Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Tabs vs Spaces (Score 1) 428

by Wrath0fb0b (#49426681) Attached to: Stack Overflow 2015 Developer Survey Reveals Coder Stats

No, they don't even allow customization of IDEs there's no way to get vertical alignment on continuations. For example, consider you want to align multiple parameters of a function that's split among multiple lines. Spaces don't work because you have to eat up an amount of horizontal space equal to the initial indentation by tabs. Tabs don't work because you also need to eat up horizontal space equal to the number of characters before the alignment. The only thing that preserves the proper formatting is a mix of tabs and spaces like:


class Foo
{
\tvoid SendNow(ConnectionHandle handle,
\t\x20\x20\x20 DataObject data,
\t\x20\x20\x20 DataPolicy policy,
\t\x20\x20\x20 Callback callback,
\t\x20\x20\x20 CallbackContext context);
};

And that is worse than forcing everyone to chose one or the other.

Comment: Re:goddamnit!!! (Score 2) 123

by Wrath0fb0b (#49327603) Attached to: Hack Air-Gapped Computers Using Heat

they didn't "hack" the machine using heat!

they gained control of both machines ahead of time, and THEN used heat (etc) to exfil data.

they didn't gain control of an otherwise stock computer using heat over air gap. stop saying "hack".

I'm afraid you don't understand the meaning of the word "hack" in this context. It does not always mean "gain control/privileges on a computer system in excess of your authorization". In this context, it means "defeat a method used to guarantee a particular security property".

Property: No control/data flow shall pass from the outside world into this computer
Method: Air-gapping that computer
Hack: Defeating that property and passing data between the machines

Let me give you another example.

Property: Computers in different classrooms shall not be able to talk directly to each other despite being on the same physical network
Method: Assign each classroom a VLAN and enforce that at the switch
Hack: By Double tagging certain ethernet frames you can defeat the property.

Now you are going to sperg because no one gained control of anything (even the switch). But of course it's still a hack -- you have shown that the switch + VLAN configuration is not capable (in its current configuration) of providing that guaranteed property of non-communciation between VLANs. In some sense this is actually a more elegant hack than taking control of the switch for obvious reasons.

TL;DR Version: "Hack" means to gain advantage or defeat a security property. Sometimes that involves traditional exploits/privilege escalation, other times it involves other methods.

Comment: Re:Whathuh? (Score 1) 247

by Wrath0fb0b (#49176921) Attached to: Study: Refactoring Doesn't Improve Code Quality

Or it makes the developer's intimately aware of all the different places it can break and the places you need to make changes. And since they wrote large portions of it they grok the flow from a high-level ...

That is to say, you can make the code more maintainable without changing a single line. Another example is documentation changes or environment/setup like dev instances.

Comment: He's trolling and you fell for it (Score 2) 122

by Wrath0fb0b (#49161519) Attached to: Craig Brittain (Revenge Porn King) Sues For Use of Image

You really don't think he understands the irony of his request?
You really don't think he understands (or was explained) the flimsy legal basis for his request?
You really don't think he knew that the headline "Man who violated privacy upset about privacy violation" was going to spread like crack?

Please do not feed the trolls
Please do not reward the media whores.

Comment: Re:Should be damaging (Score 1) 437

by Wrath0fb0b (#49122335) Attached to: Obama Vetoes Keystone XL Pipeline Bill

The point about offending Canada isn't about whether he allows it or not, it's about the convoluted and interminable process that they have gone through to find out whether it is allowed. Realistically, they cannot start entertaining other (more costly) options, until the final rejection is received.

If there's one thing I hope could unite people that disagree on whether it should be completed or not is that the process should have a deterministic end point where a final decision is reached. It doesn't have to be quick -- it ought to take as long as necessary to thoroughly develop the factual record -- but there should never be a process that goes on indefinitely.

Comment: Sounds like a good use for FPROM? (Score 1) 138

by Wrath0fb0b (#49067941) Attached to: NVidia Puts the Kibosh On Overclocking of GTX 900M Series

From a technical standpoint, it seems like the ideal solution is to have some programmable ROM that users can blow to indicate that they have accepted any harm that comes from clocking it beyond what the design (heat/voltage/lifetime) allows. That ROM would have to be queryable via a tamper-proof BIOS or EFI hook so that stores could verify that it is intact before accepting returns.

Ultimately, user freedom to do what they want with their own hardware has to come with user responsibility over the consequences -- and for that to happen there has to be auditable tracing of what software was run. In other words, freedom to tinker comes with an obligation to be accountable.

Of course, from a marketing/deployment standpoint we can't do this. The monkey at Best Buy can barely work the register, let alone query some low-level EFI hook. And that's the common denominator we have to work with.

Comment: Re:GOTO is a crutch for bad programmers (Score 1) 677

by Wrath0fb0b (#49041337) Attached to: Empirical Study On How C Devs Use Goto In Practice Says "Not Harmful"

Use a single generic cleanup that only cleans up what it has to clean up. That way you don't have a difference between the regular code path and the exception path. Also keep track explicitly on what you have allocated and what you haven't.


int func(void)
{
    int something = E_NORESOURCES;
    ResourceHandle handle1 = NULL;
    ResourceHandle handle2 = NULL;
    ResourceHandle handle3 = NULL;

    handle1 = GetResource1();
    if ( ! handle1 ) goto out;

    handle2 = GetResource2();
    if ( ! handle2 ) goto out;

    handle3 = GetResource3();
    if ( ! handle3 ) goto out;

    something = DoSomething(handle1, handle2, handle3);

out:
    if ( handle1 ) Release(handle1);
    if ( handle2 ) Release(handle2);
    if ( handle3 ) Release(handle3);

    return something;
}

Comment: Re:About time. (Score 2) 309

by Wrath0fb0b (#49019981) Attached to: The IPCC's Shifting Position On Nuclear Energy

That's fantastic, as an engineering solution but is very capital-intensive. Right now nuclear is being hobbled by huge up-front costs (and the cost of financing them over a large amortization schedule), so it's not the best business solution, even if it's right from a technical perspective.

Sad but true ...

Comment: Re:Can't eat what you don't grow (Score 4, Interesting) 690

by Wrath0fb0b (#49013687) Attached to: Free-As-In-Beer Electricity In Greece?

How many failed capitalist experiments are we going to be subjected to before corporations are no longer people, and the fruits of labor are distributed much more equitably here in the US?

What if it didn't matter how the fruits of labor were distributed so long as the number of fruits grew faster for each individual? That is, what if society was not a zero-sum game involving distribution of a set supply but a question of setting up the rules for maximum growth of the total?

I, for one, would rather consume 50-units in a community of individuals making 100 each then just getting 25 in a community making 25, even if the latter was distributed more equitably. To be fair, this is a point that a lot of people differ on - I've had some people earnestly believe that the disparately of consumption is itself an evil that's worth paying the price of making everyone worse off on an absolute scale.

[ Note that none of this suggests that unbridled capitalism is the best at growing the average consumption power. The history of capitalism is full of crony deals and other market perversities that ended up making everyone poorer on the whole (even as it made some individuals rich). Ultimately this is distinction that I think we need to abide -- are people getting rich by making everyone better off (e.g. by giving people things they actually want at a price they are willing to pay) or are they getting rich at the expense of others. ]

Comment: Patent Law and the 2yr Product Cycle (Score 1) 32

by Wrath0fb0b (#48985441) Attached to: Dept. of Justice Blesses IEEE Rules On Injunctions and Reasonability

Half the time these injunctions are issued they apply to some ancient product anyway, because the suit was initially brought 18 months ago. So then they fight over whether they can add new products to the suit, the defendant argues against it, and the whole thing drags another 12 months until the original product is no longer being sold and the injunction is moot anyway.

I'm not a huge fan of patent law in general, but it strikes me as absurd that the legal system does not consolidate these sorts of claims into a general "Company X is infringing patent Y with products Z, Z2, Z2S, ZPLUS and any further evolutions of the Z-line that contain this technology. And this applies even if it's not called 'Z'"

Otherwise it's just nominalism -- you slap a new name on it and release it for a new year and suddenly it's not part of the same controversy?

Comment: Throughput versus Latency ... Again ... (Score 2) 63

by Wrath0fb0b (#48958999) Attached to: MIT Randomizes Tasks To Speed Massive Multicore Processors

This is old hat in the CS world that gets re-discovered fairly often: you can increase throughput at the cost of ravaging your latency. For some tasks, this is an acceptable tradeoff -- for others (especially anything interactive) it's completely unacceptable. Moreover, any synchronization point in the program converts the worst-case latency of the previous tasks into limits on throughput, e.g. the time it takes to join a set of N threads is equal to the maximum latency of any single thread in the list.

The best analogy is an elevator (sorry car folks): you can optimize your elevator for throughput by having it always select the closest floor with an active call. The cost, obviously, is that if people are shuffling between floors 1 & 5 a lot, then the poor guy up on 30 might wait a really long time. The throughput is still maximized though, since the elevator can do more operations per unit time by avoiding the long trip to and from floor 30.

In some cases this is fine, in the vast majority of cases you want to ensure that all tasks complete in a more bounded amount of time, even if that reduces the total number of tasks completed per unit time.

Comment: Re:Spectrum is measured in Hz? (Score 1) 91

by Wrath0fb0b (#48941465) Attached to: US Wireless Spectrum Auction Raises $44.9 Billion

To a first approximation, 65MHz of spectrum gives you a fixed amount of capacity, regardless of its start and end points.

No, that's a zeroth approximation. To a first approximation, 65Mhz of spectrum gets you capacity linearly proportional to the frequency.

Of course, in reality there's a few more nasty surprises -- higher frequencies can carry more capacity but have much worse penetration through obstacles. Lower frequencies give better coverage at the cost of capacity. That's why shoving T-Mobile and Sprint up in the 1800+ nosebleeds means they will never get the coverage range of VZ and ATT down in the 700-800 range.

Comment: Re:physical access (Score 4, Informative) 375

by Wrath0fb0b (#48925285) Attached to: Why Screen Lockers On X11 Cannot Be Secure

Comparing this to Windows is silly, because Windows doesn't have anything like the X11 protocol. On Windows, running code can disable the screen saver in other ways: patching or replacing DLLs, changing system configuration, etc. No difference from a security point of view.

I'm no Windows fanboy, but this is just factually incorrect.

(1) All those operations require elevation, so unless the user has lowered UAC from the default, they will require authentication. I suppose a malicious installer could do that, but it is emphatically incorrect that any running code can effect that change.

(2) Since 7, when Windows elevates it completely suspends the old 'Desktop' and creates a brand new one for the elevation prompt. If you look closely, you'll realize that all the other 'windows' are actually just a static screenshot of what happened on the unprivileged desktop at the point where the elevation prompt was created.

So "from a security point of view", on Windows you have a specific privilege required to change the SS that is mediated through a privileged interface where it cannot be snooped/intercepted by unprivileged processes.

[ Of course, this comparison is also patently unfair -- Windows 7 was written in the 2000s, X11 was written in the 1980s. Expecting them to be comparable in terms of security is pretty ridiculous. ]

Comment: Re:Why should the requirements be onerous?? (Score 1) 216

Reading posts in context is pretty key. For instance, I was replying to a post with the claim:

you simply check off a different box on the registration form when you register it

When now (taking your info) it should specify that you check a box and pay more for registration and your insurance costs more.

So you are right, and the guy to which I was responding was wrong. Doubly wrong for using "simply" for something that wasn't simply that.

If it's not in the computer, it doesn't exist.

Working...