Follow Slashdot stories on Twitter


Forgot your password?

Comment Depends on the business (Score 5, Insightful) 453

Today, you usually know who's calling before you answer. It may be appropriate to take a call if it's more important than the meeting. If you're in sales, a call from a major customer is probably more important than a meeting. If you're responsible for something operational, a call from someone reporting trouble is probably more important than the meeting.

As for reading texts, if you're in a meeting and the current meeting activity doesn't involve you, it's an effective use of your time. This is more of a large-meeting thing. Large meetings are generally nonproductive anyway.

Comment Already available (Score 1) 116

Here are some existing over-the-power-line transmission systems usable for home control:

  • X10 Pro signals over the power line since 1978, and still works, despite having annoyed millions with their ads in the 1990s.
  • LonWorks - originally intended for home automation, but was too expensive in its early days. So it became a standard for commercial building automation. So robust electrically that it's used on subway trains to control auxiliary equipment (signs, lights, HVAC, etc.)
  • HomePlug - also known as IEEE 1901. Mostly used to pipe Ethernet packets around house-sized buildings. More bandwidth than needed for lighting and such, but there are HomePlug thermostats.

We don't need another one. Especially since the original article's link to the protocol definition is a dead link. And because making home automation run a web server with "node.js" is terrible from a security perspective. And because it's WiFi based, which means it won't go through some walls it needs to go through, and will go through some walls it shouldn't. With the power line systems you can put a low-pass filter after your meter and keep out external signals.

Comment May be an attack via the network controller. (Score 5, Informative) 265

I read the original article, but I don't see any part where someone recorded what was going out the speaker and looked at it. If someone is sending data over audio, it will show on a scope. Clearly that's not going to do much unless the receiving side has some kind of modem code listening for it.

Then there are claims like "It seemed to send TLS encrypted commands in the HostOptions field of DHCP packets." Attacking via DHCP packets is plausible; DHCP clients get told a lot of things they're supposed to do, and some of the older vendor-specific extensions are very insecure. But TLS? TLS isn't used within the DHCP protocol itself. There's a way to store DHCP configuration info in an LDAP server and have a DHCP server access it via LDAP.

If someone is seeing strange DHCP packets, and reloading the BIOS won't help, it's possible that what's going on involves an attack via the network controller. The fancier network controller parts now have CPUs and EEPROM. This may be an attack which puts code in the network controller which in turn patches the BIOS.

The people studying this need to list exactly what network ICs the machines involved are using. Some network devices are too dumb to be used as an attack vector, but some have whole protocol stacks, WiFi support, remote administration support, etc. It would not be surprising if those were attackable.

I've expected attacks via network controllers for years. That's been used to attack servers. There's a known attack on PCI controllers which can survive rebooting and reloading the BIOS.

If the machine has wireless networking hardware and the attack exploits the network controller, it may be able to do wireless networking even if the user thinks they have the hardware disabled. Time to open up the machine, clip onto the JTAG port on the network controller, and read out the device memory with a JTAG debugger. Compare the dumps with other machines.

Comment Use your own (Score 1) 435

Thunderbird as a client, IMAP server on a hosting account with spam filtering. No problems, no ads, no worrying about what will Google/Yahoo/Microsoft screw up next.

"Free" is too expensive.

Comment Re:These bugs exist even *without* signed integers (Score 5, Interesting) 470

The problem is C's promotion rules. In C, when promoting integers to the next size up, typically to the minimum of "int", the rule is to use signed integers if the source type fits, even if the source type is unsigned.

I know. C's handling of integer overflow is "undefined". In Pascal, integer overflow was a detected error. DEC VAX computers could be set to raise a hardware exception on integer overflow, and about thirty years ago, I rebuilt the UNIX command line tools with that checking enabled. Most of them broke.

In the first release of 4.3BSD, TCP would fail to work with non-BSD systems during alternate 4-hour periods. The sequence number arithmetic had been botched due to incorrect casts involving signed and unsigned integers. I found that bug. It wasn't fun.

C's casual attitude towards integer overflow is why today's machines don't have the hardware to interrupt on it. Ada and Java do overflow checks, but the predominance of C sloppyness influenced hardware design too much.

I once wrote a paper, "Type Integer Considered Harmful" on this topic. One of my points was that unsigned arithmetic should not "wrap around" by default. If you want modular arithmetic, you should write something like n = (n +1) % 65536;. The compiler can optimize that into machine instructions that exploit word lengths when the hardware allows, and you'll get the same result on all platforms.

Comment Re:What a load of BS (Score 1) 507

"at any employer."

That is why you're not having a problem. If you have employer-provided healthcare, you don't have to worry about preexisting conditions. And now, under Albatrosscare, you don't have to worry about them on the private insurance market either.

Somebody will manage to explain to me why this is bad someday, I suppose, but I sure haven't figured it out yet.

Comment Your tax dollars at work (Score 4, Interesting) 151

Going "private", right. The money supposedly comes from Silver Lake Venture Partners. But they don't have $24 billion. Most of it is borrowed. From banks. Which borrow it from the Fed at very low rates. Which creates Government debt to pay for it.

"Private equity" today is really equity to debt conversion. With interest rates so low, that's very attractive to management.

This is "quantitative easing" at work.

Comment How the spam industry solves CAPTCHAS now (Score 2) 141

If you read Black Hat World, you find that CAPTCHAs are a solved problem for spammers and fake account creators. The better systems run them through several OCR programs in parallel. That knocks off about 67% of them. There's a lot of special casing involved, but from the spammer's viewpoint, this is a solved problem. Getting from 67% to 90% would be convenient, but humans aren't at 90%. If all the OCR programs give up, the problem is sent to an outsourced service where low-wage people solve CAPTCHAs all day.

The Black Hat forum system itself makes users play and win a short video game to lock out 'bots.

Comment Socialist party (Score 5, Informative) 406

If you want an understanding of what "socialist" means in American political discourse (I'm guessing you're from the old country, given your sig and your spelling conventions), then search sometime for "AM talk radio" and listen in for a few hours. "Socialist" is little more than a pejorative. I truly wish we had some genuine socialists in the US...

Right. The current President of France is from the Socialist Party, which is one of the two big parties in France. France has universal socialized medical care - everyone legally resident in France is covered. France has free abortion on demand. France has a 35 hour work week and 5 weeks of vacation a year, enforced by law. Productivity per hour worked is one of the highest in the world, above US levels. The median wage per hour worked is one of the highest in Europe. France has energy independence, with 80% of electricity coming from nuclear power. Most education through college is Government-funded. Current tuition at French universities is about 200EUR/year.

France is a "social democracy". The French government doesn't own most businesses. Most employment is private. There's a lot of regulation, some of it petty, some of it historical going back to Napoleon. It's more annoying than serious.

That's what socialism looks like.

Slashdot Top Deals

"Of course power tools and alcohol don't mix. Everyone knows power tools aren't soluble in alcohol..." -- Crazy Nigel