Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment Really? I thought it was just another leetism. (Score 1) 41

Back in the days of netnews, store-and-forward email, private dialup BBSes, and a far lower proportion of script kiddies in cracker circles, there was concern that the government would be able to monitor (or already was monitoring) a larightrge amount of the Internet - netnews, mail, BBSes, etc., - and handle the volume by using keyword-searching software. (Snowden's recent revelations show their concerns were correct - through PERHAPS a bit early.) So some among the computer underground began obfuscating their text communications to try to stymie that approach to surveillance.

In addition to using slang (which, of course, would quickly be figured out), the approach was to distort the spelling of words in ways that (with a little effort) would be recognizable by a human eye but not by a straightforward word matcher. Misspellings (common, adjacent-key, adjacent-character substitution, etc.), homonyms, substitution of letters that looked similar, digits and punctuation for similar-looking letters (such as 3 for E, dyslexic style), building typewriter pictures of letters, etc. were typical. The idea was to pile distortion upon distortion until it was somewhat difficult to read, and constantly mutate the distortions, perhaps settling on a style but NOT on something that could be easily built into a pattern-matching.

Thus was born leet-speak (always, of course, spelled in its own form, such as "133t" or "I334".) Of course the constant-mutation was quickly lost in favor of more stable use of certain attractive forms, thus turning it into an ordinary slang and defeating the purpose.

At the time "owned" was already a slang term applied to systems which were cracked and controlled by a tacker, or the owner/operator of such systems. "pwned" falls right into the pattern on two rules: adjacent-key misspelling and "little p looks like little o" visual pattern matching. So I assumed, at the time, that it was just another instance of the form.

Now that does not say that it DIDN'T originate as an in-game typo that grew into an in-joke. But gaming and cracking circles have overlapped substantially since the breaking of early attempts at computer-game copy protection. So the two explanations are not in conflict:. A typo that fit right into the form would be immediately seized and used.

Comment Also for catastrophic failures. (Score 1) 371

People are the most expensive cost to most businesses these days. So the marketing battle between languages focuses less on performance and more on how experienced and expensive your developers need to be. What I see being missed with this marketing is that by lowering the people quality and marginalizing your language and code quality, you are setting yourself up for maintenance, improvement, and performance costs down the road.

Also for catastrophic failures, when a relatively inexperienced programmer does something that someone more seasoned would know to avoid and it makes it through QA to deployment before being triggered.

Comment Re:Huh? (Score 1) 371

At the end of the day with C/C++ you have to deal with memory management and that's just one additional piece of work that you don't have to be so concerned with with Java.

You're funny.

I think we have about a dozen calls to new and free in a few hundred thousand lines of code in our server. The vast majority of memory allocation in C++ is hidden in libraries like STL, which we presume have been debugged.

It usually turns out that there's an obvious place to free the memory algorithmically. C++ has helpful tools to let you build your memory management into the objects themselves, so it happens automagically.

It's only when you have to generate persistent mutating structures that things get complicated

C++'s paradigm is that the programmer, who understands the algorithm, is usually more clueful about when the memory should be freed (or examined to see if it should be freed) than a general purpose component which, while it always gets it right, has to look at EVERYTHING rather than just the problem objects.

Having said that, it's quite possible to build garbage collection into into C++ objects. (The Xanadu project was able to do it in the late 1980s, when C++ was still in diapers.)

But a bit of personal sour grapes: It would be a LOT easier if the standards committee would fix the member object constructor timing issue (as I asked them to do in each of the first two rounds of standardization.) Then heap-allocated, garbage-collected, classes could be as general as other types, including all their related components in a single block of allocated memory, rather than being limited to not having full-blown object members with error-throwing or garbage collector triggering constructors, leading to the necessity of replacing such members with pointers to another heap-allocated class instance.

Comment Why must it be a reverse-engineered chip? (Score 2) 254

What if it's a software bug?

Most automobiles these days have their wiring harnesses drastically simplified by replacing enormous numbers of point-to-point wires with a digital bus, conforming to one of a small handfull of standards. These control everything from the engine to the seat adjustments to the outside rear-view mirror angles, to the door locks.

If you can inject your own packets on such a bus, you can command the car to open the doors and start the engine.

Now it may be possible to inject commands directly by using strong electromagnetic fields near where the bus, or a component on it, is not well shielded.

But there are a number of devices on the bus that are also radio receivers, with control computers which both parse radio inputs and interact with other parts of the car's electronics over this digital bus. If you can compromise them you can get them to inject commands for you.

Of course the key radio-fob receiver is the most obvious target. A protocol stack escape might get you directly into the code that unlocks the door. Another obvious target is a remote accident-assistance/monitoring system, such as OnStar. This is essentially a cellphone that deliberately issues such commands. (One thing they do as a service is open your car doors if you lock your keys inside.)

But there are a number of others where it may be possible to inject malformed packets and exploit a flaw in the radio-side network stack to take over enough control to issue automotive bus commands and achieve the same effect, even if the device wasn't intended to unlock the door. Candidates include:
  - Entertainment systems.
  - Bluetooth "hands free phone" features.
  - GPS navigation systems.
  - Tire-pressure monitoring systems.
and I could go on.

You can find such flaws by purely software-driven probes, using stock techniques like "fuzzing" to find a bug that crashes the device, then working up from the known flaw (and perhaps a general knowledge of the processor involved in the component and its typical development environments) into an exploit.

I have seen a proof-of-concept where one of the above HAS been exploited in this way by a security research team.

I have also heard news reports of security-camera recordings of carjackers using a box that causes the passenger side door lock of the victim car to unlock itself. So SOME such exploit is already in the wild.

Any bets on whether Garcia, or the carjackers, got in this way, rather than by electron microscopy?

Any bets on whether, even if they both DID "do it the hard(ware) way", there is, or will be within the year, an exploit that didn't involve either such pricey techniques (or a data leak from a manufacturer)?

Comment And maybe inject chunks into earth-impact orbit? (Score 1) 110

Given that, to be a threat to Earth, such asteroids would have an orbit that almost intersects Earth's at Earth's position at the near-intersection, and risks being perturbed onto a collision course, I hope they're really careful when "carving off a chunk".

It would be ironic if, in the process of trying to avoid a potential "rifle shot" of the whole asteroid, they perturbed the rest in exactly that way, or broke it up into several large "shotgun pellets" and ended up hitting the Earth with one or more of them when the original would have missed.

It would be a good idea, as well, to be sure the towing orbit of the sample, had no points where (if the tow vehicle lost power or the load broke up) it was on a collision course.


NASA's Garver Proposes Carving Piece Off Big Asteroid For Near-Earth Mining 110

MarkWhittington writes "According to a July 26, 2013 story in Space News, NASA Deputy Administrator Lori Garver mused about what appeared to be a change to the space agency's asteroid snatching mission at the NewSpace 2013 conference. Apparently the idea is to send a robot to a larger asteroid than originally planned, carve out a chunk of it, and then bring it to lunar orbit for an crew of astronauts to visit in an Orion space ship. Garver's proposed change would widen the number of target asteroids and would test technologies important for asteroid mining. But it would also increase the complexity and certainly the cost of the asteroid mission. There are a lot of unanswered questions, such as what kind of mechanism would be involved in taking a piece of an asteroid and moving it? At the same conference Garver had hinted at a willingness to consider mounting a program of "sustainable" lunar exploration, as some in Congress have demanded, concurrent with the asteroid mission."

Comment The point of thorium is no plutonium. (Score 5, Insightful) 327

Thorium is a solution looking for a problem, basically -- there's lots of uranium around, it's dirt cheap, ...

The big point of thorium reactors is that they don't produce plutonium. This made it less attractive during the Cold War, when producing plutonium for building bombs was considered a plus. Thus they were what was developed before opposition to nuclear plants made designing and building new ones uneconomic - at least in the US.

In the current age of avoiding nuclear weapon proliferation, this potentially makes such designs less expensive to build and operate due to lower regulation and less need for defense against interception of spent fuel by budding bomb-makers, to convince the bureaucrats to let things proceed.

Such lower regulation and lower costs might make it possible to proceed with the necessary research, design, and deployment and still hope to make a profit.

Comment MOD THAT UP! Re:The Medium Can Hold Secrets (Score 2) 122

I have no mod points at the moment. But that's a VERY important point: A straight copy may not be good enough, due to outside-the-standards copy protection schemes.

Other floppy-based commercial games used a number of other techniques.

(One, for instance, had track 3 deliberately corrupted, by scratching the medium with a pin. No error on reading it - or writing and re-reading it - and the game would load, erase the disk, and play. This let the person who made the copy think he had a good copy - when in fact he had a blank disk. Let's see you make a good archival copy of THAT. B-b )

You get the same thing on other media as well - even analog. (Example: Macrovision, which plays with the sync and saturation levels, so that analog TVs intended for over-the-air reception (usually) correct the distortion as if it were a fading signal, while videotape machines copy the "fading" picture and regenerate a non-fading sync, so the copy isn't corrected when viewed.)

One of the several copy protection schemes for DVDs includes hidden modulation in sync information, decoded by the drive's hardware and detected by its firmware, so you can make a perfect copy of the bits and it still won't play.

Wikipedia has a long list of such copy-protection schemes, any of which would make archival copying difficult to impossible (without special equipment that would expose you to arrest and federal prosecution if you possessed it).

Comment "Controversial" just means ... (Score 4, Insightful) 668

Once again, Barbara, this isn't a "controversial" opinion, it is a murderous one.

"Controversial" just means the media talking heads are talking about it. It's a propaganda tool that lets them discredit anything, sew doubt in the viewers'/listeners' minds, and divide and distract the population.

1) Pick an idea held by many people. (If that's because it's well-researched, produces prosperity and/or political stability, or otherwise sound, it's particularly suitable because it will be strongly held.)
2) Find some ideal held by a few that contradicts it. (If it's some unresearched or refuted-by-research tinfoil-hat idea, an attractive political ideology that leads to strife, etc. that's especially effectivce as well.)
3) Talk about them as if the first is in question and the second is just as well founded.
4) Because you're talking about them, label them both "controversial", thus lowering the credibility of the first and throwing the issue into doubt.
5) Confused viewers tune in to try to figure out which is right. Never tell them, so your raitings stay high.
6) Profit!

If this leads to children suffering from and dying of loathsome diseases, political strife, tyrannies, wars, economic collapse, and so on, laugh all the way to the bank and goto step 5).

People die because of this.

You betcha!

(And then they wonder why people are waking up, turning them off, and getting their news and analysis from the Internet.)

Comment Re:CIA :- Centre for Imitating Art (Score 4, Interesting) 38

Life imitating art imitating life.

Why not?

Ian Fleming, along with Eric Frank Russel, were members of Britain's intelligence community, where such devices were designed and deployed, for real, during WWII. Some of the stuff the "department of dirty tricks" came up with were brilliant.

Russel also used his WWII experience in his post-war writing. Notable (and perhaps my very favorite SF novel) is _Wasp_, which is a thinly-disguised recycling of one of Russel's plans for infiltrated saboteurs targeting Japan, combined with techniques that also ended up in the taining manual for the British Home Guard. (The latter was to be the nucleus of a resistance movement if the NAZIs occupied the British Isles.)

Gadgets in stories are more plausible if they might actually work, and plausible and potentially useful story gadgets have a track record of inspiring the development of the real thing. (Consider, for instance, the clamshell-style cellphone, inspired by the Star Trek communicator - which Motorola implicitly acknowledged by naming the first one the "StarTAC".)

Comment The energy supplier thing is happening in US, too. (Score 1) 173

In the UK, for instance, for a period of many years door-to-door cold callers would attempt to persuade people to change their energy suppliers. Even if a resident was NOT interested, these callers would claim to need a signature so they could prove they had visited, and get paid.

Just had one of those here in the San Francisco Bay Area, like within the last couple weeks. Claimed to be "checking" that we were "getting the government required 20% discount". Tried to get us to sign a form that would switch our gas supplier from PG&E to some pseudo-ecological-responsibility gas supplier (using the common gas distribution system).

Comment A convenient meme for the NSA. (Score 1) 372

Also; I hear plenty of government workers saying Management has a no open source software policy; for security reasons, the more money spent on the product the better, as closed source code is deemed to be more secure...

And that's a convenient meme for the spooks who have been getting the big companies to embed spyware in their systems, where the systems' closed-source or as-a-service nature makes it difficult-to-impossible to detect such spyware, even as it's doing you harm.

Perhaps the revelations about the Prisim program will drive a reevaluation of such policies and a move toward open systems which CAN BE CHECKED for embedded nastiness.

Slashdot Top Deals

"It may be that our role on this planet is not to worship God but to create him." -Arthur C. Clarke