Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Impressive work. (Score 4, Insightful) 68

Aside from the egregious delay in fixing these things; does anyone else get a very, very, bad feeling about the expected quality of the firmware when 'supply a string longer than a normal user would type' is a successful attack?

If you aren't sanitizing your inputs against that one; what are you sanitizing?

Comment Re:Mercator straight lines are not great circles! (Score 1) 318

Ironically, that's the main sense in which arguments that Mercator projections are 'imperialist' aren't total nonsense:

You don't 'imperialize' by drawing the other guy's country really small and hurting his feelings; you do so by having the maritime expertise to deliver troops and maintain supply lines across large areas of the world; and conquering the other guy's country.

As a rather useful projection for navigation, Mercator can definitely help you out with that; the wonky land areas are just a minor side effect.

Comment Re:Geometry is hard, as is geography (Score 2) 318

The trouble isn't with the Mercator projection, it does what it was designed to do well enough; but the somewhat baffling decision to make a map whose main virtues are for marine navigation the quasi-default for classroom applications mostly focused on what happens on land.

I've never heard a particularly cogent justification for that one.

Comment Re: Not if the NRA has any balls! (Score 1) 62

It's considered tacky to talk about 'blocking' GPS; but if you look for 'GPS signal generators' or 'GPS simulators', you can get hardware that doesn't merely interfere with GPS; but can produce a fairly convincing GPS fix for a time/location/etc. that you specify. Tricky and subtle to fool a suitably nice GPS system that is actively paranoid about the possibility; a couple of antennas on the ground just doesn't look quite like a satellite constellation; but can fool more naive GPS systems quite effectively.

It is suspected that this is the technique behind a few surveillance drones that were led off course and (mostly) soft-landed in hostile areas(I think the most recent case was a US drone that got a little too close to the Iranians). Really shoddy firmware might get fatally confused if you suddenly present it with some wild fantasy data; but if you start feeding accurate GPS signals, and gradually skew them, error can quickly and quietly accumulate much faster than a naive target might suggest.

I imagine that the power of blocking or spoofing GPS depends mostly on how many backup instruments you have; and how paranoid you are. GPS is preferred because it provides very well-behaved data from a chip that costs peanuts; but it's not as though everyone just stumbled around and got lost before it was available. A drone built right down to budget and weight might not have anything to fall back on; but compasses, terrain-following, inertial navigation, even celestial navigation if it isn't too sunny are all options.

Comment Re:type of technology (Score 2) 186

I assume that someone with service provider MiTM access could do a bunch of SS7 weirdness, in order to confuse attribution; but that's my understanding: if you have privileged access at the provider level, you don't need to do anything to traffic routing/redirection that might attract attention, you can just grab a copy as it passes by; while if you don't have provider-level cooperation;, you either need to try to get the traffic sent somewhere you do have access to(or run the comparatively great risk of sending people out with stingrays to do it in person; which is likely a poor plan unless you are the local cops.

Sort of like when something deeply unsettling happens to the world's BGP configurations. Ma Bell doesn't need to mess with those to tap your stuff; but some backwater that normally doesn't pass traffic worth spying on needs to modify things if they want to intercept something of interest.

Comment Re: Not if the NRA has any balls! (Score 1) 62

That might work in select locations; but CIWS isn't cheap(Phalanx is north of $5 million a pop; albeit probably more because of the support electronics than the gun alone); and ammunition isn't inexpensive and is a nontrivial danger to everyone in the area; and both factors are going to limit the number of places you can get away with deploying it.

Comment Good news everyone! (Score 3, Interesting) 62

This should improve the odds that cheapo Chinese drones start to feature more robust IMU/gyro/etc. based fallbacks for dealing with excessive RF noise!

In all seriousness, jamming a drone obviously makes life harder, since it excludes all 'basically just an RC airplane' hardware; prevents the operator from getting footage or issuing new commands, and so on; but it's hardly some rule of the universe that 'just make a docile attempt at landing' is the inevitable response to hitting a nasty RF spike. A variety of options, from heuristics of various sophistication for backing out and trying to escape the jamming; to attempts to fly straight toward where the emissions are most intense and ruin the jammer's day; to just dead-reckoning via onboard sensors and a backup flight path, all exist.

And that doesn't include the drones that actually have some nontrivial machine vision capabilities, or sensors other than cameras that can be used for navigation, though such tend to be rather more expensive.

Comment Re: Generic engineers? Really? (Score 3, Insightful) 196

If they are being paid in a way that reflects their being competent-or-better actual engineers; expecting them to play IT isn't necessarily unreasonable; but it seems pretty dumb.

You don't want to deal with lousy IT, no matter how much money you 'save'; because that's just miserable; but if you are paying an electrical engineer to spin up EC2 instances or a civil engineer to be poking at a recalcitrant data logger rather than thinking guru-level thoughts about concrete loading, you are arguably squandering relatively expensive and rare talent on problems that a reasonably competent small-shop IT generalist is exactly the sort of person to make go away so that your subject matter experts can do their thing.

Engineers who can't handle writing(or at least prototyping) simulation code are potentially more of an issue(expecting them to whip out their l33t optimization skills to save you a modest amount of CPU time by rendering the code unmaintanable is often folly; but it's been a while since most engineering disciplines were amenable to calculations entirely on slide rules and legal pads); but even there the value of an engineer who can go from Debian_netinst_x86-64 to 'fully configured numPy environment' is something that is a trifle hard to stress over as long as they know what to do with a development environment once set up.

I have a personal fondness for generalist tinkering, so I sympathize; but I also recognize that much of my generalist tinkering is purely recreational because it involves either fiddling with stuff that I'm not very good at; or doing things that someone cheaper could easily do because I'm interested in how they work. In this case, I'd be severely doubtful of the wisdom of trying to impose IT stuff on a bunch of actual, went-to-engineer-school-and-are-priced-to-reflect-that, engineers rather than investigate the possibility of finding a reasonably flexible IT/lightweight 'CS' with strong tinkering background person who appreciates the variety of an office too small for rigid specialization and the chance to poke at a wide variety of problems; and making that person available to your engineers for fiddling with peripherals, basic network and systems administration, any EC2 jockeying, etc.

Comment Re:A leftist cost-based solution won't work. (Score 1) 66

"What is a non-leftist solution to this problem?

It's actually quite simple: just avoid storing all of this sort of data to begin with!"

So it's just Dun & Bradstreet's well-known dedication to establishing the dictatorship of the proletariat that caused them to accumulate all these data? Not, y'know, the fact that it's how they make money? This seems eminently plausible...

Comment Don't worry! (Score 1) 66

Just remember; focus on the 'scary hackers' side of the story; not the 'the data were already aggregated and available, and presumably in use, well before the leak occurred' aspect.

As long as giant databases remain in respectable hands, no harm can come of them; so just worry about whether it was a nation-state actor or an 'advanced persistent threat'. Nothing else to see here.

Comment I believe this 100%! (Score 1) 102

Since demonstrating your loyalty by listening to the company podcast is voluntary; I, for one, express childlike faith that it is completely impossible that compliance statistics would be gathered in the background; or ever factored in to a decision to not-fire-because-they-aren't-employees somebody. That sort of covert stuff just isn't Uber's company culture!

Comment Re:Truecrypt.. (Score 1) 202

Without further evidence I'm inclined to be skeptical; but (while the TLAs seem to prefer more whiz-bang techniques when they have the option); I'd imagine that good, old fashioned, human infiltration is both likely to be effective and likely to be pretty low risk; which makes it a concern.

Both proprietary and OSS software have to be written and reviewed by somebody; and ensuring that your people end up as some of the important 'somebodys' is likely to be pretty doable if you have competent employees available; and they are willing to accept not-wildly-competitive salaries or do unpaid maintainer shit work because you are also paying them.

There is some risk of discovery, it's hard to obfuscate perfectly while still leaving useful backdoors and exploits; but there's the handy feature that it's not as though the LKML or Facebook get to shoot people for treason and espionage; so the worst-case is being blackballed by part of the tech industry and having to go back to working on internal projects, or get a job with Booz Allen Hamilton; which isn't too terrifying a prospect by espionage standards.

Slashdot Top Deals

"It says he made us all to be just like him. So if we're dumb, then god is dumb, and maybe even a little ugly on the side." -- Frank Zappa