Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Ummmm... About twice in 16 years (Score 1) 110

by Sycraft-fu (#48661265) Attached to: Apple Pushes First Automated OS X Security Update

In my time in IT, that's what I've seen. There was an update to the 3com 905 drivers back in the day that BSOD's systems, since then there have been more rigorous driver testing. After that there was the recent Windows 7 update that had a problem on some systems. We didn't see any issues on any of our some 400 Windows 7 systems, but I did verify it was real. MS rolled it back with another automated patch.

Oh and I suppose XP SP3 though that wasn't automatic, and the only systems it "broke" were ones with Malware infections so I hardly count that.

So... ya... Personally, I'll take an issue ever decade or so in trade for having a system that it up to date. However, if you'd rather not patch your stuff go ahead, just don't do it on my network, I'll block you.

Comment: Re:of course it wasn't NK (Score 1) 236

Everything about the attack has seemed to be inconsistent with North Korea's tendency towards propaganda.

It just seems... odd... that the attackers behaved consistently like disgruntled employees/ex-employees.

Then Sony started talking about North Korea for whatever reason, and I think the attackers saw that and ran with it, thinking it was a great way to send Sony on a wilde goose chase. Heck, they might have intentionally left evidence pointing towards North Korea from the beginning (I suspect the various tools that the FBI thinks imply NK have already been traded around via underground methods and are in the possession of people other than their original creators/users...). Once there was public talk of NK, I think the attackers just decided it would be effective to screw with Sony regarding "The Interview". It's probably nothing to do with any moral objections to the movie - but it's a great way to cause a major financial loss for Sony and make them think someone else is responsible.

Comment: Re:Weird article (Score 1) 176

by Andy Dodd (#48618925) Attached to: Army To Launch Spy Blimp Over Maryland

Also note, one of the reasons the project got canned was supposedly its inadequacy at friend vs. foe identification.

Privacy advocates are freaking out about a system that apparently can't even reliably tell the difference between "friendly" and "hostile" let alone "that vehicle belongs to John Doe! FOLLOW IT!!!!"

Also, tracking ground targets over terrain (land) is likely feasible at FAR shorter ranges than the 340 miles given in the article.

Comment: No kidding (Score 1) 596

by Sycraft-fu (#48603877) Attached to: Waze Causing Anger Among LA Residents

One of the reasons I live where I do is because I'm close to work, about 4 miles away. Lets me bike in. That way I don't have to deal with the expense and clusterfuck that is parking on a big campus. 4 miles is a very easy, short, ride so it is no problem. You don't need to change or anything, you don't work up a sweat.

Comment: Because Apple has no fucks to give about Windows (Score 2) 161

by Sycraft-fu (#48590571) Attached to: Former iTunes Engineer Tells Court He Worked To Block Competitors

You discover Apple software sucks way less on OS-X. The fanboys will tell you this is evidence of how much better OS-X is, of course, but the real reason is Apple doesn't do a good job on their ports. They really half-ass their Windows ports so they end up not being good software. It is possibly something to try and make OS-X look better but more likely simply laziness and a lack of good Windows developers.

Comment: Windows doesn't stop it (Score 5, Insightful) 161

by Sycraft-fu (#48590561) Attached to: Former iTunes Engineer Tells Court He Worked To Block Competitors

There's a big difference between not going out of your way to support something and going out of your way to prevent it. Windows doesn't have a native POSIX interface (it used to have a basic one) but you can add one if you like. It can be done higher level via something like Cygwin, or it can be done directly in the executive just like the Win32/64 APIs. There is nothing stopping you from adding it, they don't care.

Same deal with DirectX and OpenGL. A Windows GPU driver has to provide DirectX support. It is just part of the WDDM driver. Windows provides no OpenGL acceleration, and no software emulation. However you can provide your own OpenGL driver if you wish, and Intel, nVidia, and AMD all elect to do so. Windows does nothing to stop this and they work great (if the company writes a good driver). Indeed you could develop your own graphic API and implement that, if you wished.

There's a big difference between saying "We aren't going to do any work to support your stuff," and saying "We are going to work to make sure your stuff can't be supported."

Comment: That's not how it works (Score 4, Informative) 379

The court can't just jump up and say "We don't like that, it goes out." They have to follow procedure which means a challenge has to appear in front of them. That challenge can also only be brought by someone with standing, meaning that this law had a negative impact on you somehow.

That's one of the reasons the government loves the secret gathering so much, makes it harder for it to get challenged. If you can't show this harmed you, then you can't fight it in court.

So someone has to be impacted by this, challenge it, and it has to be appealed up to the SC. Then and only then do they rule on it.

Comment: Interesting (Score 1) 140

by Andy Dodd (#48566685) Attached to: $35 Quad-core Hacker SBC Offers Raspberry Pi-like Size and I/O

Hardkernel used to be one of the #1 purveyors of Samsung Exynos development boards (The other being Insignal). Unfortunately, both Insignal and Hardkernel's BSPs for Exynos boards tended to be vastly outdated. (Hardkernel was even violating the GPL with some of their Android 4.2 releases for some of the Exynos 4412 boards for a while - putting up binary images with no source code in sight.)

Now even Hardkernel is putting effort into non-Haxxinos boards...

Comment: If... (Score 1) 103

by jd (#48546713) Attached to: Neglecting the Lessons of Cypherpunk History

You are vulnerable to Social Engineering (and almost everyone is), no security of any kind will ever work. Become a Scottish crofter, it's your only hope of a life.

You are a private individual, see all XKCD coverage. Same remedy.

You are Sony, abandon hope now. You wouldn't even make it as a crofter.

You are anyone else, encryption is not enough. You want segmentation, active NIDS, proxies and firewalls at the gateways, HIDS on the machines, role-based access controls, host-to-host IPSec, security labels on packets, total removal of all vulnerable protocols, disk encryption, strong authentication and Neuromancer's Black Ice. A platoon of extreme freediving Ninja with enhanced magnetic sensors in their eyeballs would help, too.

I have a very small mind and must live with it. -- E. Dijkstra