Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror

Comment Re: XAML and TSWIPM (Score 1) 63

What if the engineers who implemented the flawed design said "take this job and shove it", knowing they had a strong inflation-proofed basic income to fall back on and program better things they actually wanted to use?

Or, what if the engineers who implemented the flawed design all contacted recruiters, got similar-or-better-paying jobs elsewhere, then say "take this job and shove it."*

* I assume being a Windows programmer at Microsoft still has enough cachet that you won't have any problems finding work elsewhere as long as you do it before you resign.

Submission + - Putin's most feared missile downed with a song (telegraph.co.uk)

Submitted by fahrbot-bot
fahrbot-bot writes: The Telegraph is reporting that Ukraine forces are jamming signals for Russia's ‘invincible’ Kinzhal hyper-sonic missile with a song satirizing Russian propaganda.

Night Watch, the group operating the technology, claims to have brought down 19 Kinzhal missiles – described by Putin as “invincible” – in the past two weeks.

The team told technology website 404 Media that it is using a song and a redirection order to knock the “next-generation” missiles, which carry a 480kg payload and cost around £7.7m each, out of the sky.

Kinzhals and other guided munitions rely on the GLONASS system – Russia’s GPS-style navigation network using satellites – to find their targets. Night Watch developed its own “Lima” jamming system that replaces the missiles’ satellite navigation signals with the Ukrainian song “Our Father is Bandera”.

When the song begins, the Lima system feeds the incoming missiles a false navigation signal, tricking them into believing that they are flying over Lima, in Peru, so that they attempt to change their trajectory. Traveling at a speed of more than 4,000 miles per hour, however, the missiles become destabilized by the abrupt and unexpected change of course.

Night Watch said they developed the system after discovering that the Kinzhals used a controlled reception pattern antenna (CRPA), an antiquated type of technology for resisting, jamming and spoofing. The team told 404: “They had the same type of receivers as old Soviet missiles used to have.

“The airframe cannot withstand the excessive stress and the missile naturally fails. When the Kinzhal tried to quickly change navigation, the fuselage of this missile was unable to handle the speed and, yeah, it was just cut into two parts. The biggest advantage of those missiles, speed, was used against them.”

Submission + - Most Revoked SSL Certificates Still Work (certkit.io)

Submitted by todd3091
todd3091 writes: An analysis of SSL certificate revocation reveals that the entire PKI revocation infrastructure is fundamentally broken, with browser vendors and CAs maintaining the system purely for compliance while knowing it doesn't work.

Testing shows that revoked.badssl.com, a certificate explicitly revoked for key compromise, loads successfully in Safari and Firefox while being blocked in Chrome. This happens because each browser implements its own proprietary revocation checking system with wildly different coverage. Chrome's CRLSet includes approximately 24,000 certificates out of over 2 million revoked certificates in the wild, effectively ignoring 98% of revocations.

The technical failures have been documented for years. CRLs grew to hundreds of megabytes, making them impossible to distribute efficiently. OCSP, designed to replace CRLs, suffers from median response times of 300ms and frequent timeouts, with Mozilla reporting nearly half their system failures stemming from OCSP issues. When OCSP fails, browsers default to "soft-fail" mode, allowing connections anyway. As Google's Adam Langley noted in 2012, "Soft-fail revocation checks are like a seat-belt that snaps when you crash."

OCSP stapling, meant to solve these problems, has less than 5% adoption. Even when implemented, stapled responses frequently expire without being refreshed, triggering soft-fail fallbacks.

The CA/Browser Forum's response has been to openly acknowledge defeat. In discussions about certificate lifetimes, members stated: "Given that revocation is fundamentally broken and we have no realistic path to fixing it, shorter certificate lifetimes are our only option." This led to the progressive reduction from 5+ year certificates in 2011 to the proposed 47-day certificates by 2029.

Every major browser has essentially rebuilt CRLs in proprietary, incompatible ways. Chrome uses CRLSets updated through Chrome's update mechanism. Firefox employs CRLite with Bloom filters. Apple aggregates CRLs at the OS level with an undocumented implementation. The result: whether a revoked certificate actually stops working depends entirely on which browser you use and when it last updated its proprietary list.

Full analysis: https://www.certkit.io/blog/ce...

Comment Re: Until ... (Score 1) 292

>What if a life in isolation sounds heavenly, how do I get it?

You can approximate this lifestyle by just staying a home all the time and having groceries and other necessities delivered to your doorstep. You'll probably still have to expose yourself to other people in person from time to time, but we are talking a few times a year, not a few times a day.

Comment Re: Until ... (Score 1) 292

When I said "Until ... .. the person that doesn't get vaccinated infects someone you love who can't get vaccinated for medical reasons" in my reply to zawarski, I meant if some anti-vaxxer in zawarski's locale infected and as a result killed one of zawarski's loved ones who wasn't vaccinated for medical reasons.

Other readers who share zawarski's beliefs are invited to put themselves in zawarski's place, especially if they have a loved one who cannot be vaccinated for medical reasons.

Your point about the anti-vaxxer possibly accepting the death of their own loved one may be true for some anti-vaxxers, but it's not relevant to what I was trying to say.

Comment Re:AI in toys isn't always risky (Score 1) 32

by davidwr (#65810445) Attached to: Advocacy Groups Urge Parents To Avoid AI Toys This Holiday Season

>by it's nature must record and send everything back to some faceless intermediate

Someday soon it will be possible to do all of the AI work on-device. The only thing stopping it now are the weight and cooling constraints imposed by the teddy-bear form-factor. If you want a low-power AI and don't mind frequently recharging the batteries, you can do it today in a teddy-bear-shaped, teddy-bear-mass cuddly form factor. You will need to handle cooling though.

Comment AI in toys isn't always risky (Score 3) 32

by davidwr (#65808921) Attached to: Advocacy Groups Urge Parents To Avoid AI Toys This Holiday Season

Connected toys that spy on you, on the other hand....

By the way, the companies that make and sell these toys are putting their stockholders at risk of a future privacy lawsuit. This is one of those times where corporate in-house lawyers should put the brakes on a product until the law is more settled. As it stands now, "will we get sued in 2030 and lose a fortune for what we are selling in 2025" is an open question.

Comment Assume 5,000 man-hours of downtime (Score 1) 54

by davidwr (#65808917) Attached to: Fired Techie Admits Sabotaging Ex-Employer, Causing $862K In Damage

Let's assume 2500 employees lost 2 hours of productivity each. Let's assume the productivity value for each employee is at least $40/hour. That's $200,000. That's far below $862K. But if the downtime were higher and the lost productivity were higher, it at least puts $862K within the realm of a credible number.

Don't forget, cleaning up a mess like this isn't as simple as resetting passwords back and having employees log in and change their passwords. There's also things like making sure none of the accounts were mis-used or rolling everything back to a known-good state in case they were.

Comment Until ... (Score 5, Insightful) 292

.. the person that doesn't get vaccinated infects someone you love who can't get vaccinated for medical reasons.

Those who can't get vaccinated for medical reasons are depending on the rest of us to create "herd immunity" to protect them, because short of living a life in isolation, that's the only protection they have.

Comment AI = 6 fingers and 3 legs = untrustworthy (Score 1) 204

by davidwr (#65807043) Attached to: Microsoft Exec Asks: Why Aren't More People Impressed With AI?

The "AI photos" with too many body parts a few years back gave "AI" a bad name.

From the hallucinations and confident-but-wrong output of 2025's text-AI-chatbots, this bad reputation is still deserved.

For most people, It will take a few years of trust-able output from AI before people accept it as mature enough to use without sanity-checking its output.*

* When the day comes that people mostly "blindly trust" AI output we may all be in trouble. That day is probably within the next 5-10 years, maybe sooner.

Comment Re:What is the number of processes... (Score 1) 81

by davidwr (#65805663) Attached to: Ultra-Processed Food is Global Health Threat, Researchers Warn

Sorry, I took a shortcut with the definition.

The longer version is something most people can make at home with things most people already have in their kitchen.

This assumes sugar, butter, milk, fresh fruit, fresh vegetables, dried pasta, spices, cut or ground meat, etc. aren't processed enough to "count" as ultra-processed foods.

Slashdot Top Deals

Our country has plenty of good five-cent cigars, but the trouble is they charge fifteen cents for them.

Close