Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Let's reserve our favorite numbers now! (Score 5, Interesting) 399

Am I the only one that sees something like this and immediately wants to call dibs on a "Vanity IP?"
I'll take:
  • ...and

I'm sure there's an algorithm or list that could tell me all of the possible "desirable" IPs in the /8, but, due to the fact that we shouldn't be greedy, and the completely arbitrary relation to the number 4 for IPv4, and the fact that it's an election year here in the US, I propose that we Slashdotters limit ourselves to four a piece, and leave the remainder to Reddit and 4chan. Or something.

Comment Re:Another DeVry MBA (Score 1) 192

When you buy a beer is there a line item for electricity, another for glasswashing detergent, another for depreciation of the stool you're sitting on?

Of course! It was the only way I could get the seat at the bar for free, rather than buying it outright for $699.

It was all covered in the contract that they printed out on the receipt paper.

Comment Re:Building the microsoft vision (Score 1) 192

Of course, this is phones shipped and not phones sold. Nobody actually buys an Android phone, they get it free with their plan.

I often wondered why the telcos don't pass on their cost by rolling it into the subscription charges.

Because if they did that, it would have to be a line item that they charged you for on the bill. And then, after the "contract period" expired, they wouldn't have grounds to continue charging you the same price, in spite of the fact that you "repaid" the subsidy a long, long time ago.

Comment Re:Was Intuit important in the past or something? (Score 3, Funny) 304

And, even they had some signficance sometime or somewhere, why should I care about how they manage lines of ancient code?

Because they roll up the money they make on re-selling the same code base year after year, insert the money in their nostrils, then finally, they separate out single lines of code and snort them.

That's why.

Comment Re:Welcome to the Information Age (Score 0) 241

There is one, it's called Slashdot. Use your moderator points properly and dumb posts aren't an issue.

I would, but then I can't post on the same story, even if it's in a different comment thread.

It sucks that the discussions I'd most like to spend my mod points on are also those in which I'm more likely to comment in, but that's just the way it is around here.

I wonder if there's a solution to the conflict of interests that presents though. Perhaps they could unlock moderation on a discussion if your comment itself gets moderated?

"Use em or lose em" they say. More often than not, I opt to lose them :P

Comment Re:The rootkit would just infect the kernel (Score 1) 393

The above example pertains to boot loaders, except that you have the first boot loader set the environment to "boot something" which happens to not be an operating system (actually boot loaders can not differentiate between an OS and a boot loader, because at that level, there are just programs).

Precisely! The thing I'm hung up on is that UEFI secure boot maintains a chain of trust via signed code all the way up from the system firmware level. Even if you manage to use a signed bootloader that allows the loading of unsigned code (or that doesn't verify signatures, same difference I suppose), as soon as you break the signature chain from the system firmware, the next step in the process would be a chainloaded Windows Boot Manager. Because it doesn't have a valid signature chain, it will refuse to run any further. (..right?)

You could, from there, load a compromised bootmgr.efi, but then its signature wouldn't be valid, and the Windows kernel will refuse to load, and so on.

Without the motherboard configured to only boot signed boot loaders, any number of intermediate boot loaders could be inserted which could then hijack the booting process

Naturally. But of course, Microsoft won't allow OEMs to ship systems that have secure boot disabled out of the box, so that's a bit of a moot point, no?

Comment Re:The rootkit would just infect the kernel (Score 1) 393

the bootloader can be configured to load a Linux kernel that chain-loads a compromised Windows kernel

That strikes me as an odd proposition.... The Windows kernel has a lot of requirements out of its bootloader. It's not compatible with any of the plethora of [awesome] boot specifications that many Linux kernels support, like multiboot for example. BOOTMGR (or NTLDR for older OSes, but that of course will never support UEFI or secure boot) does a very significant amount of Windows-specific voodoo to get the system into a condition where the kernel can run, like loading boot start drivers and so on. Unless you patch the entire chain (which may include the MBR program... not as familiar with UEFI boot processes as I am with BIOS booting) to remove the signature requirement, from BOOTMGR, OSLoader, Winload, the kernel, and probably WinResume as well, you couldn't even start to get unsigned drivers working. Without invoking test mode, of course :)

It's absolutely possible, of course, but the sheer amount of hackery that is required to make it work is just mind boggling... at least to me. Can you link anything that explains your concept?

Comment Re:Duh - Who else would have done it? (Score 1) 382

That's so easy, it's unfair: Stuxnet and Flame, of course.

I answer the same to that question.

I think it's a lot more reasonable to assume that Iran or any other country at war with the US would likely not be dropping nukes all over the place, even if they had them. Weaponized malware, on the other hand, has already proven to be VERY effective, and the most chilling aspect of those weapons is that they completed their missions without even being detected.

The thought of some clandestine scheme to wreak havoc with the precision that computer viruses can have but that nuclear weapons most certainly cannot is not only more plausible in my mind, but it's already been done. And no one is sitting back, looking at the horrible collateral damage they caused.

So as this type of warfare continues---and it most definitely will---and some day a SCADA system fails and it kills people, there won't be the "benefit" of a giant, impossible-to-miss mushroom cloud sitting on the horizon to tell us why it happened.

Scary because you can't see it. Much like ionizing radiation... but at least that is something relatively straightforward to detect, and doesn't reprogram your geiger counter to tell you everything is just fine while you suck up lethal doses of gamma rays.

Slashdot Top Deals

My idea of roughing it is when room service is late.