Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:Attack Software (Score 1) 511

Well if you want to be a pendant, it works better if you are correct.

So the 5V on my arduino is a measure of its ESD tolerance? Bullshit!

In datasheets, they specify ESD tolerance as a voltage: A standardized capacitor (with a specified capacity, ESR and possibly ESL) is charged to the indicated voltage and the device is supposed to tolerate the discharge.

But voltage in itself has nothing to do with ESD.

Comment Fundamental problem. (Score 1) 124

There is a fundamental law that batteries have to follow.

The energy that is stored has to be able to come back out. So, if you short the electrodes, all that stored energy may be released in a short amount of time. Unless your energy density is very low (i.e. below usable) that will heat up your battery on short notice. There is not much you can do about that.

Comment The dangers... (Score 2, Insightful) 161

> the close call highlights the dangers of asteroids.

One: Nothing happened. So how dangerous was this? If it HAD hit, maybe several hundred people would've visited hospitals and some windows woudl have had to be replaced.

Two: The danger is teaching people "an asteroid killed the dinosaurs, what if an asteroid kills us?". That is dangerous. A really BIG asteroid killed the dinosaurs. These small ones are nothing to worry about. Let's assume this thing is aiming for earth, but hits randomly somewhere inside the moon's orbit. The earth has a radius of about 6000km, the moon's orbit about 300000km. A ratio of 50, so the chances of hitting earth are 1/2500. The people making a stir about these things are the ones that stand to gain employment from scaring the general public about this.

Comment Crunching the numbers... (Score 1) 117

I have a 24V 10Ah 10C Lithium battery. Sold as multicopter battery. It weighs about a kg. (1200g IIRC, but lets round that to make the math easier).

100A*24V = 2.4kW. That's 8 times worse than the 20kW/kg for the metal scraps battery. As the power density is important for flying things, this would be great for flying.....

As to the energy densigty, I have 24V * 10Ah = 240Wh in about a kg. They have only 20Wh/kg. They are worse than my battery by a factor of 12....

Somthing fishy here.

Comment Re:Executes more code but runs faster ? (Score 1) 531

The "better" counter to the original argument is that not all bugs are memory overruns.

Back in the early nineties I was reading the manual page for the daemon that would send a message to a terminal when a mail message came in. I concluded, from the "published specs" that I could trick it to do "nasty" things. And that turned out to work.

This is an example where no overrun, just the published actions of a program lead to a security issue.

Comment Formal verification is worthless IRL. (Score 2) 531

When you write a program that needs to print the primes up to a certain number, you can easily create a formal proof that your program program is correct.

But when your program is say "apache", that needs to interact with many different browsers on one side, and interpret PHP scripts that interact with databases, this formal proof becomes impossible. Similarly, you cannot write a formal spec for the interaction with the user in for example, a web browser.

Even though both examples I put forward today (web server and web browser) didn't exist back then, I've held this opinion for thirty years (spring 1987).

Comment Same with Samsung. (Score 1) 387

There I actively performed the firmware update myself. The new firmware rejected the non-original cartridges. After a few tests the 123inkt-support team said: "well then, it seems your cartridge is broken". So they send me a new one, I returned the old one, and since then I've been printing again. (I was going to say something like "happily", but for honesty I must leave that out....)

Comment Why doesn't anybody get their facts straight? (Score 3, Informative) 228

After googling around a bit. stories about running a bash shell on windows pop up.

It isn't "running Linux" on windows. That would imply that there is a Linux kernel running that actually manages hardware. This impression of "running on hardware" is enhanced by the slashdot summary.

None of this. Windows is simply providing those Linux system calls that allows commandline apps to run. A story then mentioned that servers would not run. That's odd: When "bash" runs and say applications like ping, ssh and telnet, you'd have to go to great lengths to prevent another app like "apache" from running.

But if what I hear is true, this is only useful for the most basic of things, no graphical capabilities. I might be an old fart that uses the commandline a lot, but that becomes useful in combination with a bunch of graphical tools that display what I need to know on a graphical screen.

As to security: the implied trick of running a linux kernel that also has access to the windows block devices is very prone to bugs and security issues. But all that is not the case: It's just another program running in an operating system, using a slightly different set of API calls. If the emulated Linux system calls end up calling windows-internal stuff AFTER the "permissions checking" that normal windows calls would do then you have a problem. It tells a lot about how badly windows is layered.

Comment mi (Score 1) 133

.... John von Neumann said..... In 1947.

      It would appear that we have reached the limits of
      what it is possible to achieve with computer technology,
      although one should be careful with such statements,
      as they tend to sound pretty silly in 5 years.

For the record: I have produced this quote around 20 years ago when similar statements about the "end of moore within 5-10 years" were made

Comment Re:Yes (Score 1) 245

You are entirely correct that "audit at the interface" is a good idea. The problem here is that the interface is hidden inside the CPU. And the "interface" is undisclosed. What if there is a broadcast packet that, when the PC is off, puts the ME into slave mode? Yea, come out of powerdown, do NOT enable video (keep the monitor blanked), send the harddisk contents to NSA...
You can "see it happening" at the network interface (third meaning of that word) when it happens, but there might be a cryptographically secure way of preventing you from finding/probing that packet. In this case I mean with cryptographically secure that it is unfeasible to find it by brute force. Not that you can't see it come by on the net if it happens while you're looking. For such a feature: "all ME's report NOW" you can't have individually encrypted codes. So it would work for every one, e.g. a statiic say 256bit random password would be an example.

Anyway, This ME is embedded deep enough that it is difficult to probe at the interfaces. (you can't cut the trace that connects it to the rest of the system so that you can be sure it is turned off), and it has enough access to be able to do serious harm....

For example: Say the NSA secretly downloads your whole harddisk. But... you say: it's encrypted, don't worry! The ME has enough access that, when under control of "bad guys", it can halt your CPU just as it has obtained the key to your harddrive. Next time you boot the PC a mysterious packet flies off to some remote IP address...

Slashdot Top Deals