Forgot your password?

Comment: Re:passive scan isn't perfect (Score 1) 127

by makomk (#47564779) Attached to: Old Apache Code At Root of Android FakeID Mess

Barring another bug, it can - and probably does - scan for *all* ways to exploit it. The issue is that Android itself doesn't properly verify the certificate chain in packages before installing them, and Play Services can easily perform all of the missing checks itself and reject any package that fails them.

Comment: Re:DEBUNKED (Score 2) 373

by makomk (#46269151) Attached to: Report: Valve Anti-Cheat (VAC) Scans Your DNS History

For values of "debunked" equal to "people clueless about how VAC works are loudly insisting that it's not true, and being believed because Valve fanbois". (Amongst other issues, you won't find the code of any VAC modules in Steam's or the game's DLLs because they're downloaded from the server at runtime in order to make them harder to reverse-engineer and block.) Someone later in the thread has apparently tested and found that stuffing the DNS cache with bogus entries increases the amount of SSL-encrypted data VAC sends back by almost exactly twice the size of the MD5 hashes of all those entries, and clearing the cache returns the amount of data sent back to what it was. (It may not necessarily be possible for others to replicate this, as I recall one of VAC's anti-reverse-engineering measures is that different people receive a different subset of the payload modules. So far no-one's tried though, they've just said it's not proof enough.)

Comment: Re: Verilog (Score 1) 365

by makomk (#45905299) Attached to: Ask Slashdot: How Many (Electronics) Gates Is That Software Algorithm?

You've forgotten about fixed point, which isn't really any more complicated to implement than integer arithmetic and is a perfectly reasonable way of implementing integer division by a fixed divisor. (A lot of compilers actually use this trick, because even running on a CPU it's often more efficient than using hardware division.)

Comment: Re:Hard to believe (Score 5, Insightful) 804

by makomk (#45794447) Attached to: What Would It Cost To Build a Windows Version of the Pricey New Mac Pro?

Yeah, quite. The base Mac Pro actually turns out to be fairly reasonably priced for the combination of components inside, but - and this is important - there is essentially no reason to get that combination of components unless you have no other choice because you're buying a Mac. For instance, they're paying out quite a bit of extra money in order to fit everything into a smaller case, even though that'd actually be a downside for many customers. Also, most of the professional applications out there that use GPU acceleration can only make use of a single GPU, so the second $3400 GPU will be sitting completely idle for most Mac Pro buyers. What's more, as the article mentions many apps run better on NVidia GPUs anyway. Also, how many of the GPU-accelerated apps can also make full use of a 12-core CPU?

Comment: Re:RSA's name is now mud (Score 1) 291

by makomk (#45765449) Attached to: RSA Flatly Denies That It Weakened Crypto For NSA Money

Why? Running glorified PR pieces is the safest thing you can do under British libel law. Also, it certainly didn't stop our journalists going off the rails and smearing random members of the public on the front page, since random members of the public don't have the money for a libel suit - it just blocked criticism of large businesses and the wealthy.

Comment: Re:It's a very sad day (Score 5, Informative) 291

by makomk (#45765435) Attached to: RSA Flatly Denies That It Weakened Crypto For NSA Money

Except they didn't notify their customers when the potential backdoor became public knowledge and most crypto library developers cautioned against it. That happened a year or two after it was introduced back in 2006 or 2007, yet they didn't notify their customers or change it from being the default until 2013, leaving those customers using crypto that RSA basically knew was backdoored for years. (It should've been even more obvious to RSA that there was a backdoor than it was to the rest of the crypto community, since the people with the ability to backdoor it had bribed them to use it as the default in their crypto product.)

The F-15 Eagle: If it's up, we'll shoot it down. If it's down, we'll blow it up. -- A McDonnel-Douglas ad from a few years ago