Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment Re:send the mini-shuttle over there to wack it (Score 1) 450

"Star Wreck: In the Pirkinning" was Finnish wasn't it?

Yeah, but it was Iron Skies that featured the nuclear-armed peaceful-research-only vessels.

Come to think of it, maybe that's North Korea's plan, to protect us all from space Nazis. Makes about as much sense as some of their other antics.

Comment Re:Windows 7 compatibility mode (Score 1) 313

Or they have shoddy legacy code that checks for 64-bit systems and refuses to run on them

So you're saying that someone writing code for 32- or even 16-bit Windows managed to figure out how to check for a CPU type that wouldn't be invented for another ten years and refuse to run on it? That's pretty impressive.

Personally I'd put my money on the code being 16-bit, using 16-bit components, or taking advantage of some Win16-compatibility mechanism that doesn't exist any more in Win64.

Comment This is 20-year-old technology (Score 1) 118

MasterCard were demo'ing this in the late 1980s under the name "Super Smart Card". The only difference was that back then the cards were gold-coloured, not silver as in the BBC photo. Since then this has been retried a number of times by different manufacturers, failing each time. So I wouldn't hold out much hope for this one succeeding. OTOH wait a few years and there'll be another press release from another vendor about it.

Comment Re:Grin (Score 1) 360

Another benefit is the support for older hardware that's been dropped by the GCC team along with ease of debugging. I've had compiler optimizations introduce unexpected bugs/failure mode in the Linux kernel itself that disappeared when the No Optimization flag was set. Simply put, if the kernel isn't stable, I don't give a damn how stable the rest of your system is, it's not stable because you can't trust the kernel and that's why Clang/LLVM is all about.

That's exactly the point I was making in this post earlier on in the discussion. Unless you've got the ability to run massive amounts of regression tests to make sure everything's OK, you can't trust the output of gcc with optimisation enabled. So far we haven't found a single compiler bug with LLVM. In contrast the last gcc compiler bug we had to work around was just over a week ago, a simple pointer assignment where the write went to who-knows-where in memory when optimisation was enabled.

Comment Re:Grin (Score 1) 360

Also, although I've heard a lot about the inner workings of GCC being rather intertwined and convoluted, whereas LLVM is simpler to work with and modify (not sure how true this is).

The internals of gcc are an absolute nightmare, even gcc's own developers admit this. A side-effect of this is that gcc is difficult to maintain, rather buggy, and any changes create a serious risk of introducing further bugs. In terms of code generation, I help maintain a sizeable OSS cross-platform codebase, and gcc alone has more compiler bugs than all other compilers it's built with combined. We've got so many "this silly-walk of code is necessary because without it gcc generates invalid code" conditional compile sections in our code it's not funny, and every new release of gcc brings about further kludges to get around bugs in the code generator. The sooner we can get away from everything using gcc as the default compiler the better.


Submission + - Sophos A/V riddled with vulnerabilities (

arglebargle_xiv writes: Security researcher Tavis Ormandy has had a look at Sophos A/V and found that it'll actually make your system less secure after you install it:

The paper contains details about several vulnerabilities in the Sophos antivirus code responsible for parsing Visual Basic 6, PDF, CAB and RAR files. Some of these flaws can be attacked remotely and can result in the execution of arbitrary code on the system. Ormandy even included a proof-of-concept exploit for the PDF parsing vulnerability which he claims requires no user interaction, no authentication and can be easily transformed into a self-spreading worm.

The findings also include this gem:

Ormandy also found that a component called the 'Buffer Overflow Protection System' (BOPS) that's bundled with Sophos antivirus, disables the ASLR (address space layout randomization) exploit mitigation feature on all Windows versions that support it by default, including Vista and later.

Original paper here.

Comment Re:Marketing Speech? 10 writes per day for five ye (Score 0) 54

The article makes me a bit suspicious: "Intel's own high-endurance MLC NAND can be found in the drive, which is rated for 10 full disk writes per day for five years." sounds pretty bad actually, if I understand it right. Per cell this means: 365*10*5 = roughly 20.000 write cycles per cell? Sure wear leveling algorithms are there, but 20.000 cycles is not exceptional, or am I wrong?

With an Intel SSD you never actually get anywhere near the total number of write cycles. Because of a special Intel wear-levelling feature called BAD_CTX 0000013x the drive will brick itself periodically, forcing you to erase it and resetting the write config. It's a clever feature of Intel SSD products that I haven't seen other manufacturers implement yet.

Comment Re:Good crypto is born secret, even in the US (Score 2) 87

How about NSA's Type I ciphers? They are classified TOP SECRET. Would you say they are "weak" or "badly designed?" Do you think NSA keeps them secret because they believe in security through obscurity?

Surely they keep them secret because they don't want other people/countries using them. Or do they provide a closed implementation for everyone to use?

They keep them secret because (a) they don't want to reveal their design principles to others and (b) because then instead of attackers being able to immediately start with attacking the algorithm they first have to spend quite a bit of effort just finding out what the algorithm is before they can start attacking it (look at all the crap crypto used in things like RFID transponders that took ages to break because the details weren't readily available). NSA also has special algorithms designed for high-risk situations where there's a chance the design details will be compromised, if one's needed then something not related to anything else in use will be pulled off the shelf and used. Skipjack was an example of a high-risk algorithm, and it did indeed end up being revealed, and it doesn't tell us anything about other NSA designs.

Slashdot Top Deals

Life would be so much easier if we could just look at the source code. -- Dave Olson