Become a fan of Slashdot on Facebook


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Free files - GitHub repo for review (Score 1, Redundant) 88

If anyone's curious, I've dropped the decrypted contents of the "free sample" up on GitHub: Hopefully this makes analyzing the collection a bit easier. The code's pretty old - 2010-2013 according to timestamps - but it does look like real exploit/implant code from a distance.

Comment Re:Density is nice, but what about longevity? (Score 1) 185

Yes, and it's a fair point that most SSDs haven't been around long enough to even measure their long-term stability. SSD technology has also advanced very far in a short period of time - older generation SSDs are probably also much less mature in technology and therefore more prone to failure.

The SSD manufacturers have yet to see all the ways in which their drives can fail under real-world, long term conditions. I expect long term reliability to improve as companies develop a fuller understanding of the failure modes and countermeasures. For example, hard drives added shock (acceleration) sensors after laptops became commonplace - the failures caused by dropping the hard drive were not previously considered a major risk.

Comment Re:Density is nice, but what about longevity? (Score 5, Informative) 185

Let's work it out. A few years ago, TechReport ran an SSD endurance experiment to figure out how much punishment current-gen SSDs could take before failing. Their test setup essentially involved writing random data at maximum speed for 18 months straight. The results indicated that the worst SSD in their bunch, a Intel's 335 Series, wrote about 700 TB before dying, and the best SSD, a Samsung 840 Pro SSD, went on to 2.4 PB.

Various estimates say you can put between 60-75 hours of HD content on a 500GB drive, so, assuming the largest possible size, that works out to about 8.3 GB/hour. Since you're writing two streams, that's 16.6 GB/hour, or 145 TB per year. For the worst drive in the bunch, that's about 4.8 years of service (right at the upper end of your HDD's service life); for the best drive, it's over 16 years.

Keep in mind that these tests were all run on 250GB drives. Smaller drives have less flash to work with, and have to write over the same flash cells more often. Therefore, if you bought a 1TB drive, you can expect the lifetime to be easily 4x better (more if you're using a more recent drive, such as the Samsung 850 Pro) - 64 years of DVR recording should be more than sufficient.


After Years of Serving X11, X.Org Stands To Lose Its One-Letter Domain ( 140

An anonymous reader writes: The X.Org domain predates the X.Org Foundation. It was used in the '90s as a destination by The Open Group around the X Window System. While many are expecting Mir and Wayland to eventually succeed the X.Org Server, it seems the X.Org/X11 Server may outlive the valuable domain. Thanks to poor management by the X.Org Foundation, they risk losing access to their one-letter domain. Procrastination, paired with not transferring the domain when forming the non-profit foundation, has led to a last-minute mess. They left the domain registered for years to a person who is no longer involved with X.Org — and doesn't want to relinquish it. In the few days until the domain expires, they are hoping for a "Hail Mary." Let this be a lesson for open-source projects to better manage their assets.

Comment Manual cars suffer from a related vulnerability (Score 1) 122

Manual car sensors can also be hacked! Shining bright lights at the windshield, especially in nighttime driving conditions, incapacitates the optical sensor of a manually-driven car. Worse, unlike self-driving cars, manual cars behave erratically or unpredictably in these conditions. Even worse, all cars are equipped with hardware that can generate these bright lights, meaning that any car can attack any other manual car in vision range.

Cars are doomed!

Comment Re:You're welcome (Score 4, Informative) 130

Some folks were asking how this works, so here goes:

newgrp is a UNIX utility that executes a shell with a new group ID (UNIX specification page: This requires root permission since it can change the group ID to one outside the current shell's group list (e.g. to any group in the uid's group list). Therefore, newgrp is a setuid root application which launches a shell.

DYLD_PRINT_TO_FILE is a dyld (OS X dynamic linker) environment variable that tells dyld where to print debugging information. Ordinarily, dyld supports a large number of debugging options to facilitate debugging shared libraries and to allow neat tricks like DYLD_INSERT_LIBRARIES (equivalent to LD_PRELOAD on Linux). When dyld sees this environment variable, it opens a new file descriptor connected to the specified file. Since fds 0,1,2 are already connected to stdin, stdout and stderr, the file is opened as fd 3.

Notably, since newgrp starts as root, the file is opened using root's permissions, even though newgrp later drops privileges to spawn the shell.

Because DYLD_ environment variables can modify a program's behaviour in unexpected ways, they are usually deleted or sanitized prior to running setuid programs (because otherwise an unprivileged attacker could cause a setuid program to misbehave, exactly as in this exploit). Apple clearly forgot to sanitize the new DYLD_PRINT_TO_FILE when shipping Yosemite, opening this particular flaw up.

Finally, the (outer) echo command tells the subshell spawned by newgrp to execute the (inner) echo command, which outputs the string "$(whoami) ALL=(ALL) NOPASSWD:ALL" into fd 3, which (due to the DYLD_PRINT_TO_FILE variable) is /etc/sudoers. This line tells sudo that *any* account is allowed sudo access, and that no password is required to use sudo.

The subshell then exits (no more commands to run), and the final command "sudo -s" executes. Since sudo no longer requires a password, and all accounts can use sudo, "sudo -s" just immediately opens a root shell without prompting.

Comment Re:This guy hasn't done his research. (Score 2) 648

Efficiency needs to count programmer time, too. From watching first-year programmers in University struggle with C, to watching seasoned programmers struggle with C, I can assure you that Python wins on programmer efficiency. I've used C longer than I've used Python (~16 years for C, ~13 years for Python), so I am definitely comfortable with both, but I now use Python for virtually all general-purpose programming.

Even when CPU cycles count, I will usually prototype in Python to get all the algorithmic details right before porting to C. Often I won't even port the whole program; a number of my recent projects have had C routines called from Python front-end code (so that the front-end can handle stuff like HTTP requests, text parsing, response formatting and the like).

Finally, libraries like NumPy and Sage are taking Python beyond mere scripting and into the realm of serious scientific programming. It is now possible to write and use complex computer vision algorithms, mathematical algorithms, and heavy-duty number crunching (like MATLAB) in Python, meaning that a good amount of scientific computing is starting to be done with Python instead of more traditional languages like Perl, MATLAB or Java.

Comment Re:instant disqualification (Score 1) 648

Your vbnc was last updated in 2010, and targets Visual Basic .NET 8, which was released with Visual Studio 2005. The VBNC compiler has not had any significant updates since 2011.

Visual Basic .NET is now on version 12. vbnc is horribly behind, and it does not appear to be actively supported. If your instructor were to use any newer language features, such as lambdas, iterators or asynchronous programming, you would not be able to use VBNC to compile that code and would probably have to resort to using Windows somehow.

On the flipside, Python now comes standard with most Linux distributions, and is standard with Mac OS X. It's very simple to install on Windows and even comes with a bare-bones IDE for editing code. In every respect, it is easier to get started using Python than to start using VB .NET, especially on non-Windows platforms.

Comment This guy hasn't done his research. (Score 5, Insightful) 648

I understand the popularity at the moment of the Python, however this language is also based on the C language. When it comes to more complex constructs Python cannot do them and I would be forced to rely on C.

It's pretty obvious that this guy hasn't done his research. This is a very ignorant statement about both Python and C in general.

I'd love to see *any* "complex construct" that C can do, that Python cannot do in a general computer science/algorithm sense.

Comment Metal (Score 3, Interesting) 411

One of the updates that folks seem to have overlooked is Metal, Apple's upcoming replacement for OpenGL.

While I think Apple is likely to continue supporting OpenGL for the foreseeable future, it's somewhat worrying that they've decided to just build a brand-new graphics library. It represents a refocusing of their optimization efforts, certainly, so in the future I would expect devs to have to use Metal in order to obtain decent graphics performance. This in turn will make development even harder, especially for cross-platform shops which expect OpenGL to work reasonably well in all environments...

Comment Re:Falling through cases is quite useful at times (Score 1) 411

Defaults should be sane, and optimized for the common case. Fall-through-by-default is not the common case, it's the exceptional case. Because C chose fall-through-by-default, programmers are penalized for the much more common case of no-fall-through by having to type "break;" at the end of every frickin' case statement.

Because of this, common C practice is to annotate intentional fall-through statements with a comment, like so:

switch(expr) {
    case superset:
/* superset code ...*/
    case base:
/* base code ...*/

So, guess what Swift does? That's right, an explicit fallthrough keyword, which you can apply to get the uncommon (but, as you noted, occasionally useful) fallthrough behaviour. This is both wonderfully self-documenting, and eliminates the need for break in the common case. Switch statements in Swift are shorter and safer as a result. (Also, their use of Lisp/Scheme/...-esque matching semantics for switch is a nice touch, as are the genericized Enums...but that's a story for later).

Comment Re:Not all C libraries release the GIL (Score 1) 196

Any C library can touch Python objects any time it likes, by nature of being linked to the Python C-API. However, you can only safely access Python objects while holding the GIL. CPython libraries are entered into with the GIL held (otherwise you couldn't even interact with the arguments given to the function), and they may decide to release the GIL some time later (and promise not to touch the Python API while the GIL is not held).

*Many* CPython release the GIL during operations that may be long-running, so you get the illusion that basically any long-running C operation releases the GIL.

PIL not releasing the GIL should be construed a bug in this case.


Submission + - CMU Researcher Creates an Acoustic QR Code (

Hesh writes: "Robert Xiao at CMU has created an acoustic equivalent of a QR code, by patterning notches into materials like plastic, glass, and stone. They are lower resolution, but could be much smaller and overall less invasive. " You can find out more details here: and see a video of it in action here:

Slashdot Top Deals

"We Americans, we're a simple people... but piss us off, and we'll bomb your cities." -- Robin Williams, _Good Morning Vietnam_