Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Besides the obvious informmercial (Score 1) 45

It's specifically said the router's firmware was encrypted so he couldn't read it, much less install sniffers or backdoors. About only thing it's reasonable to expect him to be able to do is disable some firewalls between internal and the public Internet. And even that is assuming their internal network was directly connected to "free, public WiFi" and city officials had password lists and locations of the nukes on unsecured shares on their desktops... which is, kinda large leap of faith. Especially since the article says they worked with him solving the problem, so they must've been all like "Oh you found an exploit to get into our secret unprotected network? Oh no, please don't use it or leave any backdoors, or we'll be in big trouble, we'll just let you secure them."

With regards to unencrypted communication over public WiFi, all he'd had to do was put a high-powered WiFi router with same SSID up. Certificates won't even be much help if the attacker is in charge of the network and can re-direct traffic via a proxy "faking" the site or just forcing TLS off. No hacking of routers required. Though if this was their public Internet gateway, likely all that'd give him would be a glimpse of the city servants Facebook chatter and pr0n searches.

Comment Re:Besides the obvious informmercial (Score 1) 45

The summary is pretty much just a cut & paste of the whole article from Vice, just as the summary of the summary says.
And yes the article skips the only interesting part, which is how he found and tested the exploit when the article says he acquired one of the company's routers only after the supposed hack.
It also leaves it entirely in air how accessing a "public"/"free" (as it's identified, and which allowed him to freely access the Internet) WiFi counts as a hack, and what was the actual threat there.
Open access to their internal network I assume, but that would have been assumption on his part as well if he never tried it -- despite the Vice headline proclaiming he took it over.

Comment Re: Autopilot will disengage (Score 1) 154

Agree, that's just false advertising. Where's our flying cars?! Something called Autopilot should cause your car to take flight. On the safety issue it seems to have a perfect record, however, since I've not yet heard of any Tesla collisions with airplanes. If only airplane autopilots worked half as well!

Comment SETI has observed nothing (Score 5, Informative) 282

Except possibly in the widest sense of "SETI has observed someone else observing"... A Russian radio-telescope site claims it has observed the alleged signal well over a year ago - which should give you an idea how important this observation is. The headline, copied straight from ARS Technica though, isn't just ordinarily imprecise, but anyone who's on social media is already aware of the original observation, and is now eagerly waiting for independent confirmation. Without that, it can be anything from an attempt grabbing funding to a Russian radio-frequency jammer test. Because of that, an idependent SETI observation would be very significant. Unfortunately, it's likely a rare event since they've not managed to spot it again in over a year.

Comment Re:Not even risk, loss virtually guaranteed with B (Score 4, Informative) 117

Or, if you were really concerned, you could just Google it:
"Broken SHA256: For a broken SHA256, meaningful
collisions or pre-images suggest that new transactions
should not be accepted. However, as we saw in Sec-
tion 4.3, unless a broken hash results in majority power,
an adversary cannot alter historical blocks or transactions.
The same can be said for hard-coding known public keys
with unspent outputs: even if the adversary gets a differ-
ent key that hashes to the same value, deriving the private
key should be infeasible if the signature scheme is still
strong. The plans for SHA256 thus seem to be more pru-
dent than necessary, but since they necessitate a hard fork,
rehashing the entire blockchain to add new checkpoints
or hardcoding public keys can only increase the security
of the transition period, but perhaps at a cost of efficiency."

A little plain-english translation would also be, that BitCoin and other cryptocurrencies (As well as, arguably, the security of every credit card in your pocket and bank transaction and online login and...) doesn't rely on the hash being "unbreakable", it just relies on it being non-trivial, and barring a general quntum computer, we know it to be non-trivial. In fact, the credit-card in your pocket is more vulnerable to single hash being broken, and the whole working principle of BitCoin (mining) is "cracking SHA-2".

The threat-model for BitCoin isn't that the hash will be broken, but that it will become significantly easier for one party; this is a special case of the general majority-hashing-power threat, where the "adversary" covertly through subterfuge or technology obtains majority hashing power. This in fact has happened before (Multiple times at least if you include Satoshi Nakamoto himself) and the world didn't come to an end.

This is not to say that I'm a BitCoin enthusiast, or even that I'm saying it's unbreakable, I'm just saying it's far more complicated and also analyzed, at least by other people than the BitCoin core developers, than a simple "OMGZORZS they gonna crack da hash!!!!111" :)

Comment Rose-tinted glasses (Score 1) 73

And how many of their research subjects had been diagnosed with hypochondria? Searching for symptoms and eventual disease isn't unlikely pattern, whereas someone actually suffering from it would be more likely to only ask a doctor. Didn't bother to read the article, of course, but hopefully they did also check whether they did search indicating diagnosis also before, and possibly for other diseases.

I also have to join those questioning the "false positive" rate there. People are perhaps even more liable to search for other people's conditions than their own, and while showing them a banner like "Your searches indicate X" would work just as well, in the context of the study that should count as a false positive. One question on this is exactly how they're counting or reporting false positives. Approximately 5 in 100.000 will get pancreating cancer *in their lifetime*, which comes to neighborhood 1 to 1.000.000 million per year. If their algorithm actually tagges 1 in 10.000 users as having pancreatic cancer then it is next to useless. If 1 in 10.000 tagged didn't turn out to have pancreatic cancer, then it's unbelievable.

And indeed, assuming they were searching for identifiable symptoms, wouldn't they have discovered their cancer earlier? Is this a case of too slow medical system, or just a case of people who already know they have pancreatic cancer sometimes making searches looking like recent diagnosis... the example of "Why did I get pancreatic cancer?" in the summary for example is pretty telling, as that would seem quite likely search for a late-stage patient.

Comment Re:Yes. (Score 5, Insightful) 143

It's proof, but the problem is the measure of "largest math proof ever" is dumb. I could let a computer (or preferably a cluster) generate proof that every natural number below 200 trillion is followed by another, and there are no gaps, and it would easily trump that as the "largest math proof ever". What's that you say, it's not the simplest proof? True, but my algorithm just didn't hit on the simplest proof yet... Or if you prefer, I can generate proof of the exact number of primes below 200 trillion, it would beat that record by far and as far as currently known, have no simpler proof. For that matter, the Great Internet Mersenne Prime Search is constantly generating proofs that, if written and dumped out sequentially, would beat the pants off this record. But I hope we're not (or shouldn't be) merely competing for "the largest waste of computing power ever" :)

Comment Re:Plastic is nothing but toxic garbage (Score 1, Troll) 96

Some perspective would always be welcome, even on Slashdot. Cooking is still by far more dangerous and effects far, far more people and as such is a public health hazard. I can only hope one day we will be living in an evidence-based society where cooking will be outlawed as a public menace. That said of course, there's absolutely nothing wrong with studying and reducing health hazards, and many printer manufacturers have long since responded with filtered air printing enclosures etc. But this particular one has been known for years, and postulated for far longer. One thing that has not yet happened but would be somewhat welcome is some sort of "chemical safety labeling" for printer filament; avoiding, of course, reducing choice or increasing the price, but as of currently there's no way at all to know what kind of chemicals each different filament batch contains. I see a lot of people jumping on demanding to know printer styles and brands, but I expect the filament source to have significantly more effect, and when the filament is used to print anything that comes to contact with skin or even food, this is many times more important.

Comment Re:Wuala used to have this (Score 2) 331

I'm trying hard not to be the token anti-cryptocurrency dude here, but yeah, the theme of the year seems to be "We've invented the wheel - now with Bitcoin!". The glut of different freshly minted cryptocurrencies from everybody who arrived upon the bright idea of starting out a new cryptocurrency, pre-mining it a bit and giving a fancy name has led to people differentiating with different tie-ins to try to get people adopt their coin adopted.

There isn't any instantly apparent reason Storj is tied down to cryptocurrency (which they themselves admit will be changing), although I'll admit it does give a snazzy way to pay for the storage service, but it's nothing new - at least Mojonation was originally based specifically around the idea of micropayments with a cryptocurrency. In fact it sounds exactly like MojoNation from 2000 with Bitcoin like Merkle trees for proof-of-storage thrown in.

While there is absolutely nothing wrong with improvement like that, one thing that catches the eye is that despite copious references, their whitepapers don't really reference any of the prior work on the area of distributed storage like that, and try to sell it as completely new proof-of-concept idea. Oh yeah, along with the "Now with Bitcoin, but all you have to do is buy our new cryptocurrency" :)

Comment Re:Wuala used to have this (Score 5, Informative) 331

Oh, yeah, they should've said that in the summary - the difference to Morpheus, Freenet, Mojonation, Chord etc. (in no particular order) is that with Storj (which, somehow, is supposed to be pronounced "Storage" according to their site) is that to participate at this stage, you'll have to buy (currently) 300 dollars worth of their freshly minted cryptocurrency. No thanks.

Additionally from their FAQ: "As described in the MetaDisk whitepaper, we will use Florincoin as an initial solution. Eventually, we will transition to a system with more direct and scalable access to the Bitcoin blockchain via proof-of-existence. As blockchain technology improves we can use systems like Factom to provide faster throughput, and Ethereum to create enforceable contracts on data storage." So... they're in large part relying on technology not even developed yet. I get the modern rush to put software out before anybody else (Or say, 20 years after...), but this does sound like a prime example of putting the cart before the horse.

Comment Re:Wuala used to have this (Score 1) 331

Ross Anderson and 1996 came calling. And the cypherpunk movement had reasonable implementations of such an Eternity Service for a decade or two already. This is, of course, not to say that the first implementations have ever been winners in technology sphere. However, rather than "Wowz, there's this rad completely new idea of renting out your storage space!", I'd like to hear what new features they actually bring to the table -- besides marketing.

Comment Re:Discoverer? (Score 0) 108

I tried to find a hard and fast rule on what the possessive pronoun "its" would refer to in that case, but alas, no luck... Glad I don't have to learn english! According to Wikipedia though, "In most cases, a pronoun follows its antecedent, and in many cases, the coreferential reading is impossible if the pronoun precedes its antecedent."
In the olden days there was a convention of referring to ships as "she", I would contend partly because of the unclarity of the antecedents, because on the open seas there were less "she"'s the pronoun could refer to. Unfortunately I don't believe NASA follows that convention, in fact it's been falling into disuse overall. In this instance it would have been good because then we could say she = New Horizons, he = Clyde Tombaugh and it = NASA and there could be no confusion over what he discovered... right?

Slashdot Top Deals

"In matters of principle, stand like a rock; in matters of taste, swim with the current." -- Thomas Jefferson