Become a fan of Slashdot on Facebook


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Hashes not useful (Score 5, Informative) 285

by IamTheRealMike (#49157781) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

Seagate is correct. Putting a hash on the website doesn't improve security at all because anyone who can change the download can also change the web page containing the hash.

  The fact that this practice is widespread in the Linux world originates from the usage of insecure FTP mirrors run by volunteer admins. There it's possible for a mirror to get hacked independently of the origin web page. A company like Seagate doesn't rely on volunteers at universities to distribute their binaries so the technique is pointless.

A tool to verify the firmware is poetically impossible to write. What code on the drive would provide the firmware in response to a tool query? Oh right ..... the firmware itself. To make it work you need an unflashable boot loader that acts as a root of trust and was designed to do this from the start. But such a thing is basically pointless unless you're trying to detect firmware reflashing malware and that's something that only cropped up as a threat very recently. So I doubt any hard disk has it.

BTW call a spade a spade. Equation Group == NSA TAO

Comment: Re:And no one cares (Score 1) 181

by epyT-R (#49154605) Attached to: Google Taking Over New TLDs

Well, then that's their limitation, not mine. I am tired of this trend of dumbing things down to the lowest possible. In this case, it puts the search engine in control of who gets to find your site. Also, having sites memorized removes the search step from the process which is a net win for people who actually have brains.

Comment: Re: Great, fully owned by Silent Circle (Score 4, Interesting) 58

The issue with Silent Circle isn't their jurisdiction. It's that their code is of deeply questionable quality. They recently had a remote code execution exploit that could be triggered just by sending a text message to their phone. It's been literally years since one of these affected mainstream software stacks, so how was that possible?

Well, they wrote their own SMS parsing code, in C, and used JSON to wrap binary encrypted messages and there was a bug that could cause memory corruption when the JSON wasn't exactly in the form they expected.

The amount of fail in that sentence is just amazing. They're a company which justifies its entire existence with security, writing software to run on a smartphone where the OS itself is written in a memory safe language (Java) and yet they are parsing overly complex data structures off the wire ..... in C. That isn't just taking risks, that's playing Russian roulette over and over again. And eventually it killed them. Remote code execution via SMS - ye gods.

After learning about that exploit and more to the point, why it occurred, I will strongly recommend against using Silent Circle for anything. Nobody serious about security should be handling potentially malicious data structures in C, especially not when the rest of the text messaging app is written in Java. That's just crazy.

Comment: Perception (Score 4, Interesting) 375

by Dan East (#49153215) Attached to: Is That Dress White and Gold Or Blue and Black?

First off, the picture is crap. It's overexposed and the white balance is off by a mile. My 10 year old Razr flip phone took better pictures than that.

However, there's still a human perception factor going on. I had looked at the picture on my laptop, and it was clearly white and gold. Then later I pulled the exact same picture up on my iPhone to show it to someone, and it looked black and blue. I then concluded that the picture looked different on my laptop than my phone due to differences in the display. When I got back home I pulled the picture up on both my phone and laptop to do a direct comparison, and both, including on my phone, looked white and gold again.

So I think it depends on whether your eyes are currently adapted to dim indoor lighting or bright outdoor lighting, in addition to the backlight on your device also changing the hue depending on if it's automatically full bright for outdoors or dim for indoors.

Comment: Re:Just (Score 1) 158

by gstoddart (#49151933) Attached to: Can the Guitar Games Market Be Resurrected?

But that's just where the usefulness ends. Sure, you now appreciate rock music, but can you play it in real life on real instruments?

Umm, yeah, and how many video game skills do you apply to daily life?

Are you an awesome assassin? A race car driver? A pilot? A marine? Are you actually Batman?

It's a frickin game. It is play. Nobody gives a crap in this context about playing an actual instrument. It's frickin air guitar. It's intended to be fun.

Millions of kids bought Guitar Hero and Rock Band to realize their dreams of actually becoming ROCK MUSICIANS.

Horseshit. Millions of kids bought GTA and Saints Row to realize their dreams of become thugs, mac daddies, and pimps.

Do you think any of them actually expect to have that happen? (Well, I guess in some cases the just might.)

Sadly, all the games do is to train you to press colored buttons in sequence with colored lights. Those skills are not transferable to real instruments, and in fact, won't even get you an audition.

Dude, in the 80s there used to be this game called Simon. It had four colored lights to press. You can still buy it.

This is shared fun, with "press colored buttons in sequence with colored lights" but with music and animations. It's not sophisticated or real. It's not for hardcore gamers.

Most 'skills' you practice in video games will never translate into real world skills or get you an interview. So why is this any different?

You don't need to like it or understand it, but it's not completely without entertainment value to some people ... even if they don't actually become Rock Bands. Which, none of them actually expect to.

No more than any other game with a "make pretend" aspect to it.


Comment: Re:Just (Score 1) 158

by gstoddart (#49149655) Attached to: Can the Guitar Games Market Be Resurrected?

LOL ... I do now. Prior to rock band, absolutely not. Now based on drum rate I can tell old v new Metallica -- or at least know it's either Metallica or Anthrax (based on what else is in my collection that is).

And, obviously, I do not think real drumming is easy, not by a bloody long shot ... but she's hella good at it in the game. Way way better than I ever got. She was rocking it on expert and I was in awe.

But prior to that, it was all a blur of screeching noise that I couldn't stand.

Now? Metallica and a bunch of hard core punk are likely to be on my iPod.

As I said, my wife is eternally grateful for the game, as my musical horizons have blown past what they had been.

The longer the title, the less important the job.