Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Comment Re:Hardware Locking (Score 4, Informative) 111

We're upset because you're peddling snakeoil. Here is an excercept generating the hardware ID:
If Dir("gethwi.bat") "" Then Kill "gethwi.bat"
Open "gethwi.bat" For Append As #1
Print #1, "w32tm /stripchart /computer:us.pool.ntp.org /dataonly /samples:5 >gtime.dat"
Print #1, "systeminfo >gsys.dat"
Print #1, "getmac >gmac.dat"
Print #1, "exit"
Close #1
Shell "gethwi.bat", vbHide

You use this information to generate an ID. But you don't even hash it with a one way hash, which means it's possible to forge a reply to give an desired result. A good one way hash would at least make that impossible. It is also not scaling very well - you will need a lot of support for pissed customers who changed parts of their computer or changed timezone.

Furthermore, you do no authentication of the answer from the server. Anyone can send the response, and be accepted. You do not have any security. It would be trivial either remove your DRM by jumping over it, or supplying the very wrong values. A race condition would also work - overwriting the gsys.dat, gtime.dat, gmac.dat before your program reads it. Or simply replacing the code snippet above with a batch file which state echo "Desired values..." > gsys.dat.

So take an evening, think about how you can bypass your system. Try my suggestions. Fire up an debugger, and have a look at the software.

Comment Re:Hardware Locking (Score 1) 111

Yeah, nearly. I didn't say it was FULLY crackproof, but you have to know what you're doing in order to bypass it. Which is why server authentication is BUILT IN. So, unless you've got a direct proof-of-concept exploit, such as faking burned in MAC address codes, along with simple bios info (which amazingly, can be brought up via windows commandline), I would make the educated guess that you're upset in regards to me further maintaining already solid code which someone else can build on.

Or what happends if the software is modified, with a neat little jump instruction where it wants to run the verification? Or what if you just write an API wrapper that gives the desired input?

Submission + - SourceForge assumes ownership of GIMP For Win, wraps installer in adware->

An anonymous reader writes: It appears that SourceForge is assuming control of all projects that appear "abandoned." In a blog update on their site, they responded saying in part "There has recently been some report that the GIMP-Win project on SourceForge has been hijacked; this project was actually abandoned over 18 months ago, and SourceForge has stepped-in to keep this project current. "

SourceForge is now offering "to establish a program to enable users and developers to help us remove misleading and confusing ads."

Link to Original Source

Comment You buy eyeballs and loyalty. (Score 5, Insightful) 58

NSA is buying security holes to use against us. This is part of what Snowden revealed with the leaks.

Offering a bounty, even though it is not as much as the security problem could fetch on the grey market, creates a certain loyalty towards the vendor, and makes it easier to go to them, and ensure the hole gets patched. It also attracts more eyeballs to your software, as finding a problem means money. Google has gone even further - by offering grants for research into specific products, where you get money for checking security of the software, not just finding security prolems.

So I believe it is a good thing; it probably means more holes will be reported directly to the vendor, and not sold for exploit. It probably attracts eyeballs as well...

Submission + - man arrested for refusing to stop filming police->

the simurgh writes: A man who claims to be an independent journalist films has been arrested by New Jersey police officers for his refusal to give in to their demands for his video camera. In most cases such as this, the authorities immediately jump to defend the outrageous behavior of the officer. In this case, however, it is different. the citizen and his camera were released. Moreover, Ocean County prosecutor told the local NBC affiliate: "It would be my opinion that we'll probably be dismissing the charge."
Link to Original Source

Comment Re:America, land of the free... (Score 1) 720

It's because the working class organizations (consumer organisations, trade unions) are so strong in most parts of the EU and especially Norway, they have gained a lot of rights and limitations to the powers of capital.

Indeed. We have fought for our rights, and we've won them over time. And we've made a soceity where fear is not a driving power.

Just looking at things like the recent uprise in USA about police shootings is shocking in most of Europe. Here, police does normally not shoot people. In Norway, it's literaly years between when the police shoots and kills someone. In most of Europe it's major news when it happens. In a country like Germany, with 80 million people, it happens 3-4 times a year.

I would claim that Europe is freer than America. Granted, we can't carry guns where we want, but the risk of crime is lower, and the living standard is on average higher.

Comment Re:America, land of the free... (Score 1) 720

I agree with the concepts your are talking about, but I cannot imagine an IT shop failing to check the background of a system administrator who will be working with banking systems, for example. Think about the fallout if Deutsche Bank hired a database administrator with prior convictions for banking fraud, only to see that employee steal 100 million from the bank.

Of course it's checked for some positions, and finance is one of those. But in general, it's not legal to ask about it. If you apply as a programmer the employer can generally not even ask.

I'm going to bet that criminal convictions are pretty important in the relevant areas, even in Europe. They probably do a better job of discriminating which information is relevant and which positions are sensitive.

In general no. For the jobs I've applied to (electrical engineering for some pretty big companies) it's not been asked about. They have no right to ask, and no right to know. On defence projects the individuals participating has had background checks by the intelligence service, but failing that would not mean losing job - only not being allowed to work on defense projects.

In Europe they might not have to ask before running a criminal background check. And lying on the application might not make a difference when it comes time to terminate an employee.

In most European countries the employee have to sign and/or submit the application for a background check. The result will be sent straight to the employer, but the application has to be filed by the employee.

In Norway, I can not even get a written copy of my record unless I provide a valid reason. I can get it read out to me, but not in writing. That is to stop companies from asking without reason. The reason is printed on the record, and misuse is illegal. So if I get one for a visa application, and my employer uses that for anything but visa application, they look at civil liability for the information misuse, and criminal liability for the failure of threating information in the proper way.

Comment Re:America, land of the free... (Score 5, Informative) 720

Now, while this sucks for the felon trying to land a job, it also sucks for the company, and lets face it, the recidivism rate among past felons is generally pretty high. Why should a company want to risk it's own livelihood or existence just to give you a second chance?

I think there's a circular logic somewhere there. If you don't have a job, I guess you have a lower threshold for crime. If you have a job, and everything to loose, I guess crime is not so tepmting.

In most of Europe, criminal convictions is simply irrelevant to jobs. Some jobs require your record, but mostly not the full - only a limited record. For instance, if you work with kids, you need a record clean of child abuse and sexual assaults. But for a general job in IT? Noone would even ask about your record. I have not been asked ever - except for a visa application to the USA.

I believe the European system is better at integrating convicts back into soceity, stopping them from committing more crime.

Comment Re:You need more nuclear and less renewables (Score 1) 516

A smart grid will help. If you're able to serve up 20-30 percent of the supply from batteries (EV's can be batteries in a SG system too), you can reduce the grid. They can also serve as UPS systems, effectively smoothing out dips as switchgear changes layout of the grid.

So yes, smart grid with energy storage can help by averaging load over time. For an EV you can configure it to be fully charged at 4, when you leave work, and let it feed the grid in the meantime. You can supplement this with stationary batteries. As EV's become more common, used batteries from EV's which are unsuitable for the size constraints of the EVs can be repurposed to fixed location storage, where size is not as big concern.

Comment Re:You need more nuclear and less renewables (Score 1) 516

When peak power is occuring is less interesting. The interesting thing is that using a conventional grid it happens - time waries.

Power grids does not need to be dimensioned for peak power - provided you have local energy storage. 1MWh of Lithium batteries will weigh in at approx. 10T, and will fit in a small garage, and will be able to supply a peak power of 2MW for half an hour. During periods of lower use, they can be recharged - bringing the peak load on the grid down. They can also assist in smoothing power production. Have an excess gigawatt? Put it into your batteries around the neighbourhood.

The project is definitively not backyard. I cannot tell details, but it is supplying a power in the megawatt range twice an hour, and then recharging using the power grid - enabling huge peak loads that the local grid cannot support. It is a project you've read about in Wired...

If you google smart grid you'll see that it's a big thing. Siemens, ABB, Schneider Electric and many other big companies are working on it. So your comment smells of trolling with no real insight in the field.

Comment Re:You need more nuclear and less renewables (Score 2) 516

It's true that renewable power levels like wind-power rise and fall, but once you look at a larger area then it pretty much evens out.

But dimensioning the grid for average power draw is cheaper than dimensioning the grid for peak power. During the night, power consumption is low, and batteries can be recharged. When everyone wakes up, and makes coffee peak power occurs. With local storage the consumption can always be kept at the average level.

This also means that when there's good wind, you can save the energy for consumption later, without transporting it. Yes, batteries have a 5% energy loss, but so do long haul transmission. And long haul transmission technologies like HVDC costs a lot of money when you get into high effect converters.

I'm currently involved in a project where the conclusion was that a local battery storage was cheaper than renewing the power grid for peak load. The point where it's cheaper to install a Smart Grid Solution instead of bigger grid is only gonna move in favour of smart grid the next few years...

Comment Re:184 mph is the fastest train in America? (Score 1) 195

Highspeed trains need special tracks. Creating these tracks involves confiscating a lot of land from people along the way.

Roads also need a lot of space. So I don't entirely see your point. Maybe roads need 20% less space or something, but it's not like they need no space.

Doing this creates many lovely opportunities for corruption in government as the route can go a lot of ways depending on who influences it.

We have solved huge parts of that in Europe. We do it with open goverment, post journals showing mail that has arrived to a government agency, political hearings were everybody can send in their opinion, and the agency has to comment and publish all hearing comments. This mostly works. In the cases where it doesn't work, a sufficiently pissed of party can take the case to court to have the process reviewed.

"It says something about the state of train travel in America" yeah it sure does. It says that people would rather drive than be subject to that TSA garbage.

Straw man. We don't have TSA garbage on european high speed railways. And while I can take the train for long distances in the Europe, I believe I'd be taking a plane in the USA, exposing me to that very TSA garbage.

Comment Re:Don't forget to burn the ribbon (Score 1) 244

Oh there's so many vulnerabilities with electric typewriters, especially the single-use ribbon. Manual typewriters with a fabric ribbon that is re-used might still need to be burned.

Yes, there is security vulnerabilities. But compared to a computer, containing millions of lines of code, and the capability of running arbitary software, a typewriter is a very simple envirorment, with fewer unknown and bugs.

Securing a simple envirorment is easier than securing the complex. Take a Selectric typewriter - you can check the software manually as it's probably quite short. You can easily verify it, and there is NO reason why any other software should be present. This is not the case with a computer.

Or mechanical typewriter - no software, so the only storage mechanism is the ribbon.

So yeah, a bit of physical security is needed. The ribbons needs to be handled as classified. The drums may contain imprints, and neads to destructed safely. Sound might reveal something, so the room needs soundproofing and checks for unwanted bugs. But compared to a computer, it's quite trivial, and the security is within the reach of even a small organization.

The road to ruin is always in good repair, and the travellers pay the expense of it. -- Josh Billings

Working...