Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment what does that cost? Compare 64TB per $300 (Score 1) 193

What does that TS4500 cost? I'm curious how it compares to a stack of dumb 16-bay SAS enclosures at $300 each.

http://www.ebay.com/itm/like/1...

A general purpose FreeBSD or Linux system with four raid cards can control 1024 drives mounted in such enclosures, so about $2 per drive for the intelligent bit.

Comment lanes more likely to have traffic than shoulders (Score 1) 173

Someone COULD have pulled off onto the shoulder in front of you.
Someone DEFINITELY is in the lane in front of you. "Could" is less likely than "definitely" . The shoulder is the therefore the safer bet.

"Or the car behind you is following too closely " - it normally is, most of the time. Especially considering that the driver of tge car behind you may well not be focused 100% on driving. If they are turning down the radio because they're calling in to try to win Aerosmith tickets, 1/4 mile is too close for conditions.

Comment some good points (Score 1) 87

This wouldn't be a good assignment for Programming 101.
On the hand, it's trivial for the attacker to check the attributes of the new version of the PayPal app and post an updated signature file for his app to retrieve. The ability to draw on the screen or pop up a window / card / activity while in the background is key. One way to do that on all almost all operating systems is for the trojan to operate as a launcher. The "desktop" is actually the trojan, which launches the PayPal app for you and has some degree of control over it's children. Remember Windows Active Desktop, where the desktop could host web widgets because it was rendered by IE4 and could be scripted eith VBScript? I certainly never took advantage of that.

Comment wrong, wrong, and wrong (Score 1) 173

Steering around a problem is, on average, safer than applying the brakes. Frequently, pulling onto the shoulder and THEN applying the brakes in order to come to a stop next to the car you would have rear-ended is the best course of action.

In the scenario, visibility is reduced and the pavement is slick with rain. "Maintain heading and come to a halt " in those conditions practically guarantees you'll get rear-ended. The car behind you has their vision obscured by rain, can't stop quickly on the slick syrface, and is most likely following too close (most US drivers follow too closely) .

Comment they all use memory. If app can check available me (Score 5, Informative) 87

If an app can see how much memory is available, it can use this technique. All operating systems use memory when they create a new window and when the create gui widgets such as input fields and buttons.

On their own machine , the malware author monitors free memory vs used memory. The click "buy now" in the eBay app. That open a "log in to PayPal " window. The malware author notes that opening the login window caused memory usage to increase by 23752 bytes.

The malware author creates an app that monitors how much memory is used. When memory usage jumps by exactly 23752 bytes, that means the PayPal login window is probably being opened. The malicious app pops up it's own window that looks like the PayPal login window. Since the user was expecting a PayPal login window at that moment, they enter their credentials. 5. Profit!

Note there's nothing unique to any operating system here. On any systwm, an application can find out how much memory and disk space is available, and therefore infer whether or not the PayPal login window is being opened, based on the precise amount of memory that window uses as it opens.

Comment not reading memory, just see HOW MUCH shared memor (Score 5, Informative) 87

Android DOES run each app as a separate user, and one app cannot read another app's memory.
Processes have private memory and shared memory. Shared memory is used for communicating with other processes, such as the window manager.

An app can tell HOW MUCH shared memory another app is using. You see this in task manager, it'll tell you that your browser is using 12 MB of shared RAM or however much.

So the attack goes like this:
On their own device, the attacker monitors how much shared memory is being used by the Paypal app and the eBay app.
The they "pay now". The eBay app opens a "login to PayPal " window.
To display the window, the eBay app must communicate with the OS or window manager.
The attacker notes that when the app displays the login window, the amount of shared memory used increases by 26KB.

The attacker builds an app the monitors the amount of shared memory in use.
If the amount of memory in use jumps by exactly 26KB, that's probably because the "login to PayPal " window in being displayed.
The malicious app pops up it's own login window on screen, which looks just like the PayPal login window.
The user was expecting a PayPal login window, they see what looks-like a PayPal login window.
The user enters their PayPal credentials.

This is all based on knowing HOW MUCH memory is used vs available. From that, you can infer whwn another app opens a new window (activity).

Comment It's a confidence score. Normal for binary decisio (Score 1) 33

The "inferred third value" is almost certainly the probability/score/confidence level, and it's normally included for machine-learning or any classifier algorithm, such as one that makes a yes/no decision based on a numeric value within a range. You'll see it a lot with spam filters. It's required because the USER choses at which threshold they wish to take certain actions.

I'm going to use the spam filter example because that's one many people are familiar with, specifically Spamassassin. It will score a message like this:
Body includes the word "free": 2 points
HTML and text parts are different: 1 point
Sent through an open relay: 2 points
Tiny font: 1 point
From address default whitelist: -3 points

Adding up the scores, the total score for that email is 3 points. The server admin can configure how many points are required before an email is placed in the spam box, and how many are required before the email is deleted outright. Note that the choice of how high the score needs to be to be considered spam is completely separate from the algorithm generating those scores. One admin might be very tough on spam and decide that anything over 2 points is treated as spam. Another admin might be more lenient and set it to 4, so anything 4 or higher is treated as spam. The ROC informs the admin as to the results of different settings. A threshold of 2 will obviously have more false positives than a threshold of 4.

Note again the choice of threshold to take some action is selected by the USER, not by the group who designed the algorithm. In the case of this predictive tool, a web hosting company might choose to have the following policies:

No site with a risk score over 80 can be hosted on our servers.
Any site with a score over 40 will be informed and our security team will offer assistance in making the site more secure.

Those policies of what to do at different score thresholds are completely separate from the algorithm, the team who wrote the paper doesn't choose the thresholds for specific actions. Instead, the graph informs the web hosting company "at a risk score of 80, you can expect 5% false positives. At a risk score of 40, you can expect 15% false positives".

Comment water stops alpha particles (Score 1) 521

I think what you said is true.

Also, as I understand it, the long-lived isotopes tend to emit alpha particles. Alpha particles are easily stopped- they don't penetrate most materials, including water. So most of the radiation is expended by the particles hitting the water.

On the other hand, if the fish eat plutonium particles and a human eats the fish, that's not good. On the other hand, taking a walk on sunny day exposes you to more radiation than a power plant ever will, excepting a worst-case scenario.

Comment Yes. That's what republicans have said for years. (Score 2) 338

When it comes to granting new powers to the government , that's exactly right. Republicans have been saying tat for decades and Bysh Jr was criticized for taking on new powers, because any new power he assumed would be inherited by Obama or whoever came next.

Looking at poll numbers, Jeb Bush us likely to be elected president in two years. How much power do you want Jeb Bush to have? Any powers you grant Obama will be inherited by J Bush.

Comment no, he said don't take NEW powers if your successo (Score 3, Informative) 338

No, he didn't say everything needs to have bipartisan support. He said that if the FCC assumes a NEW power, the power to override state law and ban or require municipal broadband, the FCC will still have that power when Jeb Bush is president. If you decide that the FCC can choose whether or not muni is built, a different FCC chairman would inherit that power and could ban municipal broadband. Don't assume new powers for yourself if you don't want your successor to have the same power.

That's something I keep in mind. If Palin were president, would I want her administration running the health care industry? If not, I should oppose government run healthcare because we WILL have a president as bad as Palin at some point. Maybe in 2016, maybe in teo years, maybe in six years, maybe in ten years. We will have a horrible president. How much control do I want that crappy president to have over my life?

Comment That's his point. Don't let the FCC ban/require (Score 4, Informative) 338

You seem to have completely missed his point, so let me break that long sentence into four short sentences for you:

The is FCC deciding if it has the (unconstitutional) power to decide whether or not municipal broadband is built, disregarding state law.
If the FCC assumes that power, a future FCC chairman would therefore have the power to ban municipal broadband.
That would be bad.
Therefore, don't assume new powers that you wouldn't want your successor to have.

I'm not sure if I agree in this case. I do agree with the general principle- if you acquiesce to Obama assuming new powers, president Jeb Bush will inherit those new powers in a couple years.

Comment Mostly Wordpress, then. 50% accurate: all sites (Score 5, Informative) 33

I see of the top "features" they identified, mostly is just various tags that mean Wordpress is in use. So they learned that Wordpress sites tend to get hacked. Duh. The Wordpress team isn't interested in security. I demonstrated an exploit for a serious vulnerability in Wordpress and submitted it to their bug tracker. For two years it sat, with one WP developer saying "it can't be exploited" - even though I attached an exploit directly to the tracker issue. Two years later, the vulnerability was added to a 'sploit kit and thousands of sites were compromised over the course of just a few days. That's when WP finally got around to patcing the clear and significant vulnerability.

I see TFA claims "66% accuracy". "All sites will be hacked at some point" is about 50% accurate. I bet we could have 66% accuracy simply by saying "sites running PHP 5.2 or below will be hacked."

Comment C and Basic(.net) to learn both sides,tree forest (Score 1) 548

I think it's very valuable to be at least a little bit familiar with C, so you understand what the interpreter or .NET runtime is doing behind the scenes, and something like a .NET language for a bigger view. For example, I didn't really "get" objects until I worked on VB for a while. Graphical objects like text boxes and buttons are clearly objects which have their own properties, events, and methods. Until then, I thought of objects as little more than function libraries. Working in C or something else low level, sometimes you can't see the forest for the trees.

On the other hand, people who only know very high level, highly abstracted, languages routinely do stuff that's obviously incredibly stupid - obvious to the person who can roughly translate that C# into ansi C. If you don't know what the runtime is doing behind the scenes, you don't realize that while you could access the disk 1,000 times, you're instead accessing it 1,000^2 times (1,000,000).

Not that everyone should be GOOD at C or assembly and good at Java or .NET, but being familiar enough with both high and low level will make you much better at whichever you prefer.

Slashdot Top Deals

Saliva causes cancer, but only if swallowed in small amounts over a long period of time. -- George Carlin

Working...