Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×

Comment Re:Cars like pc's/phones/tablets (Score 3, Insightful) 417

I think the issue is when this shit comes with your car it isn't obvious how you uninstall the crap.

Exactly. The problem is what we might call the UI bottleneck. If the vehicle has 48 features and I loathe 45 of them, I still have to fight my way through 48 confusing, often poorly identified, controls in order to use the three functions I like/want/need. If it's not a tool I use all the time I may well give up before I find the control I'm looking for. Or worse, I may turn on some incredibly annoying "feature" whose Off button is hidden behind some improbable sequence of actions identified by more or less incomprehensible icons that look like squashed grasshoppers or overturned ice-cream cones.

Comment Re:Why car info tech is so thoroughly at risk .. (Score 1) 192

I don't think you understand how hard it is to write secure software. It's really, REALLY hard. If it were easy or even moderately difficult surely Windows would be -- after a decade of regular security patches -- be exploit proof.

OTOH, trying to write more secure software, probably won't do any harm and might do some good.

Comment Re:Why car info tech is so thoroughly at risk .. (Score 5, Interesting) 192

It's all kind of baffling. We have decades of experience that tells us that writing secure software is very difficult and that patching insecure software is expensive, inefficient, and largely ineffective. So the response -- and not just in the auto industry -- is to constantly add more questionably necessary complex hardware and software (Why do I need digital air time pressure indicators that do not work properly to replace $2 mechanical pressure indicating Schraeder valve caps?) and then express surprise that the result is vulnerable to digital attack.

Folks. I don't know how to break this to you. The "solutions" that don't work on the internet, with financial stuff, with dating sites, etc probably aren't going to work in cars either..

What will work? Nothing most likely. But minimizing attack surfaces by air gapping systems that don't need to talk to one another, making ROMs read only with a physical programming switch, banishing anything that looks or works like javascript, abandoning the odd notion that over the air updates can't -- by accident or hijacking -- simultaneously brick millions of vehicles might help. The result would be clunky and sort of mid-20th centuryish. But it might be moderately secure.. And implementing it might free up resources to deal with the inevitable similar problems in the rest of the digital world.

Comment Re:"after gaining administrative or physical acces (Score 2) 57

Serious Question: Is it ever going to be possible to secure systems that allow firmware to be updated by a remote user?

Isn't it likely that at some point we're going to have to face up to the reality that many things we find to be extremely convenient simply aren't compatible with the notion of security?

Comment Re: Do what everyone else does in this situation (Score 1) 233

Get mostly linux machines for the mainstream work, and get a few windows systems for the jobs that really need windows.

vnc seems to work acceptably to allow a unix machine to control a process running on a Windows XP machine. As does rdesktop I believe. I imagine that one or the other or something similar will work with a more modern (i.e. probably even more obtuse) Windows version. Files can be transferred with Samba.

That would be a pain to set up and to make cleanly accessible to an untrained user who is probably pretty overwhelmed with all the other stuff he or she is trying to learn. But it's probably technically feasible.

Comment Re:IPv6 shortcomings? (Score 4, Insightful) 595

It isn't (and never was) a question of capabilities. It is a question of cost. Most decision makers at every level from individuals on up to CEOs view IT (correctly BTW) as an expense, not a corporate treasure. The IP6v train left the station without the capabilities required to make eventual I{Pv4 replacement cheap and easy -- backward capability and NAT. Lots of people tried to point out that was a mistake. It was done anyway, and the same folks that didn't understand why it was a mistake still don't seem to understand why it was a mistake.

Compared to the average business or public organization, our home setup here is not very complex at all. But we still have about two dozen devices whose software would need to be upgraded in order to change from IPv4. to IPv6. And we'd probably have to buy some new kit because some of the routers and software probably have flawed IPv6 implementations -- if they have IPv6 at all. And, of course our ISP is IPv4. Assuming they can/will deign to talk to us using IPv6 it's a safe bet that "upgrading" would cost us more time and money.

And what do we get from all that? IFAICS all we get is the capability to expose all the digital devices in the house to external hackers. Why would we want to do that? Much less spend time and money to do that?

It'll most likely be a long, long time before IPv6 completely replaces IPv4.

Comment Re: .txt (Score 1) 200

Yes text handling for non-ascii characters can be surprisingly maddening to work with. (Wasn't UTF-8 supposed to fix that?). Problem is that wrapping txt in some more elaborate format like HTML often doesn't make the problem go away. With apologies to Jamie Zawinski It just means that now you have two problems.

Comment Re:.txt (Score 1) 200

Pretty much my thought. Use the simplest format that will do the job. It it's just prose, use txt. Does anyone seriously believe that One Day in the Life of Ivan Denisovitch is somehow enhanced by saving it as .doc or .pdf or .htm or god knows what else? If the text needs some bold and italics, use .txt with markdown. If it needs lots of markup, then something more elaborate -- preferably something with standards and a DTD or equivalent indicating what standard applies. If there are flat tables, use csv. Spreadsheets? Best use their native format (.ods, .xls, etc) I should think. Images and music? Not my area of expertise. I use jpeg and mp3 respectively for myself, but I wouldn't be at all surprised that there are better choices

Comment To what purpose? (Score 1) 167

It the risk of coming across as being really dense, what are people gong to make in this here space or shop or whatever? If they are just going to modify some ill designed plastic stuff, then a couple of Dremels, a selection of bits, eye protection, and a vice may be all they need. If, OTOH, they are going to build a CubeSat http://en.wikipedia.org/wiki/C... They possibly need some sophisticated metal working stuff and some basic electronic test equipment..

I'd start off by surveying the potential users if you can find any and see what they want to do that they can't do, and aren't doing, in their dorm rooms right now. You might also survey the teaching staff and see if any of them will actually send users to the "space" to do stuff somehow connected with the college's perceived educational mission.

Comment Re:I wish there was an easy way to understand it (Score 1) 129

All in all, two thousands years ago, in Greece, people were arguing if the world rests on the backs of three elephants or three whales, and assumed that the world is flat.

Actually, I think the Greeks pretty much agreed that the Earth is a sphere with a radius of about 6000 km (Erosthenes-roughly 240BC) What they were arguing about is whether it or the sun is the center of the universe (Aristarchus of Samos-about the same time)

(Don't you just love it when some bozo comes along and knitpicks your rhetoric?)

Comment Re:Maybe so but... (Score 1) 171

Actually, the chances of winning a lawsuit are probably pretty good although a cynic might suspect that the lawyers will be the big winners. One thing though. If there are sufficient stresses built up for a magnitude 7 earthquake, doesn't that suggest that there will eventually be a 7.1 or 7.2 or greater quake when nature decides in her own inimitable way to relieve the accumulated stresses without human help?

Think about it.

In the meantime one wonders what drillers are going to do with zillions of gallons of contaminated water. I'm confident they'll figure out something -- probably something that will appall environmentalists even further.

"More software projects have gone awry for lack of calendar time than for all other causes combined." -- Fred Brooks, Jr., _The Mythical Man Month_

Working...