Slashdot Mirror


User: VortexCortex

VortexCortex's activity in the archive.

Stories
0
Comments
5,203
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,203

  1. Re:WebKit on Pinkie Pie Earns $60K At Pwn2Own With Three Chromium 0-Day Exploits · · Score: 2

    One of the reasons I use Chrome and IE 9 is because of sandboxing. Firefox still does not support it, but there are ways around it. Java had sandboxing too from day 1 and we all know how well that turned out to be the last few years security wise.

    Such is the case when you compile data to machine-code at run-time, then flag it as executable and run it.

  2. Sandboxed? Without hardware VM support? Riiiight. on Pinkie Pie Earns $60K At Pwn2Own With Three Chromium 0-Day Exploits · · Score: 5, Insightful

    The code isn't in a sandbox if it can escape.

    A lot of (desktop) hardware supports virtualization at the hardware level -- This doesn't mean executing a different set of opcodes, it means running an OS inside of an OS. We need hypervisory control at the application level. As long as your application code is running in the same environment as everything else with no hardware supported barriers, then it's not actually in a sandbox.

    We compile sections of JavaScript to machine code in data memory, mark the resulting data as code and execute it. It only takes one well placed buffer overflow to get some of your memory corrupted, before data is executed as code. The corruption need not result from JavaScript to affect the JS engine. Additionally, if said JavaScript or HTML or ANY untrusted source of data is being used by native code at the same security level as the application then any bug in that native code (eg: flash, SVG, HTML5 rendering, video/sound codecs, etc) can be an open door out of the "sandbox". This is similar to how such a bug in kernel level code can give you kernel level access... Such is the case for application level code as well.

    Data Execution Prevention (DEP) can be used to prevent executing data as code (eg to prevent buffer overflow data from being executed), but since the design of JavaScript makes implementations so slow and we're trying to do so much with it we actually need to execute the data as code. To gain performance we forfeit one of best tools that a "sandbox" can have.

    Many that gloat over their browser performance benchmarks wilfully trade security for speed, leaving other more sensible individuals (who may instead throw hardware at a speed issue) without an option... Better browser code can't execute "faster". The hardware runs at the same speed. It can only execute less. That is: more efficiently... More speed requires better hardware, not software.

    I would welcome a slower software only VM option (no just in time compiling to machine code), this way hardware DEP could be used to enforce sandboxing more strictly. Until then: My browser runs in its own OS within a hardware supported VM. I start from a fresh known-good VM image before I do anything important on the web. THAT'S a sandbox. Consequently, these restrictions mean I won't do anything important on today's mobile devices...

    P.S.
    Security researcher red-flags bolded for your convenience.

  3. Re:So what's the point of telling us? on Topher Grace Screens Star Wars Prequel Re-edit · · Score: 3, Insightful

    We'll never get to see it. So why even tell us it exists?

    This is DRM done right. The best way to prevent people from copying it by any means -- especially mentally -- is to not release the media at all.

  4. Re:Should do that with Matrix 2 and 3 on Topher Grace Screens Star Wars Prequel Re-edit · · Score: 1

    Disagree. The plot was fundamentally broken from the second movie on. My personal theory is that The 13th Floor stole their ending and they had to wing it.

    Everything in the matrix was tainted green... I had an old green monochrome screen on my first XT machine.
    Neo gets blinded in "the real world" but can still see the "machine-world" in orange... I had an old amber monochrome screen on my 286.

    Of course "the real world" they've escaped into from out of the matrix is actually just another virtual world. If you can create one reality in a machine, why can't you encapsulate that in another reality as a "system of control" AKA fail-safe? How else can you explain Neo's ability to literally explode sentinel machines with his mind? It's not like he's doing a real-time hack over WIFI...

    Yeah, it's subtle, but the "13th Floor" elements were certainly present. IMHO, I fully expected yet another sequel having this premise -- I thought everyone did...

  5. Re:Space superiority. on Prototype Space Fence Now Tracking Actual Orbital Debris · · Score: 1

    We will soon reach a point where not having such predictive capabilities will doom any launched vehicle to a debris collision. Its interesting to think that such a program provides so much space superiority over other nations.

    It's also interesting to think that blasting several rockets into orbit, then exploding them to create more debris is a rung reachable by even the lowliest of space faring nations.

    Tracking and collecting space junk could become very important if even one such nation decides: "If I can't have it, no one can!"
    IIRC, China tested their capability to create space debris by destroying a satellite.

  6. Oh, hi! I remember you... I think. on Ask Slashdot: How To Find Expertise For Amateur Game Development? · · Score: 2

    In case you're not the same guy who posted this exact same idea already...
    >>>>/AGDG/
    is that way. You may be able to see if the person who posted similar game idea / implementation is still around.

    You can contract a freelance programmer to write it for you, then look at the source and gain understanding that way (ever played GORILLAS.BAS?).

    Alternatively, take a tutorial for getting graphics on the screen; Then moving the graphics; Then collision detection; Then apply gravity.
    Or, simply join a group of people in the modding scene for an established game engine -- ask the mod community how to proceed -- Port to flash when done.
    If you already know one language Learning ActionScript is as simple as learning the flash API and ECMAScript syntax...

  7. Re:Buzz on Classic Nintendo Games Are NP-Hard · · Score: 1

    Is "NP-hard" the next buzz word?

    Ah, I see you're still using the term "buzz word", which itself is one.

  8. Re:Scoring is NP-hard on Classic Nintendo Games Are NP-Hard · · Score: 1

    My understanding, admittedly layman's, is that a lot(all of?) the early console systems were hardware constrained as hell and certainly didn't have the luxury of a hardware RNG or even many peripheral interfaces with the unpredictable outside world, so their games tended to not only lack randomness; but rely on techniques for faking randomness sufficiently rudimentary that "luck manipulation" becomes viable...

    It's my understanding as a game developer, that if you need any sort of networked multi-player or demo record and (instant) playback then your engine needs to be fully deterministic. That is: if anything is random it's pseudo-random. Eg: Doom used a pre-computed look-up table for its "random" number generator.

    Furthermore since: UpdatePhysics( elapsedMillisec ); UpdatePhysics( elapsedMillisec );
    Is not guaranteed to produce the same results as UpdatePhysics( elapsedMillisec * 2 );
    many of today's games run their physics and game logic at a fixed interval. A discarded interpolation between two intervals can provide a fractional time step for a rendering frame, or to implement client-side prediction (latency compensation).

    There are other techniques, but they must be deterministic or else desynchronisation occurs. Ergo: If determinism is your basis for likelihood of NP-hard determinations, the candidates are still widely produced today despite our advances in hardware randomness generation.

    Don't forget that there is a human element in a game: It's not possible to determine the precise timing of actions or reactions a human will supply... Depending on the game logic this may cause cascading effects or feedback logic loops -- the basis of cybernetics, which is typically a non trivial field (even less trivial when a human mind is part of the loop).

  9. Re:Perhaps.... on Humans Are Nicer Than We Think · · Score: 4, Funny

    Also when your environment forces you to take violence as a form of communication, where punching means "it was nice meeting you" and stabbing to death means "I didn't know how to express my issues so that we could solve them together".

    So, I take it you're from The Bronx?

  10. Re:Two words .. on NASA Boss Says Mars Colonization Will Be Corporate Only · · Score: 1

    Nope, more like UAC.
    I really hope they don't start working on teleportation technology. If they do, they had better stock up on plasma rifles and miniguns first.

    I'm Locked and Loaded, Sir!

  11. Re:Google's payment options on Google To Devs: Use Our Payment System Or Be Dropped · · Score: 0

    i'd say welcome to the fact that languages evolve...

    On the contrary. I'd say it's just proof that people hear phrases then use them later without actually knowing what they mean. Ergo: de-evolution via ignorance.

  12. Re:Easy fix? on TSA 'Warning' Media About Reporting On Body Scanner Failures? · · Score: 5, Insightful

    A double dose of cyanide will completely prevent any future terrorists from harming you.

  13. Re:Hacking books on FBI Warns Congress of Terrorist Hacking · · Score: 1

    I recently purchased some hacking books on amazon out of curiosity, half-realizing that this COULD put me on some watch lists I probably don't want to be on. I wonder whether I'm just being paranoid.... or if we actually got to that point already.

    So, you overcame the Fear that the governmental terrorists have spread? Excelent! Another victory in the real War on Terror. Be courageous and do not fear your government -- Instead actively fight to reduce their spread of such terrors, for this is how we win.

    Many people aboard the planes on 9/11 let their fear overcome them -- They were afraid that a single life would be ended by the terrorists, and this fear was used against them to turn their planes into weapons against us all. Note that those aboard Flight 93 overcame their fear and fought back thus foiling the terrorists' plans, though at a great price.

    Only if you take to heart the seeds of doubt and fear spread by the scaremongering terrorists can they win. I'm glad you didn't let fear of their watch-lists cause you to voluntarily destroy your freedoms. Even if it cost me jail time I would not change my reading habits. We must fight to protect our way of life from enemies both foreign and domestic.

  14. Re:Anyone else? on FBI Warns Congress of Terrorist Hacking · · Score: 1

    Tired of the word "terrorist and/or terrorism.

    No, I'm not tired of the words. We must vigilantly protect ourselves from terrorists and terrorism. However, I think the definition of the words needs a bit of clarification.

    Terrorism is the belief in using fear against others for your own gain; A terrorist is someone who participates in terrorism, eg: spreading such fear for manipulative purposes... For example: The evening news anchors or the FBI, DHS, etc. IMHO, anyone who continually spreads fear to control the populous is a terrorist.

    Contrary to popular belief, the "War on Terror" is ridiculously simple to win. I already won my personal war on terror -- I'm simply not afraid of anything. There is a thing called Courage which we used to embrace. When faced with any situation whereby my freedoms would be eroded, or my actions would be changed due to fear, instead I simply repeat the words of Patrick Henry: "Give me Liberty or Give me Death!"

    I hope that one day ours will once again be the "Land of the Free, and home of the Brave". It seems that we will suffer much injustice at the hands of our congressional terrorists before this comes to pass.

  15. Re:Great on IBM Optical Chip Moves Data At 1Tbps · · Score: 1

    When my ISP rolls this out I'll be able to hit my bandwidth cap in just a few milliseconds.

    Well, assuming that you can get the servers out on the web to stream you content at that speed. True, you can simply open more connections to other servers I suppose (BitTorrent style), just remember that downloading implies a server uploading to you ie, it's a two way street.

  16. Re:it was written in assembly language on Researchers Seek Help In Solving DuQu Mystery Language · · Score: 4, Interesting

    Well, if it's above the advanced level of Neck-beard the Gray then it's even more advanced than something like a tiny VM that interprets encrypted bytecode and has re-allocatable variable width opcodes such that the second time you encounter an instruction it may not do the same thing. Eg: my opcodes are Arithmetic encoded and encrypted with an evolving 12bit block cipher; Additionally, each execution swaps a few "function pointers" that the op-codes invoke. The compiler for my VM makes several passes to discover the optimal compression, encryption, and initial opcode-to-action table to use. To reverse engineer such a beast requires manually stepping through machine code from the very first instruction -- That is, given a partial sample of code: no amount of visual analysis will reveal what it does. The language used to write programs for it? ASM, or a subset of C; Though it could be Java, Python or any other high level language -- That's the beauty of compilers.

    Not saying this is what's been done, just that I've done and seen some VERY wicked code. I once cracked DRM that was implemented in enciphered MIPS and used such an embedded VM. It looked like the input language for the generated opcode was C.

    The government employees paid to come up with such a thing would be at most on-par with the masses of crypto nerds that joygasm over such things -- Who do you think they would hire? There's not some magical government-only breed of human with super hacker powers... Ergo, they must hire from the available pool of people, and since they don't hire us all, or even necessarily the absolute brightest, the highest level of hackerdom they could employ would be on-par with "the advanced neck beard" at most.

  17. Re:Patents are vitally important to us. on Open Source Robotic Surgeon · · Score: 0

    This is not the troll you think it is.

    This statement was wrong.

  18. Re:Bogus summary on Amazon Patents Annotating Books, Digital Works · · Score: 0

    Sure but it should have failed the "obvious to someone skilled in the art" test.

    Sadly, there is no such test.
    The USPTO is fine with granting you a weak patent as long as you've dotted your i's and crossed your t's. It's essentially up to the courts to decide. Unfortunately, they're more expensive and even less skilled in the arts.

  19. Re:Surprise it took that long on The Ineffectiveness of TSA Body Scanners · · Score: 2

    It scares the crap out of me to realize that in spite of all their amateur theatrics, we're really not significantly safer than we were before.

    Hmm, that's funny. I find it reassuring that despite all the BS that is the TSA and airline security theatre, there hasn't been a successful terrorist attack... Maybe that's just me -- you know, not being afraid of anything, even if I'm aware of it... because I'm an American, "Give Me Liberty or Give Me Death"

    Don't get scared about this, that implies we should do more useless crap: "OH NO! Something could have happened! Look how easy the sheep could be slaughtered! Put them in isolation crates during transport!"

    No, instead, get pissed off that your taxes were wasted.
    Tell me something. Do you shit bricks when you walk down the sidewalk? I mean, just imagine all the near misses from the passing traffic. It should REALLY scare you to think that despite all the questions on the driver's license exam, there's still a bunch of morons behind the wheel... only half paying attention, more distracted than ever. In fact, cars kill more people than terrorists have.

    Protip: If you're cowering in fear ready for the crap to be scared out of you, then the terrorists won. People didn't initially fight back on the hijacked planes and overpower the boxcutter wielding terrorists, because they were scared that someone might be hurt. Now that everyone knows the stakes are higher than one life, that type of shit won't be possible without murdering half the passengers, and fighting off the rest.

  20. Re:Doomed on New Programming Languages Come From Designers · · Score: 1

    With C++ you can define a smart pointer type, use STL containers and strings and everything pretty much manages itself. With C you simply can't do that.

    Yes you can. It won't be as efficient or pretty, but a lot of the grunt work can be hidden with macros.

    All the structures that need cleaning up have a pointer to their cleanup function, as well as a void pointer to the next object on the clean-up stack.

    int RAII_Function( void ) { OH_LOOK_A_GUARD; // macro that creates the object stack
    CREATE( MyObject, instance);
    CREATE( MySmartPointer, pointer, instance );
    // ... Do stuff with your damn smart pointer.
    RETURN( 42 ); // also does CLEAN_UP; macro (used when no return is needed).
    }

    You can even do reference counted objects in run-time allocated memory. Like I said, it's not as pretty as C++, but if you don't need all of C++'s features, sometimes it's acceptable to roll your own OOP or RAII, etc. I've yet to find anything "you simply can't do" in C, as this would imply it's not possible in any language.

    Interestingly enough, I've also seen/used C++ with similar macros to provide EXCEPTION_GUARDs.

  21. The Forgotten Tale, by ... hmm, who was it now? on Ask Slashdot: Good, Forgotten Fantasy & Science Fiction Novels? · · Score: 1

    do you know of any other great fantasy or science fiction books that time has forgotten?

    Yes. I know of a multitude of forgotten works! The problem is just that I can't remember a damn one.

  22. Re:Paying Microsoft and Apple for Android ? on Google, Motorola Ordered To Provide Android Info To Apple · · Score: 5, Insightful

    Yes, our broken patent system is crazy. It stifles innovation and harms society. That's why it should be significantly reformed (i.e., gutted).

    I think patents should be eradicated outright, screw reform. Geniuses aren't special. There were two telephones in the PTO within hours of each other. Edison's 1880 Light-bulb patent came after Swan's 1878 UK patent for an improved incandescent lamp in a vacuum tube... Some of my teenage hobby source code is prior art that would invalidate many software patents held today (eg: VMware's saving & restoring VM state -- my Lisp VM did just that). Granting a monopoly over an idea because you made it to the patent office first is not valuable in today's society. The patent system has never worked as intended, it has always favoured the rich and established, not the basement genius.

    I say we eradicate the patent system. The "no more innovation argumenteers" can argue all they want, but without testing the hypothesis it's all just untested conjecture. I say let's do the experiment. It's not like we can't re-instate whatever BS laws we want.

    What if we sold the devices BLANK! Then you could by the Android OS firmware you want, or install your own separately installed via SD card. You know, like in the good old days, when you paid for hardware without being forced to pay for software too.

    I've read lots of software patents and they all use a loophole: "Method and Apparatus for _____"
    You see, the software is merely a binary description of the method, it's not an apparatus unless you consider the mind an apparatus... Neither can the blank general purpose computer AKA Apparatus by itself infringe a software patent.

    So, the patent would only apply once the end user installs the software on the device and boots it, and eventually executes the patented instructions that implement the Method on the Apparatus -- if they ever do. Good luck suing all the end users, esp. when it's not clear that their machines executed the infringing code.

    A patent application has a description of the patented process in it. That can be translated into Spanish, HTML, PDF, pseudo-code, etc. and it's not an infringement. OK, so what If It's translated into C? Still not an infringement, right? What if the C code is translated to machine code, or what if I actually manually translate the patent application into machine code (as I do occasionally, when I debug the compilers I make). I can execute those machine instructions on graph paper with a pencil, my mind is the Apparatus. So, this shouldn't be an infringement either.

    You could sell the devices blank with only a PDF on them that actually describes the patented processes... right? I mean, downloading a PDF of a patent doesn't magically make my PC infringe the patent described therein. So, you could just as easily have placed the pseudo-code translation of said software patent claims on the otherwise blank device, still not an infringement, eh? What about C? Here's a device with a C code description of a patent in it. Is that an infringement? Nope. I'm having a hard time following the logical leap whereby the machine code translation of the patent claims creates an infringing use... eg: what if the device has the wrong firmware -- OR no power source -- That non-function device can't infringe a patent on a store shelf...

    Well, let's say said device has a compiler present? If the C code isn't an infringement -- It's equivalent to a French or Pseudo-code translation of the patent -- then, you could simply compile the offending code yourself the first time the device is used. Wouldn't that "route-around" the distributor's infringing of said patents?

    Seriously... this software patent crap has to stop.

  23. Re:lame on Google, Motorola Ordered To Provide Android Info To Apple · · Score: 5, Funny

    Oh shit. There goes the planet.

    There's nothing to worry about at the moment. Wait to start worrying until we have more details next year...
    ...Wait, you meant to reply to the asteroid story, right?

  24. Re:Build a ship for the best and brightest! on What To Do About an Asteroid That Has a 1 In 625 Chance of Hitting Us In 2040? · · Score: 1

    Build a spaceship and put in all the telephone sanitisers, hairdressers, advertising account executives, MPAA executives, RIAA executives, and politicians and send them into space.

    They did that once already... All the middlemen crash-landed here.

  25. Re:source code license on Timberwolf (Firefox) Beta For AmigaOS · · Score: 1

    If this is true, it's bad news. I don't enter my credit card info on software I haven't compiled myself...