Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Re:First cool site was 'the liquid oxygen barbecue (Score 1) 136

Besides the LOX demo and his invention of Refrigerant R-406A "AutoFrost", George was an Alpha Hardware Hacker at Purdue who presented at Usenix conferences. He got a grant to work on multiprocessing, and so he took two VAX 780's, and connected them by the backplane, creating a multiprocessor VAX. Digital Equipment liked it so much that they made a product of it, called the VAX/782. The CPU clock was 5 MHz and there were a lot of DIP-package digital logic ICs in there, with lots of space between them on the PCBs.

Comment Classic Steve Jobs and the Nascent Web (Score 5, Interesting) 136

Steve Jobs and some folks from Pixar were going out to lunch one day. While walking out of the building, Steve said "we have to find the killer app for the Internet". Steve and I both had NeXT workstations on our desks, and they had the first Mosaic web browser for NeXTStep on them. I'm not sure I even tried that browser, but we both completely missed that this was the killer app for the Internet.

Comment Synopsis (Score 5, Informative) 102

I'm not a fan of that article summary.

New summary:
It is the same as CRIME, but we're using your browser's performance timing JS API as the man-in-the-middle.

A review:
Stick sensitive info into compressed stuff, and you make that sensitive info less private. If the encryption is zlib-like, then the attacker can guess the information quite quickly-- a good compressor compresses substrings, not just the whole thing.
That means that if you have a SSN in there, the attacker can guess some substrings of your SSN, and the response won't be much bigger.
Guesses that don't share substrings with your SSN will be larger-- the attacker can reject those as bad guesses and not try those substrings again.

With HTTP2's HPACK compressor (only used for info in the headers), this side-channel is eliminated-- only an exact guess of the data will allow this to happen.This is completely unrelated, however, to someone using entity-body compression with HTTP2. If you mix sensitive data with everything else in the compressed-entity body... side channel attacks galore!

A mitigation: Don't put the sensitive data in the same resource as the non-sensitive data, and then don't compress the sensitive data.
HTTP2 makes this cheaper. If sites do this, then these attacks simply do not work any better than the brute-force guessing would.
Ensuring that this happens (no sensitive data compressed) isn't necessarily the most easy thing...

Another obvious one is disable the timing API for 3rd party stuff. This is not as effective theoretically, but it is way easier to deploy and makes these kinds of attacks require an external 3rd party.

Comment Re:This is NOT a matter of trademark violation (Score 2) 247

Not necessarily. Take a look at the relevant portion of the Lantham Act. It would have to fit one of the provisions therein. It might make a false suggestion of affiliation, but it's arguable.

15 U.S.C. 1125 - False designations of origin, false descriptions, and dilution forbidden

(a) Civil action

(1) Any person who, on or in connection with any goods or services, or any container for goods, uses in commerce any word, term, name, symbol, or device, or any combination thereof, or any false designation of origin, false or misleading description of fact, or false or misleading representation of fact, which

(A) is likely to cause confusion, or to cause mistake, or to deceive as to the affiliation, connection, or association of such person with another person, or as to the origin, sponsorship, or approval of his or her goods, services, or commercial activities by another person, or

(B) in commercial advertising or promotion, misrepresents the nature, characteristics, qualities, or geographic origin of his or her or another person's goods, services, or commercial activities,

shall be liable in a civil action by any person who believes that he or she is or is likely to be damaged by such act.

Comment This is NOT a matter of trademark violation (Score 1) 247

You violate a trademark if you mis-represent a good or service as that of the trademark holder. And it has to be in the same trademark category that they registered. Having a trademark does not grant ownership of a word, and does not prevent anyone else from using that word. Use of a trademark in reporting and normal discussion is not a violation.

Comment Re: drone ship landings require a lot less fuel? (Score 1) 103

I have the front panel of the VAX 11/780 used to render that scene hanging on my wall, but I got to Pixar after that project. This year and last I've contributed some designs that will fly on a FEMA satellite, and a long time ago did a little work to support the Biosciences mission on the shuttle.

Comment Off-shore Off-shore Off-shore (Score 1) 248

Those who claim the US benefits by draining the best and the brightest from around the world are doing two things wrong:

1) They bad liars. Everyone knows they just want cheap labor. Just cut the noise already and accept the fact that they may have to send some mangers overseas.
2) Even if they happen to get someone particularly gifted to leave their native land and work cheap in the US, they're ignoring the negative impact this has on those -- usually developing -- economies which need their best and brightest in order to grow their economies to become importers of US goods and services.

Comment Re: drone ship landings require a lot less fuel? (Score 1) 103

I don't need to stand by the rotation theory. However, the 2.5 degrees that the Earth rotates are about equivalent to the downrange distance.

The first stage is going about 1/5 of the target LEO orbital velocity at separation. While you might well model the trajectory as a parabola over flat ground, given the lack of fuel I would expect that SpaceX puts a lot more care into their trajectory. So far I've failed to attract the attention of the person responsible for Flight Club, the most trusted modeling of SpaceX flights, but I'll message him directly.

Comment Re: drone ship landings require a lot less fuel? (Score 1) 103

Well, Alastair, you should probably not get snotty and ad-hominem, unless you want me to comment on how a one-time sci-fi author and the Unix guy at Dish doesn't really have more authority than the random person one might find in the SpaceX group on Reddit.

It happens there are a few people over there who are rocketry professionals, have the math, and have followed SpaceX long enough. So, sure, their opinion can indeed be trusted.

So far, we have a suggestion from one of the lesser folks there that raising the apogee takes advantage of the Earth's rotation. We'll see if we get the attention of the right people.

Comment Re: drone ship landings require a lot less fuel? (Score 1) 103

It seems to be a common misconception that orbital mechanics somehow knows when you are in orbit and does not work otherwise. But that is as silly as saying that relativity only works near light speed. These things always work regardless of speed, it's just that their effects are macroscopic at greater speeds.

Comment Re: drone ship landings require a lot less fuel? (Score 1) 103

Here's an illustration of the boost-back to RTLS trajectory. You can see that it very definitely goes up. And to prove from observation, you can actually see where the two trajectories separate in photos from yesterday's launch. It's a rather dim curl up, and another continuing East, in Jason Ruck's photo and John Kraus's photo.

At the speed of stage separation, they rocket isn't going fast enough to stay in orbit, but it is definitely in the regime where orbital mechanics has a macroscopic effect. If you think about it, this is going to be the case at some reasonable fraction of orbital velocity.

Slashdot Top Deals

Genetics explains why you look like your father, and if you don't, why you should.

Working...