the same amount of effort.)

Then he was wrong as well.

There are a finite number of times that buffers are used in that code base. Therefore there are a finite number of times that buffers could be overflowed. If someone went through the code and checked each instance and ensured that an overflow situation was not possible then it would not be possible.

"Infinite" does not mean what you think it does.

Comment: Re:Bennett's Ego (Score 0) 147

by khasim (#46788573) Attached to: Bug Bounties Don't Help If Bugs Never Run Out

Is there a statement in the article that you think is incorrect?

You missed the point of the post that you are replying to. But since you asked ...

You can visualize it even more starkly this way: A stranger approaches a company like Microsoft holding two envelopes, one containing $1,000 cash, and the other containing an IE security vulnerability which hasn't yet been discovered in the wild, and asks Microsoft to pick one envelope.

That makes no sense. Why would a security-researcher offer to pay MICROSOFT for NOTHING?

Microsoft should be paying the security-researcher.

It would sound short-sighted and irresponsible for Microsoft to pick the envelope containing the cash â" but when Microsoft declines to offer a $1,000 cash prize for vulnerabilities, it's exactly like choosing the envelope with the $1,000.

Wrong again.

Not PAYING $1,000 is NOT the same as getting an ADDITIONAL $1,000.

If I have $1,000 and I do not buy something for $1,000 I still have $1,000. But if someone gives me an envelope with $1,000 then I have TWO THOUSAND DOLLARS.

You might argue that it's "not exactly the same" because Microsoft's hypothetical $1,000 prize program would be on offer for bugs which haven't been found yet, but I'd argue that's a distinction without a difference.

No. It's wrong because in your example Microsoft ends up with an ADDITIONAL $1,000 from a security-researcher.

Comment: Re:I'd seriously think about a dedicated router (Score 1) 91

by Sycraft-fu (#46787633) Attached to: Ask Slashdot: Which Router Firmware For Bandwidth Management?

Ummm, if you bothered more than a cursory glance at my thing you'd notice I AM advocating open solutions. Monowall is FreeBSD, with some mods and a nice WebUI stuck on it for configuration. EdgeOS, that runs on the ERL, is a fork of Vayetta, which is a fork/mod of Debian.

Both are open solutions but both are under active development and support by a team. Hence I'm a pretty big fan. Monowall was last updated in January, and they still support their legacy version for old hardware like WRAP systems, and their new version for more powerful systems. EdgeOS was updated in March, and they have an alpha for the next version going you can opt in to.

On the other hand the OSS firmwares are half-abandoned it seems. When I Google for Tomato I get a page that talks about it as a WRT54G firmware and looks like it hasn't seen updates in 5-8 years. Further down there's a "Tomato USB" mod on it that was updated in 2010 and still runs on 2.6.

This sort of thing does not engender trust in long term viability or freedom from bugs/exploits.

Also there's the issue that some of us have high speed needs. My Internet connection is 150/20mbps. So I need something that can support that. Triple stream N is pretty much the minimum (dual stream N maybe can in ideal cases) and AC is a better choice. Also the "router" part of the router needs to be able to keep up with that kind of speed, even when I've set up my firewall rules and such.

Finally you seem to confuse reliability with swappability. Sure, you can have a whole host of cheapass old routers and if one dies, put in a new one. However it is hard to do when you need more powerful, and thus expensive, hardware but also that isn't reliable, that is just having extras. I'd rather just have something that has less issues, that works for years on end with no problems, and not have to mess with it. That's what you get with something like a monowall box.

Also like I said, one component may need replacing before others. My Edgerouter Lite will last me a long time, unless it breaks, since it can handle around gigabit speeds with the setup I have (I've tested it). However if I get much faster Internet, I'll need a new cable modem, since mine is only 8x4 stream, and to go much above where I'm at you usually want 16 streams down. Likewise if my WAP is likely to get replaced sooner than the ERL, but probably not as soon as the cable modem.

I can have latest tech where I want it, older tech where I don't and it is all good. Also in my experience setups like that are extremely reliable.

Comment: No thanks (Score 1) 45

by smooth wombat (#46787619) Attached to: The Internet of Things and Humans
the consumer end of the Uber app as it is today, and on the other end, a self-driving car.

I'm quite capable of driving myself, including shifting gears. I don't need or want to rely on software to get me where I'm going. It's bad enough we have rearview cameras being shoved down our throats because people are too lazy or fat to turn around and look behind them, we don't need more technology to try and solve a human problem.

Comment: Glad to help (Score 1) 91

by Sycraft-fu (#46783247) Attached to: Ask Slashdot: Which Router Firmware For Bandwidth Management?

It's a pretty new product, which is why you haven't heard of it. It isn't the greatest thing EVAR, as its web UI could use some work, and some of the features it has can hit the limited CPU pretty hard (VLANs and encryption notably) but it is pretty damn good.

It is what lives at the edge of my home network, and I'm real happy with it.

They also make larger models, should you have the need.

Comment: I'd seriously think about a dedicated router (Score 5, Interesting) 91

by Sycraft-fu (#46782625) Attached to: Ask Slashdot: Which Router Firmware For Bandwidth Management?

The problem is all those consumer wifi+router deals tend to have kinda crap firmware. While there are, in theory, OSS alternatives they seem to be less than speedy with the updates and support for new hardware.

So I'd look elsewhere. The two things I'd put at the top of your list:

Monowall, on an APU.1C. It is like $150 for the unit, and then $20-30 for an enclosure and CF card. Monowall should support everything you need, it is really feature rich, is pretty easy to use, and the APU.1C is fast enough it shouldn't have issues even with fairly fast internet.

A Ubiquiti Edgerouter Lite. This is a funny looking and named lil' router with quite a bit of performance under the hood, thanks to the hardware routing logic its chip has. $100 and it can push gigabit speeds for basic routing setups. It is also extremely configurable, since it runs a Vayetta fork, which is a Linux OS customized for routing. However to configure the kind of things you want, you might have to hop in to the CLI, I don't know that the GUI has what you need. It supports that though, and you can even hop out of the specialized routing CLI and get a regular Linux prompt where you can install packages and such.

If you want a more supported solution, you could look at a Cisco RV320. Costs like $200 and is a fast lil' wired router (uses the same basic chip as the Edgerouter, just slower). I haven't used one but I'm given to understand you can make them do a lot. Sounds like they firmware may be a little flakey though.

You then just set your consumer WAP+router in to "access point" mode and have it just do the wireless functions.

This is all more expensive and complex than just running on a consumer WAP+router, but more likely to be able to do what you require. It also means you can change out components without as much trouble. Like say your WAP gets flakey, and you want a new one with the latest technology. No problem, just buy it. You don't have to worry if it supports the routing features you need because it doesn't do that for you.

If you are stuck on doing an all in one, then you could look at a Netgear Nighthawk R7000 or the new Linksys WRT1900AC. The Netgear does have bandwidth management and QoS in its native firmware (I haven't played with the features, but I can confirm they are there as I own one) and there is a "myopenrouter" site that has OSS firmware for it (ddwrt mod I think). The Linksys router supposedly is going to have OpenWRT support soon as Linksys worked directly with the OpenWRT team for it.

Comment: Re:Useful Idiot (Score 2, Funny) 369

He probably could have tried legal measures to implement reform if it was actually more important to him than being famous

He wants more than fame, he wants to establish Russia as a global power, again. Problem is, his economy is mostly natural resourced exporting - which means it's pretty weak on manufacturing or services.

Thus spake the master programmer: "When a program is being tested, it is too late to make design changes." -- Geoffrey James, "The Tao of Programming"

Working...