Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Comment Re:Circumnavigate? (Score 2) 108

We need a catchy media name for this spate of car hacks that have inundated us this last week or so.

Of all the XYZ-gate names contrived for controversies since watergate, "Circumnavigate" is the first one I actually like.

The Circumnavigate Controversy of 2015, costing Chrysler Millions of USD and Tesla Thousands (in bug bounties)!!

Comment Re:stable (Score 5, Informative) 226

It's stable as in terms of features and changes. i.e. No longer under development and will only receive fixes.

However! Kernels from kernel.org are not for end users, if someone is using these kernels directly then they do so at their own risk.
They are intended for integrators (distributions), whose integration will include their own patches/changes, testing, QA and end user support

There is a reason that RHEL 7 is running Kernel 3.10 and Debian 8 is running 3.16. Those are the 'stable' kernels you were expecting.

When kernel development moved from 2.5 to 2.6 (that later became 3.0), they stopped their odd/even number development/stable-release cycle. Now there is only development, and the integrators are expected to take the output of that to create stable-releases.

Comment Product/Consumer/Provider (Score 4, Insightful) 247

It's been said before, but bares repeating: If you're using Google's "services" for free, then you are the product and not the consumer/customer.

Such an antitrust case is about protecting Google's consumers/customers from Google's de-facto monopoly in the market.

You (the product) switching from google to another search provider only means that Google has 0.00000001% less product to sell, and is unlikely to impact anyone.

However a business (the customer) switching to another provider, could (and would) cut that business off from over 90% of its potential customers (you). Something that is likely to impact them greatly (if not kill the business).

Submission + - The 'Page 63' Backdoor to Elliptic Curve Cryptography 3

CRYPTIS writes: The security of Elliptic curve cryptography is facilitated by the perceived 'hard' problem of cracking the Discrete Logarithm Problem (DLP) for any given curve. Historically, for FIPS (Federal Information Processing Standards) compliance it was required that your curves conformed to the FIPS186-2 document located at http://csrc.nist.gov/publicati... . Page 63 of this specifies that the 'a' and 'b' elliptic curve domain parameters should conform to the mathematical requirement of c*b^2 = a^3 (mod p).

Interestingly, back in 1982, A. M. Odlyzko, of AT & T Bell Laboratories, published a document entitled “Discrete logarithms in finite fields and their cryptographic significance” ( http://www.dtc.umn.edu/~odlyzk... ). Page 63 of this document presents a weak form of the DLP, namely a^3 = b^2*c (mod p).

It seems then, that the National Institute of Standards and Technology (NIST), driven in turn by the NSA, have required that compliant curves have this potentially weak form of the DLP built in; merely transposing the layout of the formula in order to obtain what little obfuscation is available with such a short piece of text.

Comment Required HW (Score 1) 124

Do Android devices have a hardware encrypter/decrypter built into the DMA bus, like iPhone does?

I would guess without something like that, encryption would have a high latency and battery life cost. Encryption accelerated via special CPU features/instructions, like what dm-crypt is able to use, would only partially alleviate those costs.

My guess the problem isn't to do with features in the Andriod software, but rather hardware costs. i.e. Development and Manufacturing costs. Does the lack of encryption really affect sales enough to justify those costs? One thing is clear: The perception of improved battery life does affect sales.

I think in the end Android will get a botched job. Encryption in SW for those that want to turn it on, but off by default as to not affect the phone's vital statistics; especially early benchmarks.

Comment The Rust Language (Score 4, Interesting) 407

I have been mulling similar question for myself for some time. i.e. where should I spend my limited hobby time: learning Obj-C or C++?

In the last few months Rust has caught my attention. Even then it's not yet at verstion 1 (at time of writing its at alpha-1), I really like the concept and what they are try to achieve with the language.

My comment will probably be burried, but if you do read it, spend a few minutes wondering around their web site. For exmaple their 30 minute introduction to Rust.

Comment Re:So does this mean... (Score 3, Insightful) 264

Big step from 3.19: No
Same work as 3.20: Yes

The reference point is 3.0. Kernel development is now 'inline' (as opposed to the old even=release, odd=development system). That means the minor number just gets bigger and bigger, and the kernel gets further and further away from what 3.0 was.

This means at somepoint one should bump the major version number; the question is when? Linus has the answer for this: Basically when the minor number gets asthetically displeasing to him, he'll bump the major number and start the minor number again at 0.

One might ask what will Linus do when the major number gets too big (e.g. >20) ?
Others might ask, why don't they just use a year/calendar based version number? Like Ubuntu does.

Comment Re:Too late (Score 1) 235

I know you were joking, but I'd like to make the following point anyway:

How long until we have fusion power is not a function of time, but a function of investment.
Insufficient/deacreasing investment results in increasing the amount of time needed to complete the required R&D.

In fact a Q&A here on slashdot covered this. It even provided the following graphic as clarification of "50 years until fusion":

Comment Systemd broken PulseAudio!!! (Score 1) 928

I have a Debian HTPC system tracking testing and systemd tried to save from the indignation of PulseAudio. Given configuring ALSA for AC3 S/PDIF is not as easy as it should be, I let PulseAudio stay on my system.

Then came systemd and any application (Flash, KDE itself, VLC) would hang as soon as it attempted to output sound. "PulseAudio --start" instances would just multiply and multiply.

My girlfriend was somewhat annoyed that she couldn't watch her programmes, and trying to work out what was happening was getting to me too.

After battling PulseAudio and ALSA settings, I was started to question if it was a mistake to leave PulseAudio installed all this time. Systemd was trying to help me see my error.

However given my girlfriends mood and lack of patience, as well as the fact that everything worked before Debian switch my init system, I tried apt-get install sysvinit-core and reboot (mostly out of desperation). From that moment on we've had no problem with sound, PulseAudio nor any of the other 'bugs' that showed up recently.

Given my sense of humour, I find it hilarious that systemd seemingly broke PulseAudio. Beyond making me laugh it also induces a sense of nostalgia. As I was in Uni all those years ago, I remember playing CoreWars. This was a game where two users would to develop a programmes that tried to avoid and eradicate the other users program.

Up until I removed systemd I imagine a similar battle being waged on my HTPC. PulseAudio battling with PID 0 and spawning many copies of itself as protection. On the other side systemd using it ultimate control of the system to hijack dbus and udev in order to isolate PulseAudio and to prevent it from communicating with the outside world.

If it weren't for the non-amused look on my girlfriends face, I might have let the two battle it out. However as it stands PulseAudio has won, as systemd is no longer running on the system. Did good or evil win? We'll never know. Suffice to say during the whole affair systemd said nothing, not a single peep to stdout nor stderr.

Comment Re:We need more than that (Score 2) 442

In the US because of the Mickey Mouse Protection Act or rather the Copyright Term Extension Act.

Basically every time Mickey Mouse is about to go out of copyright and into the public domain, Disney lobby for copyright to be extended.

Given that they actively use MM, their Trade Mark on him will never expire. Isn't that enough? Why continuously extend copyright?

Leveraging always beats prototyping.