Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

+ - 'Super-secure' BlackPhone pwned by super-silly txt msg bug->

Submitted by mask.of.sanity
mask.of.sanity (1228908) writes "The maker of BlackPhone – a mobile marketed as offering unusually high levels of security – has patched a critical vulnerability that allows hackers to run malicious code on the handsets. Attackers need little more than a phone number to send a message that can compromise the devices via the Silent Text application.

The impact of the flaw is troubling because BlackPhone attracts what hackers see as high-value victims: those willing to invest AU$765 (£415, $630) in a phone that claims to put security above form and features may well have valuable calls and texts to hide from eavesdroppers."

Link to Original Source

Comment: If your are first... (Score 1) 1

by niftymitch (#48921755) Attached to: Disk array with 99.999% availablity for 4 years, without maintenance

If you are first it is hard to be redundant no mater what the cost.

This is almost interesting. As disks get less and less expensive per GB
the entire issue of a reliable RAID both for capacity, reliability and speed
is an increasingly interesting problem.

The difficult thing today is the backup and restoration from a backup.
Large individual TB disks do take a bit of time to write and verify. Copying from
A to B for an off line copy takes a lot of time.... Vast filesystems of the
modern cloud have additional issues.
With viruses and malware that encrypt filesystems and devices. There is an
honest need for off line read only copies when you are held hostage.

Realistic failure and repair assumptions is a red flag.

+ - Is Pascal an Underrated Programming Language? 6

Submitted by Anonymous Coward
An anonymous reader writes "In the recent Slashdot discussion on the D programming language, I was surprised to see criticisms of Pascal that were based on old information and outdated implementations. While I’m sure that, for example, Brian Kernighan’s criticisms of Pascal were valid in 1981, things have moved on since then. Current Object Pascal largely addresses Kernighan’s critique and also includes language features such as anonymous methods, reflection and attributes, class helpers, generics and more (see also Marco Cantu’s recent Object Pascal presentation). Cross-platform development is fairly straightforward with Pascal. Delphi targets Windows, OS X, iOS and Android. Free Pascal targets many operating systems and architectures and Lazarus provides a Delphi-like IDE for Free Pascal. So what do you think? Is Pascal underrated?"

Comment: Why yes it is. (Score 1) 6

by niftymitch (#48896989) Attached to: Is Pascal an Underrated Programming Language?

Pascal is underrated as a language.
It might be said that Modula II improved on it.

As a teaching tool it is astoundingly effective with one limitation.
The set of Pascal compilers out there is not nearly as rich or
portable as Python, Java or JavaScript...

I do not have ^pointers to references but it reduces many
teaching assistant tasks and if the program compiles it tends
do do what the author intended.

Today too many think the value of a language is the massive piles
of library cruft that goes with it. That alone makes Python a winner
because most stuff has been done and the big task is not learning
the language but finding what you need in the pile of changing
library routines.

It is verbose... but for the top down designer a classic screen or
two (24linesx80char) can capture most functions.

It is not well placed as an OS coding language but worthy
systems have been coded in it.

It has a lot of features. Tex & Metafont were coded in a subset
of Pascal. By reducing the language correctness was improved.

Some day I will have to ask DK if he would select a different programming
language if he knew then what we have today.

Students... first year yes.
Working in my shop not so sure.

Comment: This enables.... (Score 1) 169

by niftymitch (#48891061) Attached to: Google Just Made It Easier To Run Linux On Your Chromebook

This may enable potentially important solutions like: http://www.spi.dod.mil/lipose....
Lightweight Portable Security (LPS) creates a secure end node from trusted media on
almost any Intel-based computer (PC or Mac). LPS boots a thin Linux operating system
from a CD or USB flash stick without mounting a local hard drive.

The LPS may be less than ideal but it is a good step forward and makes it clear
that a like solution has a valid place in government and corporate America.
Some think this is a baby step. I think it is a step in the correct direction.

Comment: Re:But Java... (Score 1) 79

by niftymitch (#48873165) Attached to: Oracle Releases Massive Security Update

Those languages strongly encourage you to produce your own security holes.

This is sage... No language can protect from a stupid programmer.

Of interest the security model and features in Java as far as I can tell has foundational
problems. The sandbox is not as well built as it might be .... and parts of the security
model are unverified and ill understood.

It is a notable language. It is not magically secure...
The moderately recent enhancements to the VM to permit other languages to use the VM are interesting.

Oracle has used Java for a long time and before they picked off Sun depended on a very old
and outdated version of Java to run many Oracle tools in a browser. This left such a bad
impression on me that I have been unwilling to look and see if it is still necessary to use Java 4.5
or whatever it was...

In the intervening years I would hope that Oracle fixed this now that they own both parts.
Not owning a dependency is like having a pebble in your shoe, painful and crippling.
Being an optimist I hope this was the reason for getting Sun... I hope they acted on it.

Comment: Re:instant disqualification (Score 1) 647

by niftymitch (#48873071) Attached to: Justified: Visual Basic Over Python For an Intro To Programming

....
    flCoffee = 8

Verbosity is one of the reasons Pascal was a complete failure. It wasn't pragmatic and/or practical for SERIOUS coding.

Pascal had the advantage of replacing a gaggle of teaching assistants with a compiler.
As a teaching tool it is worthy of consideration.
In reality finding Pascal compilers is moderately difficult which might exclude it.
But as a first language capable of real programs it is real.

I do have a bias. One of the best assembly programmers I know
is also an astounding Pascal programmer. His assembly had all
the organizational requirements that the Pascal language enforces but
in assembly it is a free for all but he keeps it together.

Proof to me was his six+ months of work on a BIOS with no emulator
that booted the first time on new hardware when the hardware was done.
Back when the MC68000 was hot cutting edge stuff tools were sparse and skilled
disciplined programmers were a requirement. Skill and discipline still has value.

Comment: Re:instant disqualification (Score 1) 647

by niftymitch (#48873029) Attached to: Justified: Visual Basic Over Python For an Intro To Programming

Your vbnc was last updated in 2010, .......

Visual Basic .NET is now on version 12. vbnc is horribly behind, and ......

On the flipside, Python now comes standard with most Linux distributions, and is standard with Mac OS X. It's very simple to install on Windows and even comes with a bare-bones IDE for editing code. In every respect, it is easier to get started using Python than to start using VB .NET, especially on non-Windows platforms.

OK the out of date horribly behind should not be an issue in a basic class.
A language that moves so fast that basic classes are obsolete is absolutely BROKEN!

It is darn hard to build class material and train teachers. Class content often needs review
to the point that modest revisions are just as hard as a full rewrite (something is broken here).

A year or two of class work can be full of fundamental content that is built not quicksand.

Comment: Page count... of language.. (Score 1) 647

by niftymitch (#48872985) Attached to: Justified: Visual Basic Over Python For an Intro To Programming

The incredible complex bit is bogus
The book on "c" is vastly shorter than any VB intro text.

If he is a good instructor any modern or near modern language is fine with me (I have my doubts).

I have my preferences in strongly typed languages and I am open to functional vs. object oriented
models. I have been astounded with the work that clever folk do with OO languages but I get
disillusioned when maintenance becomes an issue. Pascal helped many instructors and for
that reason alone still needs to be on the list.

Any language that takes more pages to describe than "The C Programming Language" uses
is suspect to me. Sadly many consider the big pile of library functions and all their interactions
as part of the language.

Modern languages need to be precise enough that a compiler can make common optimizations
safely. A foundation of basic library functions that only depends on the language itself can be
volume II. Having said that string libraries need to be improved. Math libraries are important
to me so Vol III but bounded to K-12 math and statistics. Sorting and Searching can be Vol IV.
University level tools and goals as addressed in libraries need their own number space.

But Vol I needs to be the language itself and no more.

Comment: Well DUH.... (Score 1) 81

by niftymitch (#48848315) Attached to: NSA Prepares For Future Techno-Battles By Plotting Network Takedowns

Well DUH....

All the more reason to bug Micro$oft to fix bugs.
As the single largest vector of system infections Micro$oft
seem to be playing loosie goosie and we are all at risk for it.

Fix them bugs ladies and gents.

The astounding bit is the astounding parade of tuesday patches
mostly the bugs are stupid blunder but not all.

At this point all the TLAs and near and far nations and corporations
have copies of WindowZ and it is a simple race to find exploit or find
and plug. For microsoft to take 90+ days to fix a known and verified bug
seems like a lot of time. Given the cash flow to management there is
clearly a mismatch to the talent I know to be there.

All the players need to get it together and focus on stability and correctness.
Yes you too Linus...

N.B. It is clearly time to jailbreak any phone that the seller fails to update.
When network operators like AT&T blocks hardware vendors like Samsung
from issuing patches BY CONTRACT we have a problem. OK I am feeling
a bit Samstung but they are not alone. PS how hard is it to engineer in a bigger
battery so I can get 36 hours of life from the thing... That is not software, that
is not very much in the way of a case adjustment. I would be happy with
a phone the size of a box of Marlboros. BTW Darrell was a nice guy.

Comment: Re:No evidence (Score 1) 263

by niftymitch (#48843561) Attached to: Google Releases More Windows Bugs

"Microsoft says there's no evidence these flaws haven't been successfully exploited."
FTFY.

Anyone that runs a web server or other interactive device on the internet and also looks at their logs knows that
the list of exploited flaws in all types of systems is best enumerated by counting on both fingers and toes in binary.
The data that flows past a company like Google is astounding.
Mostly we hear about some engineer discovering a bug by inspecting
code. What we do not often hear is the cases where honeypots watched
by "G" or "deep web exploration" discovers who, what, how and where...
We also do not see disclosures where a TLA agency sends a confidential
email to an engineer at a security company that then files the bug.

N.B. the banner that Google pops up and announces that this site is a risky
place to go and that it has been found to serve up malware and other
bad code.

This is a big problem and perhaps the #1 external issue of any web based
company. Especially one that is constantly under attack from all the corners of the
globe.

I happen to have grown fondish of some of the windows only application tools.
That list of applications grows despite my personal preference of a _nix OS.
I always ask the vendor for non-Windows tools....

Given the quality of engineers I personally know that work at MS I can only
assume that there is an astounding failure by management to improve the
product and its foundations.

Comment: If justified the police department... (Score 1) 784

by niftymitch (#48843485) Attached to: Parents Investigated For Neglect For Letting Kids Walk Home Alone

If this is justified the police department needs to
be sacked.

Just living in a neighborhood where a ten year old and younger sibling
cannot take a 20 min walk is scary to the extreme and tells me that
"protective" services are in order and that these parents qualify for
a concealed carry permit to supplement an open carry of a 12-Gauge
shotgun.

Comment: Half the funk and wag (Score 1) 894

by niftymitch (#48836637) Attached to: Pope Francis: There Are Limits To Freedom of Expression

A friend in a politically correct company has
noted that half the dictionary is now off limits.

Sadly you cannot even have a single dictionary because
one of them has a bright red cover.

After lining up some 20 different dictionaries it was noted that fucha was under represented
and now that adjective is in the endangered list. Rose colored glasses are verboten...

Comment: Why should G bother (Score 1) 629

by niftymitch (#48809295) Attached to: Google Throws Microsoft Under Bus, Then Won't Patch Android Flaw

Why should google bother.
Samsung, AT&T and many others will not patch the locked devices they sold
even if Google issued a patch none of these would update their devices.

Perhaps just perhaps this will generate a liability that in turn will
get these yeahoos to get their act together.

Memories of you remind me of you. -- Karl Lehenbauer

Working...