Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment Re:Seems similar to the Wen Ho Lee case. (Score 1) 113

It sounds like the FBI was probably wrong in this case, but there really is a mind-boggling amount of sensitive/classified technology exfiltration by the Chinese government. People working for them have walked off with blueprints for nuclear submarines, brand-new fighter jets, the Space Shuttle, etc. When that sort of thing happens, and then a few months later the Chinese government shows off a new fighter jet that looks suspiciously similar to one of ours, I can't entirely fault the US government for being over-protective. If you were in their position, would you want to potentially go to war with a China that had copies of all of our fanciest weapons?

That having been said, clearly there are some additional protections required against abuse, like maybe talking to someone who actually knows anything about the field the suspect works in to make sure there is really something fishy going on.

Comment Re:They want us to make it easier for them? (Score 1) 148

If you have a 12-char password made up of random upper/lower/numeric/punct chars, then you're good (assuming that the other end is using proper salted hashes). There is little benefit to routinely changing such a password [...]

It depends. If you use the same password on multiple systems, then it's only as secure as the least-secure of those systems. If you never change it, for all you know, someone has compromised one of the weaker links in that chain and been able to log on as you for months or years.

Comment Re:I always figured (Score 1) 220

Not all of the TSA-approved locks have both of those features.

I have a Master padlock with a single keyway that will accept either the included key or the TSA key and no "opened" indicator.

I also have a combination lock that can be opened with the TSA 004 "key", but because the "key" is an L-shaped piece of metal, it might not be obvious to everyone that that's what the hole on the bottom is for. That one also doesn't have an "opened" indicator.

FWIW, the "opened" indicator is a bit of a joke anyway. On the one TSA lock I have which has it, it's pretty easy to prevent it from being able to pop up while the TSA part of the lock is picked, and as long as it's held down until the lock is closed again, no one would be the wiser.

Comment Re:I always assumed they were (Score 1) 220

Back in 2010, I needed to take my camera tripod with me on a flight, and there was no way it was going to fit in my carry-on. I used a cable lock and some padlocks to attach it to the inside of my suitcase so that it could be taken out and examined, but not detached from the suitcase without cutting the cable, a lock, or part of the suitcase. It worked fine for ensuring that my tripod was still there when I opened the suitcase, but a couple of other things were "accidentally" damaged by the baggage inspectors, so I always figured they didn't really appreciate the concept.

Comment Re:Yet another reason to avoid Oracle (Score 1) 229

Sony begs to differ.

At least Sony products are generally nice from a typical end-user point of view. The only Oracle products (IMO) that hold that distinction are some of the ones they acquired when they bought Sun. Their database software costs more than just about anything else on the market, and you still need to buy hokey third-party tools to manage/interact with it if you want to use anything other than a command-line.

Comment Re:fix it first (Score 1) 55

"True security is done in logs."

When your systems are generating multiple gigabytes of log data every day, you need some sort of system to turn that mass of raw data into useful information. I don't know that this system does that, but we're about ten years past the point of manual log review being a viable primary method for handling security.

Comment Re:...letmegetthisstraight (Score 1) 62

Yes, that's exactly right. I heard about this while it was still a Kickstarter-style project, and as soon as I realized that the "Loop" in the name was a reference to an induction loop, I immediately thought "well, I'll just build a larger loop, and hide that under the table the payment terminal is on, and wirelessly capture the raw track data from the card".

My second thought was "there's no way to be sure that a given customer is using the official app, or even the official hardware, so if even one bank legitimizes this, criminals are going to have a field day, because using a card-spoofing magnetic field generator will be 'normal'".

The best part is because it uses a magnetic field (instead of radio waves), there's (AFAIK) no feasible way to build a shield to limit the scope of that field. My understanding is that one could e.g. covertly install an induction loop around an entire building, and stand a reasonable chance of being able to capture all of the transactions sent via this system within that building.

The company behind it is super-sketchy, IMO. They alpha-tested the device by walking into random stores with a hidden camera and socially-engineered the salespeople into letting them "pay with [their] phone", AKA "use this total hack of a device to make a payment that could be completely unauthorized".

It's also not *guaranteed* to work. *Most* mag-stripe readers will apparently function even if no card is physically swiped, but some of them do require that a wheel be spun by the card physically swiping through the reader.

I'm beyond shocked that Visa got involved in this in a positive way (as opposed to shutting them down). The whole credit card payment model is based around salespeople being reasonably sure that the customer is paying with something that was genuinely issued by a bank. A LoopPay-style device completely circumvents that. There is no cryptographic protection as a countermeasure, like with EMV or NFC - the salespeople just have to take on faith that it's a legitimate account being used.

We already have two superior systems (NFC and EMV) being deployed. I'm completely baffled that LoopPay isn't being laughed out of business.

Comment Re:From TFA (Score 1) 211

If ping crashes, or even executes arbitrary commands because of a specially crafted command-line, it's not a security vulnerability.

That's a pretty sweeping statement to make. Most interesting security vulnerabilities (IMO) are the results of multiple smaller issues and/or design decisions that can be chained together.

For example, a lot (most?) of the Linux distributions I see have ping's SUID bit set, and it is owned by root. So, yes, ping executing arbitrary commands absolutely *can* be a security vulnerability, because I can potentially use it for local privilege escalation from non-privileged user to root.

Comment Re:Stupid/Misleading Title (Score 1) 118

You can still take recyclables to a recycler and be paid for them. Most people don't consider it worth the effort for the amount of money they'll get in return, unless they're hobos and/or they have something valuable (like copper) to sell. I had some old steel bits and pieces that I carted down to a recycler a few months ago. I got about five dollars for all of it. I was happier with that arrangement than if the steel had ended up in a landfill, but most people wouldn't have been willing to spend a few hours collecting it, driving it to the recycler, etc.

Comment Re:Heavier than air flight is impossible (Score 1) 350

Zeppelins are pretty neat, but I can see why they didn't go into widespread use. Read the history of the two that the US Navy built in the early 20th century - basically flying aircraft carriers straight out of Crimson Skies. All that's left is a single fighter plane and some mangled metal scrap (both of which can be viewed at the Smithsonian) because zeppelins don't do well in windstorms :\.

Comment Quite the meteoric rise (Score 1) 45

I find it quite amazing that you've not only been incredibly successful in the film industry, but that you've gone on to deep-sea research and plans for asteroid mining. What got you interested in moving into those fields, and was there anything other than money that enabled you to do so?
For example, you have a reputation for being able to improvise and make the most of limited resources - I am still in awe over the bridge set in Galaxy of Terror, which looks like it cost ten times the entire budget of that film. Would you say that was one of the reasons you were able to make Deepsea Challenge and the actual expedition that led up to it?

Comment Re:Requires a very high speed camera (Score 5, Informative) 142

For some reason, the person who posted the article or the Slashdot editors linked to a bad knock-off video that removed 3/4 of the details instead of the actual researchers' video. The real video makes it clear that they can also get results from a standard DSLR 60 FPS video by taking advantage of the rolling shutter effect. There's a fidelity loss, but it's a lot better than I would have expected.

Comment M-Theory and gravity (Score 2) 147

Ever since I read The Elegant Universe years ago, I've had a number of questions related to this (as I imagine many people have). This is the first time I've seen the topic discussed by professional scientists, though, as opposed to people like myself with a hobby interest in the subject or in science fiction (Alastair Reynolds makes use of it in one of the Revelation Space novels, for example).

For the most part, it seems like String/M-Theory is very difficult (at best) to test using technology we have access to at present. But because it includes the idea of gravity being a force which can travel between branes, it's seemed to me and a few friends of mine that this would definitely produce some interesting effects in the real world.

As the article discusses, there should be some subtle evidence of the effects of gravity from external sources on the large-scale structures of our own universe. I would think maybe even enough to at least partly explain "dark matter" and "dark energy", since those are basically the known matter in our universe behaving as if there were a lot more mass that we can't actually see (one set to hold relatively closely-spaced matter together, and the other to accelerate the expansion of the large-scale structures away from each other, if I understand correctly).

A simple flatland-style analogy for "dark energy" might be that our universe is a sheet of paper which is intersected by a universe which is wrapped around into a tube shape or a torus. The gravity of the mass in that second universe pulls objects in our universe toward it, so for the part of our universe in the "eye" of the tube, they tend to accelerate away from each other. That's a vast oversimplification, but I'm not a physicist :).

For "dark matter", the idea that's always stuck with me since reading The Elegant Universe is that maybe some/all of the most massive objects in our own universe - especially the black holes at the centers of galaxies - are caused by the same kind of cross-brane effect. If you have a bunch of matter clumping together in one brane/universe, and it exerts gravity which can cross into other branes, then it seems like it would create corresponding accretions of mass in other nearby branes. Basically, that what we perceive to be a roughly spherical/point object would effectively be the hyperdimensional equivalent of that same shape that would "pin" itself together across branes.

Where I see this as becoming testable (and I could be wrong - again, I'm not a physicist) is that if this were the case, there should be examples of anomalous astrophysical objects and events, where the mass we observe does not line up with effects we also observe. For example, a stable neutron star suddenly flashing into a black hole when it passes too close (hyperdimensionally, of course) to a large mass in another brane. Another example might be a star or planet whose mass can't be reconciled with its observed size - e.g. maybe there is a planet the size of our moon, but which exerts gravity as if it were made entirely out of a material ten times as dense as uranium.

I know that in the context of our own universe/brane, there's no way to pull matter out of a black hole (other than Hawking radiation), but assuming the "hyperdimensional singularity"-type thing I described above is accurate, would it be possible for the cross-brane components to separate (since they wouldn't actually be touching, just exerting gravity on each other)? If so, there might be even stranger observable effects, like neutron stars that "flash" into black holes, but then return to their former state when the mass in the other brane(s) is pulled too far away. IE they would "blink".

Don't sweat it -- it's only ones and zeros. -- P. Skelly