Become a fan of Slashdot on Facebook


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:This is why we need rust (Score 1) 95

Theoretically you could relocate memory periodically in a system like Rust (or Java). This could be done so that the high level doesn't realize it has happened. It might have a fairly heavy performance cost, depending on how frequently the relocations are done and how you detect when you should do them. (scoreboard vs static analysis)

I could write a very simple language/environment where rowhammer is essentially impossible. But it would be very slow. Obvious example is that every address is looked up on a hash table to find the physical address. The application cannot see this hidden hash table, it would allow a byte granularity to relocation instead of a page granularity. It would was a tremendous amount of memory and be very slow. (basically memory layout randomization)

JavaScript itself doesn't necessarily need to be replaced. Replacing it with a similar implementation of Rust doesn't make rowhammer go away. Working around the issue is possible in JS, Rust, Java, Haskell, and a few others. Not practical to work-around in C, but theoretically possible.

If you use SRAM instead of DRAM, there is no performance penalty for layout randomization. Of course, SRAM doesn't have the issue with rowhammer either.

Comment Re:2nd amendment (Score 1) 112

Responding to trespassing tends to grant a fair bit of leeway on property damage and personal injury.

It's still not clear that the FAA is even allowed to consider a drone to be an aircraft, and therefor under their regulatory purview, as this contradicts other parts of the same regulation. AMA is playing it safe and telling all us hobby pilots to register our UAS, but the legality of what has happened is still contested. (perhaps mainly by armchair layers). I think without settling the matter in court and establishing a ruling, we won't really know for certain. If you haven't guessed, I'm in the camp that does not consider hobby RC UAS to be aircraft. (which is true)

Also, I have to point out that flying FPV is still legal. But as most people interpret the regulations it's limited to hobbyists, things get complicated if FPV were to become a competitive televised sport and people start having sponsors. (likely violates FAA at that point)

Comment Re:CSS (Score 1) 314

Who rarely seems to provide it. I very briefly remember websites that offered "Screen", "Print", and a few other options for high-visibility. It was probably too unwieldy of a system so it seems that there is only desktop versus mobile profiles.

If javascript was less of a requirement or at least worked better in lynx & links, I'd probably go back to one of those old fashion text browsers. 90% of my web usage is reading text anyways. (my usage is probably not universal among all web users)

Comment Re:Linux is cheapest (Score 1) 516

Yup, basically we pay 6-figure software and hardware engineers to do sysadmin work instead of 5-figure IT workers. And the engineers usually take twice as long as a competent IT person.

Someone ought to do a cost-benefit analysis, but the way budgeting and accounting is they won't care how much it costs as long as we can drive the IT budget to zero.

Comment Re:If the point was ... (Score 4, Insightful) 332

There's no proof that it has anything to do with Wikileaks, but in a world of IoT devices with no thought toward security, anyone who cares to do so can mount DDOS with the power of a national entity.

What's the point of doing what Assange and Wikileaks have been doing without any moral position? He isn't helping his own case.

Comment Re:Legal? (Score 2) 279

No, of course it is not legal to set a trap to intentionally hurt someone, even if you expect that the trap could only be activated by the person committing property theft or vandalism. Otherwise, you'd see shotguns built into burglar alarms.

Fire alarm stations sometimes shoot a blue dye which is difficult to remove or one which only shows under UV. Never stand in front of one when pulling the lever! But they are not supposed to hurt you.

And of course these booby traps generally are not as reliable as the so-called "inventor" thinks and tend to hurt the innocent.

Comment Random prefix workaround (Score 4, Interesting) 56

There may very well be something I'm missing here, but I have a suggestion for how to deal with the random prefix attack.

Keep a running count of the number of requests for non-existent subdomains. Once they exceed a certain number in a short period of time, cease to respond to requests for subdomains that aren't already cached as valid.

Example:,, and are cached. A flood of requests for (random chars) starts up. Once this exceeds 100 requests in a minute, all requests for subdomains are ignored except for,, and

This would still cut off access to infrequently-accessed subdomains, but subdomains with enough traffic to be in the cache would remain reachable.

Comment Linux is cheapest (Score 1) 516

My IT department won't support developer's Linux desktops, and we usually end up having to recycle old Windows hardware to skirt around the policies for developers to have two machines.

This amounts to a Linux machine costing the company zero in tech support, almost zero in hardware costs. About the only cost is the electricity.

PS - yeah, I know it's not fair to use my company's braindead policies to win this argument. But sometimes you have to turn your weakness into a strength.

Comment Re:Because Windows Sucks (Score 5, Insightful) 267

The only reason Linux is perceived as more secure than other operating systems is because most hackers don't care enough to spend time working to crack it, so there are less attempts.

Linux is a major server OS (arguably the largest), very big in embedded systems, and completely dominant on smartphones. Hackers are spending very significant time working to find exploits.

Slashdot Top Deals

What the world *really* needs is a good Automatic Bicycle Sharpener.