Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Polls on the front page of Slashdot? Is the world coming to an end?! Nope; read more about it. ×

Comment: Re:AppArmor (Score 3, Interesting) 134

> the only reason no virus got around that is that no one bothered working around a blocker no one uses

At the time, we actually had thousands of users of the ARF Antivirus, and we received more than one report that there were indeed efforts to hack it. :)

What you say is true *technically.* And you should change your username to "Deja Vu," because I (and my friends with similar approaches, like Zvi Netiv with Invircible) had to repeat this over and over. I finally got tired of it, and given that out of those thousands of downloads only ONE person ever bother to register/pay, it wasn't worth it. Fuggedaboutit, just use your virus scanner and we'll still be friends.

Never forget this: it's theoretically possible to do many things. But it is not always PRACTICAL. In the instant case, using your example, a virus that tried to emulate actual DOS calls, essentially duplicating the code internally, would be very large. Remember, this was back in the day of dial up modems and bulletin boards. And a virus that emulated processor opcodes would be even larger.

(And *cough* ... we also kept encrypted copies of critical system areas, and compared what we'd stored with what we found -- both on disk AND in memory -- from time to time. That made it much more difficult for the "stealth OS" hack that you describe.) (Heh.)

But I'm not going to waste time rehashing this argument. What I WILL warn against is what I saw your attitude produce, too many times to count: "since we can't guarantee 100% that a system can't be hacked, why bother?" I'm not saying that's what you believe, but I ran across that attitude too many times to count.

Comment: Re:AppArmor (Score 5, Interesting) 134

> it sounds like AppArmor

Or SE Linux, as others have noted.

It is possible to achieve high levels of security through integrity checking and behavior(al) control. It just costs a bit in performance and memory. And if you write something in very tight C, it's not going to be large.

I may have mentioned this here before; if so, I apologize. But a million years ago, back when MS DOS 5 came out, a friend and I developed something called the ARF Utilities. (To my endless amusement, you can still find it in a Google.) Our approach was integrity and behavior blocking.

One reason why DOS was so vulnerable at the time was because Microsoft kept rebuilding and reusing the same code. The entry point to the DOS kernel (the old INT21h interface) didn't change from DOS 5 through 6.22. Our integrity blocker did a simple search to find that in memory, then *patched* DOS to send all calls through the behavior blocker, which was resident in memory. We also hooked and examined a bunch of other stuff inside the kernel (including the INT 21h interface and the SHARE hooks -- the latter was a terrible security vulnerability and only the appearance of Windows 95, and the rapid demise of DOS, kept it from being exploiting widely and wildly.) The blocker was written in assembler and could fit in about 2K of memory, as I recall.

It also checked itself, and the integrity of an executed program's file, at startup, and each time a program was terminated. By "check," I mean it literally scanned its own code in memory, compared random CRCs taken of different blocks to generated values stored earlier and would instantly warn if DOS, the terminating program or itself had been tampered with. (You don't just do one "checksum" of a fixed length; you do different blocks, chosen at random, generated on the fly at system startup.)

We couldn't find a virus that could get around it. The worst we ever experienced was a hang that required a hard reboot. But the system wasn't altered. And yet, the Official Anti-Virus Community (which, at the time, was BIG business) rejected our approach, called us interlopers and marginalized us. Everyone back then wanted scanners, scanners, scanners. All of the tests were on scanners.

In sum: I have no idea if this particular company's code is snake oil or the Real Deal(tm). But don't just dismiss them. If you think outside the box, it is possible to find better ways to do something.

Just my opinion and worth every penny of what you paid for it. :)

Comment: Re:Digital imitaing analog != Analog (Score 2) 155

by smpoole7 (#48117777) Attached to: Liking Analog Meters Doesn't Make You a Luddite (Video)

> That's not analog strictly speaking. That is a digital device imitating an analog display.

Technically true, but I think you're missing the point. In fact, the arguments here about whether this meter is "true analog" or that one is "digital" miss what the original poster was trying to say.

Whether I play my guitar and record it directly, or use a digitized sample or even a modeled guitar sound, the end result sounds like a guitar. Likewise, it's entirely possible to emulate an analog meter with digital techniques. While I might prefer the real thing when recording (and I do), my eyes truly couldn't care less whether the meter that I'm looking at uses a magnetic moving vane, or is just a clever simulation done digitally. (The operative term is "clever;" if it's a bad simulation, that's different.)

On most of my transmitters, even the all-solid-state ones, the power meters are moving vane analog types. I actually prefer them. Nautel (the manufacturer) now does all-digital displays on its latest boxen, but you can also have analog-style bargraphs.

When we rebuilt a 50KW AM directional back in 1999, I installed a then-cutting-edge all-digital antenna monitor to measure current ratios and phases. At first, I was excited ... but when I saw how the displays jumped and toggled around, I found myself longing for an older analog-style meter. (Call me a dinosaur.) :)

Again: I wouldn't care if it was an excellent simulation done digitally. Something that gives me a smooth, "averaged*" response, is all I care about.

One popular audio meter nowadays is the Dorrough Loudness Monitor (www.dorrough.com). It has the best of both worlds: a little peak LED that flies off to the right, showing the instantaneous peak levels, and an "averaged" LED indication of the perceived loudness. Is that "digital" or "analog?" I don't care. It's blamed useful. :)

(* technically, I guess you'd say "RMS," but that's not really accurate for what we're doing, either.)

Comment: My Experience With ATT (Score 2) 132

by smpoole7 (#48068255) Attached to: FCC Puts Comcast and Time Warner Merger On Hold

For years, I used a small ISP called Hiwaay Information Services here in Alabama. Great people, I was on a first-name basis with tech support and sales. ATT owned the lines, of course, but Hiwaay bought the service wholesale and resold it to individuals like me. It cost me a little more, but if I had a problem, instead of going through ATT's byzantine voice menus and slower-than-molasses "escalations," I called and they'd hound ATT until it was fixed.

Well worth it, in my book. I MUST have high-speed access at home for remote administration of our servers after hours.

Then ATT introduced Uverse. We received monthly offers to switch to Uverse; I ignored them and stayed with Hiwaay. But Hiwaay finally sent me a letter: sorry, ATT is no longer making these products available to us, so we'll have to cancel your DSL. I had no choice but to go with UVerse.

Right now, the price is less, but they could raise it in the future and there is no competition (unless I want to use dialup; forget that). They send me WEEKLY offers to use the UVerse "cable" television service. They can't stop DirecTV from selling to me, so I'm still with that. For now. :)

Now: you decide if the big-hearted folks at Comcast and Time-Warner will do similar or equivalent things. Add to this the service that our company gets from them in some of our other markets, and I'm afraid I'm just not quite as impressed with their protestations as I might otherwise be.

Comment: Re:I share the opinion of a Wikipedia IP editor (Score 4, Informative) 349

by smpoole7 (#48059961) Attached to: Possible Reason Behind Version Hop to Windows 10: Compatibility

In fact, I can't speak for the latest versions of Windows (because it has been a while since I've programmed), but even as late as Windows XP, a call to "get version" returns something completely different from the marketing version number/name.

For example, under Windows 95, GetVersion() would return "4.0." Under XP, it reports NT 5.1 or NT 5.2.

http://en.wikipedia.org/wiki/L...

Comment: Science Fiction (Score 1) 276

Those of us who love science fiction are used to this. It's fun to go back and read what some of the authors in the 1950's thought the future would look like. My personal favorite is that no thought it given to miniaturization; everything still uses tubes. Exotic tubes with magical abilities (like the power tubes in the Venus Equilateral series), but still vacuum tubes with filaments.

When it comes to computers, it's just as hit and miss. The way some authors handle artificial intelligence is by insisting that it won't happen. (David Weber, to name one -- in his books, the idea is that any true AI would quickly go insane.)

(But then, poor David has other concerns: in the Honor Harrington series, one key to Manticore's military superiority is the fact that they've harnessed "gravity waves" for faster-than-light communications ... and the physicists have long since determined that gravity propagates no faster than the speed of light.) :)

Likewise when I see anyone in a story "pressing a button" (even if it's a virtual button). We're already on the brink of direct neural interfaces. You think it, things happen. That's the future. But to be fair to these authors, it's hard to see what's coming in 10 years.

Comment: Loser Pay Legislation (Score 3, Informative) 223

by smpoole7 (#46682087) Attached to: Why There Are So Few ISP Start-Ups In the U.S.

Loser-Pay Legislation would take care of the second one. Been saying it for years.

Eventually, those folks who oppose it simply because it seems too "conservative" for their politics are going to get their minds right.

The United States is the only major Western Democracy that doesn't follow the "british rule," where the winning party in a lawsuit is generally allowed to recover the costs of bringing or defending a suit.

+ - Is your laptop secure enough for Sochi?->

Submitted by WindSerf
WindSerf writes: Over on Engadget the story goes "Visitors to Sochi Olympics should expect to be hacked (video)". In the video, a new Macbook is removed from it's sealed box, connected to wifi in a hotel in Sochi, and is hacked very quickly. My question is, how would you secure your laptop if you had to use it in sochi?
Link to Original Source

+ - New Type of Star Can Emerge From Inside Black Holes, Say Cosmologists->

Submitted by KentuckyFC
KentuckyFC writes: Black holes form when a large star runs out of fuel and collapses under its own weight. Since there is no known force that can stop this collapse, astrophysicists have always assumed that it forms a singularity, a region of space that is infinitely dense. Now cosmologists think quantum gravity might prevent this complete collapse after all. They say that the same force that stops an electron spiralling into a nucleus might also cause the collapsing star to "bounce" at scales of around 10^-14cm. They're calling this new state a "Planck star" and say it's lifetime would match that of the black hole itself as it evaporates. That raises the possibility that the shrinking event horizon would eventually meet the expanding Planck star, which emerges with a sudden blast of gamma rays. That radiation would allow any information trapped in the black hole to escape, solving the infamous information paradox. If they're right, these gamma rays may already have been detected by space-based telescopes meaning that the evidence is already there for any enterprising astronomer to tease apart.
Link to Original Source

Comment: Re:You were not hired to finish the project (Score 2) 308

by smpoole7 (#46141601) Attached to: Ask Slashdot: What Do You Do If You're Given a Broken Project?

> Other times you can work like an actual adult and solve the problems

I don't know the details in this case, and neither do you. But trust me, it ain't always that simple.

Years ago, back when I was still doing the contract programming gig on the side, I took a job for a major multinational. This was a relatively simple concept: write some software that read the AutoCAD files for the wire numbers, and then print heat-shrink labels to go on the wires. Sounds good, right?

First strike: it was done in Visual C++ 1.5, 16 bit. That compiler had some marvelous bugs (such as getting the segment and offset REVERSED when it loaded the ES and SI registers, HA HA that one was fun to track down).

Second strike: my predecessor had used that silly "frame-document-view" model for this relatively simple program (I can't even remember what they call it now). He decided to put everything in the View, so he had globals everywhere. Of course, they were getting clobbered, and of COURSE, I had to find each of these bugs.

Third: the people with this company had no idea what they wanted it to actually do. They said, "the stuff for the heater wiring starts with 'H," the motor wiring with 'M', and so on ... except for when it doesn't." (That's not a joke.) In other words, the files that I was reading (with a horrible third-party bolt-on DLL, by the way) weren't even guaranteed to be standardized!

I left this project and moved on to more pleasant things. That cured me. I went back into radio engineering, even though (with no false modesty) I was actually a very good programmer.

OH, and did I mention that this was using Visual C++ 1.5? Make sure you don't miss that. :)

Comment: Re:Short answer: Run. (Score 2) 308

by smpoole7 (#46141443) Attached to: Ask Slashdot: What Do You Do If You're Given a Broken Project?

> that could directly impact the contractor's future work prospects, if they cite how bad a job the contractor has done

They're going to do that anyway, whether he stays to completion/collapse, or quits now.

I say quit now, find something else right away and let it blow over. It may not seem like it right now, but it WILL eventually blow over. Get another successful project or two under your belt and the one bad project won't glare too badly on the resume.

Comment: Re:squashed eyeballs (Score 1) 267

by smpoole7 (#46099333) Attached to: The Human Body May Not Be Cut Out For Space

http://en.wikipedia.org/wiki/P...

The brain is intimately involved with how we perceive things. A bunch of experiments have been done, for example (recounted in the link above), one guy wore glasses that inverted everything -- he saw everything "upside down." After a few days, his brain flipped everything the right way!

I can imagine that years with low or no gravity would do far more than just affect the physiology. This isn't just a mechanical phenomenon. It's not just a matter of distorted eyeballs or inner ears. The whole time, your brain is trying to reinterpret what you're sensing to fit what it understands.

Comment: Re:My God... (Score 1) 458

by smpoole7 (#45932207) Attached to: Why We Think There's a Multiverse, Not Just Our Universe

> Posts like this are why scientists like Lawrence Krauss have no time for philosophers.

Heh. Thanks for the laugh with my morning coffee. You are dead on the money.

> Karl Popper's rules do not claim to be science itself

And Popper himself was responsible for the Philosophy of Science. His rules are generally used because they work.

A good example for the layman (not scientific by any means, but illustrative) would be, you're sitting in your den, watching TV. "Where's the cat?" you wonder. One of his play toys mysteriously rolls from under the sofa, and you say, "ah." Is that proof that there's a cat under there? Of course not. But based on previous observations, experience, and the knowledge that your feline is a loveable knothead who can get into anything and at any time, it's a darn safe guess. :)

> Creationists, by the by, have an agenda; that is, 'prove' what they already take to be a priori assumptions. They aren't interested in knowledge, they're interested in influence.

Many are. But don't make blanket assumptions.

Me? I'm more of a libertarian, plotting endlessly to take over the world so that I can leave you completely alone. :)

"When in doubt, print 'em out." -- Karl's Programming Proverb 0x7

Working...