Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Comment Re:containment (Score 1) 296

Yeah, not so much for permeation, maybe, but they still quote this as one of the things that help. Could maybe do some for actual leaks - but getting air in would be sad too. The big reason for lower pressure is the lower resistance though - I like paying less in power&cooling thanks to lower power use to keep the platters spinning.

Comment Re:containment (Score 4, Informative) 296

Clever materials choices and lower pressure than on the outside (~40% IIRC). Luckily leakage is easily measured in the product design and testing phase, as well as ongoing QA. So not nearly as much risk to your data as stupid firmware bugs that only turn up under some circumstances after lots of usage. And no, they won't be refillable.

Comment Re: x.509 WTF? (Score 1, Insightful) 110

Of course attacking SSL on the protocol level is by far more useful, since you can just silently sit there and eat all the "secret" data, instead of having to actively MITM particular connections.

But do you really think there is a single US CA out there that would say no to a national security letter requiring them to issue a certificate if they actually needed it? Especially given how Joseph Nacchio was treated for resisting voluntary assistance to the NSA? Or that the Chinese ones wouldn't issue whatever was asked if the Ministry of Public Security turned up and wanted some certificates?

Stuxnet actually proves another part of why the CA system is utterly broken. Because they just had to break in *somewhere* in order to get a key signed by *any* CA in order to sign their stuff. To impersonate Tor developers, they'd have to steal the Tor developers keys, or make up new ones that looks plausable enough. Unlike the X.509 CA system where any attacker might just as well steal the keys of any random project and they'd be just as acceptable since they are signed by a CA.

But you're right, that it isn't a CA-level compromise, unlike DigiNotar who shows that particular line of attack. And were only found out by widespread intercerption of Iranian connections to Gmail.

Comment x.509 WTF? (Score 4, Insightful) 110

The CA model for X.509 certificates has been shown to be utterly broken for protection against intellengence agencies, they clearly have both access to some of the private keys of "trusted" CAs as well as the leverage to have "trusted" CAs issue arbitrary certificates in their home jurisdiction. There is no way in which this would get better by switching to X.509 compared to PGP.

We have already have plenty of malware with valid signatures backed by trusted CAs using stolen keys etc, check stuxnet/duqu for instance.

Now, I know it can be hard to bootstrap a PGP web of trust, and there is certainly plenty of work to be done there to make it easier and user friendlier. But chucking out the one piece of actually working low-level technology for real security in favour of one that is utterly broken, and has been shown to be broken for years, is just plain stupid.

Comment Re:Nice concept (Score 2, Informative) 262

The main benefit is that it runs faster. 64-bit pointers take up twice the space in caches, and especially L1 cache is very space-limited. Loading and storing them also takes twice the bandwidth to main memory.

So for code with lots of complex data types (as opposed to big arrays of floating point data), that still has to run fast, it makes sense. I imagine the Linux kernel developers No1 benchmark of compiling the kernel would run noticably faster with gcc in x32.

The downside is that you need a proper fully functional multi-arch system like is slowly getting adopted by Debian in order to handle multiple ABIs. And then you get into iffy things on if you want the faster /usr/bin/perl or one that can handle 6-gig lists efficiently...

Comment Re:Whoever extracts elements first wins. (Score 1) 58

Gernalized way? Not likely. But in this particular setting (electronic scrap), there is plenty of activity. I know these because they make the local news: - but there are several competitors to them too. Lots of copper and gold and other metals in electronics that is commercially recyclable given that someone sorts it out and throws the electronics in containers with just electronics.

Comment Re:Complication of making a distribution (Score 1) 63

The turbo mode stuff together with the kernel and firmware all come from the same repository. Raspbian is really the Debian:y environment around this.

If you want to run Debian, you can do that too (at a performance penalty since you need to use the soft float version, armhf is targeted for a newer version of ARM than is in the Raspberry Pis). You still need the same non-free blobs to do anything graphical etc though.

Comment Re:Complication of making a distribution (Score 1) 63

Yes, it is called Raspbian, which is Debian with a recompile for the target and some installer tweaks and hooks for pulling in the necessary non-free stuff from which comes from the pi being a closed platform.

Xbian, RaspBMC, etc take Raspbian and then make a custom install based on a package presets and some scripts for automagic setup for those that think Debian is "too complicated". And apparently lots of drama.

Honesty is for the most part less profitable than dishonesty. -- Plato