Slashdot videos: Now with more Slashdot!

So because a bunch of flight instructors don't like dealing with the FAA the organization isn't effective at ensuring airline safety? You can tell stories about stupid things that happen in ANY organization and the FAA is no different. Yeah, not everything the FAA does is perfect - news at 11. Of course the aviation industry has achieved a ridiculously impressive safety record and the FAA has been a huge part of that. Coincidence? Not remotely. Just because an organization does some silly stuff doesn't negate their actual accomplishments.

For general aviation sure. It's expensive, time consuming, and causes your insurance rates to go through the roof if you are a general aviation pilot. Owning and maintaining a plane is not a cheap hobby.

If you are a pro the pay for a newbie pilot is ridiculously low and that has nothing at all to do with the FAA. That's simply due to the fact that there is an excess supply of pilot so wages get pushed down. I have a cousin who became a airline pilot. Spent a ton of money getting trained and was making all of about $30K/year in salary to drive the bus in the sky. Gee, wonder why people wouldn't want to become a pilot if the wages are shit and the hours are long.

So don't piss him off.

Just because a part is functional and not yet broken does not mean it is inappropriate to take it out of service. I'm sure you can find examples of something silly done by some FAA employee but the fact remains that without them the safety record of the aviation industry would not be anywhere close to what it is today.

Oh and the airlines industry right now is reporting record profits. Airlines going broke? Only the badly run ones. They've finally figured out that having excess capacity is economically stupid and they've started charging ticket and other fees that are high enough to actually generate a profit. What a concept...

Thorium reactors don't need cooling? I think you don't understand the physics involved. Some newer reactor designs have passive cooling systems which are (theoretically) safer but they still need and have cooling systems. Fission generates heat which is used to drive turbines. If you have heat you must have a cooling system. It takes a substantial amount of time for a fission reactor to cool even once the reaction is shut down and you have to have some form of cooling system in place to do that.

Nuclear (specifically fission) power generation is cheap. All the safety systems, regulatory oversight, large construction projects, waste management/disposal, licensing, project management, environmental impact, financing and maintenance of nuclear power are tremendously expensive. And you cannot separate the power generation from the rest of those items.

I've been hearing that since the '80s.

...in economics terms.

I am currently an avid Android user.

I used to be an avid Windows Mobile user. WM5/6 were actually, when they existed, the MOST power-user/business-friendly mobile OSes out there. They were more geek-friendly than any of the horrifically locked-down "Linux-based" mobile OSes.

Then Microsoft dropped WP7 on the world - an OS which was unusable for nearly 100% of the core WM5/WM6 user base. At the same time, Android was coming onto the scene, which had everything that WM5/WM6's core user base wanted. MS never recovered, they utterly screwed up. NEVER alienate the majority of your core user base, even if it's trying to reach a "new" audience - especially when the "new" audience you're targeting is already drooling over a competitor (Apple).

Assuming there isn't something that prevents the boot image from being replaced. See my other, more extensive, comment in this thread.

They're better than that. Surgeons in operating rooms are cribbing from the FAA for techniques and procedures to improve patient safety. The safety record of the airline industry is quite remarkable and the FAA deserves a huge amount of the credit for that achievement. I've worked as a quality engineer and whatever their other flaws might be, the FAA groks quality and safety as well as any organization I've ever seen.

As would I. The only thing I really worry about with the FAA is in keeping Congress from meddling with them too much. They are in my opinion one of the best run agencies in our government. That's not to say they don't have their flaws but on the big picture stuff, especially safety, they do a pretty good job overall even when they don't have all the resources they might.

Why should it shock you? We have many people in our government who are remarkably competent. I'd be happy to introduce you to some that I know personally. The FAA does not only have good workers but they have a safety first framework and have built a culture and procedures to support that. They also have the advantage of not being a political football for Congress to fight over. A good worker can be put into a system that doesn't work and chances are they will fail. Safety and reliability are NOT about competent people working hard. Those are important things but they will not get the job done unless you also have an organizational framework that supports them properly. The FAA has oversight over the entire process from certifying the airplanes before they even get built, to overseeing the ongoing maintenance and supply, to being able to force private companies to be grounded if they don't do what they are supposed to do when they are supposed to do it. They are able to get into all the corners of the industry that affect safety and they largely do a good job of ensuring that things are done properly like a regulator is suppose to.

Don't be condescending. I'm not saying rebooting is a magic anything.

Whether or not this matters depends on the threat model and why the attacker is interested in patching the kernel. For example, one purpose would be to disable other kernel security features, such as SELinux, or dm-verity. Most SELinux rules are configured and the configuration can be altered by root, but some are compiled into the kernel and can only be modified by modifying the kernel. Altering the persistent kernel image may not be possible for a variety of reasons (read-only media, SecureBoot, etc.). In addition, in security-sensitive and mission-critical contexts an unexpected reboot may well be noticed.

I don't understand your assertion about SecureBoot. Are you referring to some known vulnerability of some particular secure boot system? Given a decent implementation of secure/verified boot, an attacker should not be able to convince the system to boot a modified kernel image, which means that run-time modification of the kernel is the only option if the attacker needs to bypass some kernel security enforcement.

In general, the security model of a high-security Linux system assumes that the kernel is more trustworthy than root. The ability for root to modify the running kernel invalidates this assumption, which most definitely is a security issue.

In the context of a system without mandatory access controls there may not be any reason to care, since once an attacker has obtained root there probably isn't any limit to what he can do.

Yes it has been, and your following paragraphs demonstrate clearly why this is so

The problem with the current system is that the PTO has taken the approach of only rejecting patents if they can find documented evidence that someone has done the exact same thing before. If there is a single independent claim for which they can't find exact prior art in a timely manner, then they approve the patent, regardless of how similar it is to other prior art. They deliberately ignore the obviousness of the patent because they don't want to have to defend subjective decisions against appeal.

The recent Supreme Court rulings have forcefully asserted that this is not acceptable. The law clearly states that obviousness is one of the criteria for patentability and therefore the USPTO and courts must take that into consideration when deciding patentability. Furthermore, they have stated that if the improvement that an invention makes on prior art is not patentable by itself, then the invention is not patentable. This is a huge decision because it rules out a ton of "on a computer" and business model patents that combined things that weren't patentable on their own into something that was patentable in aggregate. This second issue is likely to have an even bigger impact as it can be applied more objectively than the first which increases the chances that the USPTO will embrace it. Furthermore, if anything these changes decrease the amount of research the PTO has to perform for an average application.

Agreed which is why we need these reforms. They proposed two important changes. First is to strictly limit how much information the plaintiff can subpoena during discover. This prevents fishing expeditions and prevents discovery from turning into a war of attrition, which will make defending oneself against patent claims faster and less expensive. Secondly it allows defendant to challenge the validity of the patent before discovery has taken place, potentially avoiding the vast majority of the expense of defending oneself, if the patent is determined to be invalid by the new post-Alice standards.

I have no disillusions that these changes will magically make the patent system perfect. In fact I expect the USPTO and the lower courts to continue to be slow to adopt them, but they address the two biggest issues with the patent system today - the low standards for patents and the cost of defending against them - which is more than I can say about any other proposed changes to the patent system in the last 50 years.

Sure, if your concern is error, rather than malice. An attacker who gains root could use this to dynamically patch a backdoor into the running kernel. Rebooting the machine would potentially enable someone to notice.

As another poster noted, though, you can already dynamically patch the kernel for malicious purposes by loading a malicious module, assuming that hasn't been disabled. In contexts where security is crucial, I would disable both dynamic module loading and run-time patching.

The GP wasn't suggesting that excessive data was handed over, he said that an NSL could be used to demand installation of a backdoor. If I were a vendor, even one who really wanted to be cooperative, I'd balk at that, because the chances of something like a backdoor being discovered are too high. It would be actively sabotaging my customers, and not just to the NSA... a backdoor can't distinguish between users, it lets in anyone who figures it out. And, of course, if the existence of the backdoor were published it would do serious damage to my business.

Even companies who want to cooperate are going to be reluctant to do potentially business-destroying favors for the government. There would be a great deal of incentive to fall back on the law and refuse on the grounds that the law doesn't authorize such requests.

I'm skeptical that an Android device would survive running flat out for two years to crack a PIN. The heat and battery life issues I experienced when I tested it demonstrate clearly that mobile devices simply aren't designed to run full-speed 24x7.

Also, it should be pointed out that the attack I described is far from easy to carry out. Among other things, it requires dumping the contents of flash, which basically requires removing the flash chips from the mainboard without damaging it, then either putting the flash chips back or installing new flash, then the device must be unlocked, a custom, hostile OS flashed, and finally the attacker can start the multi-year process.

Note that the 630-day figure I cited is on average. It would take twice that long for a guaranteed break.

Finally, if you add one more character to your passcode (7-character alphanumeric), the crack time jumps from 630 days on average to 124 years.

I agree that Lollipop FDE still needs some improvement, but it's already quite good.

Or someone very closely related to them? You know, the group in that area that formed a thriving civilization that supposedly fell apart during a drought...RIGHT AT THAT TIME?

Those unknown people?