Slashdot Mirror


User: fuzzyfuzzyfungus

fuzzyfuzzyfungus's activity in the archive.

Stories
0
Comments
15,204
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 15,204

  1. Re:from TFA: owning it outright vs OS on Aaron Computer Rental Firm Spies On Users · · Score: 1

    You'd better handle the firmware, as well. While something like AMT or the assorted server management cards is (currently) unlikely to show up in a mass-market shitbox, being reserved as a Serious Corporate price discrimination feature, it does serve as a fairly adequate tech demo for what a hardware rootkit would look like.

    Little embedded application processor, active whenever the computer has access to power(whether 'on' or not), integrates with the NIC, video chipset, and peripheral controllers to provide full KVM access regardless of the state of the host OS, along with other utility features, silently(from the point of view of the host OS, somebody watching the wire can of course see it) piggybacks on the host's network connection. Even handles setting up a VPN connection to a remote host for monitoring the target if they wander offsite... Your own OS won't save you from this one. Even if you pull the drive, they can observe the BIOS whining about its missing boot device precisely as easily as you can. Pulling the RAM might stop video(since intel IGPs don't have their own to work with); but even then hardware status information, GUIDs, and serial-over-LAN remain alive. Game over man. Game over.(and we haven't even begun to explore what you'll be able to do once EFI and hardware virtualization support allow you to basically shoehorn an entire second OS into the firmware, permanently under the primary one. That'll be fun.)

    Because it is a(slightly oversold) feature, rather than a bug, it isn't truly designed for stealth; but some rather minor modifications would make it quite tricky for anybody who doesn't monitor there network traffic pretty seriously, from an independent host(luckily the merry world of cellular broadband and somebody else's wireless hotspot makes that easy, isn't it?) to detect it.

    Again, on purely economic grounds, buyers of low end units are, for the moment, saved by the fact that spy hardware costs money that would pare away at the already razor-thin margins of that sector; but hardware seems to be getting cheaper and behavioral information seems to still be valuable. Enjoy the future, brought to you by whoever is currently renting ad space in your framebuffer...

  2. Re:Whose consent is needed? on Aaron Computer Rental Firm Spies On Users · · Score: 3, Insightful

    Given that this specific case involved a computer that had been paid off(and, unless demonstrated otherwise, strongly suggests that they don't remove their bugs upon transfer of ownership generally...) I suspect that they would likely be up shit creek under such laws in this circumstance.

    More generally, I'd imagine that it depends how much the judicial/jury opinion falls under the sway of soothing babble about "legitimate digital asset management practices..." and how much it falls under the "Yeah, this is pretty much like I was renting an apartment, so my landlord decided he could install a camera in my shower" analogy.

    Precedent could allow them quite substantial leeway if this case gets linked to the "the Company owns and watches everything you do while in the building" body of case law; but if it falls in with the body of precedent concerning rented dwellings and other things with long and emotively engaging histories, they could have Serious Issues.

    If, of course, anybody finds a cache of kiddie porn being generated by the sorts of bored sleazeballs who would work for a rent-to-own company using the spyware, heads will probably roll.

  3. Re:Computers? on Osama's Hideout Gets 3 Out of 5 Stars on Google Maps · · Score: 2

    I'm not really convinced in his case(or in that of a fair number of other extremists). Religions are full of charismatic con-men acting out L. Ron Hubbard's famous advice, and politics is larded with people whose 'principles' conveniently match their interests; but it is both the empirical fact that, and absolutely necessary to the success of the cynics that religions be full of genuine suckers ready to be milked dry, and politics have a supply of voters ready to line up and cheer lest the wrong pathological narcissist be awarded the right to reward his friends and owners out of their pockets.

    In Osama's case, he abandoned a relatively straight shot into comfort and ease, born somewhere between third base and home plate, in order to take up the relatively risky and poorly paid cause of stirring up the distaste of the world's major powers. That seems like a rather illogical move, unless jihad is, in fact, a kind of extreme sport, in which the more adrenaline-dependent trust fundies recreationally engage...

  4. Re:Computers? on Osama's Hideout Gets 3 Out of 5 Stars on Google Maps · · Score: 1

    You would likely assume wrong. Now, as with many religious enthusiasts, he likely would have professed a disagreement with some of the social and psychological structures that are included in the aspects of western societies that helped produce those technologies and artifacts(compartmentalization is certainly doable, and many do it; but the structures of thought and society that characterize a contemporary global capitalism guided by a mixture of pragmatic empiricism and hedonic appetite are not... fully... compatible with those that any of the rather dusty and parochial Abrahamic monotheisms would hold up as historical ideals...)

    However, comparatively few religious groups follow through their ideological disagreements to include a pruning of material culture(except with respect to taboos concerning uppity women and specific food items, about which virtually all can agree to be outraged, and particular stylistic conventions that serve largely as in-group/out-group signifiers). The Amish are sort of an interesting outlier, in that they specifically, and consciously, target for social pressure those technologies that they see as harmful to their social structures. Bin Laden and fellows, though, don't really attach taboos to specific western-derived artifacts, especially useful ones, they just don't much like the culture they are embedded in.

  5. Re:How many generations out is this? on Intel To Build Next Gen Processor For iOS Devices · · Score: 1

    OTOH, promoting non-x86 is very contrary to past Intel strategy. That's why they sold off their old ARM business, for starters.

    It would be a major strategic departure. I assume that it comes down to a mixture of their confidence in their ability to displace ARM with their upcoming low-power products and their desire to get paid now vs. take risks for possible longer term gains. I imagine that Apple would be the company most capable of capturing profit margin from their embedded products, and thus the vendor most capable of paying well for very advanced ARM SoC fabrication; but they are also the ones with the greatest demonstrated willingness and ability to drive the development of a binary-incompatible set of applications(Microsoft doesn't have a chance in hell of moving their legacy ecosystem off x86 before the heat death of the universe and their contemporary and future development strategies target CLR, rather than a specific platform for application code. Google is, on the Android side, is also going primarily platform-independent and their web offerings are, of course, explicitly aimed at being so.)

    If they feel like getting paid now, or if their salesmen are sent home crying after trying to sell people on Atom++, Apple is the logical party to fab for. They have the highest margins on hardware, and would be willing to give Intel a cut for the best power/performance. If they feel like making a strategic play, Apple is approximately the worst party to fab for: they are the ones who would be most capable of saying, in a year or two 'Hello developers, iPhone is now x86. Have a nice day."; but are also the ones who have a pet ARM development group, and the willingness to disregard the x86 legacy base.

    It will be interesting to see.

  6. Re:PA Semi? on Intel To Build Next Gen Processor For iOS Devices · · Score: 2

    I strongly suspect that(even if PA semi weren't fabless) lack of backwards compatibility is seen as a feature, not a bug, by Apple. The last thing that they want is to make it easier for people to release warmed-over desktop applications for their precious touch-based platforms. Trying to make a handheld desktop is more or less what made WinCE such a pain in the ass to use. Apple would likely deliberately break compatibility before putting up with that, even if it could be enabled without switching architectures.

  7. Re:How many generations out is this? on Intel To Build Next Gen Processor For iOS Devices · · Score: 2

    They did keep the bit that they use for their RAID cards; but the general-purpose processor side went to Marvell.

    It would be quite interesting, though, if this was a case of Intel taking a contract fab job. Traditionally, they haven't done that(at least with their leading edge process stuff, I don't know what they do with older fabs). Intel doing an apple-exclusive run of ARM chips on the same process they do their x86s on would be dramatic and probably make a bunch of people rather sad pandas...

  8. Sneaky... on Bin Laden's Death Causes Twitter Record · · Score: 1

    I was going to go for a joke about how dastardly Bin Laden must have been, to provoke a massive DoS attack against western communications infrastructure just by getting shot.

    Then I realized that we were talking about Twitter.

  9. Re:That would be a "yes"... on Assange: Facebook 'the Most Appalling Spy Machine' Ever · · Score: 3, Interesting

    Neither, really. While I'm not happy about it, I'm of the very strong suspicion that the trend toward increased ease and efficiency of automated surveillance is an inevitable byproduct of technological development. Particularly excessive emphasis (as in the famous case of East Germany) before the technology is mature can cause collapse; but substantial increases in surveillance capability come more or less for free with technological development.

    Unless one feels like scratching out a marginal existence somewhere so lousy that technological society considers the ROI to be not worth the effort, there isn't much to be done.(Unless the energy runs out. Then everybody gets an exciting lesson in what "nostalgia" means.)

  10. Re:Slashdot summary non sensationalist on VMware Causes Second Outage While Recovering From First · · Score: 2

    "And that is the story we tell the new hires. If they ask why the employee health plan covers cyanide..."

  11. Since I'm being an awful person today... on VMware Causes Second Outage While Recovering From First · · Score: 2

    I, for one, would like to suggest that the Cloud Foundry is really foundering...

  12. That would be a "yes"... on Assange: Facebook 'the Most Appalling Spy Machine' Ever · · Score: 4, Interesting

    I suspect that the relatively brief period between the breakdown of the 'symmetric transparency' of village and smaller social groups and the rise of the 'asymmetric transparency' of rationalized, technocratic surveillance will be looked back upon as a curious historical anomaly.

  13. Re:Masses reaction on OS X Crimeware Kit Emerges · · Score: 4, Funny

    Not to worry, my faithful, mandatory binary signing will be here soon enough.

    Sent from my iPad.

  14. Re:Opt out of class on NVIDIA Gets Away With Bait-and-Switch · · Score: 1

    Is this a matter of principle, or have you achieved better-than-class results independently?

  15. Well? on OS X Crimeware Kit Emerges · · Score: 5, Funny

    All I want to know is whether this malware is worthy of the Apple platform or not: Does it use Grand Central Dispatch to efficiently allocate the load of multiple form-stealing processes between all my system's cores? Are the misleading dialog boxes that frighten me further into folly fully compliant with Apple's HID guidelines?

    If I'm going to get Mac malware, I damn well better have the best malware experience that the industry has to offer. Heck, I'd probably even be willing to pay $20 for something that windows users get for free and linux nerds compile from source, if the interface is good enough...

  16. Re:Get real, people. on NVIDIA Gets Away With Bait-and-Switch · · Score: 1

    What you say is true(and, for the great majority of class members, the alternative would be "absolutely nothing, and the offender gets off scot free": The class's lawyers pocketing 1.3 times as much as the class sounds absurdly unjust, unless you fancy trying to find a lawyer willing to go up against a reasonably sized corporation for 1.3 times your individual damages...); but there isn't any reason, in principle, why the class-action mechanism couldn't, simply by growing slightly sharper teeth, provide both the punishment and the restitution.

  17. Re:types on Inside Mozilla's New JavaScript JIT Compiler · · Score: 1

    I have to imagine that there are some sneaky things you could do if allowed to lie to the compiler about what variable types you are using... Obviously, you could check; but guessing and checking takes longer than just checking.

  18. Re:Last Resort on Tasmanian Dept. of Education Wants Anti-Virus for Linux, OS X · · Score: 5, Interesting

    Anti-virus is a security last resort. If you've already downloaded or executed malware, then anti-virus might prevent it from running, or might be able to remove it if it already has. But it can't detect everything. It can only detect common malware. Linux doesn't have any common malware, and I'm not sure about Mac. There is clamav, but that's mostly detecting Windows viruses across platforms.

    One additional advantage(in institutional setups, home users are screwed) is that the presence of AV requires the designers of viruses to make a choice: Either you attempt to lay low, and take the risk that a future update of the AV package will detect your virus, or you go all cyber-AIDS on the system and attempt to throw a spanner in the AV system or its update mechanism. In the latter case, the client generally stops responding to the AV management server, which throws up a major red flag. At that point, you either pull the system aside for a more detailed chat, or nuke it, depending on your priorities.

    It's like trying to scare off ninjas by deploying mall cops. The mall cops are hopelessly outmatched; but they will, on occasion, stumble across a ninja, which forces the ninjas to either passively risk detection or actively start killing the mall cops, which alerts you to their presence.

  19. Re:A few details on Osama Bin Laden Reported Dead, Body In US Hands · · Score: 5, Interesting

    One wonders if he was moving around pretty frequently, and this just happened to be where they caught up with him, or if a mansion outside the capital is actually a good-enough hiding spot. If the latter, he must have had the same sort of 'deep roots in the community' that have historically allowed organized crime leaders to live more or less openly for long periods of time...

  20. Re:Why is NTFS read only. on OpenBSD 4.9 Released · · Score: 5, Insightful

    The specifications for NTFS are completely closed. If it's what Windows produces when told to format a volume as NTFS, it is NTFS. There are reverse-engineered attempts(NTFS-3G being the most practical, if rather slow); but they aren't entirely to the point where you'd want to trust vital data to them.

    In the specific case of OpenBSD, I suspect that the read-only support is because the OpenBSD team has very low tolerance for what they see as crap. If they can't support something the way that they want to, they can and will just toss it(see the Adaptec RAID driver case, or some wireless chipsets). They don't do binaries, they don't do NDAs, they don't do blobs. They also don't like software they consider to be of inadequate quality. Thus, since the state of full NTFS support is a bit dodgy, it is entirely in character for them to drop it.

    More broadly, NTFS read/write isn't really something that there is a strong incentive in the OSS world to polish to a high sheen. NTFS-3G is pretty much good enough for dual booters and rescue disks. NTFS doesn't have any points of superiority strong enough that building top-notch reverse-engineered support would be competitive with spending the same effort implementing a non-secret design. Also, for the sorts of purposes that pay the bills for a lot of Linux development, NTFS support is largely irrelevant. You don't dual-boot servers, and any halfway serious network setup is going to either use SMB/NFS(which makes the local filesystem irrelevant to all other hosts), or some filesystem with concurrent access support or other esoteric features that isn't NTFS.

    NTFS R/W is really just a convenience feature for sneakernet and dual-boot scenarios. Neither of those really pay for enough development to get a fully baked reverse engineering of a (quite complex) filesystem.

  21. Unfortunately... on European Commission Paints Itself Into ACTA Corner · · Score: 1

    One can only "paint oneself into a corner" if there are any likely consequences for whatever it is that one has just done. Given that supporting or not supporting ACTA is pretty much entirely a matter of which master you are serving, the EC could have just had an intern hammer out a couple of pages of Lorum Ipsum, change the font to Zapf Dingbats, and print it up. As it is, they kindly went to the trouble of regurgitating nonsense that bears a substantial resemblance to a natural-language argument. Polite; but hardly necessary.

  22. Re:Unfortunately on Idle: Fairytale Character Map Raises Ire In Russia and Ukraine · · Score: 1, Interesting

    I always have to marvel at the cognitive dysfunction of people who would rather have cultural antiquities locked away behind a mass of litigation. I can't tell if it is an occurrence of the 'ren-faire fallacy'(virtually everyone in medieval europe was a squalid peasant. virtually everyone at the ren-faire is pretending to be a knight or better...) where they think that they will be the ones who will end up owning it; or if it is a case of vindictive hurt feelings("I feel very strongly about the birthplace of an imaginary talking cake, therefore it must be depicted my way or not at all.")

    Either way, WTF, dude?

  23. Re:Something wrong here on Robo-Gunsight System Makes Sniper's Life Easier · · Score: 1

    Honestly, I'd be more disturbed by the consequences of separation if it weren't for the (long, ugly) historical record of what people are, in sufficiently large numbers to make it practical, more than willing, even enthusiastic, to do face-to-face.

  24. Re:Overpowered? on Robo-Gunsight System Makes Sniper's Life Easier · · Score: 2

    I'm pretty sure you have the terminology wrong: We are the infidels. They are either the terrorists(establishment clause compliant term) or the heathens(for the "American is a Christian Nation" enthusiasts).

  25. Re:Why not just deploy a Robot to take the shot? on Robo-Gunsight System Makes Sniper's Life Easier · · Score: 1

    I suspect that reasonably long endurance and quiet movement across irregular terrain will remain tricky for quite some time; but I'd be more optimistic about passive sensing.

    Machine vision, while not entirely mature, is steadily improving, and CCD/lens combos that can collect more than enough photons at light levels where you can't see your hand in front of your face(and can do so at wavelengths well further into IR than a human can, if desired) are already available, just expensive.

    A full replacement for humans on the ground seems quite unlikely; but some combination of substantial machine augmentation of those humans and the introduction of drone aircraft capable of using something a bit more precise than high explosive missiles seems quite likely in the relatively near future.