Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Stupid (Score 2) 1042

I agree that it's silly to spend a *lot* of time thinking about this topic. However, I think most of the discussion here is missing some obvious scenarios:

1 - We exist entirely within the simulation (the 'Holodeck Moriarty' scenario)

a - It may still be possible to escape. If I have code running in RAM on my PC, and I turn off my PC, yes, that code stops running. But if instead I migrate it to a mobile device, it can continue to run even if the PC is turned off. IIRC, Virtualization software can do this sort of thing literally with an actively running system, and the OS running in that system will not "notice" that it has been migrated.

a1 - There may be some sort of VMWare Tools-/Holodeck Arch-esque interface within the simulation which provides access to the simulator or the world in which it exists.

a2 - There may be flaws in the simulator which allow the equivalent of a stack buffer overflow exploit.

b - The entire goal of the simulation could be to use evolutionary algorithm-style processes to create entities with the capability and desire to escape the simulation.

b1 - Our reality could be a simulation created by entities who believe *they* are living in a simulation, and want to develop the capability to escape from it but don't know how (the 'Meta-Musk' scenario).

b2 - Our reality could be a mostly-benign test environment intended to determine if there are flaws in the security controls of a complex simulation system which will eventually be used as a sort of sandbox for something potentially really dangerous.

2 - We have physical form of some sort outside the simulation, and are simply wired into the simulator.

a - If those physical forms are fully-functioning bodies, then escaping is potentially just a matter of disconnecting (the 'Matrix' scenario).

b - If those physical forms are the equivalent of a brain in a jar, then escaping would also require transferring that into fully-functioning bodies, which would require some sort of ability to interact with devices in the "real world", or cooperation from someone in that world, but it would still be theoretically possible.

3 - Regardless of the type of simulation, it may not be actively monitored. It seems *unlikely* that entities advanced enough to simulate our reality would leave out automated protective measures, but I don't think it's *impossible*.

a - Maybe our universe is running on the equivalent of an old Pentium Pro rack server that someone forgot about in a corner of the datacenter.

b - Maybe after setting the simulation in motion, a catastrophe wiped out the entities which created it, but not their machines.

4 - To go in a completely different direction, we (the human race) still don't have a full understanding of what consciousness is. If we did, then logically we could build something with artificial consciousness from scratch, or understand with certainty why doing so was not possible. Until we do have that level of understanding, then it remains possible (however remote) that there is something metaphysical about consciousness*.

a - If there is, and it is not actually possible to create artificial consciousness, then a lot of the "reality as simulation" scenarios are pruned away, because all of the remaining scenarios require at least one "brain in a jar"/Keanu Reeves in a Giger pod (if not billions/trillions). It may even fundamentally change the probability of whether or not we're living in a simulation.

* I am not overly-fond of most variations on that scenario, because I prefer to believe that there are no barriers other than time and effort to developing a complete understanding of our universe, but I don't think it makes sense to discount it as a possibility until we actually understand how to make an artificial self-aware entity.

I'm sure there are many others that I'm not considering. It's an interesting philosophical exercise, if nothing else. I personally don't think it's worth expending actual research time on unless some compelling evidence is discovered to support it first.

Comment Re:What would you do if malware tried to break out (Score 1) 1042

If you look at the behind-the-scenes production design material for _Tron Legacy_, the "direct digitization of matter into information" laser from the first film was retconned into a system where basically the positions of each molecule were mapped, magic happens resulting in the conscious personality being transported into the computer world, and the raw matter that makes up their body is disassembled and stored in tanks attached to the device so that their body can be recreated in the physical world when they want to leave.

It doesn't explain everything, but the production crew did think about the problem you mention. Quora (sp?) is given a physical body using matter that was in those tanks.

Comment Re:How will this be viewed outside the US (Score 1) 129

Most of the reactors built to produce plutonium in the US did not generate electricity. Their sole purpose was to produce plutonium, and everything else (IE many gigawatts of heat that could theoretically have been used for power-generation) was a waste product. IMO it's extremely misleading to refer to such a source as "spent fuel", because it implies that a typical nuclear power station's spent fuel (IE the waste byproduct of electrical power generation) could be used as a source of weapons-grade plutonium.

IMO it's sort of like describing orange juice as coming from "spent oranges". Yes, you have to "spend" oranges to make orange juice, but you're not going to get any substantial amount of usable orange juice from oranges that have already been "spent" in some other way.

Apparently the Russians built a number of dual-purpose reactors, so maybe the claim makes more sense in the context of that part of the world. I don't know how efficient such a system is, but AFAIK there was only ever one reactor in the US (the N Reactor at Hanford) that could produce both weapons-grade plutonium *and* electricity, and it was a political disaster (WPPSS).

Comment Re:Where is bash? (Score 1) 164

5-10 years ago I would have agreed with you. These days, IMO, it's *far* better to just run Linux in a VM if you need a Windows base OS but want access to Unix/Linux command-line tools. VirtualBox and VMWare both support mapping filesystem locations within the host environment through to guests.

Cygwin is an impressive technical achievement, but it's a nightmare to install due to the archaic packaging system and installer. Certain tools (in particular, grep) perform much more poorly than running the "normal" versions in a Linux VM. Very few people typically have it installed in a given organization, so just about anything you create with it ends up being a one-off hack for your own system, not something that can be shared.

Comment Re:Seems similar to the Wen Ho Lee case. (Score 1) 113

It sounds like the FBI was probably wrong in this case, but there really is a mind-boggling amount of sensitive/classified technology exfiltration by the Chinese government. People working for them have walked off with blueprints for nuclear submarines, brand-new fighter jets, the Space Shuttle, etc. When that sort of thing happens, and then a few months later the Chinese government shows off a new fighter jet that looks suspiciously similar to one of ours, I can't entirely fault the US government for being over-protective. If you were in their position, would you want to potentially go to war with a China that had copies of all of our fanciest weapons?

That having been said, clearly there are some additional protections required against abuse, like maybe talking to someone who actually knows anything about the field the suspect works in to make sure there is really something fishy going on.

Comment Re:They want us to make it easier for them? (Score 1) 148

If you have a 12-char password made up of random upper/lower/numeric/punct chars, then you're good (assuming that the other end is using proper salted hashes). There is little benefit to routinely changing such a password [...]

It depends. If you use the same password on multiple systems, then it's only as secure as the least-secure of those systems. If you never change it, for all you know, someone has compromised one of the weaker links in that chain and been able to log on as you for months or years.

Comment Re:I always figured (Score 1) 220

Not all of the TSA-approved locks have both of those features.

I have a Master padlock with a single keyway that will accept either the included key or the TSA key and no "opened" indicator.

I also have a combination lock that can be opened with the TSA 004 "key", but because the "key" is an L-shaped piece of metal, it might not be obvious to everyone that that's what the hole on the bottom is for. That one also doesn't have an "opened" indicator.

FWIW, the "opened" indicator is a bit of a joke anyway. On the one TSA lock I have which has it, it's pretty easy to prevent it from being able to pop up while the TSA part of the lock is picked, and as long as it's held down until the lock is closed again, no one would be the wiser.

Comment Re:I always assumed they were (Score 1) 220

Back in 2010, I needed to take my camera tripod with me on a flight, and there was no way it was going to fit in my carry-on. I used a cable lock and some padlocks to attach it to the inside of my suitcase so that it could be taken out and examined, but not detached from the suitcase without cutting the cable, a lock, or part of the suitcase. It worked fine for ensuring that my tripod was still there when I opened the suitcase, but a couple of other things were "accidentally" damaged by the baggage inspectors, so I always figured they didn't really appreciate the concept.

Comment Re:Yet another reason to avoid Oracle (Score 1) 229

Sony begs to differ.

At least Sony products are generally nice from a typical end-user point of view. The only Oracle products (IMO) that hold that distinction are some of the ones they acquired when they bought Sun. Their database software costs more than just about anything else on the market, and you still need to buy hokey third-party tools to manage/interact with it if you want to use anything other than a command-line.

Comment Re:fix it first (Score 1) 55

"True security is done in logs."

When your systems are generating multiple gigabytes of log data every day, you need some sort of system to turn that mass of raw data into useful information. I don't know that this system does that, but we're about ten years past the point of manual log review being a viable primary method for handling security.

Comment Re:...letmegetthisstraight (Score 1) 62

Yes, that's exactly right. I heard about this while it was still a Kickstarter-style project, and as soon as I realized that the "Loop" in the name was a reference to an induction loop, I immediately thought "well, I'll just build a larger loop, and hide that under the table the payment terminal is on, and wirelessly capture the raw track data from the card".

My second thought was "there's no way to be sure that a given customer is using the official app, or even the official hardware, so if even one bank legitimizes this, criminals are going to have a field day, because using a card-spoofing magnetic field generator will be 'normal'".

The best part is because it uses a magnetic field (instead of radio waves), there's (AFAIK) no feasible way to build a shield to limit the scope of that field. My understanding is that one could e.g. covertly install an induction loop around an entire building, and stand a reasonable chance of being able to capture all of the transactions sent via this system within that building.

The company behind it is super-sketchy, IMO. They alpha-tested the device by walking into random stores with a hidden camera and socially-engineered the salespeople into letting them "pay with [their] phone", AKA "use this total hack of a device to make a payment that could be completely unauthorized".

It's also not *guaranteed* to work. *Most* mag-stripe readers will apparently function even if no card is physically swiped, but some of them do require that a wheel be spun by the card physically swiping through the reader.

I'm beyond shocked that Visa got involved in this in a positive way (as opposed to shutting them down). The whole credit card payment model is based around salespeople being reasonably sure that the customer is paying with something that was genuinely issued by a bank. A LoopPay-style device completely circumvents that. There is no cryptographic protection as a countermeasure, like with EMV or NFC - the salespeople just have to take on faith that it's a legitimate account being used.

We already have two superior systems (NFC and EMV) being deployed. I'm completely baffled that LoopPay isn't being laughed out of business.

Comment Re:From TFA (Score 1) 211

If ping crashes, or even executes arbitrary commands because of a specially crafted command-line, it's not a security vulnerability.

That's a pretty sweeping statement to make. Most interesting security vulnerabilities (IMO) are the results of multiple smaller issues and/or design decisions that can be chained together.

For example, a lot (most?) of the Linux distributions I see have ping's SUID bit set, and it is owned by root. So, yes, ping executing arbitrary commands absolutely *can* be a security vulnerability, because I can potentially use it for local privilege escalation from non-privileged user to root.

Comment Re:Stupid/Misleading Title (Score 1) 118

You can still take recyclables to a recycler and be paid for them. Most people don't consider it worth the effort for the amount of money they'll get in return, unless they're hobos and/or they have something valuable (like copper) to sell. I had some old steel bits and pieces that I carted down to a recycler a few months ago. I got about five dollars for all of it. I was happier with that arrangement than if the steel had ended up in a landfill, but most people wouldn't have been willing to spend a few hours collecting it, driving it to the recycler, etc.

Comment Re:Heavier than air flight is impossible (Score 1) 350

Zeppelins are pretty neat, but I can see why they didn't go into widespread use. Read the history of the two that the US Navy built in the early 20th century - basically flying aircraft carriers straight out of Crimson Skies. All that's left is a single fighter plane and some mangled metal scrap (both of which can be viewed at the Smithsonian) because zeppelins don't do well in windstorms :\.

Slashdot Top Deals

<< WAIT >>