Yogger - Slashdot User

Comment Re:That settles it. (Score 1) 128

by thanq on Thursday March 24, 2022 @03:04AM (#62385319) Attached to: Stephen Wilhite, Creator of the GIF, Has Died

Given GIF is short for "Graphics Interchange Format", not "Giraffic Interchange Format" - the hard "G" makes more sense.

Absolutely agree with this. Further examples from daily words we use that make it a common sense that it's a GIF and not JIFF.

Words where we use "G" to get "Gyh" sound
Gig (paid event/project) not Jig (e.g. woodworking template)
Gilbert not Jilbert
Gifford not Jifford
Gimp not Jimp
Gigabyte not Jigabyte
Gift not Jift

Words were we write "J" to get the "Jii" sound and not "G"
Jizz not Gizz
Jim not Gim

Disgruntled Security Researcher Publishes Major VirtualBox 0-Day Exploit (zdnet.com) 130

Posted by EditorDavid on Saturday November 10, 2018 @04:34PM from the bug-bounty-declined dept.

"A Russian security researcher has published details about a zero-day vulnerability affecting VirtualBox, an Oracle software application for running virtual machines," reports ZDNet. According to a text file uploaded on GitHub, Saint Petersburg-based researcher Sergey Zelenyuk has found a chain of bugs that can allow malicious code to escape the VirtualBox virtual machine (the guest OS) and execute on the underlying (host) operating system. Once out of the VirtualBox VM, the malicious code runs in the OS' limited userspace (kernel ring 3), but Zelenyuk said that attackers can use many of the already known privilege escalation bugs to gain kernel-level access (ring 0). "The exploit is 100% reliable," Zelenyuk said. "It means it either works always or never because of mismatched binaries or other, more subtle reasons I didn't account."

The Russian researcher says the zero-day affects all current VirtualBox releases, works regardless of the host or guest operating system the user is running, and is reliable against the default configuration of newly created VMs. Besides a detailed write-up of the entire exploit chain, Zelenyuk has also published video proof, showing the zero-day in action against an Ubuntu VM running inside VirtualBox on an Ubuntu host OS.
Long-time Slashdot reader Artem Tashkinov warns that the exploit utilizes "bugs in the data link layer of the default E1000 network interface adapter which makes this vulnerability critical for everyone who uses virtualization to run untrusted code." According to ZDNet, the same security researcher "found and reported a similar issue in mid-2017, which Oracle took over 15 months to fix."

"This lengthy and drawn-out patching process appears to have angered Zelenyuk, who instead of reporting this bug to Oracle, has decided to publish details online without notifying the vendor."

Director of National Intelligence Warns of IoT Security Threats (engadget.com) 36

Posted by msmash on Thursday May 11, 2017 @04:40PM from the shape-of-things-to-come dept.

According to Director of National Intelligence Daniel Coats, IoT devices may be used to shut down US intelligence operations in the future. From a report: At an open hearing today, the Senate Select Committee on Intelligence (SSCI) heard testimony on the worldwide threat assessment of the US intelligence community. Coats' opening statements included a warning of the dangers of poor smart device security as well as the continued inevitability of Russian cyber threats. Coat's testimony lists these concerns first, with Russia topping the list of enemy actors. Coats says that the Kremlin has taken a much more aggressive "cyber posture," which "was evident in Russia's efforts to influence the 2016 US election." Coats' report (PDF) also says that Russian actors have conducted attacks on critical infrastructure networks, even going so far as to pretend to be third parties hiding behind false online personas. "Russia is a full-scope cyber actor that will remain a major threat to US Government, military, diplomatic, commercial, and critical infrastructure," says Coats in the written version of his statement. The document notes that China, Iran and North Korea, as well as terrorists and criminals, are also threats. Coats also spoke at length about "smart" devices, which have increased the number of vectors that hostile actors can attack. The denial-of-service (DDoS) attacks that we already see will only become more prevalent. These botnets use weakly-protected IoT devices to overwhelm websites and other networks. "In the future," Coats says in his report, "state and non-state actors will likely use IoT devices to support intelligence operations or domestic security or to access or attack targeted computer networks."

Meet URL, the USB Porn-Sniffing Dog (cnn.com) 299

Posted by BeauHD on Tuesday September 06, 2016 @09:00AM from the Scooby-Snacks dept.

HughPickens.com writes: CNN reports that URL, the porn-sniffing dog, is the newest crime-fighting tool at the Weber County Sheriff's office with a nose that could help put away some of the country's most predatory and dangerous criminals. URL (pronounced Earl) sniffs out electronic storage media. Still just a pup, the 18-month-old K-9 is one of fewer than two dozen such dogs in the United States that hunt the unique chemical compounds emitted from flash drives, memory cards, cell phones, iPads and other similar devices. While dogs like URL can't tell detectives if a device has electronic evidence on it, they are able to find devices that humans might otherwise miss. Detective Cameron Hartman points to the high-profile case of former Subway spokesman Jared Fogle, who was convicted on child pornography and other charges last year. A K-9 named Bear, who was trained by the same man who trained URL, led investigators to hidden thumb drives inside Fogle's home. The U.S. Attorney's office for Southern Indiana confirmed those devices contained evidence against Fogle. URL has found evidence relating to pornography during the execution of search warrants for the task force in several investigations of child sex crimes and child trafficking. "He actually found a USB that was in this jar that was closed, and the jar was in a box, and the box had stuff in it. The jar itself had stuff in it."

Comment Re:What are... (Score 1) 273

by thanq on Friday June 19, 2015 @06:20PM (#49949171) Attached to: US Airlines Say Smaller Carry-Ons Are Not In the Cards

Hiking, camping, moving, home construction, gardening. I've always used liters = kg in those to asses how much it will weight, how many trips I need to make, how many people and what types of vehicles or containers I need.

Comment Re:The Navy sucks at negotiating (Score 1) 118

by thanq on Friday December 26, 2014 @12:14AM (#48674153) Attached to: US Navy Sells 'Top Gun' Aircraft Carrier For One Penny

What's interesting to me that most of the 6000 ships were small vessels: patrol boats, amphibious, mine warfare, etc.

http://www.history.navy.mil/br...

In 1939 the total active warships list is 394, so not too far in terms of total numbers to what we have in 2006 (285 is shown for 2011).

Eric Schmidt On Why College Is Still Worth It 281

Posted by samzenpus on Sunday March 16, 2014 @04:46PM from the getting-your-degree dept.

An anonymous reader writes "The wisdom of getting a college degree and saddling yourself with a huge amount of debt has been called into question recently, but not by Eric Schmidt. The Google Chairman says it's still worth it, noting that: 'The economic return to higher education over a lifetime produces significant compound greater earnings.' From the article: 'When asked about the difficulty in paying for college, Schmidt was adamant: "I appreciate it's expensive and we need to fix that," he said, but "figure out a way to do it." One potential problem with Schmidt's statement is that it was an argument for the average student. It may be more advantageous for students at the bottom and top quartiles of the talent distribution to go straight into the workforce (or get vocational training). Case in point, Mark Zuckerberg dropped out of college, and I don't think anybody would say he made a mistake.'"

Target Hackers Have More Data Than They Can Sell 118

Posted by Soulskill on Tuesday January 14, 2014 @10:02PM from the embarrassment-of-riches dept.

itwbennett writes "The hackers who stole millions of credit card numbers from Target customers are probably 'laying low knowing that everyone is looking for them,' says Alex Holden, who runs cybercrime consultancy Hold Security. But it's also likely that they can't sell them: 'You can imagine that having a lot of stolen credit cards will not net the hackers, say $35 per card for all 40 million,' said Holden. 'Even if the hackers are willing to sell cards for $1 a card, no one will buy the stolen goods in these amounts.'"

NSA-resistant Android App 'Burns' Sensitive Messages 183

Posted by Unknown Lamer on Wednesday September 04, 2013 @10:46AM from the many-have-tried dept.

angry tapir writes "Phil Zimmermann's Silent Circle, which halted its secure mail service shortly after Lavabit, has released a messaging application for Android devices that encrypts and securely erases messages and files. The application, called Silent Text, lets users specify a time period for which the receiver can view a message before it is erased. It also keeps the keys used to encrypt and decrypt content on the user's device, which protects the company from law enforcement requests for the keys." Seems similar to pieces of the Guardian Project.

Autonomy Chief Says Whitman Is Watering Down HP Fraud Claims 117

Posted by timothy on Sunday December 30, 2012 @01:20PM from the series-of-tangled-webs dept.

McGruber writes "Possibly the wierdest tax-writeoff of the year happened when Meg Whitman claimed that her US-based multinational corporation HP had been defrauded by British-software firm Autonomy; Ms. Whitman and HP claimed an 8.8 billion dollar write-down. As the Los Angeles Times explains, 'HP acquired Autonomy in 2011 for $11 billion, a move it hoped would turn it away from its dependence on sales of computer hardware with its low profit margins, and into the more profitable business of software. However, the price HP paid was widely criticized for being too high, and in part led to the subsequent ouster of Chief Executive Leo Apotheker.' The wierdness continues — in its annual report filed with the U.S. Securities and Exchange Commission, HP claims that the U.S. Department of Justice has opened an investigation into HP's allegations that HP has uncovered widespread accounting fraud at Autonomy. However, The Guardian points out that former Autonomy CEO Mike Lynch claims that HP 'is watering down the accusations it had levelled against him over the accounts filed by his old software company.' Mr. Lynch also says that he has not been contacted by the U.S. Department of Justice, which HP claims is investigating the alleged fraud. Perhaps Slashdot's users can help make sense of this mess and help explain it to me?"

Comment Re:I think that's all college students (Score 1) 823

by thanq on Thursday October 25, 2012 @02:50PM (#41768861) Attached to: Ask Slashdot: Rectifying Nerd Arrogance?

Agreed. Those that are self employed make between 80-200 per hour.

It's not difficult knowledge to obtain, it really just takes time to get licensed and understanding of basic rules and reasons why things are the way they are (mostly dealing with gravity, angles, how liquids flow, how many turns you need to have on a run of a pipe, etc).

There's some math required in calculating throughput (water flow/outflow) - which resembles network design or memory optimizations.

There's a lot of parallels between the two.

What sucks about the plumbing jobs is that you often have to go to questionable locales and houses and deal with other people shit. Literally.

No one calls a plumber when things are well (with exception of new construction jobs), so you get to charge a premium for it.

Intel Unveils Tiny Next Unit of Computing To Match Raspberry Pi 194

Posted by samzenpus on Monday April 30, 2012 @10:15AM from the small-like-you dept.

MrSeb writes "Details of a new, ultra-compact computer form factor from Intel, called the Next Unit of Computing (NUC) are starting to emerge. First demonstrated at PAX East at the beginning of April, and Intel's Platinum Summit in London last week, NUC is a complete 10x10cm (4x4in) Sandy Bridge Core i3/i5 computer. On the back, there are Thunderbolt, HDMI, and USB 3.0 ports. On the motherboard itself, there are two SO-DIMM (laptop) memory slots and two mini PCIe headers. On the flip side of the motherboard is a CPU socket that takes most mobile Core i3 and i5 processors, and a heatsink and fan assembly. Price-wise, it's unlikely that the NUC will approach the $25 Raspberry Pi, but an Intel employee has said that the price will 'not be in the hundreds and thousands range.' A price point around $100 would be reasonable, and would make the NUC an ideal HTPC or learning/educational PC. The NUC is scheduled to be released in the second half of 2012."

In Nothing We Trust 910

Posted by samzenpus on Monday April 23, 2012 @11:01AM from the to-john-dillinger-and-hope-he-is-still-alive dept.

Hugh Pickens writes "Ron Fournier and Sophie Quinton write in the National Journal that seven in 10 Americans believe that the country is on the wrong track; eight in 10 are dissatisfied with the way the nation is being governed, only 23 percent have confidence in banks, and just 19 percent have confidence in big business. Less than half the population expresses "a great deal" of confidence in the public-school system or organized religion. 'We have lost our gods,' says Laura Hansen. 'We've lost it—that basic sense of trust and confidence—in everything.' Humans are coded to create communities, and communities beget institutions. What if, in the future, they don't? People could disconnect, refocus inward, and turn away from their social contract. Already, many are losing trust. If society can't promise benefits for joining it, its members may no longer feel bound to follow its rules. But history reminds us that America's leaders can draw the nation together to solve problems. At a moment of gaping income inequality, when the country was turbulently transitioning from a farm economy to a factory one, President Theodore Roosevelt reminded Americans, 'To us, as a people, it has been granted to lay the foundations of our national life.' At the height of the Great Depression, President Franklin Roosevelt chastised the business and political leaders who had led the country into ruin. 'These dark days will be worth all they cost us if they teach us that our true destiny is not to be ministered unto but to minister to ourselves and to our fellow men,' said FDR. 'Restoration calls, however, not for changes in ethics alone. This Nation asks for action, and action now.'"

Comment Re:U.S. is established on religion, so (Score 1) 900

by thanq on Tuesday December 27, 2011 @05:18PM (#38507188) Attached to: America's Turn From Science, a Danger For Democracy

> The whole U.S. is established on the idea of God and religion

I am not sure what you mean by this, but I'd like to disagree with how you have framed it.

In its essence, your comment is factually incorrect, but I will concede that such notion may be derived from observing elements of the culture and government as we know them today (e.g. notes on currency, addition of "Under God" to Pledge of Allegience). Without a doubt, that religion or concept of a God hold strong and there's a variety of individuals and organizations pushing for its inclusion in government operation and its laws.

It has not been established on the idea of God and its religion however (by the way, which religion do you mean), see separation of church and state: http://nobeliefs.com/Tripoli.htm.

> tells you to pray towards said imaginary person and completely disregards science in favor of what someone wrote on paper 1500-2000 years ago

While science cannot prove nor disprove existence of God, while there's a conservative religious following to discredit or "adjust" science to further its own goals, it is factually disingenious to suggest that Christian faith commands to completely disregard science in favor of some text.

It is sad, however, that what the evangelical conservative Christians do is to promote this type of interpretation among non-Christians, which affects you, judging by your comments.

Please do not judge the faith alone by standards of a vocal activists of an organized church/religion, same as do not fall into the trap of believing that any experiment could be called "science" even if it's fabricated for a different purpose than pursuit of truth or expansion of knowledge.

Comment I am sure this is just a publicity stunt... (Score 1) 195

by thanq on Wednesday October 05, 2011 @05:52PM (#37618234) Attached to: US Scientists Invited To Russian Yeti Hunt

... and they will have a chance to witness Vladimir Putin slay the beast with his own bare hands wearing nothing but military trousers.

Slashdot Top Deals