Follow Slashdot stories on Twitter


Forgot your password?

Comment Compromised firewalls.. (Score 1) 78

Just had to deal with a Cisco firewall / VPN that died. The hardware did not die - the firmware was compromised. Someone botched a remote update -- at least that is my best guess. And it was a good thing this happened. After replacing the Cisco device with a generic OpenWRT device, intruder attempts to the local server dropped to zero. Previously there were hundreds of attempts a day. Attempts to track down the malicious network device always came up empty - so I assumed a core network device was responsible but lacked the incentive to identify the specific device.

It is not like I never checked for firmware updates. The Cisco firewall reported the latest firmware with a matching checksum. But this was obviously not the case. I believe the device could have been compromised from day 1. Too bad, it was a well made device (good PCB design, components, etc.). Possibly that MachXO CPLD had a compromised firmware?

Comment Re:Batteries just don't store enough energy... (Score 3, Interesting) 345

Electric air planes with lithium-air batteries would weigh the same at landing as they do at takeoff whereas a 747 loses around a quarter of it's weight en-route.

It is even worse then that. Li-Air batteries absorb oxygen as they release electricity. They get heavier the lower the electric charge. The only possible advantage is that they are lightest when they require the most power - take-off.

Comment Re:Not a USB 3 problem (Score 2) 136

Most USB2 hosts include a current limited load switch. When an overcurrent is detected, it turns off the switch and signals the host. This allows the host to display a warning to the user. Just using a PTC resettable fuse does not allow for any user feedback. Also, those PTC fuses are not very accurate and take some time to blow. The load switches are less impacted by changes in the ambient temperature and are much faster to react to an overcurrent event.

Comment Re:Supply chains (Score 2) 268

Tested them all. The only USB to serial devices that worked flawlessly are FTDI based adapters and some from Tripp-Lite (USA-19HS). The advantage of FTDI devices is they work without additional drivers on Linux and MacOS. And unlike the Tripp-Lite adapters, they work with MacOS hosted virtual machines. For some reason the Tripp-Lite driver can not switch between host and client operating systems when hosted by MacOS.

The FTDI devices are by far the easiest devices to get working and support. Send support an email and they'll provide you with a PID block for your device. They will also sign the Windows driver after being modified to work with this PID. So no annual USB fees or Windows development costs. The little extra you spend to use a FTDI IC is so much less then the other costs associated with low volume products. And who else sells ICs that can also act as a SPI, I2C, or JTAG bridge? And is natively supported by openocd...

Guess if you are only doing USB->serial then the alternatives are fine. But try to do something fancy or support legacy code on a PC and the FTDI chips have no real competition.

Comment Re:Deniers? (Score 3, Informative) 507

For someone who is not an expert it is quite simple. Trust the experts. More specifically, trust the general consensus of the scientific community.

All of the figures, plots, and graphs are not enough to truly understand the problem. Data can be formatted to backup almost any claim. You have to dive deep into the topic to understand enough to come to your own conclusion. So unless you plan on getting a PhD, trust those who already have. And do not trust individuals - they can be purchased. Rely on conclusions that have been presented, discussed, and argued by the scientific community thereby resulting in the acceptance of said conclusion.

And one last point. Ignore articles posted in places such as Slashdot. Rely on articles posted in reputable scientific journals. All of the newsfeeds that repost these things filter out anything they do not want you to see. Bogus papers will be posted but the numerous rebuttals showing that the paper is bogus will not. In essence - you are lied too. So go to the original source where crap is called out for what it is.

Comment Re:HBM memory... (Score 1) 65

About sockets - HBM is integrated into the IC package thereby negating the need for additional IC pins. The claim of poor latency is also a non-issue. The various different caches sitting between the ALU and memory are there to hide memory latency and bandwidth limitations. Even if HBM has higher latency, which I doubt, the CPU cache would largely hide this fact.

Comment Re:Keyboards? (Score 1) 332

Ironically, I've caught myself doing that more than a few times with the "gamer" keyboard.

That is because most "gamer" keyboards are use the Cherry-Red switches. The red switches are designed to be as fast as possible with no change in feedback when the switch is being depressed. This is exactly what you do not want when typing. But when gaming, it allows a talented individual to toggle the switch at a rate much higher then any other style of key.

Cherry-Brown switches are similar to the old Model-M keyboards - just quieter. Not for gaming - but typing is excellent. There are also Cherry-Black and Cherry-Blue switches. One of these is identical to the Model-M, annoying sound and all.

Comment Re:Aren't we labeling sponsored content? (Score 4, Interesting) 91

When milling wood or modelling board (plastic composite with the approximate density of wood), CNC machines do not require much power. Potential damage is greatly limited over industrial machines that can mill steel. Home builds are practical and people have been doing it since before 3D printers were popular. A typical use-case for a low powered machine is to mill moulds. These would be used for plastic moulding but you could go another step and cast metals as well. Quality wise, there is really no comparison to most 3D printers. Try browsing the Guerrilla guide to CNC machining, mold making, and resin casting to see what can be done. It is very impressive.

Comment Re: Just use a better muffler??? (Score 1) 153

My guess is they just grabbed some farm equipment engine off the shelf to get a prototype together and didn't pay much attention to noise at this early stage, noise is an easy problem to deal at a later stage.

They probably used a lightweight two stroke engine like those used in snowmobiles. They are highly optimized and hard to improve upon with regards to power to weight ratio. Someone previously mentioned a small turbine - that could be interesting. Alternatively, a rotary engine is both more reliable and less weight - if you don't mind the extra fuel required. But regardless of the power source, making it quiet would not be as trivial as you suggest.

But your assessment is accurate. I doubt Boston Dynamics was attempting to do anything other then demonstrate it working in the field. "It's too loud" is something the end user would complain about but those who are assigning contracts are surely intelligent enough to look past that. In fact, if that is the only complaint then the project is a huge success.

Comment Re:They haven't accepted that they're in 2 busines (Score 1) 247

You forgot wireless. If anything will kill the cable companies it is the wireless providers. It is already feasible in some locations to use wireless for internet. As technology improves - and as more mini- or micro-towers are put up to facilitate demand - there will be far more people tempted to adopt a wireless-only connection. With the adoption of newer, lighter portable electronics there is even an advantage to using a wireless ISP - the cable companies will not be able to compete. Of course, this only appliers to cable companies that do not also have wireless divisions.

Comment Re:Exaggerated again ... (Score 1) 48

Of course it would be cooler if only small badges of devices had the same cert, or if you even would go through the hassle to make individual ones.

Going through this hassle is exactly what is typically done. It is not uncommon for the initial - or post reset - boot of a router to take significantly longer then subsequent boots. This is when the router generates the public / private key combination. I suppose that the manufacturers are bypassing this to simplify support. Alternatively, they are truly incompetent and simply flashing the devices with a firmware that already contains the certificate. But each device should have a different serial number which should invalidate a copied certificate. So they must be going out of their way to facilitate a common certificate. Possibly they disabled verification against the serial number?

Regardless of why or how they are doing it, a common certificate indicates a common private key. With that private key you can decode the shared AES (or DES) key and subsequently decode all network traffic. The key will be stored in FLASH memory and can be accessed via JTAG connection.

Slashdot Top Deals

The bigger the theory the better.