Slashdot Mirror


User: sjames

sjames's activity in the archive.

Stories
0
Comments
34,276
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 34,276

  1. Re:The UK is regressing to Victorian times... on UK Citizens May Soon Need License To Photograph Stuff They Already Own (arstechnica.com) · · Score: 2, Interesting

    That doesn't explain why OF THE PEOPLE WHO VOTED, 30% voted Tory but 50% of the seats went to the Tories.

    That is explained by gerrymandering.

  2. Re:Dumbing Down on Seymour Cray and the Development of Supercomputers (linuxvoice.com) · · Score: 1

    It MIGHT have been a system that would unconditionally execute the next instruction and produce garbage if there was a dependency, leaving the compiler to order them correctly and insert NOPs where needed, but in fact it kept track of that in hardware and inserted the NOPs itself.

  3. Re:I guess ignorance isn't bliss after all? on AVG, McAfee, Kaspersky Antiviruses All Had a Common Bug (softpedia.com) · · Score: 1

    Agreed, uncleared memory from the heap can only tell the program what it already knew.

  4. Re:Can anyone keep up all these bullshits? on Signs You're Doing Devops Wrong (infoworld.com) · · Score: 1

    It's an old story. Good developers on a good team will mix approaches as necessary to get the job done. Managers want to turn it into a procedure that monkeys can use to accomplish the same thing but for pennies on the dollar. It's been 50 years but they still haven't learned two important facts. Pay peanuts, get monkeys and monkeys fling poop.

  5. Re:Someone doesn't understand the internet on Chubb To Offer UK 'Troll Insurance' Policy (thestack.com) · · Score: 1

    A drop of water on the forehead does you no harm. Unless you know there will be another, and another, and another, and that it won't stop or even relent in the foreseeable future.

  6. Re:I guess ignorance isn't bliss after all? on AVG, McAfee, Kaspersky Antiviruses All Had a Common Bug (softpedia.com) · · Score: 1

    Not *really* relevant here, but I'll address it anyhow. There's a performance cost to doing this. Normally it doesn't matter, because allocated memory immediately gets overwritten and deallocated memory can't be accessed at all anymore. Why waste the time clearing memory before handing it to the process (which will overwrite whatever you wrote there anyhow)? Some languages do this, but it's one of the reasons those languages are slower than C/C++ (though admittedly usually not a *major* reason).

    Zeroing newly allocated memory is actually one of the few valid points. In a modern CPU, the cost to zero a page is quite small and makes sure no information leaks from one process to another. That must be handled by the OS since you can't use the honor system for other people's code. For example, an unprivileged (but authorized) user could write a program that does nothing but mmap and munmap anonymous pages. If the mmap-ed pages are not zeroed prior tyo mapping them in, the unprivileged program can scan it's legitimately granted pages for known structs, potential passwords (from I/O buffers) and other such information it is not authorized to have.

  7. Re: Read: "Warner avoids massive class-action laws on "Happy Birthday To You" Set To Finally Reach the Public Domain · · Score: 2

    The plaintiff would need to show that Warner knew or should have known that the copyright was expired. Then the contract might be thrown out by a judge for being fraudulent.

  8. Re: Now combine that with parallel construction on FBI Admits It Uses Stingrays, Zero-Day Exploits (arstechnica.com) · · Score: 1

    If the first evidence was obtained legally, then it isn't parallel construction at all. All they have to do is lay it out in court. Contrary to that, often even the prosecutor isn't told (and many prosecutors are getting steamed about that too).

    But note, when anyone takes the stand, they are required to swear to tell the truth, THE WHOLE TRUTH, and nothing but the truth. If the tip-off came from stingray, they MUST say so or they have not told the whole truth, that is, they have perjured themselves. They routinely perjure themselves and demand that other LEOs do as well (suborning perjury). This also brings up issues for discovery.

    Note that it has been ruled that use of stingray requires a warrant and must be limited to the named subject of that warrant. The ruling was quite clear that any information outside of the warrant MUST be discarded. Parallel construction is the LEO evidentiary equivalent of money laundering.

  9. Re:Isn't this the responsibility of the OS? on AVG, McAfee, Kaspersky Antiviruses All Had a Common Bug (softpedia.com) · · Score: 1

    I think you have a few misconceptions there. No modern OS allows process X to overwrite process Y's memory unless it has a serious bug or it's a special purpose embedded OS (generally running on a tiny machine). Each process has it's own address space It may ask that the OS map free memory into it or it can ask for files (such as libraries) to be mapped into it. It can choose the address itself or it can leave the OS free to pick a location.

    The porocess can either leave itself unprotected from stack opverflow (bad) or it can leave an unallocated guard space between the stack and the heap so that an overflow will cause a segfault.

    Permissions on the library files should force mapping read-only so that other processes mapping of the same library cannot allow shennanigans. If that's not the case, it's a bug. Note that the OS can optionally make the mapping r/w while the file is ro BUT actually handle it as Copy On Write (yeah, yeah, cow) so that the sharing breaks when the process writes there (it gets it's own private copy).

    Deliberately shared memory segments are a feature for IPC and the policy of what can write where is determined by the application. There are great advantages to making that mapping at the same logical address.

  10. Re:Isn't this the responsibility of the OS? on AVG, McAfee, Kaspersky Antiviruses All Had a Common Bug (softpedia.com) · · Score: 2

    Not necessarily. Memory randomization is mostly a protection against stack smashing. A common tactic there is send a message over the net that overruns a buffer with random junk, some code, and a fake return address that overwrites the real one on the stack. It's not that hard *IF* the location of the stack is easy to predict. When the receive function returns, it ends up returning to the attacker's code. If that code can depend on the location of various things in the address space, it can then call those functions itself in order to fetch more attacker code to be run.

    Yes, the randomization only helps after something has gone wrong already (the real service shouldn't allow a buffer overflow, naturally), but at that point, the attacker really only has a toe in the door. If you've randomized, the process will crash and (possibly) trigger an investigation. If not, the attacker captures the beachhead and uses it as a base to continue to attack from (possibly privilege escalation, possibly you 'just' become an unwitting bot).

  11. Re: Now combine that with parallel construction on FBI Admits It Uses Stingrays, Zero-Day Exploits (arstechnica.com) · · Score: 1

    So you don't mind if we put cameras in your bed and bathroom as long as we pinkie swear we'll never use the video in court?

    Your rights are violated the instant the cameras go in, even if you are never prosecuted for anything at all (because polishing your knob isn't a crime). Had parallel construction not been an option, there would be no incentive to illegally install the cameras (since it couldn't lead to any useful objective for law enforcement).

    If the cops keep 24/7 tabs on you using stingray, your rights have been violated even if you never find out it is happening. Even if you discussed nothing more interesting than chicken or fish for dinner. Even if the most interesting place you went was the 7-11. If you don't want that to happen, then you must make perfectly clear that the tactic is not at all useful.

    In broader terms, law enforcement must never be above the law. Any time they want to do anything that an ordinary citizen may not do, they need to have an exception carved out in a warrant or for a very specific set of circumstances. "Everyone, all the time, just because" doesn't fit the bill.

    Therefore, the fact that my blood and semen is all over the body is also inadmissible.

    Gee, I guess they should have read you your rights then! No excuses for stupid, sloppy work. People's lives are at stake. If we aren't THAT militant about it, tomorrow they'll grab some guy with an IQ of 75, "forget" to read him his rights and tell him all he has to do is say yes and he can go home. Then they ask again "did you kill Joe Blow?". Don't for a moment imagine they wouldn't do something that dirty and underhanded and then fry some innocent mentally challenged individual to avoid looking bad. It happens. So congrats, the cops are now the murderers.

    As for your tool shed example, if they can plainly see it through the window while they are not trespassing (and they're not if they got the warrant to search your property for a car), it's not forbidden. They are welcome to tell a judge what they saw and get a warrant. What they may not do is skulk around in everybody's yard every night peeping through windows. That's not just creepy in the extreme, it's illegal. If you don't prevent that, you'll find cops "accidentally" stumbling through your locked door and "accidentally" dumping the contents of your dresser on the floor. How nice that there was nothing illegal to find, you'll still have a house that looks like a tornado went through. You'll still have that creepy feeling that people are pawing through your private stuff whenever you go to work. Is that really how you want to live?

    How about this? We make all of that evidence admissible but also take it as the police involved personally confessing to a crime and sentence them appropriately. But no more anonymous tips, you have the right to face your accuser.

  12. Re:Thanks for telling us on FBI Admits It Uses Stingrays, Zero-Day Exploits (arstechnica.com) · · Score: 1

    That tells us a lot though. It tells us that they ACTUALLY believe they're above the law and that nobody can say otherwise.

  13. Re: Now combine that with parallel construction on FBI Admits It Uses Stingrays, Zero-Day Exploits (arstechnica.com) · · Score: 1

    Sure, but by allowing parallel construction, we are granting the FBI an unlimited bypass the constitution free card. The reason we throw out tainted evidence is to remove law enforcement's incentive to violate the rights of everyone in order to catch a few people they THINK might be guilty.

    Consider, if we don't make tainted evidence useless, even where parallel construction is used, the police form two administratively separate divisions. One that ignores the constitution entirely and acts much like the Stasi and another that just waits on "anonymous" tips from the first group. Everybody gets their rights violated routinely.

  14. Re:I love that Independant learning is a problem on UK's National Crime Agency Publishes Crazy Cyber-Crime Warning Signs (oomlout.co.uk) · · Score: 1

    So, looks like the UK NCA thinks our daughter is on track to become an empress of the cyber crime underground?

    On the bright side, she'll have a job.

  15. Re:I love that Independant learning is a problem on UK's National Crime Agency Publishes Crazy Cyber-Crime Warning Signs (oomlout.co.uk) · · Score: 1

    No, it's not. It's close, but there are a few things most assemblers do for you that you have to do yourself if you key machine language in in hex.

  16. Re: Support is the big issue on IT Leaders Now Expected To Be Open To Open Source (enterprisersproject.com) · · Score: 1

    If it's proprietary, you have one choice for support, better hope they're helpful. With Open Source, you probably have several choices for support. If the one you chose isn't getting the job done, hire another.

  17. Re:Whatever the cool kids are doing on IT Leaders Now Expected To Be Open To Open Source (enterprisersproject.com) · · Score: 1

    It's been that way for a LOOOOOONG time. Remember when everything needed to be "CORBA compliant" and CORBA was going to magically make a bunch of apps that were never designed to work together into a seamless and all powerful whole (somehow)?

    Then it was Java because the JVM made it run absolutely everywhere with no effort at all and was brand new tech (as long as you don't remember p-code from the late '60s that is).

    These days, it's "the cloud" (it's so fluffy!) Suddenly, companies that used to lock data behind a guarded door and you needed a password, a 10 digit combination, and a letter from the Pope just to peek at it are perfectly happy to upload it to "the cloud" where nothing can go wrong.

    As for Open Source, the big change is that managers can no longer instantly disregard a potential solution just because it is Open Source. That doesn't mean it is ALWAYS the right answer, just that it isn't NEVER the right answer. It has always been malpractice to ignore a solid Open Source package on the grounds that it's not expensive enough and didn't take you golfing in Tahiti, it's just that it is now recognized as malpractice.

  18. Re:Correlation != causation on Prolonged Sitting and Poor Sleep Can Work Together To Shorten Your Life (latimes.com) · · Score: 1

    People sleeping too long probably have an underlying condition. People sleeping too little probably have an alarm clock and a screwed up work-life balance.

    As for exercise, they may have an underlying condition or it may be that work-life balance thing again.

  19. Re:Also, see the A-10 on B-52s: The Plane That Refuses To Die · · Score: 1

    On the other hand, as long as they're faithful to the documented design, we know the result will be a good design for a lot less than designing a possible turkey from scratch.

    Perhaps it doesn't make the realistic "Star Wars (tm)" whooshing and beeping sounds like the F-35, but it's solid. If we can teach the Pentagon that these are NOT toys, we'll be a lot better off.

  20. Re:Snitching devices on Hit-and-Run Suspect Arrested After Her Own Car Calls Cops (yahoo.com) · · Score: 2

    Car is loaded with forbidden plants and is involved in a single car accident.

    Two parties in a fender bender, nobody hurt, agree that the fault is equal and part amicably. Cops ticked off that they didn't get to salt the wounds with a few tickets.

  21. Re:Snitching devices on Hit-and-Run Suspect Arrested After Her Own Car Calls Cops (yahoo.com) · · Score: 1

    To collect extra money and get people used to presenting their papers on a case by case basis.

    You take the driver's license as granted today, but it was quite controversial when introduced.

  22. Re:Race to the bottom on Beijing Issues 'Red Alert' Over Smog (independent.co.uk) · · Score: 2

    LA's problem isn't even 1/10th the problem in Bejing.

  23. Re:Race to the bottom on Beijing Issues 'Red Alert' Over Smog (independent.co.uk) · · Score: 1

    Of course, their income will improve when there are manufacturing jobs to be had in the U.S. Meanwhile, the collected tariffs can go towards poverty relief.

  24. Re:Don't forget the conflict of interest on Congress Joins Battle Against Ticket Bots (csoonline.com) · · Score: 1

    It wouldn't surprise me at all.

  25. Re:To higher ground? on How To Lead a Nation That's About To Be Swallowed By the Sea · · Score: 1

    The ground is water permeable.