Follow Slashdot stories on Twitter


Forgot your password?

Comment: No fuck off (Score 1) 461

by mattventura (#48909007) Attached to: Police Organization Wants Cop-Spotting Dropped From Waze App
Every time I see a cop doing something useless like sitting at the side of the road I want to see their budget cut. They do that crap instead of helping with real crimes. And don't say "but the traffic cops are the same cops that would be investigating crimes" because it's all under one budget.

Comment: Re:The noob is you (Score 1) 216

by mattventura (#48891621) Attached to: China Cuts Off Some VPNs
I wouldn't be so sure. Any application with forced SSL is going to look exactly the same from a data standpoint. It's going to start with the SSL handshake, and then everything after that will be indistinguishable. Yes, they could look at how much data there is or data over time, but DPI doesn't get you very far when all SSL traffic looks exactly the same. And even then, you could just pick some port that would normally have a solid amount of data and persistent connections, like IMAPS.

Comment: Re:Solves a different problem I'm not sure exists? (Score 1) 85

by mattventura (#48889759) Attached to: 'Never Miss Another Delivery' - if You Have a TrackPIN (Video)
Ever tried receiving packages when you live in a smaller apartment building with no reception area or anything like that? USPS generally has access to the actual mailboxes, but USPS and friends will force you to either be there. Your options are: sit out front of the building for hours (I love it when my package is "out for delivery" at 6 AM and gets delivered at 8 PM), go pick it up at a depot (which is not the same as a UPS store, no idea why they can't do that), or just sign the note they leave. That last option isn't available if the sender requests an in-person signature.

So I order something from Amazon, and they required an in-person sig, which I didn't even know until they left the note. After calling UPS to try to just get them to dump the thing out front, they directed me to their website. Of course, their website didn't work because it thought my address was invalid, and their phone support couldn't help me with that. I also called Amazon and asked them why the hell they required an in-person signature to begin with, and their support was equally unhelpful.

The end result? I had to drive for a total of an hour to pick up my $7 cable 2 days later than I should have had it. I'm pretty sure it would have been a better use of time to just go to a store to buy it. Why Amazon required in-person signing for a $7 package to begin with is beyond me.

Comment: Re:Why would you ever need more than the kernel? (Score 2) 43

by mattventura (#48862121) Attached to: Canonical Launches Internet-of-Things Version of Ubuntu Core
The problem I have is that it will probably end up far more bloated than it should be. The less bloated stuff there is, the less of a need for updates there is. Why would an IoT device be vulnerable to shellshock when it should have had a lightweight shell like ash instead of bash to begin with? Why would it have systemd instead of an embedded-centric init system like procd? Automatic updates are actually terrible from a usability standpoint because something can quite literally break overnight.

Comment: Re:Thunderbolt seems inherently insecure (Score 2) 135

by mattventura (#48770425) Attached to: First OSX Bootkit Revealed
It's no different than doing the exact same thing over Firewire, but it's a lot easier to hide an exploit in plain sight. When you exploit over something like Firewire or Thunderbolt, it could be a simple "Hey, can I charge my iPhone?". I remember an old exploit that you could do using one of the ancient Firewire iPods. That's a lot different than "Hey, can I plug this random card into your computer?" when you want to do it over CardBus or ExpressCard.

Comment: Re:Thunderbolt seems inherently insecure (Score 1) 135

by mattventura (#48770379) Attached to: First OSX Bootkit Revealed
On a desktop, I don't think it would be a problem. If you had a rather standard encryption scheme where you enter your passphrase on boot, it wouldn't be exploitable because someone would have to shut down the machine, stick a PCIe card in, and then boot again, thus losing the encryption key until it is entered again. It's just that laptops tend to have to have more exploitable interfaces that support hotplugging (like ExpressCard and Thunderbolt) whereas a desktop at most might have Firewire.

I'm surprised nobody has engineered a DMA exploit over SATA, considering it's hotpluggable and rather ubiquitous.

Comment: Re:No (Score 1) 325

by mattventura (#48769799) Attached to: Ask Slashdot: High-Performance Laptop That Doesn't Overheat?
I don't know if the newer ones are any better, but my W510 definitely has overheating issues. They basically took the exact same cooling system used in the T510 and tried to use it to cool a quadcore and workstation video chip. The CPU could hit the point where it would start to throttle. Even after putting on better thermal paste, it still gets hot enough to cause the GPU to throttle. Basically any high performance laptop that doesn't either have a huge cooling system or a separate system for the CPU and GPU can run into these issues.

From Sharp minds come... pointed heads. -- Bryan Sparrowhawk