Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Big companies still get it wrong. (Score 1) 124

Just a couple of weeks ago I asked my colleague if he got an Email I knew he was CC-ed on. "Nope didn't see it".

On inspection we found that the sending company had installed DKIM and SPF and set them to "don't warn, simply refuse the mail".

This was something like paypal or ebay where this came from. Sure, they have big infrastructure which is difficult to get right, but also they should have a big team capable of getting things right.....

it is difficult to get things right. Lots of stuff is being sent automatically from "unattended mailboxes". Any bounces or warnings during the testing phase are going nowhere....

Comment Re:Vault 7 (Score 1) 82

Imagine you have a sixyearold who doesn't want to go to school, so he hides the car keys. This morning he hid the keys in the honey pops box. So you decide to put an alarm on the honey pops. Not the fruitloops next to them, not the sugar bowl, not the fridge! Thousands of other places to hide the item, but you put an alarm on the ONE spot he used this time (And you tell him about the alarm!).

This is very similar to how this "FIX" affects the CIA from "hiding the keys" again.

It is wrong to publish about this issue calling this a "FIX".

A "fix" would pose a significant barrier to entry, or at least close this one issue that would allow entry.

Comment Re:Attack Software (Score 1) 514

Well if you want to be a pendant, it works better if you are correct.

So the 5V on my arduino is a measure of its ESD tolerance? Bullshit!

In datasheets, they specify ESD tolerance as a voltage: A standardized capacitor (with a specified capacity, ESR and possibly ESL) is charged to the indicated voltage and the device is supposed to tolerate the discharge.

But voltage in itself has nothing to do with ESD.

Comment Fundamental problem. (Score 1) 124

There is a fundamental law that batteries have to follow.

The energy that is stored has to be able to come back out. So, if you short the electrodes, all that stored energy may be released in a short amount of time. Unless your energy density is very low (i.e. below usable) that will heat up your battery on short notice. There is not much you can do about that.

Comment The dangers... (Score 2, Insightful) 161

> the close call highlights the dangers of asteroids.

One: Nothing happened. So how dangerous was this? If it HAD hit, maybe several hundred people would've visited hospitals and some windows woudl have had to be replaced.

Two: The danger is teaching people "an asteroid killed the dinosaurs, what if an asteroid kills us?". That is dangerous. A really BIG asteroid killed the dinosaurs. These small ones are nothing to worry about. Let's assume this thing is aiming for earth, but hits randomly somewhere inside the moon's orbit. The earth has a radius of about 6000km, the moon's orbit about 300000km. A ratio of 50, so the chances of hitting earth are 1/2500. The people making a stir about these things are the ones that stand to gain employment from scaring the general public about this.

Comment Crunching the numbers... (Score 1) 117

I have a 24V 10Ah 10C Lithium battery. Sold as multicopter battery. It weighs about a kg. (1200g IIRC, but lets round that to make the math easier).

100A*24V = 2.4kW. That's 8 times worse than the 20kW/kg for the metal scraps battery. As the power density is important for flying things, this would be great for flying.....

As to the energy densigty, I have 24V * 10Ah = 240Wh in about a kg. They have only 20Wh/kg. They are worse than my battery by a factor of 12....

Somthing fishy here.

Comment Re:Executes more code but runs faster ? (Score 1) 531

The "better" counter to the original argument is that not all bugs are memory overruns.

Back in the early nineties I was reading the manual page for the daemon that would send a message to a terminal when a mail message came in. I concluded, from the "published specs" that I could trick it to do "nasty" things. And that turned out to work.

This is an example where no overrun, just the published actions of a program lead to a security issue.

Comment Formal verification is worthless IRL. (Score 2) 531

When you write a program that needs to print the primes up to a certain number, you can easily create a formal proof that your program program is correct.

But when your program is say "apache", that needs to interact with many different browsers on one side, and interpret PHP scripts that interact with databases, this formal proof becomes impossible. Similarly, you cannot write a formal spec for the interaction with the user in for example, a web browser.

Even though both examples I put forward today (web server and web browser) didn't exist back then, I've held this opinion for thirty years (spring 1987).

Comment Same with Samsung. (Score 1) 387

There I actively performed the firmware update myself. The new firmware rejected the non-original cartridges. After a few tests the 123inkt-support team said: "well then, it seems your cartridge is broken". So they send me a new one, I returned the old one, and since then I've been printing again. (I was going to say something like "happily", but for honesty I must leave that out....)

Comment Why doesn't anybody get their facts straight? (Score 3, Informative) 228

After googling around a bit. stories about running a bash shell on windows pop up.

It isn't "running Linux" on windows. That would imply that there is a Linux kernel running that actually manages hardware. This impression of "running on hardware" is enhanced by the slashdot summary.

None of this. Windows is simply providing those Linux system calls that allows commandline apps to run. A story then mentioned that servers would not run. That's odd: When "bash" runs and say applications like ping, ssh and telnet, you'd have to go to great lengths to prevent another app like "apache" from running.

But if what I hear is true, this is only useful for the most basic of things, no graphical capabilities. I might be an old fart that uses the commandline a lot, but that becomes useful in combination with a bunch of graphical tools that display what I need to know on a graphical screen.

As to security: the implied trick of running a linux kernel that also has access to the windows block devices is very prone to bugs and security issues. But all that is not the case: It's just another program running in an operating system, using a slightly different set of API calls. If the emulated Linux system calls end up calling windows-internal stuff AFTER the "permissions checking" that normal windows calls would do then you have a problem. It tells a lot about how badly windows is layered.

Comment mi (Score 1) 133

.... John von Neumann said..... In 1947.

http://www.brainyquote.com/quo...

      It would appear that we have reached the limits of
      what it is possible to achieve with computer technology,
      although one should be careful with such statements,
      as they tend to sound pretty silly in 5 years.

For the record: I have produced this quote around 20 years ago when similar statements about the "end of moore within 5-10 years" were made

Slashdot Top Deals

The aim of science is to seek the simplest explanations of complex facts. Seek simplicity and distrust it. -- Whitehead.

Working...