Please create an account to participate in the Slashdot moderation system


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Although unused, not useful (Score 1) 118

by adolf (#49381601) Attached to: Amazon Tests Delivery Drones At Secret Canada Site After US Frustration

Because the only failure mode is the sudden and catastrophic sort of failure mode, and there is nothing that can be done to help promote safety after such a failure event occurs.

Also, as I'm sure you're aware: Airplanes don't glide, and helicopters don't auto-gyro.


Comment: Re:What could possibly go wrong? (Score 1) 160

by adolf (#49341963) Attached to: Energy Company Trials Computer Servers To Heat Homes

Ummm well, that kinda depends on what you consider "cracked open". It took years to get it to boot and run something not designed to run on it. If you talk about, say, reading data on the system, that would not have taken years. Also, I have no idea how many people were working to crack PS3, I guess not that many, and the one who succeeded was some kid(no offence to smart kids, they are the ones who have time to work on things like cracking PS3 for fun) ? Just saying if the crackers had been people who had worked on such systems before the time might have been way shorter.

You know, I normally don't reply to ACs for a variety of reasons. I even have AC reply notification emails directed to /dev/null. I only see AC replies if I go looking for them, and I seldom do that. If you (or anyone else) wants to actually conduct discourse with me, please log in first.

It took years for the PS3 to be a general-purpose computer, outside of the (revoked, crippled) Linux environment.

Of course, a real impetus on a game console is piracy / copyright-infringment / making trial-ware out of pay-ware / running backups instead of originals. My own PS1 has a hardware mod chip that I installed myself, not to run Linux on the thing, but to make it run whatever the fuck I feel like -- even if it is a CD-R backup of a game that I've bought.

My original Xbox had a similar mod, though it was entirely done in software/firmware.

I have a hacked PS3. It required no soldering.

And it took *years* for this to happen. By then, the space-heater/radiator systems in TFS will have been supplanted with better ones. And with the current ease with which whole-disk and end-to-end network encryption is performed, I really don't see a clear-and-present security issue for companies using such machines as back-end database servers (indeed, perhaps the most available backup DB servers they have, on average -- with abilities to go live).

The PS1 hack happened without armed guards. It simply emulated a plain-to-the-eye barcode on the disc, and since the system itself had no on-board storage that was perfectly adequate to enable it to do whatever.

The Xbox hack was a buffer overflow using a saved game (I used 007), which allowed the Pentium-based machine to do the user's bidding: It booted a custom OS upon loading of a magical save-game. (wherein save-game itself was just a thing downloaded from the internet, stubbed onto an Xbox memory card using a special windows driver and a magic USB driver, and loaded into a memory card plugged into an official Xbox controller plugged into any run-of-the-mill PC, using a cheap big-box-store Mad Catz extension cable as a USB adapter and a soldering iron and/or a crimping tool to make the mismatched connectors mate.)

Those were all quick hacks, on the order of short weeks or months, with clear and present outcomes in terms of piracy.

The PS3 hack took *years* of fuckery to establish itself, and took such tomfoolery and even decapping chips (which was as-yet largely unheard of in such circles...) to make happen. And PS3 piracy still doesn't seem to be rampant, and backups are still hard to do.

But anyway, AC, my point stands: The PS3 took years to crack, and it was a much bigger crack than just reading a MySQL DB off of an unencrypted HD, or taking control of the system that provides heat for your house (==you're getting paid for). The former is simple with physical access (and most certainly isn't something that someone would install on a server intended for in a common abode these days), the latter is readily identifiable and actionable with failure and latency heuristics.

Truecrypt, OpenVPN == win.

Good bye again, AC. And good luck for getting "free" heat from the third-party servers installed in your house if you get them to do your bidding instead of their proprietors', or of 0wning them and taking the data for yourself. The very best you'll by fucking with them will be to break them so that they generate negative revenue for yourself, as they draw power and don't generate expected results.

You're better off plugging a big resistor into the wall: I think we call these "space heaters," and there is no contract required.

Comment: Re:What could possibly go wrong? (Score 2) 160

by adolf (#49331445) Attached to: Energy Company Trials Computer Servers To Heat Homes

And despite this commonly-held belief, it took *years* for the PS3 to be cracked open, with millions of units in the field, without guards or locked doors.

Physical security is a hell of a good start toward stemming the tide, but it doesn't hold a candle to systems that are actually secure.

I used to heat a large 2-bedroom ground-floor corner apartment with waste heat from computers and audio gear. It did have baseboard heaters, which did get used once or twice on the coldest nights, but often there was a window or outside door cracked open to let the heat out (in Ohio, in January) instead..

Comment: Re:Fuck ISPs (Score 4, Informative) 130

by adolf (#49307005) Attached to: ISPs Worry About FCC's 'Future Conduct' Policing

"We"? I guess.

The speed of my own VDSL connection was deemed inadequately-quick to spool Usenet traffic well over a decade ago. And the last time I commissioned an NNTP server, it didn't even come close to burdening a T1 (close to 20 years ago).

But, I know! We can distribute the load. Use fifty-thousand volunteer servers, all with different parts and PAR files to keep up the slack, scattered everywhere in the world. ...just like BitTorrent, but worse.

The beauty of Usenet was its simple one-to-many approach on a local level. The long-distance pipes had a predictable burden and the last-mile burden was limited to the end-user requests (with proper application of nntpcache, geographically-diverse NNTP servers, et cetera), where bandwidth is cheap.

It was a system that was designed to be very efficient, and it was very efficient. But in order to re-create it efficiently takes support from TWC, ATT, COX, etc., but they've already killed it and it is dead.

(Oh, sure: Today I can buy NNTP access from any number of centralized providers with months- or years-long retention. But that's not the way that Usenet was intended to work and doing so isn't nice to the network at all.)

What we need is proper multicast IP, which IPV6 seems be implicit about: Want a 4GB $file? Sign up to the multicast feed, wait for 4GB of file to stream your way, and done.

One-to-many. It's been built into the Internet since well before I was involved with it and yet nobody seems to understand it anymore. (It used to sadden me, and then I realized that I was sad for reasons that nobody else wanted to care about, so now I just don't care about network efficiency at all. The Me! Me! Me! mentality that I've adopted instead, just like everyone else, is much more gratifying, and actually opposed to Usenet or Multicast-IP today.)

Comment: Re:Why not have devices get their time from GPS? (Score 1) 166

by adolf (#49303901) Attached to: Internet of Things Endangered By Inaccurate Network Time, Says NIST

The problem with network time is that it relies on network access. It fails in all of the same ways that GPS wins.

But it doesn't matter much because GPS repeaters are things that exist. Some additionally handle GLONASS, thus limiting reliance on any singular government's system.

For example.

Comment: Re:I dont see the need for this feature... (Score 1) 95

by adolf (#49286711) Attached to: Facebook Introduces Payment System

I find it interesting that all of your choices involve mailing some manner of paper document.

I suppose I could do any of those 3 things as well, but it seems so...insecure: Mail can (and does) get lost and misdirected. Recovering a lost money order sounds like a huge PITA.

At the last house I rented my first rent payment was by money order. It got lost, took a lengthy spin around the postal system, and came back. The landlord was fortunately very understanding. After that, I handled rent in-person for that particular property.

I pay plenty of utility bills online with Simple and they handle that electronically using CheckFree as the back-end of things. They'll gladly mail a check to my current out-of-state landlord, for free, but again: Mail.

At least with my current method I get a printed receipt that shows that I deposited money into his account, and he gets to use it instantly.

Comment: Re:I dont see the need for this feature... (Score 1) 95

by adolf (#49281335) Attached to: Facebook Introduces Payment System

The US has been behind on payment methods for at least a decade or two (which was when I first started paying attention).

The first time I saw a chip on a card that actually belonged to me and was useful (instead of a foreign-exchange student handing me his used-up phone card as a novelty, or somesuch), was with the US Army, basic training, circa 2002.

I haven't seen a similar chip transaction since then. Sure: Most of the readers I run across can now accept a chip-based card, but I've never actually -seen- it done by any civilian, ever. And I don't have a chip+pin card myself, despite relying on a fairly modern bank (Simple) for most of my money.

But then back to your own point: We, in the US (again, we're backward) are allergic to "wire" transfers. Always have been. We don't know how it works in the rest of the world, because we aren't the rest of the world, and we seldom travel to foreign countries (largely because the US itself is vast enough, but that's a discussion of geography and travel expense, not of financial flow)

To wit:

To pay the rent on my house, I have to do this: Since I receive my regular paychecks via ACH/direct deposit on Simple, I then I go to my own (local) credit union (who is unaffiliated with Simple, except for the Visa tie). I ask them for my money, present my Simple card, and ask them to process my request as a Visa cash advance (at zero expense, to me at least). I then stuff the cash into my pocket, take that cash across town to another credit union, to deposit it in the landlord's account (the landlord, himself, lives in another state).

This all, despite Simple themselves being a forerunner in transferring money (at least in the States), and both credit unions being members of the same "Co-Op": I should be able to do this reliably and quickly, from the comfort of the same comfy chair that I write this in, but I can't. I have to turn it into hard cash, and then deposit that locally, because...well, because America!!!@@!

And I do this every month on the 15th and probably will for years (because the house is awesome).

And if ya'll can do that with E-mail? I myself am not surprised, but let me tell you: It doesn't work that way in the States, and never has...but I hope it may some day.

I'm envious.

Comment: Re:Calculated risk (Score 1) 269

by adolf (#49281251) Attached to: Fraud Rampant In Apple Pay

This is why I find myself more-frequently finding $5.00 minimums at local merchants, sometimes with a $0.50 or $1.00 surcharge for purchases under $5.00: It, on average, covers their ass.

A local restaurant gives a (I forget) 5 or 10-percent discount for cash (vs credit), not even four blocks from my house.

Of course, these small merchants (coffee shops, carryouts, hardware stores, the one locally-owned liquor store) aren't in the business of selling big-ticket items: In my town, that's the realm of the singular audio salon, service companies (think HVAC, though HVAC folks like to establish their own credit lines for their customers -- which is fine with me) and big-box stores (Wal-Mart, Lowes, Best Buy, etc).

And I can only speak for the audio salon, because I do casual contract (1099) work with them on a a fairly regular basis and have been good friends with the owner for decades, but: He doesn't care. If there were a horror story involving credit card fraud, he'd tell me all about it in a late-night telephone rant, but that hasn't happened. What I do know is that he gets sadfaced when someone wants to pay with a credit card, and then tries to give them a better deal if they'll pay cash -- right now (or tomorrow or next week, even, depending on the sale).

He prefers cash because he has his money right now, instead of at the first of the month or whatever, and doesn't have to pay a percentage of the bill to $banking-system. Perhaps he is lucky that he has no grandiose fraud stories to report, though there isn't much that he sells that might be easily- and untraceably-fenced and criminals aren't necessarily stupid.

That said, for the ridiculous percentages that Visa and Mastercard charge merchants for their services, they should have plenty of cash to cover the fraud that is enabled through their own insecure processes instead of the merchant. That doesn't mean that they should cover it.

In the grand scheme of things, perhaps it doesn't matter: Someone must pay for fraud, and that someone must, ultimately, be the consumer. If better practices are put in-place, it is ultimately be the consumer who pays for the development and deployment of them (even if Visa writes the check). If fraud is instead rampant, then it is ultimately the consumer who pays for that too (which, under current rules, means that the merchant might adjust their sticker prices to adjust for fraud).

Because at the end of the day, it is me, the consumer (or the fraudulent consumer) who is (alleged to be) providing funds.

Currently, the impetus is on the merchant to verify that the transaction is valid, and the merchant (and ultimately the consumer) pays. If it shifted to Visa/MC, the consumer would also pay. If it shifted to the requisite banks who actually hold the money, the consumer would pay as well.

Arguing about whether the merchant or the bank or the processor covers the loss is an exercise in semantics: In all cases, money does not appear from thin air (unless you are the Federal Reserve Bank, which is a different discussion), and someone has to pay for fraud, and that someone must always ultimately be the consumer.

(Where the blame lays beyond that? As a consumer, I don't think it makes any difference. I'll be paying for it no matter what.)

Computers will not be perfected until they can compute how much more than the estimate the job will cost.