Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Or the malware might cover its tracks. (Score 1) 266

by Ungrounded Lightning (#49158963) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

If you ask the drive to read out the whole flash.
The maybe the firmware would have to go to the platter to get the real image.

Or the malware could regenerate the un-attacked version.

For instance: If it's a patch that loads into an otherwise cleared-to-known-vallue region it can detect that region while reporting flash content and report the cleared value, instead. Add a couple other tiny regions where it saved (or alread knew) the previous contents where it "sank it's hooks" and you can't tell it's there from its replies to dump requests.

JTAG seems safer.

Yep. JTAG, in principle, could be corrupted. But it would require substantial hardware support that almost certainly isn't there (yet!)

Comment: Hashes can be useful. (Score 1) 266

by Ungrounded Lightning (#49158915) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

Which is why I always laugh my ass off at all these people who use PGP to sign things and put a hash on the same website you download it from ... look you can verify this file you downloaded from the website hasn't changed because theres no way anyone would be smart enough to update the hash as well!

That's why you SIGN the hash. Then only the public key needs to be published by a different route.

And it doesn't HURT to publish it on the web site as well: Then someone tampering by substituting a different public key sets off alarm bells when that differs from the public key obtained from another site or by another path. Blocking that makes man-in-the-middle more complex: The attacker has to have essentially total control of the path to the victim and be able to recognize and substitute the public key whenever it shows up. One slip-up and somebody may raise the alarm.

Meanwhile: Even if publishing hashes on the same site may not provide additional security against MITM, it DOES let you check the download wasnt corrupted in transit (in ways other than malicious substitution). With modern protocols that's less of a problem these days than it used to be, but a check would be comforting.

Comment: &is "teal" blue with greenish tinge or vice-ve (Score 1) 362

by Ungrounded Lightning (#49155217) Attached to: Is That Dress White and Gold Or Blue and Black?

... blue and brown. Just now, I opened the Washington Post link on my 24" screen in a sunlit room, and it was clearly white and gold.

Though the sensations are vastly different, brown is really dark yellow. The underlying color of that part of this dress seems to be very near the perceptual boundary (probably just on the yellow side of it). This picture seems to have the dress in a non-obvious shadow, so when it is viewed by someone whose visual system doesn't adequately pick up the shadowing and compensate, it crosses the boundary and appears light brown rather than dark yellow.

Another perceptual oddity is that a very slight bluish tinge to white makes it appear "whiter than white", especially in sunlight or other strong lighting. (I suspect this works by mimicing the differential response of the various color sensors in the eye when exposed to very bright light, though blue may also "cancel out" a bit of the yellowing of aging cloth.) Laundry products up through the 1950s or so included "bluing", a mild blue dye for producing the effect. (It fell out of use when it was replaced by a fluorescent dye that reradated energy from ultraviolet as blue, making the cloth literally "brighter than white" {where "white" is defined as diffuse reflection of 100% of the incoming light}, and which, if mixed with detergent products, would stick to the cloth while the surficant was rinsed away.) I suspect some of the "blueish is brighter" effect is going on here.

When I view the picture straight-on on my LCD display, the light cloth on the upper part of the dress appears about white and the image appears somewhat washed out. Meanwhile the lower half has a bluish tinge. So I suspect the cloth is actually nearly-white with a bit of blue. (Viewed off-axis it's very blue, but the other colors are over-saturated and/or otherwise visibly off-color. So off-axis viewing makes it look more blue and this probably adds to the controversy.)

Another color-perception issue is "teal", a color between blue and green. There are paint formulations of this color that give the sensation of "distinctly blue with a greenish tinge" to some people and "distinctly green with a bluish tinge" to others, even under the same lighting and viewed from the same angle. (I'm in the "slightly-bluish-green" camp.)

The first place I encountered this was on the guitar of the filksinger Clif Flint. (On which he played _Unreality Warp_: "... I'm being followed by maroon shadows ..." B-) ) Apparently his fans occasionally had arguments about whether his guitar was blue or green, so he sometimes headed this off (or started it off on a more friendly levl) by commenting on the effect.

Comment: Re:do no evil (Score 2) 179

by Ungrounded Lightning (#49154693) Attached to: Google Taking Over New TLDs

Perhaps they should be asking for a ".google" gTLD, for that purpose, instead of trying to monopolize a generic identifier.

I was about to suggest the same, but with ".goog", to make it shorter. (Can't think of a less-than-three-letter symbol that points to them as strongly.)

(It's also their stock ticker symbol, so maybe it's not such a good idea - it could cause a land rush and litigation from all the other publicly traded companies.)

Comment: Re:Thieves looking to steal metal? lolwut? (Score 1) 127

by Rich0 (#49153485) Attached to: Vandalism In Arizona Shuts Down Internet and Phone Service

The answer to fixing this problem is to require scrap metal dealers to be licensed (with strong penalties for anyone who isn't) and to require all transactions to be recorded along with the ID of the seller. Its already done in many jurisdictions for pawn shops (where you need a license to operate one and where sellers have to provide ID when they sell it, why should scrap merchants be any different.

They should also have a delay before payout, with appointments required for the time to pick up the money. I imagine that even a one week delay would be enough to allow utilities to track down sales of stolen goods, and then the police can be waiting when the guy shows up to collect.

Stuff like this isn't going to be a problem for anybody legit. Electricians aren't going to trips to the dealer to sell one coil of wire, and be desperate for their $50.

Comment: Re:Nothing important. (Score 1) 202

by Rich0 (#49131609) Attached to: What Happens When Betelgeuse Explodes?

In the event of a global collapse, these people will simply carry on as before.

If civilization collapses, there will be a reason that it collapsed. Such as a pandemic disease, crop destroying volcanic eruption, asteroid impact, nuclear winter, or runaway greenhouse effect. In any of these events, Africans will not "carry on as before". They will be the hardest hit, because they have nothing to fall back on.

Agree with this. The middle of Africa won't care if there are worldwide blackouts, as long as everybody has their plot of land to grow crops on. That kind of disaster will be very hard on the industrial world when you can't get food into your cities. On the other hand if the problem is that there are more bodies to feed than local land to feed them on, then the people of Africa will have a real problem on their hand, and will probably solve it by killing each other off until it is no longer a problem, since historically that is what tends to happen in these situations anywhere.

Comment: Re:Sounds good (Score 1) 593

by Rich0 (#49127771) Attached to: Republicans Back Down, FCC To Enforce Net Neutrality Rules

At the general election level; yes, you'd need a constitutional amendment. At the party primary level, however, such a system as you describe would be incredibly helpful, and probably for all parties.

How? A proportional representation system only works if you have multiple people elected into an office for any particular constituent.

The Republicans can't nominate 100 different people for the 3rd congressional district in Florida. Well, I guess they could, but then the first past the post system would practically guarantee that none would be elected, and that is why they only nominate one.

In a proportional system the Republicans would offer a prioritized list of 435 representatives for the entirety of the US House, and then their members could use proportional voting to decide who ends up in what slot. Then in the general election the Republicans would be awarded some number of seats, and the top n candidates would take office.

The president would still lead to the usual deadlock if separately elected since it is one man in one office. The only real solution to that is to replace the office with a prime minister, which is of course how most democracies handle the situation. That would require an amendment as well, and probably a rewrite of half the constitution.

Comment: Re:Sounds good (Score 1) 593

by Rich0 (#49127407) Attached to: Republicans Back Down, FCC To Enforce Net Neutrality Rules

Well, the real problem is a first-past-the-post election system, combined with only having one candidate elected to any particular office for any particular voter. This happens both at the general and party levels.

If you allowed each voter to elect a few hundred candidates, out of a much larger pool, using a proportional system, then you'd get a legislative body that better reflected the diversity of political views.

But, that would also require a constitutional amendment that serves neither of the parties in power, so you'll never see it happen.

Comment: Re:Bring on the lausuits (Score 1) 593

by Rich0 (#49127305) Attached to: Republicans Back Down, FCC To Enforce Net Neutrality Rules

Yes, let's not have any rules or oversight on "people" who were born in a lawyer's office, can potentially live forever, are motivated purely by greed, and will gladly break the law when it suits them. What could possibly go wrong?

That is a ridiculous assertion. There is no way they'll break the law, simply by virtue of the fact that without rules and oversight there won't be any laws for them to break.

Now get out there and sign some contracts of adhesion to help out the economy so that the big companies can spend more on lobbyists!

Comment: Mostly Republicans trying to legalize. (Score 1) 397

This is only news to those who have had their head in the ground, listening to fox news and government shills.

I've noticed that it seems to be mostly Republicans who are putting up the legalization legislation trial balloons.

(Can't speak about Fox. I don't follow 'em all that much since, during the (especially the last) presidential campaigns, they proved the right-hand side of their claimed "fair and balanced" coverage consisted of flogging the Neocon faction and ignoring or slamming the others - especially the "Liberty" faction and Ron Paul.)

But I haven't checked Thomas.gov to see whether this is accurate, or just an artifact of the media only covering it when a Republican does it, on the "man bites dog IS news" principle.

Comment: Re:The Summary Claims Effect is Cause (Score 1) 33

The Aurora Borealis are not "are an electromagnetic phenomena that can adversely affect ..."

(Putting on my grammar policeman cap, and explicitly not addressing Rob's point...)

I DO wish the author of TFA would correctly use the singular and plural
of "Phenomenon".
  - Phenomenon: One (class of ...)
  - Phenomena: More than one (class of ...)

The Aurora Borealis are a set of related phenomena, involving glows from ionization of various atmospheric elements at different altitudes, various of the Van Allen belts being pumped up with new particles and/or pushed down by magnetic field distortion from solar wind variations, upper-atmosphere currents, ground currents, and I don't know what all else. The author's apparently inconsistent use of the singular and plural makes it difficult to understand what he meant.

Comment: VPN is not useful for avoiding accountability (Score 1) 57

by karlandtanya (#49106487) Attached to: Iran Allows VPNs To Make Millions In Profit

Gov't locks down everything so the only way you can get to where you want to go is by VPN.
Pay for it and you say "Ha! I got around your firewall".
Govt supplies it for free and you say "WTF?! You're issuing internet licenses and spying on me!"

VPN's have useful purposes--getting past (some) firewalls, pretending you're somewhere you're not, protecting your privacy from a *casual* snoop.
As long as you don't *really* care about getting caught doing whatever it is you're doing, a VPN is just fine.
If what you're doing can get you put in the pokey for the next 20 years, you better find a different way to do it!

Don't assume the people running the VPN server have your interests in at heart and don't assume you know who they are (or aren't).
And you're helping pay for their operations!

BTW, I'm using a vpn right now for the second purpose--to pretend i'm in the UK.
For some reason, you can only get a website that sells certain bizzare chocolates (and bronze, glass, or silver items of the similar design) from within the UK. I showed it to my wife; she was NOT amused...

There are new messages.

Working...