Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment Re: They really don't understand. (Score 5, Insightful) 366

A programming language is a language, it has its own syntax, grammar and vocabulary, though linguistic studies into such languages are rare (there are a couple of linguists studying the field though).

Yes I would agree basic foundation is very important, so why the fuck are we not teaching decision and discrete mathematics. It is the relevant mathematics field to study but is an optional in most curriculums pre university and so not taught by most schools.

Comment Re: patching without source code (Score 3, Informative) 39

So you have never changed a value in some binary to skip a routine or something? It is relatively easy to change a conditional jump to an unconditional jump or noop if you know a little reverse engineering, crackers used to do such things all the time to bypass things like disk checks.

Comment Re:Why not blame the manufacturer? (Score 1) 264

Marginal extra cost, want to look up the difference in price between a Intel Core i7 extreme edition on an X99 board and the equivalent Intel Xeon where the difference between the processors is the ECC memory controller. There are a few low end mobile and embedded processors Intel do with ECC, but majority of their consumer range deliberately do not have it, it is a Xeon "feature" and the price tag that has.

Comment Re: "Of course it can," says government (Score 1) 264

Accept what are being talked about here is not low frequency radiation but extremely higher frequency radiation, wavelengths smaller than gaps between atoms that are only stopped on that direct hit which if it happens to just the right atom on that added circuit or whatever. Now the are extraordinarily rare events it the probability of any single ray is calculated but are being constantly but by these rays all day every day making the probability of causing an issue somewhere on the plant quite high. There are some solutions though, ECC ram for example means individual but flips can be fixed and is what is used in most server systems however support on consumer level gear is non existent. If that isn't enough run systems in triplicate on the separate machines then run a vote on the result only one machine is likely to have had a bit flip during that specific operation.

Comment Re: ECC (Score 2) 264

We are already there:
http://www.pcworld.com/article...
http://arstechnica.com/gadgets...

As the IBM article states they are working with Samsung and Global Foundries while the other article is about Intel that is 3 of the major chip fab companies stating they are moving to silicon-germanium hybrid crystal over pure silicon for exactly this reason. Also the fabs on a new process node take time to setup and they need to be ready before circuit design comes in to fab prototype batches so they are usually a couple of years ahead of what is commercially available on the market.

Comment Re:the real reason theyre arguing it. (Score 1) 310

Rarely is the issue a BGA package, usually it's a capacitor or soic package which can be replaced by hand even if it's not the easiest component to replace. A multimeter is still the most useful diagnostic tool especially when the most common component, a VRM or capacitor in the power supply has gone, knowing what the potential difference should be across various points of the board helps in identifying such issues. Memory test failure and similar software errors could literally be that the memory didn't get enough power cause part of the power supply has gone dead.

Some vendors are really nasty and rub the id codes off or re-badge(own brand and id instead) on what is otherwise off the shelf components making it even more of a nightmare to tell what is wrong.

Comment Re: Slackware..... (Score 2) 145

Yeah, not to mention. Ubuntu users are more likely to be on ask Ubuntu. Mint also had it's own forums. This is personal choice not server administration so redhat and centos are out...
The real question is how many prefer slackware for their personal desktop but use something else most of the time for some work reason or something.

Comment Re: You cannot sign with MD5, you hash with MD5. (Score 1) 55

Part of the RSA signature algorithm is signing a hash of the content you want to sign. They are changing that hashing algorithm.

The funny thing is sha-1 is nolonger fit for this purpose and so Mozilla is requiring sha-2 in all HTTPS certificates from next week (after a major push by all the browser creators for CAs to use sha-256 for the last couple of years), so yeah, Oracle and Java is way behind the times and that is before we get to those that won't update.

Comment Re:uh, no (Score 4, Interesting) 148

I suppose you know how timing side channel attacks are done? All those layers of abstraction make it possible to accurately predict and alter code path length? Oh, and they do automatically handle things like proper memory scrubbing of keys when no-longer valid? Right?

These things need low level hardware access to manage, and are hard even then where there is less in the way screwing with it. It is nearly impossible to handle properly on highly abstracted languages running in managed virtual environments like Java and C#.

Yes those abstractions help avoid specific classes of vulnerabilities, but can open a whole host of just as bad context specific ones when talking about security stuff like encryption. This is why we should only let specialists in that specific field do such implementations and have them vet each others code.

Slashdot Top Deals

Ya'll hear about the geometer who went to the beach to catch some rays and became a tangent ?

Working...