Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Google is being dumb (Score 1) 90

No. USB-PD is not a "firehose". That is not how electricity works. USB-PD specifies certain discrete voltage levels, but you can draw as much or as little current as you want. Devices are supposed to have a buck converter to adapt the voltage of the input to the voltage of the battery, and they can do so at a wide range of input voltages.

The only reason to raise the voltage at the USB connector is to reduce resistive losses in the cable by reducing the required current. Once the electricity arrives at the device it can be converted to whatever voltage is appropriate for the battery, and it can deliver exactly as much current as it should. There is absolutely no reason whatsoever why USB-PD would cause more damage to a battery than Qualcomm QC, in a correctly designed device.

Comment Re:I don't hate on systemd but this is really bad (Score 1) 508

#define _XOPEN_SOURCE 700
#include <signal.h>
#include <unistd.h>
int main() {
        sigset_t set; int status; if (getpid() != 1) return 1;
        sigfillset(&set); sigprocmask(SIG_BLOCK, &set, 0);
        if (fork()) for (;;) wait(&status);
        sigprocmask(SIG_UNBLOCK, &set, 0); setsid(); setpgid(0, 0);
        return execve("/etc/rc", (char *[]){ "rc", 0 }, (char *[]){ 0 });
}

Comment Re:It's not that bad. (Score 1) 111

It's not a year-long suspension. It's a permanent suspension of trust in their current roots. They can, however, re-apply after one year - with extra auditing over what is normally required - and if and when they pass that they may be let in again. If they do nothing, they don't get back in for free after a year.

Comment Re:Fabrice Bellard is awesome. (Score 4, Informative) 92

Too bad this isn't his.

Fabian Hemmer (http://copy.sh/, copy@copy.sh)

I have no idea where the submitter got Fabrice Bellard from. This is hosted on a completely different site and authored by a completely different person. Yes, more than one person is capable of implementing an x86 emulator in Javascript. Bellard wrote his and never released the (editable) source; this guy, OTOH, wrote a more compatible emulator of his own (runs more than Linux) and open sourced it.

This is also old news, I remember seeing it quite some time ago. The site has been up since 2014. Slow news day much?

Comment Re:The solution is horribly obvious (Score 1) 84

The problem is not "trusting" the proprietary crap, the problem is trusting it to improve security in any measurable way.

Android full disk encryption is just as secure as LUKS (in fact, under the hood it's dm-crypt just like LUKS, the key derivation is just different). This doesn't break the FDE. You still need the passphrase. What this does is break the "you need the hardware to access the FDE and we're going to impose additional non-provable restrictions such that you can keep using your 4-digit PIN and it'll be secure, promise" bunch of hot air that vendors like to sell you. Just like the FBI cracked that iPhone's FDE - by bruteforcing the passcode. This lets you bruteforce Android's FDE offline after a one-time attack on the hardware.

I use CyanogenMod on my phone. I have my FDE passphrase set to a long string, independent of my (shorter) unlock code. This attack doesn't affect me because my FDE passphrase is not bruteforceable in a reasonable amount of time. This only affects people who still think using a 4-digit PIN to secure FDE on their phone is a good idea because Apple and Qualcomm pinkie-promise that their secure tamperproof hardware can limit bruteforce attempts enough to make that a reality.

Comment Re:Blantant? (Score 5, Interesting) 181

A security researcher who goes around looking for ATM skimmers should know that the magstripe reader always goes along with a camera for the PIN pad, and that the electronics inside the card reader part aren't the whole story.

It's completely obvious once you look for it, once you know a skimmer was installed on the card slot, especially having another pristine ATM right next to it to compare. Nobody's going to blame someone for not noticing a skimmer in the first place, but once you know one was installed, yes, the PIN pad part is blatant.

Comment Re:Just as well (Score 1) 368

The ARM has nothing to do with game consoles. The PS4 and the Xbox One don't even use the ARM for their secure boot/DRM, they use something else (the PS4 uses the SAMU which is an LM32 derivative core inside the GPU portion, and I think the Xbox One uses more custom stuff). Read this libreboot page; the ARM is required to boot any modern AMD chip. Or this if you want a reference from AMD from last year. The PSP is very much alive and well and required to boot modern AMD chips.

Comment Re:Just as well (Score 5, Informative) 368

... and guess what, AMD CPUs have an extra ARM core in them, as well as multiple little cores of various architectures attached to the GPU. All running proprietary firmware.

Throwing random little CPUs at problems is nothing new. What makes you think the firmware in your PCIe WiFi card also can't access all main memory and be turned into a rootkit? What about the Embedded Controller on laptops, that runs even when it's off?

Yes, the state of firmware auditability of modern PCs is dismal. It's been like this for at least a decade. Yes, Intel does it one way, AMD does it another way, and just about every other peripheral on your board is also an attack surface. GPU? Dozens of little auxiliary cores (unrelated to the GPU unified shaders); Nvidia or AMD, doesn't matter. That USB 3.0 host controller? Probably runs firmware too. Ethernet? Yup, often has firmware these days. That LSI SAS controller? Full PowerPC core with enough oomph to run Linux itself. Your hard drive? 3 ARM cores, you can make them run Linux too. And all of those things can scribble all over your main memory unless you enable the IOMMU (except the HDD, that one can scribble all over your storage instead).

Sleep tight.

Slashdot Top Deals

After a number of decimal places, nobody gives a damn.

Working...