Forgot your password?
typodupeerror

Comment: Re:80s movies? Really? (Score 1) 739

by Opportunist (#48208251) Attached to: NPR: '80s Ads Are Responsible For the Lack of Women Coders

Let's play a game, you name a 80s geek hero movie for every 80s action hero movie I name, ok?

Do we have to start or do you agree that I win?

Yes, there were a few "geeky" movies. But claiming that they have anything to do with women avoiding computer science is ridiculous. If anything, the 80s movies were misogynic in general. Women were stereotypically abused as either the love interest for the hero, the dumb idiot that gets the hero in trouble or needs to be rescued by him or the inefficient example of how women just can't do what the hero later has to fix.

Women in anything but romance/love stories were basically the same as geeks in 80s movies: The bumbling idiot that makes the hero look so much better.

Comment: Re:In later news... (Score 1) 604

by Opportunist (#48208209) Attached to: FTDI Reportedly Bricking Devices Using Competitors' Chips.

Nobody could complain if they simply went and made their driver incompatible with the forged chips. If there is no working driver, then the customer would have to complain with the original maker of the hardware and demand a working driver. That's quite within FTDI's rights.

The point is that they attack the firmware of the device involved, which is by no accounts ok anymore. This isn't locking out a competitor, it's destruction of a competitor's hardware. Yes, that competitor didn't act correctly by trying to get a free ride. No doubt about that. By that logic, though, it's just a-ok for any printer maker to trash the printer (e.g. by hosing it with printer ink) should they detect that you use anything but their overpriced original stuff.

Comment: Re:Why is FTDI the villan? (Score 1) 604

by Opportunist (#48207483) Attached to: FTDI Reportedly Bricking Devices Using Competitors' Chips.

From the article:

The new driver for the FT232 exploits these differences, reprogramming it so it won’t work with existing drivers.
(emphasis mine)

So, yes, something is destroyed. Sure, you can undo the damage by writing new firmware to the chip... if you can somehow access it, that is. Have fun looking for the JTAG pins on it and I hope you enjoy soldering under a microscope.

Comment: Re:In later news... (Score 1) 604

by Opportunist (#48207437) Attached to: FTDI Reportedly Bricking Devices Using Competitors' Chips.

Great idea. Will do. Just ... umm... how do I find out just WHICH controller chip is used in the USB stick I plan to buy?

I may not be the best example, considering that I have rather intimate knowledge of USB controller chips due to the nature of my work. I may actually be able to find out what controller chip is used in USB sticks. But because of this I can inform you that it is anything but trivial to find out just what controller is being used in a stick. Let's put it that way: Quite often finding it out involves ordering one and a good magnifying glass...

Even assuming that an average consumer knows what a controller chip is (quite unlikely), that one is used in an USB stick (it gets more unlikely) and he knows where to look for it and what to look for on it (now we're getting into the land of fairy tales), it's nearly impossible for him to even know whether he buys something with a "good" or forged chip. And the only way to find out involves disassembling the USB stick in a way that voids the warranty.

The real kicker is that I, someone who could actually find out whether he buys good or forged sticks, i.e. someone who might be at least somehow blamed for using forged goods, could actually maybe even recover the stick from its "bricked" status. Whereas someone who buys a stick in good faith because he has no other option would really now lose his data.

That's fair, eh?

Comment: Also in the news (Score 5, Insightful) 96

by Opportunist (#48206087) Attached to: 6,000 Year Old Temple Unearthed In Ukraine

Western media lost no time to put the blame on burying it squarely on Russia, with RT wasting no time declaring how the temple was originally built by Russian forces and how they will gladly provide archaeological aid to examine it. A convoy is already en route, of course it consists mostly of military material to ensure that any kind of necessary heavy duty equipment will be available. The west immediately complained and sent a contingent of a few thousand observers and advisers, just in case anything needs to be observed or anyone needs any kind of advice. After a few days of heated threats and accusations the only agreement is that nobody gets closer than 2 miles to the ruins until some sort of agreement can be achieved.

Ruins? Oh, right, a stray artillery strike hit the temple. In a rare case of unity both sides immediately agreed on who is to blame: THE OTHER SIDE!

Comment: Re:Why is FTDI the villan? (Score 1) 604

by Opportunist (#48205983) Attached to: FTDI Reportedly Bricking Devices Using Competitors' Chips.

Because they destroy a device of someone who doesn't even know about the bickering behind the scenes. If I have a restaurant and the customers of my competitor park on my parking lot I can tell them to get lost because it's my parking lot and I can decide who may and who may not use it. I may NOT, though, simply go there and trash their cars because, hey, they were parked on my ground.

Comment: Having a Surgeon General would help (Score 4, Insightful) 375

The fools are yelling for an Ebola Czar.
Perhaps filling the position of Surgeon General would be simpler. Controlling the spread of disease is one of the functions of that office.
But, approving the the candidate for the office would require the Senate to actually do something.

Comment: Re:How does it secure against spoofing? (Score 1) 119

by Opportunist (#48199749) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

No, there is no guarantee that the user will not use a mobile phone to access his online banking (and the idiocy of some banks pushing out mobile apps for online banking doesn't actually improve security in that area either).

You can't make the user secure. You can only offer it to him and hope that he's intelligent enough to accept it.

Comment: 80s movies? Really? (Score 3, Interesting) 739

by Opportunist (#48198887) Attached to: NPR: '80s Ads Are Responsible For the Lack of Women Coders

So it's also the 80s movies to blame that women are not interested in careers like soldier, spy, pilot, policeman (apology, -woman), archaeologist, exorcist, karate fighter,...

Has anyone ever looked closer at the 80s? The 80s were not a geek decade. The only movie I can remember where geeks were not just the comic foil (ok, even in that one they were) was "Revenge of the nerds". The whole "engineering geeks" were no role model in 80s movies, and even less so in TV series. Whenever they were in some prominent role, they were the little sidekick of the actual hero. Be it Automan's creator Walter, who was mostly a comic sidekick (ok, the show wasn't that memorable, but the special effects were great for its time) or Street Hawk's Norman who was some timid, beancounter-ish scaredy-cat. The geek roles were at best meant to make the hero shine some more.

Actually, the only engineer role I can remember that was allowed to be superior in areas to the hero and be more than a nuisance to him was that of Bonnie in Knight Rider.

A woman.

Comment: Re:How does it secure against spoofing? (Score 1) 119

by Opportunist (#48198737) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

The second channel will not secure a compromised channel, but it will make it easier to detect it.

There are various defenses against replay attacks, most of them relying on keys being tied to the current time and only being valid NOW but neither before nor after. But that is only good against a replay, it is quite useless when the attacker is manipulating your own communication. That has been the staple of attacks against banking software since the advent of the OTPs, and the only sensible defense against that is actually a two channel communication. Out of band one way transmission (i.e. sending a OTP to the customer to use in the transaction) doesn't help here.

There is very little you can do to combat malware infections unless you are willing to use a second channel. At some point in the communication the data is vulnerable to modifiction, no matter how well you try to shield it. It resides in memory, unencrypted, at some point in time. And if nothing else, this is where it will be manipulated.

And it's heaps easier to do if the interface used is a browser. You can literally pick and choose just where you want to mess with the data.

Comment: Re:How does it secure against spoofing? (Score 1) 119

by Opportunist (#48198661) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

Ok, using what frequency? As far as I'm aware the whole spectrum that could be used by 3G is owned by some telcos and considering just how expensive using those freqs is they will hardly be so nice to let you use them for a little bit. They'll want to see money for that!

Say "twenty-three-skiddoo" to logout.

Working...