Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Re:Is he going for irony, here? (Score 2) 174

In terms of Linux, it's not classical security through obscurity, it's security through diversity. One of the reasons Slammer was so painful a decade ago was that most institutions had a Windows monoculture. The time between one machine being infected on your network and every machine on your network being infected was about 10 minutes (a fresh Windows install on the network was compromised before it finished running Windows Update for the first time). If you'd had a network that was 50% Windows and 50% something else, then it would only have infected half of your infrastructure and you'd have been able to pull the plug on the Windows machines and start recovery. It's possible to write cross-platform malware, but it's a lot harder (though there's some fun stuff out of one of the recent DARPA programs writing exploit code that is valid x86 and ARM code, relying on encodings that are nops in one and valid in the other, interspersed with the converse). Writing malware that can attack half a dozen combinations of OS and application software is difficult.

This is why Verisign's root DNS runs 50% Linux, 50% FreeBSD and of those they run two or three userland DNS servers, so an attack on a particular OS or particular DNS server will only take out (at most) half of the machines. Even an attack on an OS combined with an independent attack on the DNS server will still leave them with about a quarter functional, which will result in a bit more latency for Internet users, but leave them functioning.

Comment Re:AV only helps if you are bad (Score 4, Interesting) 174

You got lucky. There are two problems with most Antivirus software:

Most of them still use system call interposition. They're vulnerable to a whole raft of time-of-check to time-of-use errors, so the only part that actually catches things is the binary signature checking, and that requires you to install updates more frequently than malware authors release new versions - it's a losing battle.

They run some quite buggy code in high privilege. In the last year, all of the major AV vendors have had security vulnerabilities. My favourite one was Norton, which had a buffer overflow in their kernel-mode scanner. Providing crafted data to it allowed an attacker to get kernel privilege (higher than administrator privilege on Windows). You could send someone an email containing an image attachment and compromise their system as long as their mail client downloaded the image, even if they didn't open it. It's hard to argue that software that allows that makes your computer more secure.

Comment Re:It's not Bechdel - it's puritan test (Score 2, Insightful) 264

Technology to analyze and transform gender disparities in media
Problem

Women are outnumbered by men three to one in the U.S. media and five to one in careers behind the camera. Additionally, women are six times more likely to be depicted in sexually suggestive clothing or partially nude in family films. Over the long term, these negative images can contribute to poor academic performance, body image issues, and less promising life choices.

Soo...
Woman showing skin in movie is presupposed as negative. Female skin is skin of evil.
Skin of evil "contributes" to bad grades, "body image issues" and will fuck up lives of people who see it.

Basically... women are witches who should be wearing burkas so as not to ruin people's lives, cause bad grades or mental issues with "body image".
It's the only way to be sure.

And a special "Well hello there - AGAIN!" to my down-moderator for voicing his/her disagreement with reality by down modding my original post above.
We can keep on going like this until you run out of mod points or I run out of copy/paste. Plenty more where that came from.

Comment It's not Bechdel - it's puritan test (Score 3, Insightful) 264

Technology to analyze and transform gender disparities in media
Problem

Women are outnumbered by men three to one in the U.S. media and five to one in careers behind the camera. Additionally, women are six times more likely to be depicted in sexually suggestive clothing or partially nude in family films. Over the long term, these negative images can contribute to poor academic performance, body image issues, and less promising life choices.

Soo...
Woman showing skin in movie is presupposed as negative. Female skin is skin of evil.
Skin of evil "contributes" to bad grades, "body image issues" and will fuck up lives of people who see it.

Basically... women are witches who should be wearing burkas so as not to ruin people's lives, cause bad grades or mental issues with "body image".
It's the only way to be sure.

Comment CAD licence (Score 1) 230

The funny thing about humans is that different humans care about different things. (Perhaps this signal becomes harder to detect as an Act III BDFL of a sprawling monoculture.)

If you regard your code as a means to an end (e.g. authoring a great web site) then perhaps it's a perfectly reasonable stance not to "care" about your code the way Linus cares about his code.

Licence of the day: Craftspeople with Attachment Disorder. Be there, or be square.

Comment Re:massive parallel processing=limited application (Score 1) 112

On a 8-core machine, a processor will be placed into a wait queue roughly 7 out of 8 times that it needs access.

You just snuck into your analysis the assumption that every core is memory saturated, and I don't think that all the memory path aggregates in many designs until the L3 cache (usually L1 not shared, L2 perhaps shared a bit). The real bottleneck ends up being the cache coherency protocol, and cache snoop events, handled on a separate bus, which might even have concurrent request channels.

I think in Intel's Xeon E5 line-up there are single-ring and bridged double-ring SKUs for forwarding dirty cache lines from one cache to another (and perhaps all memory requests). This resource can also drown for many workloads.

In many systems, you have all these cores running tasks which are fairly well isolated (not much cache conflict), except they all want to be able to allocate as much memory as they need from a giant memory space (e.g. a TB of DRAM) so they fundamentally have to fall through to a shared memory allocation framework.

You can learn a lot about the challenges involved by following the winding path of something like jemalloc as increasing concurrency levels expose yet another degeneracy.

The real problem with this field is that there isn't a single, simple story like the one you tried to tell. There are usually dozens of ways to skin the cat, each with completely different scaling stories, with different sets of engineers who are good as tweaking or debugging those stories.

At this point, what you have is a fragile coordination problem between your solution space, your architecture, and the engineers you employ, forcing ambitious ventures to crack out the golden recipe: pour in seven cement mixers full of head hunters, one 55-gallon oil drum of exclamation marks, a metric butter tonne of job perks, and agitate appropriately.

Comment Re:Laissez Faire Capitalist Here... (Score 1) 203

Direct government control isn't required. The good capitalist solution is not that different to the socialist solution: make homeowners own the last mile (fibre from your house to the cabinet is yours, though you may jointly own some shared trunking with your neighbours). The connections from the cabinets should be owned by public interest companies, with the shares owned by the homeowners. Providing Internet connectivity to the network would be something that you'd open to tender by any companies (for-profit or non-profit) that wanted to provide it.

The situation in most of the USA is that it's been done using the worst possible mixture of laissez-fair capitalism and central planning. Vast amounts of taxpayer money have been poured into the infrastructure, yet that infrastructure is owned by a few companies and they have geographical monopolies and are now owned by their customers, so have no incentive to improve it. Oh, and regulator capture means that it's actually illegal to fix the problem in a lot of places. You can provide an incentive in several ways:

  • Tax penalties or fines for companies that don't improve their infrastructure. Big government hammer, and very difficult to enforce usefully.
  • Try to align the ownership of the companies with their customers. Companies have to do what their shareholders want and if their shareholders want them to upgrade the network because they're getting crap service then they will.
  • Ensure that there's real competition. This is difficult because it's hard to provide any useful differentiation between providers of a big dumb pipe and the cost for new entrants into the market is very high.

Comment Re:BS (Score 1) 173

Android and iOS have very different philosophies. Android devices aim to be general-purpose computer, iOS devices aim to be extensions to a general-purpose computer. I have an Android tablet and an iPad, and I find I get a lot more use from the iPad because it doesn't try to replace my computer. There's a bunch of stuff that I can do on the Android tablet that I can't do on the iPad, but all of it is stuff that I'd be better off doing on my laptop anyway (with the one exception of an IRC client that doesn't disconnect when I switch to a different window). I still use Android for my phone, because OSMAnd~ (offline maps, offline routing, open source, and good map data) is the killer app for a smartphone for me and the iOS port is far less good.

Comment Re: The anti-science sure is odd. (Score 1) 682

Alas, it's a shame that it doesn't mean anything. The point here is that the Earth has undergone many shifts in its climate, sometimes in a startlingly short period of time

Except that the difference in temperature between the peak of the Medieval Warm Period and the bottom of the Little Ice Age were significantly smaller than the difference between the current temperature and the bottom of the Little Ice Age. The last time we saw an increase in temperature equivalent to the last 200 years it was over a period of tens of thousands of years.

Go and read a news story about an area of science that you know about and compare it to what the original research actually claimed. Now realise that press reports about climate change are no more accurate than that and go and read some of the papers. The models have been consistently refined for the last century, but the predictions are refinements (typically about specific local conditions and timescales), not complete reversals. Each year, there are more measurements that provide more evidence to support the core parts of the models.

Oh, and I don't think the words objectivist or dualistic mean what you think they mean. You can't discard evidence simply by throwing random words into a discussion.

Comment Re:Democrats too (Score 2) 76

Here's cash flowing into the Clinton Foundation from corporations benefiting from selling dual use technology [nypost.com] (private and military uses) to Russia.

In case you haven't noticed, most of our "dual use" technology has been shared with the Russians for a long time already. For example, the decimal number system.

In some instances, we might even consider ourselves better off if the Russians did choose to adopt our technologies, such as fail-safe command and control systems responsible for nuclear weapons (supposing our technology is actually better; I suspect the Russians have had 8" floppy disk drives for quite a while already).

Just about any improvement in the Russian commercial space would probably trickle down to the Russian military (trickle down seems to work much better in some directions than others). Are we still in the middle of a 1950s-style total economic blockade? Not that I've heard. Our bigger technical battles are with countries who have not yet produced thousands of nuclear warheads.

In summary, all of this is all a lot of hand-wavy durf, durf, durf.

Point to a real technology and describe an actual scenario where the Russian military benefits, and then explain how the Russian benefit A) is a serious NATO concern, and B) wasn't going to happen anyway sooner rather than later. Having met that bar, then maybe this issue will start to seem important to people outside your particular Kool-Aid enclave.

Hint #1: you might need to avail yourself of sources other than wnd.

Hint #2: just about every dollar given to a politician comes from someone with an interest who wants something.

Arguably the Saudi's and their Wahhabist agenda have done more damage to American foreign interests over the last thirty years than anything the Russians have done. That line of thinking would probably lead you straight back to the Bush Foundation.

Bush's Newest Secret: Who's Funding His Library?

In this piece, Mother Jones at least displays the decency to tar the Democrats and the Republicans with the same brush.

Comment Re:Standard protocol (Score 2) 102

Considering that the entire selling point behind Signal is that it's supposed to be resistant to "an adversary like the NSA," I would think their ability to trivially associate a key with a real person would kind of turn that on its head.

Any global passive adversary can do traffic analysis on any communication network. Signal's message encryption should stand up against the NSA unless there are any vulnerabilities in the implementation that the NSA has found and not told anyone about or unless they have some magical decryption power that we don't know about (unlikely). Protection of metadata is much harder. If you connect to the Signal server and they can watch your network traffic and that of other Signal users, then they can infer who you are talking to. If they can send men with lawyers, guns, or money around to OWS then they can coerce them into recording when your client connects and from what IP, even without this.

In contrast, Tox uses a DHT, which makes some kinds of interception easier and others harder. There's no central repository mapping between Tox IDs and other identifiable information, but when you push anything to the DHT that's signed with your public key then it identifies your endpoint so a global passive adversary can use this to track you (Tox over Tor, in theory, protects you against this, but in practice there are so few people doing this that it's probably trivial to track).

No system is completely secure, but my personal thread model doesn't include the NSA taking an active interest in me - if they did that then there are probably a few hundred bugs in the operating systems and other programs that I use that they could exploit to compromise the endpoint, without bothering to attack the protocol. I'd like to be relatively secure against bulk data collection though - I don't want any intelligence or law enforcement agency to be able intercept communications unless at least one participant is actively under suspicion, because if you allow that you end up with something like Hoover's FBI or the Stazi..

Comment Re:Luddites, beware! (Score 2) 60

Currently, lorry drivers have to take statutory breaks. In the EU, they can only drive for 4.5 hours before having to take a 45-minute break. They can also only drive 9 hours per day. If you have a self-driving lorry that's only good enough for motorways (predictable traffic, well-marked lanes) and the driver can be out of the driving seat resting (even sleeping) then the vehicle can drive itself for 20 hours a day and the driver can be a passenger except when it approaches built-up areas. That would dramatically reduce the number of drivers that you'd need for a haulage fleet.

Comment Re:Standard protocol (Score 2) 102

Signal is probably secure, but all communication goes via OpenWhisperSystems' servers, as does registration (which ties your identity to your account). They can't be forced to MITM your connections (probably - unless someone finds a vulnerability in the protocol), but they can unilaterally delete your account and they can be coerced into doing so. In contrast, Tox is completely decentralised (no central servers, it's a pure peer-to-peer network). Your identity is just a public key, so the only people who can identify you on the network are people that you have told your public key to through some out-of-band mechanism (or people who can view enough of the network that they can associate a public key with something else - i.e. an adversary like the NSA).

Comment Re: The anti-science sure is odd. (Score 2) 682

It's why we had a change in language from global warming to climate change

We had the change from global warming to climate change because idiots kept ignoring the 'global' part and saying things like 'this summer is rubbish, so much for global warming!'. The weather is a complex chaotic system. Global warming means that the total amount of energy in this system is increasing. This is very simple to understand - more energy is arriving from the Sun than is being radiated into space, by quite a large amount. This is trivially measurable by pointing an infrared camera at the night side of the Earth from space (which NASA does).

The effects of this are more difficult to communicate, because they're not the same everywhere. Adding more energy to the air and water in the middle of the Atlantic, for example, is likely to cause more hurricanes to form, but it may also disrupt the gulf stream and lead to significantly colder weather for a lot of places.

In the 1600s the Thames used to freeze over so that you could safely walk from one side to the other

You mean right at the height of the Little Ice Age?

If that were to happen now climate 'scientists' would be up in arms.

If it were to happen now, then it would not be part of a prolonged cooling trend that had been going on for around 200 years at that point and was just reaching its peak, before starting to warm again. The global temperature then passed the peak of the previous warm period (the Medieval Warm Period) in the last century and kept climbing. But you knew all of that, right?

Comment Re:Surprise? (Score 3, Interesting) 102

Yes, probably a lot of people. Before it was purchased, WhatsApp had a very strong privacy guarantee and made a marketing point of the fact that their protocol's end-to-end encryption meant that they couldn't spy on you even if they wanted to. When Facebook bought them, they announced that there would be no changes to this guarantee.

Slashdot Top Deals

Polymer physicists are into chains.

Working...