Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Re:burden of proof goes the other way (Score 1) 449

My understanding is that these liquid explosives are difficult even for trained technicians to mix under controlled laboratory conditions, never mind dumb foot soldiers trying to do this in an aircraft toilet. For the UK liquid bomb plot trial, the UK government produced demonstration videos of the power of these bombs, however I thought I read somewhere that those producing that demo actually had great difficulty making it work. Unfortunately, I can't a good ref for this now, so...

Comment Re:The argument against regulation ... (Score 1) 449

without proof that such emissions will actually harm someone.

There is plenty of proof that various kinds of emissions, those from combustion particularly, cause harm. E.g. start with death rate statistics from London in the 50s when they had terrible smog during some winters, when cold air trapped emissions. Large numbers of people *died*, quite obviously directly due to the smog - animals were falling down dead. This was the impetus for regulation of emissions there. Similar stories elsewhere.

Comment Re:but (Score 1) 449

Oh, my father's take on mobile/cell phones being banned was that it was done to protect the *ground* GSM networks - not the aircraft. Having many thousands of phones in the air, in range of tens, maybe hundreds of GSM cells would have put a strain on, perhaps overloaded, the GSM networks. Also, he's heard that "tu duh duh duh tu duh" kind of interference in his headphones, from the mobile phones of passengers roaming. Which potentially could be a safety hazard - though that was in an older aircraft without any complex, modern electronic control systems or cockpit instruments.

Comment Re:burden of proof goes the other way (Score 1) 449

This isn't a terribly uncommon problem, and the fault is often the sensors in the wheel wells. I can ask my (retired) airline captain father for more details if you wish. I've had mobile/cell phone conversations with him in the late 90s, where he was phoning home from the cockpit. ;)

Comment Re:Pilots... (Score 1) 449

You are making rationalisations about RF interference by making an analogy to water sinking boats? Your post is a prime example of the fallacy of arguing by analogy - or "argumentum ad vehiculum" as I like to call it, because of how often the analogies relate to cars. The actual NYT article, which the somewhat-stupid, dogmatically anti-regulation blog linked to, even mentions that RF interference does not work additively this way.

Comment Re:Not surprised at all (Score 1) 179

Yes, something like SecureBoot possibly could be a piece of a system that guarantees the operation of code - though, it need not be either (e.g. the hardware could come with a formal proof or model, and a checker could verify the loaded code follows the proof - not caring where it comes from).

However, SecureBoot is not that system, nor does SecureBoot of itself get you any closer to that system.

E.g. how many systems get their boot path compromised, without the exploitation of any software bugs? That's basically never the case with malware. If you can compromise a system, you can find a way to have some apparently innocuous data file exploit a bug in some code that interprets it to inject code (JPEG parsers, Flash, JavaScript, etc.. take your pick, the list is endless - they're all buggy, cause we don't know how to write bug-free code), and then take-over the machine - that will work for the initial exploit and it will work to re-exploit the machine after reboots. SecureBoot just doesn't do anything to stop this, and these are scenarios which exploits already regularly use.

SecureBoot doesn't stop the bad guys. It will only stop the less-technical, more ordinary users from using their computers the way they want.

Comment Re:Not surprised at all (Score 1) 179

No, it can not. SecureBoot verifies the code image was the one that was intended, *prior* to that code being run. SecureBoot can say nothing about what happens when that code runs. In particular, SecureBoot will not protect you from the code being modified or replaced once it is running, by design or (the typical case for security compromises) through the bugs that are rife in any non-trivial body of code. To make guarantees about the correct operation of code and be able to verify it is free of bugs that would allow the code to be replaced would require formal verification. That's a near impossible task generally.

"even if malware loaded into memory into runtime" - so you recognise this can happen, yet still can claim SecureBoot protects against it? A reboot doesn't protect, because the system can just be compromised again (e.g. by some apparently innocuous application, or even a data file that gets interpreted automatically by an application that has a bug, thus allowing code injection and further exploitation of kernels bugs - as there have been in, e.g., Javascript and Flash interpreters).

SecureBoot does not fix the problem that end-users want it to. However, SecureBoot certainly walks us down a path where large corporates could make life difficult for end-users. MS might not be able to make SecureBoot mandatory for now, for legacy compatability reasons, but do not doubt they will when they can. SecureBoot is already *mandatory* on ARM systems, in order to be supported by MS Windows there.

Comment Re:Not surprised at all (Score 4, Insightful) 179

What people really want is that their running code is verified to be running the way it is supposed to be. This requires formal proofs of code operation - which is notoriously difficult (and impossible to do generally with arbitrary software). SecureBoot does not give that, it only attests the code image *started* as the one it was supposed to be, according to the trust anchor. SecureBoot can however make the lives of ordinary users difficult. For now, we have the ability to use our own trust anchor, or none at all. Microsoft can't yet afford to block users from running all the non-SecureBoot OSes - as these include older Windows releases.

It's sad that so many Linux distributions and foundations are going along with this.

Comment Re:Grin (Score 1) 360

It's not in the GPL. Again, the copyright holder isn't bound by the GPL. The copyright holder, by definition in law, is or are the person(s) holding the right to dictate the terms by which _others_ may copy the work.

If the the copyright holders say that half the code is available GPL, and the other half isn't, and that that's fine, then that's fine. (They need to word it a bit better than that if they want others to actually be able to distribute under the GPL, in particular they need to state they're granting an exception to the GPL so that others may distribute the GPL half of their software while making use of their proprietary half, but they're the copyright holders, they can do this).

The only time a copyright holder would be constrained is if there were multiple copyright holders and they didn't all agree. However, when the copyright holders agree, they can pretty much do what they want.

Comment Re:Grin (Score 1) 360

No. If I'm the author of software, I can decide to GPL some of it and keep other parts proprietary. I own it, I can do this. No one else can do this however.

The copyright holder of the code is exempt from the GPL. They have no need for a licence via the GPL, because they own it - anything they do with it is legal, at least under copyright law. Copyright only constrains *others*.

Comment Re:Grin (Score 1) 360

The GPL doesn't force you to give the software away. You can sell it. Indeed, RMS himself used to **sell** tapes of GPL software to fund the FSF. RedHat make *billions* on per-seat licensing of GPL software. Nor does GPL software force you, as an author, to GPL all the software. As the author you are completely free to draw the line as you wish between which bits of your software are GPL and which proprietary. You just grant yourself an exception.

What the GPL *does* do, which a BSD licence does not, is protect you from anyone who tries to take your source and then make their own proprietary modificaitions. If you released your code as GPL you can now sue them, and get damages. If you released as BSD, you can't - they are free to make closed modifications to your code (as Apple have done with FreeBSD).

You're at odds with RMS, congratulations, but you're also falling quite a bit short in your understanding of the licences you do and don't have issues with.

Slashdot Top Deals

Machines certainly can solve problems, store information, correlate, and play games -- but not with pleasure. -- Leo Rosten

Working...