Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment: Re:It took 5 years? (Score 5, Interesting) 156

Yeah, I can't wait to hear how this is spun I to a tale of how great OSS is.

Wait no more!

The article states that the analysts have identified 8,867 infected IP addresses. In April 2014, Netcraft confirmed that there were roughly 958,919,789 sites on the web at that time. Independently of them, W3Techs state that nearly 68% of servers are running some form of Unix, and the vast majority of those can be safely assumed to be running Linux.

So let's say, then, that better than half a billion sites are potentially vulnerable to this exploit, but in practical terms, over the course of years, a mere 8,867 of them actually were infected by this exploit. That means that, uh... carry the 9... somewhere around, oh... 0.0017734% of all vulnerable Linux sites have been compromised by a hitherto unknown and unmitigated active exploit.

Clearly this debacle is indisputable proof that Linux security is a shambolic, shameful charade that needs to be stopped before the world collapses into chaos.

Comment: Re:so....why? (Score 4, Informative) 94

by grcumb (#49542027) Attached to: Gen. Petraeus To Be Sentenced To Two Years Probation and Fine

We get a lot of articles here that people say don't belong on Slashdot, but I usually side with them being good articles. "Stuff that matters" and all that, personal freedoms, general interest to nerds, etc. But this one...no, I'm just not seeing it. Nothing to do with personal freedoms, nothing to do with computers, nothing to do with public policy, absolutely zero effect on any of us, even those of us in the USA. It's just political celebrity news.

Except that his indiscretions were discovered because his electronic cloak-and-dagger skills weren't what he thought they were, and that the FBI discovered this in an electronic dragnet, and that he, the director of the CIA, disclosed state secrets to his soon-to-be-jealous lover, which constitutes a greater potential breach of security than Snowden and Assange combined....

But aside from that, yeah, no relevance to the life of the average geek. None whatsoever.

Comment: Re:destroy the cell phone? (Score 1) 42

by grcumb (#49402263) Attached to: The Unlikely Effort To Build a Clandestine Cell Phone Network

Wouldn't it be easier to change the SIM card? Destroy the old SIM card instead? Destroying the cell phone seems like a waste. Just delete the incoming call log.

Most phones have a unique handset (i.e. hardware) identifier which is accessible during a telephone or internet session. It's in firmware, but you may or may not be able to change it on demand.

Comment: Re:You don't say... (Score 5, Insightful) 606

by grcumb (#49220069) Attached to: YouTube Video of Racist Chant Results In Fraternity Closure

On the other hand, EVERY area on earth with a predominately black population is a poor violent ghetto.

In the Jamaican neighbourhoods in Toronto to Haitian enclaves in Montreal, the greatest danger you face is burning your tongue on some jerk chicken. In the Muslim banlieues in Paris, you're no more likely to face violence than anywhere else. In most of Africa—the vast majority of the 'black' world—you're safer than in any American city.

I live in a town that's 95% black. I don't even close the windows or lock the doors on my car at night. I can walk away from my bag containing $10K in photographic gear, and not even turn my head. The only thing I get tired of is people's friendliness and desire to chat all the time. True story: A young man stole a tourist's hand bag a while ago. The story made the front page of the newspaper. That's how rare crime is here.

In fact, you can pretty much trace violence in black American (North, Central and South) communities to the legacy of the slave trade, to racial inequality that has led to economic inequality and chronic injustice. There's a strong correlation there. In countries such as Brasil, where the economic inequality was not necessarily race-based, you find more equal-opportunity crime and predation. In Mexico and elsewhere, you find the problems exist primarily where indigenous people are clustered.

TL;DR: You don't have a clue what you're talking about, you ignorant fuckwit. Wilful ignorance such as yours only perpetuates the problem.

Comment: Re:Science vs Belief. (Score 1) 517

by grcumb (#49186355) Attached to: White House Threatens Veto Over EPA "Secret Science" Bills

Sez you.

I have a feeling I'm going to have to repeat this several times to different people: Elsewhere in this topic I've posted the actual language of the bill. Given what it really says, these scenarios are completely unrealistic stretches of the imagination.

Once again: Sez you.

Perhaps you could explain why you think that these scenarios are not likely to happen? I think that the language of the Bill is pretty much designed to stop the application of the Precautionary Principle as a method of environmental protection. By insisting on measurability and replicability of results as the only means of determining policy, you're pretty much throwing any preventive approaches away.

Given the time it's taken in the past to get measures such as, for example, the moratorium on the use of CFCs in consumer goods into place, why would you support anything that makes this task even more difficult and, as others have pointed out, creates an additional burden on the Agency while at the same time limiting its budget to a mere pittance for the actual implementation?

This is a subversive piece of legislation wrapped up in obsequious language. It's disingenuous in the extreme, designed to incapacitate a key agency. And I'm saddened that someone like you, who is otherwise very intelligent, can't see the problem.

Comment: Re:What I find unbelievable... (Score 1) 129

by grcumb (#49185749) Attached to: New Zealand Spied On Nearly Two Dozen Pacific Countries

Have you failed to see how often a preferred ally of the US, suddenly becomes a distant ally, than a country of concern and finally a supporter of terrorism, as they refuse to obey US government dictates.

No, I agree that this would be a concern to some nations. But as I said, based on what I've seen—and that includes anecdotes from some people directly involved in policy making—this particular fear just doesn't come into it. There is such care taken to please the US that Australia often offers more than is necessary to secure a deal.

Comment: Re:Science vs Belief. (Score 2) 517

by grcumb (#49185699) Attached to: White House Threatens Veto Over EPA "Secret Science" Bills

Just as Morganstein says, simply stripping names is not always enough to de-personalize data. But other methods are easily available.

This is a non-issue.

Sez you.

Scenario: Scientific study of infant mortality and birth defect rates in a specific neighbourhood (e.g. Love Canal) is used to justify an EPA order shutting down a major manufacturing facility until such time as it ceases to pollute. The data correlates proximity to pollution sources with health data. Using the now-publicly-available data, the manufacturer identifies every family likely to be involved in a class action suit, applies divide-and-conquer techniques. Lobbyists for the industry hire a quack medical expert who claims the results can't be reliably reproduced. Insurance companies refuse to pay out because they think they can lay the blame on the manufacturer. The company, meanwhile, continues polluting, possibly forever.

Scenario: Scientific study of environmental effects of Chemical A are troubling, but inconclusive. The EPA issues a ruling applying the Precautionary Principle, stopping use of Chemical A until further studies have been completed. Industry lobbyists challenge the ruling, stating that the science is neither well-established nor reproducible. Chemical A is put into widespread use. Further study determines the fears were justified, but it's too late—hundreds or thousands of people are already suffering adverse effects.

Comment: Re:What I find unbelievable... (Score 2) 129

by grcumb (#49185243) Attached to: New Zealand Spied On Nearly Two Dozen Pacific Countries

You seriously think Australia politicians want to sign the Trans Pacific Partnership and abandon their constitution to US corporate dictates and as a consequence lose any chance of ever being elected again but if they are corrupt enough they will and the consequences for US Australia relations will be awful.

Having seen what I've seen of Australian politics, and based on the observations of some who have been in the room, so to speak, yes, I do believe that they lose all reason when it comes to pleasing the US.

Comment: Re:What I find unbelievable... (Score 4, Insightful) 129

by grcumb (#49183919) Attached to: New Zealand Spied On Nearly Two Dozen Pacific Countries

But the Snowden papers show that counter-terrorism is at most a minor part of the GCSB's operations. Most projects are assisting the US and allies to gather political and economic intelligence country-by-country around the world.

That's what is going to give this story legs. If it's proven that the information was used to affect domestic policy or international relations, or if there's strong evidence that it was used to exert economic leverage over Pacific island nations, then New Zealand's credibility in the neighbourhood drops drastically.

In years past, a lot of the voice and data traffic in the South Pacific was handled by a company named Pacific Teleports. They resold bandwidth on an Intelsat bird. The ham-fisted monitoring there was almost a joke. You could actually see an additional 80-100 ms lag introduced at the exact point where the traffic left their earth station in Australia and entered the terrestrial networks there. SSL sessions would break continually.

But people more or less expected this kind of behaviour from Australia. They've never really thought of the Pacific islands region as anything more than an undeclared territory, and ever since George W. Bush appointed Australia the 'sheriff' (his word) in the region, they've been even more ham-fisted in their approach.

New Zealand, on the other hand, has always portrayed itself as a Pacific island country, perhaps the first among equals, but a peer to its neighbours. Its aid programme was more engaged, and it welcomed Polynesians and Melanesians much more warmly than Australia. The difference is similar to the difference between the USA and Canada. Now, imagine Canada being revealed as the primary source of intelligence gathering in the Caribbean.

Australia has always been somewhat brazen in its attempts to influence events in the Pacific islands. New Zealand, in contrast, has (until now) appeared to be the more reasonable of the two. If that changes, then it has the potential to drive these strategically important nations closer to China. I'm not suggesting it would be 1941 all over again, but if it ever came to that, you'd think Australia and NZ would want friends on the islands here, rather than strangers.

Comment: Re:Hashes not useful (Score 1) 324

by grcumb (#49159859) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

Seagate is correct. Putting a hash on the website doesn't improve security at all because anyone who can change the download can also change the web page containing the hash.

Perhaps, but the change would be kind of visible. It would be trivially easy to require concurrent events to be associated with the key change, e.g. have an SVP send an email stating, 'I confirm the new hash key is $FOO' to half a dozen senior technical employees. The odds of all of them being compromised is vanishingly small.

A tool to verify the firmware is poetically impossible to write.

Writing phonetically for meter:

foreach dollar testkey in foo{
while input is not empty { do {
test result equals (hash lookup in sequel)
}}
if (test result's good) return true;

As the trials of life continue to take their toll, remember that there is always a future in Computer Maintenance. -- National Lampoon, "Deteriorata"

Working...