Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Bug of feature? (Score 1) 67

Uh, no. All RowHammer attacks use a hardware vulnerability. That's the definition. The JavaScript attack allows you to exploit this vulnerability from a bug-free JavaScript VM, with the only requirement being that it implements TypedArray objects as contiguous (virtual) memory arrays (which is the obvious way of implementing them, and it would be difficult to implement them usefully any other way if you want to use them with WebGL). The only variation is which bits you choose to try to flip with the RowHammer attack. This is the equivalent of running a different program with a known attack, not a new attack.

Comment Re:Bug of feature? (Score 4, Informative) 67

Rowhammer has been usable from JavaScript for ages. As I said above (in the post currently at 0 overrated), one of the published ways of exploiting it is to use TypedArray objects to get a large chunk of contiguous memory, which then gives you a load of addresses in the same cache associativity set. You then hammer those addresses, which forces repeated cache evictions and eventually flips some adjacent bits. You can then use this to escape from the JavaScript sandbox. I don't know why this attack wouldn't work on mobile devices, so I don't really see what's new here.

Comment I don't understand (Score 4, Interesting) 67

One of the simplest existing known attacks involves creating an 8MB TypedArray object in JavaScript. This gives you a contiguous virtual address range, which allows you to generate 9 addresses that will be aliased to the same cache line and therefore where 9 sequential writes will trigger an eviction and a write back to RAM. What made this attack now work on mobile devices?

Comment Re:People probably realized.. (Score 1) 264

I can see a lot of uses for a smartwatch:
  • The Apple watch can unlock my computer when I'm next to it and lock it again when I move away.
  • Apple Pay on the watch looks like it might actually be more convenient than getting the card out of my wallet - on a phone it doesn't.
  • A two-factor auth device that I carry around with me on my wrist sounds useful.
  • Calendar appointment reminders without having to get something out of my pocket.
  • More convenient map / direction display to glance at while cycling.
    • There are probably a lot more. The problem is that current smartwatches are like early-90s Nokia smartphones. All of the basic ingredients are there, but the technology isn't up to the vision. A decent smartwatch would be about 5mm thick, have a battery that lasts a few days, charge via induction from a thing I can leave on my bedside table, have always-available network connection without a smartphone, and be waterproof and rugged enough to survive frequent knocks. Give it another 5-10 years and we might get there...

Comment Re:of course the do! (Score 2) 51

I wouldn't be surprised if there's also a much more direct feedback loop for Netflix-produced content (though HBO is probably similar). Think about how a normal TV show is created:
  1. Someone has an idea. They persuade a studio to fund a pilot.
  2. The studio takes a loss on the pilot and shops it around to TV channels.
  3. The TV channels evaluate it and decide the demographics that will watch it and if a large enough segment of a profitable (i.e. high income, low impulse control) of the population might like it, they commission the series.
  4. The studio produces the series.
  5. The channel sells ads.
  6. If the ad purchasers think that the ads are worthwhile (via a complex indirect feedback mechanism involving tracking sales against projections) then they'll be happy and the studio will renew the show (unless a new show that could possibly make more money in the same slot comes along).

Now compare that to Netflix.

  1. Someone has an idea. They persuade a studio to fund a pilot.
  2. Netflix decides that people might like it and funds the full series.
  3. As soon as the show is available, Netflix records how many people watch it, how many didn't finish an episode, and what the review score distribution is from the subset of people that bother to write reviews.
  4. If it's popular, Netflix funds another season.

Which of these is more likely to produce shows that lots of people want to watch?

Comment Re: Oh noes!!!!11111 (Score 4, Insightful) 472

So if there were outside factors that biologically predisposed men and women towards different career paths or interests would you accept that those might result in something other than an even distribution of employment in certain vocations?

This doesn't make sense. The differences are either innate (biological) or the result of external factors. If they're the result of external factors (i.e. not biological) then they're likely to be amenable to change. The fact that the participation of women varies hugely between cultures (for example, in India, Korea, Israel, Iran, and Lithuania, Romania, it's a lot higher) implies strongly that external factors are far more of a reason why we have so few women than anything biological.

Comment Re: Oh noes!!!!11111 (Score 4, Insightful) 472

Outside factors are not an issue.

If every role model of a programmer you see until you're a teenager is male.

If computer programmer Barbie involves the girl doing some design, but the actual coding being done by boys.

If every children's TV show that includes both women and computers has the woman saying computers are hard and the man solving the problems.

If all of the clever boys at your school are encouraged into extracurricular activities involving computers, but the girls aren't.

I'm sure it would have no impact at all on you.

If you don't think that this is real, then sit down for a couple of hours this evening and watch two hours of children's TV. Count the number of male vs female lead roles. Count the number of times anyone builds anything and whether it's done by a male or female character.

Comment Re:Remote exploit (Score 1) 72

Most attacks these days are a sequence of memory safety violation followed by memory disclosure followed by arbitrary code execution. ASLR is meant to make the memory disclosure part harder, but there are now half a dozen known attack techniques that allow ASLR to be bypassed. Off the shelf attack toolkits will include these mechanisms, so it's a mistake to assume that an attacker won't be able to bypass it. It increases the barrier to entry from script kiddie with 5-year-old toys to script kiddie with new toys.

Comment Re:Holy flamebait batman! (Score 1) 894

If you don't have a job, "relocation" is a bus ticket. But very few people move to improve their circumstances.

Not true. If you don't believe me, look at the statistics for worker mobility - they correlate strongly with wealth. Poor people are a lot more reliant on their support networks (family, friends, and so on). If they're in a poorly paying job, then they probably can't afford to take a month to look for a new one in the new location (especially with the real possibility that they won't find one). If they don't have a job, then there's a strong psychological pressure not to move to places with fewer jobs and there's likely to be a delay in receiving unemployment benefit as these things are typically administered locally.

In contrast, someone like a typical Slashdot poster can afford to stay in a hotel room for a week or two (or have an employer willing to pay the cost) while they look for somewhere to live and will typically be able to find a job before they start moving.

Oh, if we're willing to tax the first dollar of earnings (over the UBI), it's far more credible. But right now the majority pays effectively no income tax, so that would be a massive change.

UBI itself is a massive change, so it's weird to think that you'd introduce it without introducing massive changes. Most proposals for UBI have it replace the tax-free allowance. You might have a very small tax-free allowance on top of it, but generally the way of balancing the books involves paying tax on all earned income.

Comment Re:Holy flamebait batman! (Score 1) 894

But the good ones are either simply not there anymore because they left, or they are not working in coding outsourcing because it pays badly

That's not quite true. The problem is that most Indian outsourcing firms are really crap places to work. They have huge staff turnover (as in, close to 100% over the course of a month). If you set up an office in Bangalore, have a mixture of people who moved out there and know your company and locals who know the environment, then you can still hire a lot of competent people. You'll probably be paying them a few times more than the local outsourcing sweatshops, but it's still cheap. You can also do the same thing on a smaller scale if you work with individuals and build a long-term relationship (pay them a 10-20% of a Silicon Valley salary and they'll have a standard of living vastly better than they'd get if they moved to the USA, so there's no big incentive for them to leave India and their family / friends).

But if you go with one of the big outsourcing outfits, or just do short-term contracts, you're likely to get either people who don't have the skills, or ones that do but will be gone before the end of the project because they've got a much better offer from somewhere else.

Comment Re:Trump is fine with gay marriage... (Score 3, Informative) 634

I think you're mischaracterising Trump. It's more fair to say he's the "candidate who says what I hate and will certainly try to do it". Unlike Clinton, he doesn't have the backing of the Washington machine and has managed to alienate both parties. Both Clinton and Trump are likely to push policies that are counter to the interests of the majority of the population, the difference is that Clinton is more likely to succeed.

Slashdot Top Deals

Basic unit of Laryngitis = The Hoarsepower