Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Why can't they fairly negotiate? (Score 1) 58

by hey! (#49184405) Attached to: SpaceX's Challenge Against Blue Origins' Patent Fails To Take Off

There was a period in the early 00's when one of the my company's manager would periodically walk through my office door and the first words out of his mouth was "I just read about this patent..." and I'd stop him right there.

"This is going to be one of those things where the extent of the filer's 'invention' was to take something people were doing with LORAN fifty years ago, cross out 'LORAN' and write in 'GPS', isn't it?"

"Well," he'd begin.

"I don't want to hear about it. It's guaranteed to be invalid on the basis of obviousness, but if they get lucky in court and I've actually read or even heard about that specific patent they'll be able to take us to the cleaners."

You'd be amazed at some of the technology patents the patent office grants. Stuff anyone who'd been a practicing engineer for more than a few months would laugh his ass off at if he were patent examiner.

Comment: Remembering Nimoy this way is illogical. (Score 5, Informative) 203

by hey! (#49183661) Attached to: <em>Star Trek</em> Fans Told To Stop "Spocking" Canadian $5 Bill

His family has requested that donations be made in his memory to one of the following charities

Everychild Foundation http://everychildfoundation.or...
P.O. Box 1808
Pacific Palisades, CA 90272

Chronic Obstructive Pulmonary Disease (COPD) Foundation http://www.copdfoundation.org/
20 F Street NW, Suite 200-A
Washington, D.C. 20001

Beit T’Shuvah Treatment Center http://www.beittshuvah.org/tre...
8831 Venice Blvd.
Los Angeles, CA 90034

Bay-Nimoy Early Childhood Center at Temple Israel of Hollywood http://www.tiohnurseryschool.o...
7300 Hollywood Blvd.
Los Angeles, CA 90046

Source: http://www.startrek.com/articl...

Comment: Re:The obvious solution (Score 1) 58

by hey! (#49183073) Attached to: US Air Traffic Control System Is Riddled With Vulnerabilities

How it was initially deployed is known only to its makers, but Stuxnet was designed to enter an isolated facility on a USB drive. Once on the LAN it would propagate to other computers, and potentially to other networks via an infected laptop, which is how it ended upon the Internet.

You can use your imagination as to how they got the USB into the target facility. It might have been as simple as dropping the USB stick in the parking lot of a vendor, but given the resources needed to create the worm itself you can't rule out some kind of black bag job or human asset.

Comment: Re:What could possibly go wrong? (Score 1) 119

by swillden (#49182821) Attached to: Linux 4.0 Getting No-Reboot Patching

If someone gains root, they can swap out the on-disk boot image that contains the kernel, and wait for someone else to reboot it as part of normal maintenance.

Assuming there isn't something that prevents the boot image from being replaced. See my other, more extensive, comment in this thread.

Comment: Re:The obvious solution (Score 1) 58

by hey! (#49182649) Attached to: US Air Traffic Control System Is Riddled With Vulnerabilities

I really don't see that as a the most vulnerable point. Not by a long shot. Tapping a digital fiber link wouldn't be like US submarines tapping Soviet analog telephone cables. The data on the link can be encrypted and authenticated at either end such that it's not really practical to modify or impersonate without the kind of assets in the organization that would make an inside job a lot simpler.

The real problem is human factors. Air-gapping sensitive systems is a sound idea in principle but in practice it often fails because it's too cumbersome for users who then undermine the system. And Stuxnet showed that it's possible for a sufficiently advanced opponent to target systems of the far side of an air gap.

So the problem is with the notion that separate parallel systems separated from the outside world are a "simple" solution. They're a potential solution, but if you want to have confidence in that solution there's a lot of work analyzing and policing the behavior of the people who use, maintain, and produce the equipment.

Comment: Re:What could possibly go wrong? (Score 3, Informative) 119

by swillden (#49181487) Attached to: Linux 4.0 Getting No-Reboot Patching

But what you're saying is that rebooting is somehow a magic cure-all that guarantees the system isn't infected somehow

Don't be condescending. I'm not saying rebooting is a magic anything.

Whether or not this matters depends on the threat model and why the attacker is interested in patching the kernel. For example, one purpose would be to disable other kernel security features, such as SELinux, or dm-verity. Most SELinux rules are configured and the configuration can be altered by root, but some are compiled into the kernel and can only be modified by modifying the kernel. Altering the persistent kernel image may not be possible for a variety of reasons (read-only media, SecureBoot, etc.). In addition, in security-sensitive and mission-critical contexts an unexpected reboot may well be noticed.

I don't understand your assertion about SecureBoot. Are you referring to some known vulnerability of some particular secure boot system? Given a decent implementation of secure/verified boot, an attacker should not be able to convince the system to boot a modified kernel image, which means that run-time modification of the kernel is the only option if the attacker needs to bypass some kernel security enforcement.

In general, the security model of a high-security Linux system assumes that the kernel is more trustworthy than root. The ability for root to modify the running kernel invalidates this assumption, which most definitely is a security issue.

In the context of a system without mandatory access controls there may not be any reason to care, since once an attacker has obtained root there probably isn't any limit to what he can do.

Comment: Re:What could possibly go wrong? (Score 2) 119

by swillden (#49180351) Attached to: Linux 4.0 Getting No-Reboot Patching

It's no more a risk than current patching that requires a reboot, except that you don't have the downtime of a reboot.

Sure, if your concern is error, rather than malice. An attacker who gains root could use this to dynamically patch a backdoor into the running kernel. Rebooting the machine would potentially enable someone to notice.

As another poster noted, though, you can already dynamically patch the kernel for malicious purposes by loading a malicious module, assuming that hasn't been disabled. In contexts where security is crucial, I would disable both dynamic module loading and run-time patching.

Comment: Re:Pretty pointless (Score 1) 321

by swillden (#49179733) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

I assume the communication companies were handing over a lot more than the NSLs can demand in the spirit of cooperation and that is why the retroactive immunity was necessary

The GP wasn't suggesting that excessive data was handed over, he said that an NSL could be used to demand installation of a backdoor. If I were a vendor, even one who really wanted to be cooperative, I'd balk at that, because the chances of something like a backdoor being discovered are too high. It would be actively sabotaging my customers, and not just to the NSA... a backdoor can't distinguish between users, it lets in anyone who figures it out. And, of course, if the existence of the backdoor were published it would do serious damage to my business.

Even companies who want to cooperate are going to be reluctant to do potentially business-destroying favors for the government. There would be a great deal of incentive to fall back on the law and refuse on the grounds that the law doesn't authorize such requests.

Comment: Re:FDE on Android doesn't work as of yet (Score 1) 118

by swillden (#49179701) Attached to: Google Backs Off Default Encryption on New Android Lollilop Devices

I'm skeptical that an Android device would survive running flat out for two years to crack a PIN. The heat and battery life issues I experienced when I tested it demonstrate clearly that mobile devices simply aren't designed to run full-speed 24x7.

Also, it should be pointed out that the attack I described is far from easy to carry out. Among other things, it requires dumping the contents of flash, which basically requires removing the flash chips from the mainboard without damaging it, then either putting the flash chips back or installing new flash, then the device must be unlocked, a custom, hostile OS flashed, and finally the attacker can start the multi-year process.

Note that the 630-day figure I cited is on average. It would take twice that long for a guaranteed break.

Finally, if you add one more character to your passcode (7-character alphanumeric), the crack time jumps from 630 days on average to 124 years.

I agree that Lollipop FDE still needs some improvement, but it's already quite good.

Comment: Re:There is science here (Score 2) 20

by hey! (#49178195) Attached to: Rosetta Photographs Its Own Shadow On Comet 67P/C-G

Hmmm. While your explanation is unquestionably true, I don't think you quite understood what the poster was asking. His question is, I think, about the sharp shadows behind ridges on the surface, not the shadow of the vehicle itself.

I think his problem is an implicit assumption that if you drew a line from the center of the sun through the spacecraft, it would intersect the surface at a right angle. In that case you wouldn't expect cracks on the surface to display in such relief. However I believe that assumption is faulty, and that the rays of the sun intersect the surface at a considerable angle.

This is not unlike seeing the shadow of a plane you are riding in on the surface of the Earth. Unless you are in the tropics, that shadow won't be directly beneath you. It will be off to one side. It will also be distorted as it is spread out across the non-perpendicular surface, but you won't necessarily notice that because of foreshortening.

Comment: Re:Easier to Analyze or Change == More Maintainabl (Score 2) 242

by hey! (#49177955) Attached to: Study: Refactoring Doesn't Improve Code Quality

I once took over 30,000 lines of code that had been written by a subcontractor and trimmed it to around 4000 LOC. And you better believe it ran faster! Not because refactoring is magic, but because once all the mind-numbing almost-repetition was mucked out you could actually see what the code was doing and notice that a lot of it wasn't really necessary. Ever since then I have always maintained that coders should never ever copy and paste code. I've had people disagree, saying that a little bit of copying and pasting won't hurt, but I say if it's really such a little bit then you shouldn't mind re-typing it. Of course if you do that very soon you start putting more effort into devising ways to stop repeating yourself, which is exactly the point. Repeating yourself should be painful.

That's I think a reliable litmus test for whether you should refactor a piece of software. If it's an area of code that's been receiving a lot of maintenance, and you think you can reduce the size significantly (say by 1/3 or more) without loss of features or generality you should do it. If it's an area of code that's not taking up any maintenance time, or if you're adding speculative features nobody is asked for and the code will get larger or remain the same size, then you should leave it alone. It's almost common sense.

I don't see why anyone would think that refactoring for its own sake would necessarily improve anything. If an automotive engineer on a lark decided to redesign a transmission you wouldn't expect it to get magically better just because he fiddled with it. But if he had a specific and reasonable objective in the redesign that's a different situation. If you have a specific and sensible objective for reorganizing a piece of code, then it's reasonable to consider doing it.

Comment: Re:Bad idea (Score 1) 644

by swillden (#49176897) Attached to: Snowden Reportedly In Talks To Return To US To Face Trial

Civil disobedience has ALWAYS carried the potential for punishment and if you break the law to make your point that the law is unjust you should stand ready to be arrested, imprisoned and tried in court for what you choose to do.

Your argument would carry more weight if the government who'd be trying Snowden weren't the same one he outed for violating its own laws, with the active collaboration of its judicial branch. Not to mention all of the recent fully-public sidestepping of due process for hundreds of other enemy combatants. Oh, and the torture, including of US citizens. And... do I really need to go on?

Snowden has extremely good reason to be skeptical of the fairness of a trial... or if he'd even get a real trial.

Comment: Re:Leverage (Score 1) 644

by swillden (#49176761) Attached to: Snowden Reportedly In Talks To Return To US To Face Trial

Snowden may be using what leverage he has left. He has not yet disclosed all the information he obtained so the US government might cut a deal to avoid further disclosures.

I see no evidence that Snowden didn't hand everything over to the Guardian et al, all at once, as he said he did. On what do you base your claim that he's still got something left?

Comment: Re:C++ important on Apple too (Score 1) 391

Cross-platform compatibility of C++ code is excellent these days, C++ can call low-level Apple APIs exactly as well as C, and there is no performance cost to C++ unless you choose it.

1) Good but not as good as C.

In most cases these days it's a distinction without a difference.

2) But it's an unnecessary third layer. Obj-C has the objects. C has the speed and compatibility. What do you need a third layer for?

I see this differently. Obj-C has the objects I need to interact with the framework. C++ has the speed, compatibility and expressive power I want. C has speed and compatibility, but lacks expressive power, which creates a lot of tedium and loses a lot of safety.

3) Indeed.

We agree on something :-)

So virtually no one uses it in this scenario.

Only time I see it used is when it's a library that was written in C++ on another platform and is simply being used on a Mac.

I haven't really done much on Macs, but I did a lot of work on NeXTstep back in the day, and C++ was quite common in scientific computing there. Actually, what I saw a lot of was "Objective-C++"... they may have grown further apart, to the degree that this no longer works, but in the early 90s gcc allowed you to mix Objective-C and C++ constructs freely in the same code. So a common approach was to build everything in an OO fashion, but to choose between Objective-C and C++-style classes based on performance and flexibility tradeoffs. The result required you to be fluent in both, but that really just means being fluent in C++ because a C++ programmer can learn Objective-C in a day (which is something I respect about the language).

What this country needs is a dime that will buy a good five-cent bagel.

Working...