Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Troll Bait (Score 1) 3

by Will.Woodhull (#49159555) Attached to: A simple question on climate change: heat of fusion of ice

No, I could not. I've got better things to do than to try to repeat the research of other people who know their subject areas better than I will ever learn them.

Your post on the other hand is flamebait. Do you have no better way to bolster your ego? Can you not think of some positive way to score points?

Comment: Re:Why make the same complaint every time? (Score 1) 147

by drinkypoo (#49159325) Attached to: Foxconn Factories' Future: Fewer Humans, More Robots

To pretend this is an Apple story is ultimately dishonest because of its implication.

The story is definitely an Apple story, in part. They are profiting handsomely from participating in this behavior. It's disingenuous to suggest that it isn't about Apple simply because it isn't all about Apple. At best, you're as hypocritical as what you're complaining about.

Comment: Re:Pretty pointless (Score 2) 225

by bill_mcgonigle (#49158741) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

I'm still waiting for the first CEO to go to jail for refusing this.

Dude, you're fourteen years behind the news. The technique is not to get you on the "refusing NSA" charge, but any of the other countless criminal acts you commit every day. This is the primary purpose of a hyper-criminalized environment - so that everybody can be easily bent to the whim of the power structure. See also: charge stacking and the de-facto abolishment of the Sixth Amendment through the plea-bargain process (or, if you're a corporation, the no-plea deal for really efficient fascism.

Comment: Re:And still (Score 1) 168

by Will.Woodhull (#49158739) Attached to: One Astronomer's Quest To Reinstate Pluto As a Planet

It would make sense to classify the Earth - Moon as a binary planet. Life-as-we-know-it is most likely to occur in binary planet situations, where large tides are the stirring rods that keep the proto-life soups from settling into non-interactive stratifications. Creating the class of binary planet with the Earth - Moon as the prototypical first pair would help focus exoplanetary studies, and also inject new considerations into Earth science studies, such as plate tectonics, geomagnetism, possibly meteorology and climate studies, etc.

As to Pluto: Yep, its a planet. Has been one all along. 260-odd astronomers at a convention of more than 2,000 astronomers have no scientific basis for saying otherwise. No matter how important their foible makes them feel.

[Is this post a good troll? I think it is a good troll. I think it is like a storm surge on top of a super tide, that would stir things up, keep the cauldron bubbling. But in a good way.]

Comment: Re:Hashes not useful (Score 3, Informative) 225

by bill_mcgonigle (#49158717) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

Seagate is correct. Putting a hash on the website doesn't improve security at all because anyone who can change the download can also change the web page containing the hash. ... A company like Seagate doesn't rely on volunteers at universities to distribute their binaries so the technique is pointless.

There are many possible attacks. A hash on a website is not invulnerable to a rogue employee at Seagate (or one "just following orders").

A hash protects against a rouge insertion at the endpoint. Like if your PC is compromised by an attacker and then you pull the hard drive and [assuming there's a way to get a hash from SMART/ATAPI) you can compare the hash of the firmware that the drive is running to the list of published firmwares at the vendor's site. If the attackers are only modifying a small subset of drives, this works fine - they can't also intercept the check to the vendor's site - not unless they've broken TLS and/or have malware on every possible machine.

A tool to verify the firmware is poetically impossible to write. What code on the drive would provide the firmware in response to a tool query? Oh right ..... the firmware itself.

Well, today you can pull the image from JTAG, or so the experts have said (you can verify the firmware directly from memory with a hash if you have moderate funding). There's all sorts of talk about how ATAPI is write-only for firmware because the vendors don't want their competition to get their code and decompile it. This appears to be nonsense, as any other drive vendor already has the debug tools to pull such things from memory, and extracting it from an update isn't that hard - if a 16K DOS update utility can extract it, so can a multi-billion dollar R&D company.

To make it work you need an unflashable boot loader that acts as a root of trust and was designed to do this from the start. But such a thing is basically pointless unless you're trying to detect firmware reflashing malware and that's something that only cropped up as a threat very recently. So I doubt any hard disk has it.

They most certainly do not. So, here we are at today and need a way forward. There are a few ways forward, a fistful of crypto protocols to choose from to ensure future usefulness of hard drives for security applications, and INCITS/SATA-IO ought to be having emergency meetings _right now_ because this (NSA/GCHQ) is a major threat to the industry. The vendors may need to move operations outside of five-eyes to remain commercially viable.

Comment: Re:Inproper influence (Score 1) 76

by Will.Woodhull (#49158651) Attached to: Oracle Sues 5 Oregon Officials For 'Improper Influence'

There is a word for persons who place their idealism above what is good for the country, and that word is "Republican".

There is a word for those persons who fight so strongly for their ideals that they are willing to destroy democracy, and that word is "Tea Party".

Discuss. Do try to keep it civil.

Comment: Re:news, why? (Score 3, Insightful) 27

My first reaction was, "cool." It's 2 A.I.'s from Seth's crew, and 45 from other folks. It's a shame we'll not see the process of the outcome. This is only one application of A.I., not the A.I. in total. It one can see the various moves of the game happen; I'm going to go microwave some pop corn, and kick back to watch.

Comment: Re:Robot vs Machine (Score 2) 147

by drinkypoo (#49158299) Attached to: Foxconn Factories' Future: Fewer Humans, More Robots

By calling them robots instead of machines, the article writers are playing on emotional strings of people, trying to provoke a larger response than otherwise.

Robots are like other machines which have automated away jobs in obvious ways. They are also unlike them in other ways, which will enable them to seize more jobs. And there was significant social upheaval when we moved to manufacturing. It wasn't all for the better, although obviously it provided opportunities for more people. It's also come at a significant cost in sustainability.

"Consequences, Schmonsequences, as long as I'm rich." -- "Ali Baba Bunny" [1957, Chuck Jones]

Working...