Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment The dangers... (Score 2, Insightful) 155

> the close call highlights the dangers of asteroids.

One: Nothing happened. So how dangerous was this? If it HAD hit, maybe several hundred people would've visited hospitals and some windows woudl have had to be replaced.

Two: The danger is teaching people "an asteroid killed the dinosaurs, what if an asteroid kills us?". That is dangerous. A really BIG asteroid killed the dinosaurs. These small ones are nothing to worry about. Let's assume this thing is aiming for earth, but hits randomly somewhere inside the moon's orbit. The earth has a radius of about 6000km, the moon's orbit about 300000km. A ratio of 50, so the chances of hitting earth are 1/2500. The people making a stir about these things are the ones that stand to gain employment from scaring the general public about this.

Comment Crunching the numbers... (Score 1) 117

I have a 24V 10Ah 10C Lithium battery. Sold as multicopter battery. It weighs about a kg. (1200g IIRC, but lets round that to make the math easier).

100A*24V = 2.4kW. That's 8 times worse than the 20kW/kg for the metal scraps battery. As the power density is important for flying things, this would be great for flying.....

As to the energy densigty, I have 24V * 10Ah = 240Wh in about a kg. They have only 20Wh/kg. They are worse than my battery by a factor of 12....

Somthing fishy here.

Comment Re:Executes more code but runs faster ? (Score 1) 531

The "better" counter to the original argument is that not all bugs are memory overruns.

Back in the early nineties I was reading the manual page for the daemon that would send a message to a terminal when a mail message came in. I concluded, from the "published specs" that I could trick it to do "nasty" things. And that turned out to work.

This is an example where no overrun, just the published actions of a program lead to a security issue.

Comment Formal verification is worthless IRL. (Score 2) 531

When you write a program that needs to print the primes up to a certain number, you can easily create a formal proof that your program program is correct.

But when your program is say "apache", that needs to interact with many different browsers on one side, and interpret PHP scripts that interact with databases, this formal proof becomes impossible. Similarly, you cannot write a formal spec for the interaction with the user in for example, a web browser.

Even though both examples I put forward today (web server and web browser) didn't exist back then, I've held this opinion for thirty years (spring 1987).

Comment Same with Samsung. (Score 1) 387

There I actively performed the firmware update myself. The new firmware rejected the non-original cartridges. After a few tests the 123inkt-support team said: "well then, it seems your cartridge is broken". So they send me a new one, I returned the old one, and since then I've been printing again. (I was going to say something like "happily", but for honesty I must leave that out....)

Comment Why doesn't anybody get their facts straight? (Score 3, Informative) 228

After googling around a bit. stories about running a bash shell on windows pop up.

It isn't "running Linux" on windows. That would imply that there is a Linux kernel running that actually manages hardware. This impression of "running on hardware" is enhanced by the slashdot summary.

None of this. Windows is simply providing those Linux system calls that allows commandline apps to run. A story then mentioned that servers would not run. That's odd: When "bash" runs and say applications like ping, ssh and telnet, you'd have to go to great lengths to prevent another app like "apache" from running.

But if what I hear is true, this is only useful for the most basic of things, no graphical capabilities. I might be an old fart that uses the commandline a lot, but that becomes useful in combination with a bunch of graphical tools that display what I need to know on a graphical screen.

As to security: the implied trick of running a linux kernel that also has access to the windows block devices is very prone to bugs and security issues. But all that is not the case: It's just another program running in an operating system, using a slightly different set of API calls. If the emulated Linux system calls end up calling windows-internal stuff AFTER the "permissions checking" that normal windows calls would do then you have a problem. It tells a lot about how badly windows is layered.

Comment mi (Score 1) 133

.... John von Neumann said..... In 1947.

      It would appear that we have reached the limits of
      what it is possible to achieve with computer technology,
      although one should be careful with such statements,
      as they tend to sound pretty silly in 5 years.

For the record: I have produced this quote around 20 years ago when similar statements about the "end of moore within 5-10 years" were made

Comment Re:Yes (Score 1) 245

You are entirely correct that "audit at the interface" is a good idea. The problem here is that the interface is hidden inside the CPU. And the "interface" is undisclosed. What if there is a broadcast packet that, when the PC is off, puts the ME into slave mode? Yea, come out of powerdown, do NOT enable video (keep the monitor blanked), send the harddisk contents to NSA...
You can "see it happening" at the network interface (third meaning of that word) when it happens, but there might be a cryptographically secure way of preventing you from finding/probing that packet. In this case I mean with cryptographically secure that it is unfeasible to find it by brute force. Not that you can't see it come by on the net if it happens while you're looking. For such a feature: "all ME's report NOW" you can't have individually encrypted codes. So it would work for every one, e.g. a statiic say 256bit random password would be an example.

Anyway, This ME is embedded deep enough that it is difficult to probe at the interfaces. (you can't cut the trace that connects it to the rest of the system so that you can be sure it is turned off), and it has enough access to be able to do serious harm....

For example: Say the NSA secretly downloads your whole harddisk. But... you say: it's encrypted, don't worry! The ME has enough access that, when under control of "bad guys", it can halt your CPU just as it has obtained the key to your harddrive. Next time you boot the PC a mysterious packet flies off to some remote IP address...

Comment Illegal? (Score 1) 118

> Both are illegal and they will commit double offense
Ehh. Yeah, so what is different from the older tactic of promising to pop someones kneecaps? I'm told this is illegal too.

Shady lenders use shady tactics to force their clients to repay them. That's how it works. Now they have moved to the "internet" and "I know where to find you! (silently promises to pop kneecaps) " is no longer a threat to someone "far away" online, possibly through tor or whatever.

I find the new strategy less barbaric than the old one actually....

Comment I call bullshit. (Score 5, Interesting) 148

There are about 2 million sixteen year old boys in the USA (alone). Of these a bunch are interested in computers. Just because "that's a large enough group", I'm ignoring the 15 year olds, 17 year olds and the girls.

And one day, one of them will spot a uid=1234 in the URL and try what happens if you change that into uid=1235. According to current laws that is considered hacking, and the culprit needs to go to jail. And you're going to predict which one of the two hundred thousand computer-interested sixteen year olds is going to do that? Good luck!

Here in Holland a some students noted that if they ordered pizza from a certain shop, they got sent to a page: "You owe us $15.60, how are you going to pay?". And the URL clearly had that 15.60 visible. So they decided to change that to "0.10". So then the page said: "You owe us $0.10, how are you going to pay?". So they chose a payment method, paid $0.10 and.... they got redirected to the pizza-site where it said: Thank you for your payment, your pizza is on its way!

In the case of the free pizzas, the company who created that stupid "don't check the amount" code should be liable. Checking that the right amount was paid is elementary to a payment system. Similarly not only checking that a user is logged in, but also checking that he/she is logged in as the RIGHT user is elementary.

You cannot blame the guy who stumbled upon this issue for "hacking". Sure, getting almost-free pizzas for a year is a bit unethical. It would be nice to inform the maintainers of the issue, but since when is being "not nice" going to land you in jail? Well, I'll tell you: since they adopted those anti-hacking laws. And for those, it doesn't matter if you're nice. If you ARE nice and report it, they can (and often do) throw you in jail anyway.

Slashdot Top Deals

Real programmers don't comment their code. It was hard to write, it should be hard to understand.