Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Not enough (Score 1) 55

You're 100% right. Anything but the death penalty for a CA after thorough independent investigation send the message that this behavior will be tolerated in some fashion. That should never ever be the case with a CA in particular, or the viability of web commerce and trusted information exchange would be at substantial risk.

We have enough security problems with clients, data breaches and end user stupidity to have to deal with this.

Comment Expensive & hard to coordinate (Score 1) 55

The certificate business is big money. It's possible some companies may be able to purchase certs from multiple vendors but it adds up very quickly, and coordinating activities like expiration dates have to be aligned among the vendors which is tricky with multiple large contracts. Only the biggest companies will be able to do this, leaving the rest to single and/or smaller CAs.

Yet does that really make an entity's presence on the public Internet inherently more trustworthy? If I was to get certs from Verisign, Thawte and Let's Encrypt, that's not saying much since Let's Encrypt does DV and not EV certs. If you have a breach of one CA but not the other, who do you trust and why? What does that result even mean? Best two out of three or three of five? It's not entirely out of the realm of possibility that smaller CAs could be simultaneously compromised, which is why the larger companies mostly go to that company based in Northern Virginia that has been rock solid if nothing else.

I think smaller lesser-known entities like these Chinese CAs will be perpetually more risky to obtain certs from. It's just what it is. As you go up the chain the certs get progressively more expensive but more trusted as well. As long as there is a commercial interest in selling certs, I don't think the current situation will change. It's just another warning just like Diginotar and others have demonstrated and Mozilla is IMO being overly lenient and perpetuating the problems currently supporting the "list of trusted CAs in the browser" model.

Comment Re:Fire the management that pulled VR support (Score 1) 633

I am really talking about the owners, who a board would normally represent. If they're too small to have a board, then it is the primary owners or investors. If the management bankrolled the company 100% themselves, then they can do what they wish. Nevertheless, it's still monumentally stupid to mix your business with politics rather than take a neutral stance and appeal to a broad audience unless you have concrete data that your revenue will be impacted less by not developing for VR than from the customers that you would lose if you did.

Comment Fire the management that pulled VR support (Score 3, Insightful) 633

What is astonishing to me is the level of rhetoric and the stretch of logic that has come into place since our Alien vs. Predator presidential race (i.e. whoever wins, we lose). Now we have a situation just like the Mozilla debacle with Brendan Eich except that it is much much flimsier an argument this time around.

But here's the thing, Insomniac and Polytron management: your job is to make money for the investors of your company, not to use them as some political tool because you disagree with the politics of one of the employees of Oculus. Period.

These decisions will only harm these companies financially because of diminished interest from people who own an Oculus. Unless the management has concrete data that their continued support of the Oculus will harm their sales due to the political connection (and I'll bet diamonds to dollars that they don't), then the boards of directors of all of these companies should direct the executive management of the companies that withdrew support for Oculus to reverse their decision or be terminated for breach of fiduciary duty.

Enough of this SJW bullshit, especially when investor money and returns are at stake and the backlash from these actions could be worse. E McNeill is totally correct - if you want to fight a Trump supporter, put your own money up rather than trying to suppress others as if you were some Soviet-era state enterprise licking the boots of the party you support.

Comment Will be a huge victory for hams if signed into law (Score 4, Informative) 195

There is an entire body of stealth antennas that have been developed for legally and space-constrained homes, such as flagpole antennas, magnetic loops, folded attic dipoles, and even tuned metal gutters! Yet these are all compromise antennas due to their limited height from the ground , proximity to metal objects and wiring, and size (for the 40m band on HF, you need at least a 10m/33ft vertical plus one or more counterpoises of that length on the ground). Some HOAs are even more draconian and allow nothing outside of a strict approved list of items per the HOA contract. This means that even a 1/4 wavelength vertical wire antenna that is barely visible to the eye is disallowed. Ironically, it's these same antennas that contribute to RFI issues for neighbors, increase RF exposure and worsen problems that would not be present with a properly deployed non-compromise antenna. HOA agreements have a disproportionate impact on hams who tend to be older and often use ham radio to communicate with their friends. Some of these are ex-military and civilian volunteers who are part of the Military Auxiliary Radio System or Civil Air Patrol, or participate in volunteer civil safety services such as Amateur Radio Emergency Service, Radio Amateur Civil Emergency Service and Skywarn that use HF frequencies as well.

The HOAs have been vociferously opposed to this act as an infringement of civil liberties and have written both to the FCC and to congress opposing this. Yet there are already FCC-mandated requirements for such things as satellite antennas on HOA-governed properties that supersede any restrictions that may be contained in HOA contracts on spectrum which is technically regulated by the FCC. The intent is not to replicated a nearly 200' tall antenna tower with stacked Yagis, but to provide reasonable accommodation. A 1/4 wavelength vertical wire antenna barely visible to the eye can literally communicate with the entire world, yet somehow the HOA board fanatics claim that even these should be restricted. Even one of the trapped multiband vertical antennas in a back yard can make a big difference in getting out and participating in radio, but they again want no part of it.

There is bias against what we don't know or don't want to know. Heck, people think that there is an environmental impact to these antennas. I'm hopeful this will get passed and withstand scrutiny in the inevitable court battle that will ensue over it. But in a country turning its back on science for sports, maybe even the discussion with the non-ham folks might actually activate a few brain cells.

Comment Apple is jumping the shark pretty hard now (Score 5, Insightful) 495

There is no excuse to eliminate an audio jack from a phone, much less a Macbook. Too many complications with wireless headphones and microphones, and peripherals to add the functionality back just add to clutter for a portable device.

This isn't edgy, or brave, or futuristic. It's simply the beginning of the end for a once-innovative company who is practically trying to alienate its customer base. I really wonder if the same idiots who were in charge of the Final Cut Pro 10 transition were the same ones involved in these decisions.

Comment What's the point? They're in the bag for Hillary (Score 1) 183

I seriously have never seen an astroturf campaign so far gone for a candidate as for Hillary. It actually doesn't matter what your political preferences are, just that they shove as much pro-Hillary shit into your feed. They honestly believe they can influence people's preferences by bashing or censoring all of the other candidates, and I do actually mean Gary Johnson and Jill Stein here more than the obvious bashing of Trump since Johnson and Stein are a million times more honest than the two front-runners.

People need to realize that Facebook (or Twitter, or any other social or non-social media) is not a news source any more, but a reflection of the political will of those who own it. My greatest concern is that so many people are too ignorant to realize it because of the funny pictures and friends' photos in their feed.

Comment Re:Ionospheric Skywave Propagation at HF freqs (Score 4, Informative) 159

It depends on what point in the solar cycle, but the higher HF bands from ~14-15MHz up through 30MHz are far better during the day for skip due to D-layer and E-layer ionization and also more readily absorbs lower frequencies. At night, ~10MHz and lower works because there is still ionization in the F-layer which is more amenable to those frequencies, and why AM has to typically reduce power. Bear in mind that AM is technically an MF band (0.3-3MHz), which doesn't quite follow the same skywave propagation rules so strictly for a number of reasons such as auroral zone, ducting, and electron gyrofrequency that don't affect HF quite as severely.

You can still get near-vertical incidence skywave propagation during the day on the lower HF bands, but these are only good for a few hundred miles and can be subject to a higher than normal noise floor in the summer due to phenomena such as regional lightning.

Comment Ionospheric Skywave Propagation at HF freqs (Score 2) 159

The whole purpose of this is to facilitate non-satellite transmission of signals using ionospheric skywave propagation. This is the most common over-the-horizon communication method for HF frequencies (3-30MHz) and below. The military uses HF for tactical communications using radios like the Harris Falcon series manpacks. HF is also used for the Military Auxiliary Radio Service as well as Civil Air Patrol. None of these uses have dependence on satellites which are, in any event, potentially prone to attack, jamming and failure by natural phenomena, and where end user equipment is expensive and potentially tricky to deploy.

In order for HF communications to work effectively and consistently, the sun needs to ionize the atmosphere. It normally goes in the same eleven year cycles, but this year has seen very bad conditions with insufficient consistency to rely on HF. The shortwave and amateur radio community has similarly been affected adversely by this phenomenon. Ionizing the atmosphere through this proposal is one way to make this happen without relying on satellites.

Comment Summary is a bit misleading and lacks context (Score 5, Informative) 81

Intel needs to be viewed as several businesses, one of which is their discrete CPU business, another being their flash memory, yet another being the McAfee software acquisition, and yet another something called the foundry business.

Foundry refers to having a business where you are simply the manufacturer of chips for other companies for their specific purpose without selling into the end market. These other companies contract to Intel to be able to build anything from a network chip to a graphics chip to a microcontroller or virtually anything else (besides memory), either as a standard product off-the-shelf, or as an application-specific integrated circuit. In order for Intel to make that happen, they need to provide the know-how to these manufacturers of chips either directly or through providers of chip intellectual property. This includes logic libraries (standard cells, hence my name), memory cells and compilers for SRAMs, analog I/O cells, mixed-signal like ADCs and DACs, PLLs, non-volatile storage, design rule decks for the process rules, and a few other things that constitute the building blocks of any chip.

Other foundries such as TSMC, Global Foundries, etc. have the same model, though Intel's foundry manufactures more of their own CPU (and other) products than for other folks. Intel decided to farm out some of that capacity to third parties and make additional money on any spare capacity they might have, particularly with their leadership in logic processes over other rivals in the discrete CPU business. One of the key aforementioned building blocks is the IP offered by ARM for CPUs, GPUs and bus interconnect. This ARM IP needs to be validated to work in their silicon process, and this is the essence of the deal - Intel's foundry customers would not do business with Intel without basic blocks like the CPU since ARM is essentially the most important embedded CPU architecture in chip design currently.

The way the summary comes out makes it sound like Intel is manufacturing chips for its competitor, but it isn't necessarily so since the Intel microarchitecture is very highly vertically integrated as a business with their discrete CPU division whereas ARM itself is just a provider of IP with their microarchitecture. Yes, in theory Intel foundry customers could be making chips to compete in some segments of the Intel discrete CPU business, but that business is still largely dominated in the server and desktop markets by Intel and its associated software ecosystem. In the same way, ARM dominates the handheld device markets where Intel has had very little comparative presence.

I can guarantee that Mr. Krzanich and the Intel board would never allow their foundry business to cannibalize their current core discrete CPU business for a "competitor" if they felt it was detrimental to their overall financial and operating picture. This ARM deal is a piece of a larger plan of maximizing their ROI on their very very expensive chip fabs in a market where they have typically had a lead in logic process technology at least one node ahead of their competitors historically. That advantage can be very important in mobile due to the cost and power savings vertical transistor process nodes now offer along with superior manufacturing capabilities as the scale of their other businesses has long demonstrated.

Comment Air gap or hardware interlock critical systems FFS (Score 4, Insightful) 85

The recently publicized vulnerabilities in connected vehicles are examples of vehicle designers not understanding security threat models correctly (which also applies to IoT in general). In the rush for convenience and connectivity it is mind boggling that they wouldn't make more effort if for no other reason than to avoid the negative publicity.

The easiest thing to do in these critical vehicle systems systems is to outright air gap them. There is no reason that there should be any network connection to the autopilot or auto-parking or braking system of a vehicle unless the threat model and the subsequent design of security was sufficiently thorough. Until that happens, it should literally be a discrete action by the driver through a physical interface inside the vehicle and at most have a one-way reporting interface that can be picked up by a network interface.

The other thing that can be done is to hardware-interlock the network connection. For example, the steering motor controllers for automatic parking should have a logic AND control to the speed of the vehicle so that anything above a certain speed disables the motor control at a hardware level. At that point, one would have to physically tamper with the vehicle to overcome this safeguard, but if you could do that there's a lot more mayhem you could create anyway.

Comment 20 fucking years of this in Edmonton (Score 2) 43

The police in Edmonton have been doing this to the press since the 90s when they wiretapped newspaper and TV reporters working on a story of police corruption with ties to organized crime. But that was just the old fashioned wire taps, and there have been many corruption scandals since. There is no press freedom in Edmonton and all communication should be considered compromised by the police there unless there is a cryptographically secure way with a Certificate Authority not controlled within Canadian or US borders.

Comment Decorrelate bandwidth consumption and defeat this (Score 1) 212

The countermeasures used in cryptography to fight differential power analysis can be used here if necessary.

In DPA, the dynamic power consumption is measured on a hardware device such as a smart card that performs crypto operations so that, when the challenge-response is begun, the card's regular crypto operations for asymmetric and symmetric encryption can be captured and analyzed using statistical correlation over many challenges and other means so that the correct keys for the device can be determined. The primary countermeasure is to introduce false operations in parallel with the actual operation at different times and with different power consumption patterns such that the correlation takes far too long for the number of challenge-response cycles.

Similarly, a countermeasure to this and for all VPN traffic is to accomplish the same thing by having an application that actively monitors the bandwidth across the physical interface used by the iPlayer and ensures that additional sources of bandwidth consumption via internal or external servers/clients are programmed. Even if the WiFi packets are monitored, the packet analysis could be much more difficult to conduct. In addition, one could randomly force routes across multiple physical interfaces at random to hop across multiple inexpensive routers that are bridged, further frustrating such efforts. In combination with a VPN, could defeat this outrageous and intrusive de facto taxation enforcement scheme.

Slashdot Top Deals

The test of intelligent tinkering is to save all the parts. -- Aldo Leopold