Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:B0ll0cks... (Score 1) 434

It would be my pleasure to see the whole lot of them have the actual text of the law applied to them as though they were a tattooed black guy with multiple priors.

We often have suitable laws; but they just mysteriously never even get brought up, much less by people in a position to do something about them.

Comment: Re:B0ll0cks... (Score 3, Insightful) 434

It's either bullshit(fairly likely) or the rules need to be changed yesterday(actually, at least a couple of administrations ago).

Aside from the obvious issues with complying with transparency, discoverability, and archiving requirements that are legally imposed on official business even at much lower levels(heck, I've done penny-ante IT minion stuff for small municipalities that was subject to public records laws that would have made doing things over personal email grossly unprofessional at best and illegal at worst, and she's the fucking Secretary of State...), what about security?

Given the delightful creep of the Top Secret National Security Stuff blob to cover ever larger swaths of DC, surely the Secretary of State does some emailing about stuff that is, at least for little people, probably supposed to not leave the SCIF, much less be handled by who-knows-who at some random email provider or a DNC mailserver admin.

Comment: Re:The real morale of the story (Score 2) 193

I can't speak for TechyImmigrant; but it sounds like he is nervous about things that suggest software development(especially by people with no track record of it) substantially more involved than microcontroller firmware. Which is probably fair, given that even professional developers working for companies that make software have horror stories.

If that's in fact his reasoning, there's probably a distinction between "Using a handy bluetooth module that acts like a serial port because most laptops and no cellphones have RS-232 ports", which is relatively safe, easy, and close to drop-in; and "Adding a nice, easy, drop-in wireless module so that our smartphone app(coming real soon now, we promise!) can communicate with the onboard web interface we've almost finished writing!", which has the potential to go nowhere, slowly.

Comment: Re:The real morale of the story (Score 1) 193

Simple, useful and you know you could do it yourself if you weren't so lazy. You're paying them to be less lazy that you.

Also a reasonably handy way(not necessarily optimal; but good enough to get the job done) to organize the equivalent of a group buy. Unless you really love screwing around with toner transfer and ferric chloride, PCBs get markedly cheaper when you go from 1 unit to a few hundred or few thousand units, as do pretty much all the components you'd stuff the PCBs with. DIY isn't impossible or anything; but it'll be a good bit cheaper per unit if the quantity is higher.

Comment: Re: Morale of the Story (Score 2) 193

What I find a bit surprising about this story is not that it turned out to be a kickstarter disappointment(big surprise there...); but that they managed to survive a legal challenge(expensive, unpredictable, bolt-from-the-blue), and software development going to hell(common enough that you can safely assume it'll probably happen; but still a potentially crippling blow to timelines and budgets); but then got blown to hell by the BoM somehow going from 'sell for $99' to 'can't sell for less than $350'.

Apparently naively, I would have expected BoM to be markedly more predictable, and controllable, than either legal or software costs.

Comment: Re:FDE is unreliable in Android (Score 1) 110

There's also the problem that, given the fairly tight power constraints and often mediocre storage in phones, even fully fixed software is going to be somewhat mediocre if the hardware producers aren't shoved to support the feature.

On the PC side, it doesn't matter as much, it's downright tricky to buy a slow CPU and only modestly costly to get a really fast SSD, so doing FDE fully in software is relatively painless(though you can also get hardware support, of TCG Opal is your thing). Phones, not so much. Especially in the cheaper seats there are often some fairly terrible storage performance at the best of times, and while modern CPUs are fast when asked to be, you'll pay in battery life for every second they spend not sleeping.

Comment: Re:Isis (Score 1) 511

Oh, certainly. My point is not that they are harmless, or that their aims are noble(they aren't, and if they could they'd continue expanding until they ran out of room and/or infidels); but that this ideological commitment to territorial expansion also has downsides for them.

Since their desire is to expand(and their continued legitimacy as a 'caliphate' depends on it), they can expect basically all their neighbors to be frosty at best. The ones that aren't Real True Muslims can expect to have their heads sawed off and used to make snuff films, so they aren't going to be too happy, and will have a strong incentive to fight like their lives depend on it, because they do, and even the Real True Muslims can, at best, land an Emirate or similar subservient status. If the alternative is losing power entirely, they'll probably go for it; but they certainly won't like the idea. Aside from ensuring that local politics remain ugly, the enthusiasm for territory also requires a comparatively large amount of manpower dedicated to fighting relatively conventional battles for borders as well as doing boring but necessary administration and governance stuff. And, in addition to there being nothing quite like really, really, boring bureaucratic work to cool some hormonal, maladjusted 18-20something's zeal for Jihad, people fighting comparatively conventionally to take or hold territory are the type of army that we have the best shot at picking off from the air. They probably won't oblige us by behaving exactly like 1970s commies, only lower budget; but they aren't going to take and hold a contiguous nation-state without at least periods of relatively conventional warfare, of the kind the air force just smiles really wide when it looks down upon.

They can still be nasty fuckers, and they are; but their ability to focus on the 'far enemy' (ie. us) is pretty small compared to their ability to focus on the 'near enemy'(every last person who ended up on the wrong side of a nasty little tribal feud in the middle east). Not necessarily zero; but very low per unit manpower and resources.

Contrast to classic Al Qaeda, or the assorted islamist militants that Pakistan's ISI cultivates for use as proxies against India: such groups have no particular territorial ambitions, they just need some basic office and living space, they are generally at least somewhat willing to be 'ecumenical' about various internecine disputes as long as there are Americans and Jews and so on to attend to. Much less dramatic, in terms of capturing locations with actual place names and generally acting like a state; but much more flexible in their ability, and willingness, to deploy resources against soft targets wherever the opportunity arises, and much trickier to root out, since they both look much more like civilians and have a much better chance of having good relationships with at least one host country.

I would definitely agree that IS showing signs of actually expanding out of their little shithole would be Bad; but unless they can do that, their expansionist desires actually make them somewhat less risky to our interests because they'll be focused on slugging it out with their neighbors, rather than blowing up targets of opportunity worldwide. (Very, very, cynically, an IS that fails to expand might even have some benefits: if you want to remain even a nominally liberal democracy, you can't really do anything about religious wackjobs who hate you and your civilization; but live there anyway for some reason, until they actually do something criminal. If, suddenly, their most-likely-to-be-violent and/or most zealous people voluntarily start emigrating to some hellhole to get themselves killed, well, sucks for the neighbors; but some of your problems are now solving themselves.)

Comment: Re:Isis (Score 2) 511

We're all in ISIS' gunsights. It's just a question of who's first

That isn't entirely false, in that they'd be more than happy continue their merry little campaign unto victory or death; but it's a fairly shoddy version of true.

ISIS are a bunch of sociopathically bad neighbors; but their ambition to 'caliphate'(which implies and requires acquisition and effective control and administration of territory) makes them rather more locally focused than an outfit like Al Quaeda. As does their (admittedly gruesome) enthusiasm for settling local grudge matches with Shia and various other groups they deem heterodox. It doesn't make them nice; but it does make them more likely to spend their time on local bloodletting rather than international plotting, and it makes them so uncompromising that they aren't particularly good allies, even of the most cynical convenience, for anyone. They've made it fairly clear that anyone who isn't the correct flavor of muslim is definitely off the table, and they don't call their little strip of sand "The Islamic State" as a gesture of cooperation with other nominally-islamic states in the region, who are unlikely to take being called illegitimate very well.

Comment: Pathetic much? (Score 4, Funny) 511

Should I take it as an unflattering reflection of the true strength of The Caliphate(tm) that it is being actively butthurt about having its twitter privileges revoked? That's the sort of thing that is pretty pathetic among individuals, much less would-be nation states allegedly arranged allong deity-ordained lines.

Comment: Re:I should think so! (Score 1) 107

by fuzzyfuzzyfungus (#49159499) Attached to: Blu-Ray Players Hackable Via Malicious Discs
The whole point of my post was to suggest one method for causing trouble with URL requests, and I don't doubt that there are others.

However, that doesn't change the fact that, while basically every step of the process is potentially up for grabs, the URLs stamped into the disk are static. Short of replacing the disk nobody gets to change them.

If you control the JVM, you can rewrite them there, if you control the player's OS, you can rewrite them there, if you arrange for your host to be the one replying you can provide whatever response you wish, all true, all bad; but not the same as changing the URLs on the disk.

Comment: Re: I should think so! (Score 3, Insightful) 107

by fuzzyfuzzyfungus (#49155807) Attached to: Blu-Ray Players Hackable Via Malicious Discs
I think that the apps are supposed to be signed(at least to get useful elevated priviliges, like access to the network or to the player local storage); but if a signed, legitimate, app makes a network request to a server that is no longer friendly, then it becomes a question of input validation, even if the application signing scheme is 100% in order and nobody screwed any part of that up.

Call me a pessimist; but I'd bet nontrivial money that a lot of the 'interactive' cruft that is pumped out to bulk up 'special edition' releases is barely up to the challenge of presenting a helpful error message if it gets a 404 from the remote host, much less not falling over and wagging its tail against moderately clever malice. In that case, it'd be a fully signed and approved app doing the work, but taking action based on (ill-founded) trust in content it downloaded.

Comment: Re:Best defense is not to care (Score 1) 107

by fuzzyfuzzyfungus (#49155565) Attached to: Blu-Ray Players Hackable Via Malicious Discs
I'd not be terribly interested in the capabilities of the players themselves(routers make better zombies and are way more internet facing and unlikely to be turned off, and generally atrocious on security); but I would be very, very, nervous about anything that serves as a nice, subtle, persistent implant on a LAN.

Even enterprises have a nasty habit of pretending that they can get away with a little sloppiness 'inside the firewall', and consumer gear often can't be persuaded not be absurdly trusting of anything that happens to share a subnet with, in the interests of ease-of-use, 'autodiscovery', and similar. If you can get an implant on one device, especially one that nobody is going to suspect(and may have few options, short of replacing, if they do), you can reinfect other devices as they pop up more or less at your leisure.

Comment: Re:Ha ha they used JAVA; morons! (Score 2) 107

by fuzzyfuzzyfungus (#49155521) Attached to: Blu-Ray Players Hackable Via Malicious Discs
Unfortunately, it's not just blu ray: 'BD-J' is their specific variant; but it is based on the so-called 'Globally Executable MHP', a truly horrifying acronym-standard-soup constructed to enable vaguely interoperable java-based UI atrocities for various flavors of set top box associated with DVB-T, DVB-S, and DVB-C(Basically, all digital broadcast and cable activity that isn't ATSC, ISDB, DTMB, or some fully proprietary oddball).

BD-J is North America's main point of contact with this delightful substance; but it enjoys near-total ubiquity in the parts of the world that also use DVB.

Badges? We don't need no stinking badges.