Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Then there are remte admin tools such as Intel AMT (Score 1) 94

The BIOS has bare back access to the hardware. Why cant it log the keyboard and dump it out the Ethernet? Why cant it access the ram directly?

Built-in threats include more than just BIOS. At least one, and probably most, chip makers build in backdoors that do exactly what you describe, and much more. It's built right into the silicon, too.

Modern laptops and desktops come with remote administration tools built into the chips on the board. (The vendors tout this as a feature, simplifying administration of a large company's workstations. It's easier and cheaper to build it into everything than to be selective, so it's in the machines sold to individuals, too.)

One example: Intel Active Management Technology (AMT) and its standard Intelligent Platform Management Interface (IPMI), the latter standardized in 1998 and supported by "over 200 hardware vendors". This is built into the northbridge (or, in early models, the Ethernet) chip).

Just TRY to get a "modern laptop" (or desktop), using an Intel chipset, without this feature.

You can't disable it: Dumping the credentials or reverting to factory settings just makes it think it hasn't been configured yet and accept the first connection (ethernet or WiFi, whether powered up or down) claiming to be the new owner's sysadmins.

If the NSA doesn't know how to use this to spy on, or take over, a target computer, they aren't doing their jobs.

Some of the things this can do (from the Wikipedia articles - see them for the footnotes):

Hardware-based AMT features include:

amt.feature:Encrypted, remote communication channel for network traffic between the IT console and Intel AMT.

amt.feature: Ability for a wired PC (physically connected to the network) outside the company's firewall on an open LAN to establish a secure communication tunnel (via AMT) back to the IT console. Examples of an open LAN include a wired laptop at home or at an SMB site that does not have a proxy server.

amt.feature: Protected Audio/Video Pathway for playback protection of DRM-protected media.

Additional AMT features in laptop PCs

Laptops with AMT also include wireless technologies:

michael@shuttle:~/nomad-michael/letters$ cat amt.feature
Modern laptops and desktops come with remote administration tools built into the chips on the board. (The vendors tout this as a feature, simplifying administration of a large company's workstations. It's easier and cheaper to build it into everything than to be selective, so it's in the machines sold to individuals, too.)

One example: Intel Active Management Technology (AMT) and its standard Intelligent Platform Management Interface (IPMI), the latter standardized in 1998 and supported by "over 200 hardware vendors". This is built into the northbridge (or, in early models, the Ethernet) chip).

Just TRY to get a "modern laptop" (or desktop), using an Intel chipset, without this feature.

You can't disable it: Dumping the credentials or reverting to factory settings just makes it think it hasn't been configured yet and accept the first connection (ethernet or WiFi, whether powered up or down) claiming to be the new owner's sysadmins.

If the NSA doesn't know how to use this to spy on, or take over, a target computer, they aren't doing their jobs.

Some of the things this can do (from the Wikipedia articles - see them for the footnotes):

Hardware-based AMT features include:

Encrypted, remote communication channel for network traffic between the IT console and Intel AMT.

                Ability for a wired PC (physically connected to the network) outside the company's firewall on an open LAN to establish a secure communication tunnel (via AMT) back to the IT console. Examples of an open LAN include a wired laptop at home or at an SMB site that does not have a proxy server.

                Remote power up / power down / power cycle through encrypted WOL.

                Remote boot, via integrated device electronics redirect (IDE-R).

                Console redirection, via serial over LAN (SOL).

                Keyboard, video, mouse (KVM) over network.

                Hardware-based filters for monitoring packet headers in inbound and outbound network traffic for known threats (based on programmable timers), and for monitoring known / unknown threats based on time-based heuristics. Laptops and desktop PCs have filters to monitor packet headers. Desktop PCs have packet-header filters and time-based filters.

                Isolation circuitry (previously and unofficially called "circuit breaker" by Intel) to port-block, rate-limit, or fully isolate a PC that might be compromised or infected.

                Agent presence checking, via hardware-based, policy-based programmable timers. A "miss" generates an event; you can specify that the event generate an alert.

                OOB alerting.

                Persistent event log, stored in protected memory (not on the hard drive).

                Access (preboot) the PC's universal unique identifier (UUID).

                Access (preboot) hardware asset information, such as a component's manufacturer and model, which is updated every time the system goes through power-on self-test (POST).

                Access (preboot) to third-party data store (TPDS), a protected memory area that software vendors can use, in which to version information, .DAT files, and other information.

                Remote configuration options, including certificate-based zero-touch remote configuration, USB key configuration (light-touch), and manual configuration.

                Protected Audio/Video Pathway for playback protection of DRM-protected media.

Additional AMT features in laptop PCs

Laptops with AMT also include wireless technologies:

                Support for IEEE 802.11 a/g/n wireless protocols
 

                Cisco-compatible extensions for Voice over WLAN

This just happens to be one I'm familiar with. I don't know whether (or which) other chip makers (such as AMD) have similar "features" built in as well (though I'd be surprised if they didn't, since they want to sell into big companies, too).

Comment Re:Fuck that guy. (Score 1) 397

racist, narcissistic, caste-based hiring practices to gain jobs they're in no way qualified for in a country thousands of miles from home

Hmm... Iranian? Chinese? Slavic? Israeli? Strange, none of them seem to quite meet your description.


Sounds like you are referring to people of one particular country.

Hmm, yes. Yes, it does sound like you have one particular country in mind. Clearly, one of you has a race card in play, but you might want to check the instant replay before you stick your neck out too far on this one...

Comment Re:whohoo! Swiss cheese! (Score 1) 302

It's a bit more to it than that. It's actually done with a new opcode in the underlying JVM, which allows them to implement those classes without having to construct new inner classes for each. There were cases where large numbers of nearly-identical inner classes were costing too much memory in certain parts of the JVM, and the new opcode makes that more efficient. (This was more a problem for Scala than for Java itself.)

But yeah, from a Java perspective, it's just syntactic sugar for anonymous inner classes. It's a particularly nice piece of syntactic sugar, since it makes the code more robust to certain kinds of changes by eliminating redundancy. You could, for example, change the name of the implemented class or the name of the method without breaking every lambda. Plus, it's nice to have that redundancy gone: a good IDE could resolve some of it for you but it makes the code more verbose than is strictly required.

Comment Re:Probably because they were big and meaty (Score 1) 180

There, I sure can't help ya. I found it pretty interesting; it's more relevant to my interests than much of what Slashdot has done of late. But you're absolutely right that there's a whole passel of science of equal interest that gets ignored, while fluff that I find uninteresting (or worse) gets there day after day.

I originally thought that Slashdot had the most insightful scientific and technical commentary on the web. The articles of moderate interest were greatly enhanced by other scientists with a close familiarity. I've found that to be substantially worse for the past couple of years, and I don't think that's the usual rose-colored-glasses about "the good old days" that makes every popular web site seem to degenerate over time. I believe that the quality of commenters is worse.

Which is to say... I have no idea why this article got picked out. I'd have liked to have seen better commentary that would put it in better context. I personally would rather see more like this, not less, but that's just my taste. I can't conceive of what's driving the editing selections, and I do think that they, too, are worse than formerly.

Comment Nope (Score 5, Informative) 290

The worst industrial disaster in US history occurred in 1947 when a series of explosions killed 581 people, including all but one member of the Texas City fire department.

http://en.wikipedia.org/wiki/T...

The initial blast was also one of the largest non-nuclear explosion in US history.

Comment Re:150 tabs? (Score 1) 142

Different people respond better to different ways of working. Frankly, looking something up and then closing it drivers me utterly crazy - since I'm the kind of person that forgets about something once they can't see it. Doorway amnesia, out of sight, out of mind and all that. Please don't assume that because you find the "having lots of tabs" approach not your cup of tea that everyone is like that.

(Emphasis added). That's the basis of egotism, also known as childishness.

When it operates in politics, you wind up with imbecilic laws like Prohibition and the current War on Drugs. The basis is, "*I* don't want to do that, therefore no one else should ever be allowed to do that either!"

Does anyone else remember this site years ago, back when occurrences of it on Slashdot were relatively rare events?

Comment Re:150 tabs? (Score 1) 142

In this thread: people who never have to work on more than one thing on any given day.

In this thread: Assmunch dipshits. No one works with 150 tabs at once, and no one believes anyone who claims to.

*I* don't personally use that many. In fact I have never needed anything close to 100.

I'm also not automatically hostile to someone who says they do. They have their reasons, and no number of tabs they use on their own equipment is going to infringe on the way I personally want to use my own browser.

So I just don't see a problem here. With a guy who says he uses so many tabs, that is. The flimsy excuse for hostility, on the other hand ... it's a means by which you are shaming yourself. The prevalence of this attitude is destroying Slashdot much faster than the Beta redesign. When so many users engage in this, it tends to repel those who want to converse like adults. Remember that the userbase and the discussions are what actually bring you to this site. Anyone can get a copy of the Slashcode and get some cheap Web hosting.

Comment Re:Straw (Score 1) 142

Nothing personal against you, but anyone who you uses the term "Straw Man" is a big fag that needs to take a break from the Internet for awhile. Maybe take a shower.

That would be much more accurate if you said "No True Scotsman" and not "Straw Man".

Observation: about a year ago, Slashdot users finally discovered, in a collective groupthink style, that there was such a thing as the "No True Scotsman" fallacy. Since then, they have tried to invoke it in every possible conversation, even where it does not apply. Conclusion: there are a lot of insecure nerds who are eager to show off their perceived superior intelligence. Since they are driven by insecurity, they do this not by creating or contributing anything of their own, but by trying to invent flaws in what others say. The other guy made a mistake if you just wish for it hard enough!

I'll give an example. A while back, I personally had some imbecile jump on this bandwagon in response to a post of mine. I mentioned that people who call themselves Christians but then commit acts of violence, for flimsy reasons and without provocation, are not in fact practicing Christianity. Some fool cried "hehe I guss there is No True Scotsman then huh?!" while patting himself on the back fiercely. Apparently this fool decided that knowing nothing about the teachings of Jesus Christ does not actually disqualify him from commenting on the subject. After all, he knew in his twisted little heart that I was wrong, and that only he was clever enough to invent the reason why.

This infantile fevered-ego shit is killing Slashdot much faster than a shitty Beta redesign ever could hope to do. It's just far less trendy to protest it.

Comment Re:Fraud? Try Idiot. (Score 2) 99

Exactly. Unless it's an experiment to see how well peer review works, putting it in Nature is pretty stupid. You're pretty much guaranteeing that people will try to reproduce your work and you'll be exposed. You can probably get away with it if you put it in a less prestigious journal, but if people start citing it then there's a good chance that someone will try to reproduce it, especially when the novelty of the article is that it's an easy way of doing a thing that loads of people want to do. And if it isn't read and cited enough that people want to reproduce it, it's pretty worthless (from a research career perspective) as a publication...

Comment Step1: Don't ignore instructions from judges (Score 2) 41

This judge has dealt with this issue in other cases, and in fact had previously told the government exactly what it should do in order to avoid the 4th Amendment problems of general warrants. FTA:

"[In a previous ruling, the Court] warned the government to “adopt stricter search parameters in future applications” or the Court would be "unwilling to issue any search and seizure warrants for electronic data that ignore the constitutional obligations to avoid ‘general’ electronic warrants.” Facebook Opinion, 2013 WL 7856600, at *8. The Court recommended several different approaches, including key word searches, using an independent special master to conduct searches, or segregating the people who are performing the search from those who are conducting the investigation.""

The government attorneys in this case are hopefully looking for a new gig. You don't ignore a judge and feed him boilerplate when he's already on to you.

Slashdot Top Deals

In English, every word can be verbed. Would that it were so in our programming languages.

Working...