Slashdot Mirror


User: plover

plover's activity in the archive.

Stories
0
Comments
7,233
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,233

  1. Re:comments... on How To Conduct Your Very Own Buffer Overflow · · Score: 1
    heh, your post is probably causing a bigger slashdotting than he'd otherwise suffer from. For example, in the 8 seconds I reloaded before getting bored to tears, I watched the counter climb 50 hits.

    I wonder how many people are going to attack his hosting provider now? :-)

  2. Re:Yes and No. on FCC Broadcast Flag Struck Down · · Score: 2, Interesting
    Bzzt! Wrong answer, but thanks for playing our home edition!

    This Congress and this adminstration are so firmly in the pockets of large corporations that I am having a hard time comprehending it. Review every decision made, every law passed in the last five years, and you'll see that it's been tipped in favor of large corporations. The Bankruptcy Bill? Authored by Visa. The war on the crazy man blocking our oil? Halliburton, Exxon et al. The Social Security plan? Wall Street. Copyright extension? Disney. Lawsuit damage caps? Insurance industry, pharmaceutical industry. Every single piece of legislation they've enacted has been slanted to corporations that have paid good money for them.

    If the broadcast flag meant that you'd have to buy a whole new TV from Sony, then sign this Congress up! Sony's got lots of money to spend on Congressmen.

  3. Re:Privacy Alert! Maybe not. on Microsoft To Add A Black Box To Windows · · Score: 1
    I would suspect your employer would embrace the black box, and you would too if you'd bother to find out what the black box does, how it does it, how it can be used, and how it can be disabled.

    First, nothing says the data log has to be shipped to Microsoft for analysis. It's kept on your machine; in case you ask them for help, they can ask you to send it. You're free to say "no, it has my taxes on it" or "never mind, I want to keep my goat pr0n private." It's also typically kept in a circular buffer that's several megabytes in size. I'm pretty sure Microsoft won't want to receive 5MB unrequested logs for every application crash.

    Next, the log is extremely difficult to read without the proper software. I'm not saying if it will be encrypted or not because I do not know, but I do know the unencrypted data is pretty 'cryptic.' I found it contains data that's much less readable than a raw memory dump. This is by design -- the vendor only makes money by selling the debugger consoles; the black boxes are distributed with free licenses.

    If your company does purchase the consoles (and you're a developer,) I'd suggest asking (begging) them to license one to your desktop. This thing is one of the greatest debugging tools ever. It's kind of a bitch to set up, but once you get one running, it's definitely got the WOW! factor going. No more asking your clients "so what key did you press?" and getting "I just hit Enter!" in reply. You don't even ask them: you just watch the playback of their screen, and you can see them click the "divide by zero" button, or whatever else they may have done wrong. (BTW, that means you should fix the UI so they can't do that.) Or, you start at the point of the crash and hit "play in reverse", watching what happened prior to the crash.

    If you have full capture going (you might do this to catch an intermittent bug) you can turn it on at such detail that it can display your executing code line by line with the source (assuming you still have the PDB files generated by the linker.) It's very much like watching it in a regular debugger, except you can step backwards as well as forwards. This seriously affects performance, though, so I only turn it on with the cooperation of the user or tester, and then I typically only watch a few select objects, not the whole of the codebase.

    You can also click "compare all loaded modules with a gold standard" to figure out what's different in their environment. Nothing induces "Aha!" like finding out they have a pre-release version of IMPORTANT_CRAP.DLL instead of the shipping version.

    std::disclaimer("I have no relationship to Identify Software or to Microsoft, other than as a satisified customer of Identify."};

  4. Re:I rebooted my truck last month on Cars that Can't Crash? · · Score: 1
    In all seriousness, why do you drive a pickup truck to a restaurant?

    To eat dinner. :-)

    The truck is my vehicle. If I'm driving, I drive my truck. If my wife is driving (or if my son is going with us,) she drives her car.

  5. Re:That's frightening on Taking on an Online Extortionist · · Score: 1
    Very interesting. I was under the impression these botnets still ran clients to some hijacked IRC server somewhere; but apparently that's just sooooo 2003. :-) I forgot that most people aren't running firewalls at home, and that they're wide open to P2P crap.

    But still, you don't have to break the botnet. Although breaking it would be clever, all you really have to do is identify the incoming ... oh, crap. Another moment of realization -- forged IP headers. You have no idea where any of these attacks originate. Sigh. You do have to break the botnet.

    OK, since success in rolling these botnets up now relies on identifying infected zombies, I suppose you must operate a series of honeypots to collect zombie client info. And I suppose you then reverse-engineer the incoming bots to discover the communications layer. Is it even possible to "decrypt" these communications to see where commands come from, (or to send your own such as "disable yourself" :-) ?

    That would be the ultimate weapon: write your own "reverse bot" that would use the existing botnet infrastructure to spread itself as a new attack client, and instead of launching an attack on command it would send a report of "I'm a bot and I'm at IP x.x.x.x / MAC yy, this is my peer list, this is a list of IPs that have sent me commands" info back to your server. It would be a brilliant piece of vigilante work that I'm sure would get the ethics crowd's undies tied in a knot. But imagine rolling up most of the botnet and the attackers in one shot! That would be uber leet.

    I imagine the only way to rollup a hardware attack such as the Ixia you mention would be traffic analysis, one router at a time; and then you have to hope that not only does each router owner cooperate, but that he's not personally involved in the shenanigans, steering you the wrong way.

    Well, at least you have job security! While I don't envy you, I'm sure there's got to be a ton of work out there for you. Happy hunting!

  6. Re:That's frightening on Taking on an Online Extortionist · · Score: 1
    No, I'm not suggesting they run around with an XP SP2 disc and update everyone.

    I'm suggesting that if they discover a bot at address 1.2.3.4 that they notify that addresses ISP that there's a bot that needs to be taken care of. The ISP could turn them off instantly.

  7. That's frightening on Taking on an Online Extortionist · · Score: 5, Interesting
    It's a brilliant story, and you've got to applaud the guys at the victim site for sticking up for themselves.

    It makes me wonder if this new anti-DDoS company can somehow establish relationships with ISPs to track back the zombies and get them shut down more quickly? Seems that would be the sanest and most effective tool -- take away the bots. No bots -- no botnet -- no attacks.

  8. Re:This is sick on Hong Kong Boy Scouts to Protect IP · · Score: 1
    One of the problems of being a merit badge counselor is that while you can TEACH the boys anything about the subject, the requirements for the merit badge are fixed by the BSA until they're updated. As a counselor, you are not permitted to change those requirements.

    The Computers merit badge requirements are always hopelessly out of date at the time of their introduction. The list you have at least removed some of their previous mentions of technology, such as "using a 14,400 bps modem, connect to an online service", or "copy a diskette".

    Merit badge requirements are, like so many other things in scouting, designed by a mostly well-intentioned committee of volunteers. But some members have their pet ideas, and some have their hidden agendas, and most of them are old and retired. As a matter of fact, most are so old that they have no idea what's current in the industry anyway. In the end they produce a mostly functioning document that the rest of us have to complain about for the next 5-10 years.

    This old process works OK for the static merit badges such as "Bugling", or "Camping". But when you start getting into badges with technological components, (think Electronics, or even Bicycling) then currency becomes an issue. Some badges that hadn't changed for dozens of years have recently become almost obsolete due to technological advances: Photography, Electronics, Astronomy, just to name a few.

    There are other pressures on the merit badges, too. Archery has changed dramatically over the years, mostly due to the lack of need -- in the 1930s, young rural boys were fully expected to bring home wild game such as rabbits for dinner, and bows and arrows were commonly available to them. Your demonstrated skills would actually put food on the table. Today, the Fishing merit badge requires only that you prepare a fish, but NOT eat it, recognizing that fish from certain waters contain high levels of toxins.

  9. I rebooted my truck last month on Cars that Can't Crash? · · Score: 4, Interesting
    Hey, I had to reboot my 2002 Ford pickup truck last month. Seriously.

    Just a few weeks ago my wife and I were leaving a restaurant's parking lot after dinner and the engine was running really rough. I mean really, really rough, and this truck has always run fine before. It coughed and it gasped, and the power was just not there. I stopped and started the engine, but it still continued to run rough. I got maybe a half mile down the road when I realized I wasn't even going to make it home.

    I pulled to the shoulder, and was going to phone my son to come pick us up when I said "hey, what happens if I reboot this thing?" So I turned off the engine, let it sit totally dark for about five seconds, then started it up. It started right up and took off, no problems, no choking, no gasping.

    A cold reboot fixed my truck.

    And now Microsoft wants them to run WINDOWS on this thing? Words fail me.

  10. Re:Computing is not free. on AMD 'Venice' Core Shows Big Drop in Power Needs · · Score: 2, Informative
    Pay attention! You even quoted my words correctly: "contests". Distributed.net is a CONTEST, one for which we already know the answer: RC-72 will take 2^8 times the resource to solve than RC-64. It's simple math.

    Don't get me wrong: distributed.net's RC-64 challenge did a great service by empirically demonstrating several things: the power of lots of computers; the ability and willingness of people to donate to a worthwhile cause; that brute-force can break a cypher; they empirically tested that the amount of brute force required was right where they expected it to be (IIRC 75% of the keyspace was searched before a solution was found); the contest was not shut down by poisoned packets sent by malicious hackers; it verified Moore's Law (looking at the charts of keys-per-second-per-machine over time); it showed how well fat binaries could be used to optimize the hunt on a per-processor basis; and the list of benefits goes on.

    But it's over. RC-64 already proved all of these things. It already proved everything that could be proved about a large key-cracking contest. RC-72 will prove nothing new. All it will do is deplete the country of energy. It's stupid in the extreme to continue that contest.

    However, proteome folding is NOT a contest. It's research. There are no prizes for the winners, only the satisfaction of knowing you've helped contribute to furthering medical / chemical knowledge. I have no problem with the WCG taking on the noble challenges and helping solve them.

    There's also a "grey" middle ground: SETI@home. I guess this one is a "take it on faith" effort -- if you believe (or if you "want to believe" :) in little green men, flying saucers, Vulcans, Klingons, an ascended Marconi or even Cylons, fine. I'm not even complaining about using energy to look for things like this.

    My complaint is that d.net has degenerated to a simple "random number hunt." If d.net switches gears, and sends a new client to everyone saying "gosh, we've realized we're just burning electrons here, your clients are now joining the WCG" that would be fine. But they're not. They're continuing what is essentially computational masturbation, and they've got a large chunk of Slashdot readers suckered into continued participation. And I don't understand the appeal, because it's not logical to continue it. No benefits can be gained.

    If it's prize money you're after, you're something like 2^23 times more likely to win the powerball lottery by investing a single dollar in lottery tickets than you are in investing that same dollar in electricity to feed the RC-72 contest.

  11. Re:Computing is not free. on AMD 'Venice' Core Shows Big Drop in Power Needs · · Score: 1
    I didn't claim to have a completely accurate study, sampling thousands of boxes with a mixture of dozens of chipsets. That's why I used the word "assumptions". They can be wrong.

    The point is that I was tipped to consider this when I noticed the room where I keep my computer's temperature was elevated by almost 10 degrees F, and it occured immediately after installing distributed.net. I opened the door and it was like entering a desert. My knees could feel the radiated warmth as I sat in front of it. This was far from the machine's "normal" temperatures, and was approaching the temperatures I noticed only after extended gaming sessions.

    So, I started googling for CPU power usage idle vs. full load, and found very few published statistics at that time (this was a couple of years ago.) Not having a power meter directly attached to the computer, I had to rely on a few numbers I found via Google. A simple reality check I performed tended to confirm those numbers -- I compared the warmth of the machine with the warmth of a 60 W light bulb placed under the desk. Both provided roughly the same level of uncomfortable warmth.

    I tried to err on the side of conservation. I counted only my processor, and no ancillary energy usage. I used the simplest difference I could find. And I know I only took into account the consumption of an Athlon 1200, and wasn't concerned about other computers or their power consumption rates.

    So no, it was not rocket science. It was kitchen science. I could be off by as much as an order of magnitude. But here's the big kicker that you're sidestepping: even if I'm off by five coal trains worth of electricity, that still means we've burned five extra trains full of coal for the RC-64 contest, and we're looking at thousands of trains full of coal to complete the RC-72 challenge. At BEST, it's only an irresponsible waste of resources.

  12. Re:Your numbers are flawed on AMD 'Venice' Core Shows Big Drop in Power Needs · · Score: 1
    I tried the WCG proteome project here at work on my dual Xeon, but found it wasn't a very polite process. It was interfering with real work, so out it went. Of course, that was the initial few weeks of the WCG, and I'm sure they must have improved it somewhat by now, but it still wasn't a good experience.

    Right now, I'd rather let the box idle.

    On a side note, our company has talked about exploring a distributed.net-like system for batch computing. With all the desktops sitting idle at night, for the cost of some software and some electricity they could have several mainframes worth of power doing some real work. I thought that was an interesting-sounding project.

  13. Re:Computing is not free. on AMD 'Venice' Core Shows Big Drop in Power Needs · · Score: 2, Interesting

    Not me, sorry. But I find it interesting that other people have independently come to the same conclusion.

  14. Re:Your numbers are flawed on AMD 'Venice' Core Shows Big Drop in Power Needs · · Score: 1
    Fixing your ductwork would be an appropriate solution to your problem.

    You should have your air moving for two reasons. The first is to obtain the benefits of evening out the cooler/warmer air, but the second is more important. The stagnant air in your basement promotes the growth of mold. If you're convinced that you don't already have a mold problem, cutting in a few new ducts (and venting them at floor level) plus adding some desperately needed cold air returns sounds like it would do you a lot of good. That, and run your furnace fan even when you're not actively heating or cooling. We run ours just about all the time, except when the windows are open.

    Of course, that fan probably draws more electricity than the CPU :-o

  15. Re:Computing is not free. on AMD 'Venice' Core Shows Big Drop in Power Needs · · Score: 2, Informative
    When I did my initial research, I checked the U.S. Department of Energy's web site to find out what fueled the nation's electricity. As I recall, it's still about 50-75% coal based. I know my electric co-op owns a coal-fired generator in North Dakota (they offer tours), and owns transmission lines across the state to deliver it to us. While they have a few wind turbines located in southern Minnesota, all of that electricity is spoken for by people who have paid a premium for wind-generated power. So since my electricity is 100% coal based (except for a peak plant that's fired by natural gas,) I based my numbers on it.

    Laugh or not, this country is heavily dependent on coal. Not that I think that any money spent by W. Shrub is going to have any effect other than fill some corporate coffers, if there's a real chance that they can produce more efficient plants or cleaner stacks, then we ought to explore it. Coal emissions are responsible for much of our atmospheric mercury, as well as a number of other pollutants.

  16. Re:Why weren't you the preview button!?! on Tracking Sex Offenders via GPS for Life · · Score: 1
    Actually, it sounds like we have somewhat similar viewpoints on this, (and I think most people do.) It was hard to come up with a coherent post that reflected my deep desire to punish these people, to keep society safe, and yet still not sink to the level of killing them. And I obviously failed.

    I guess where we differ is that I think punishment still needs to take place. First and foremost, retribution is actually high on the list of things victims of crimes needs to see happen. Not that I would wish it on anyone, but if such a crime ever happened to you or your child, you'd realize there's very little else to console you. Next, if there's no punishment, there's no disincentive to stop the criminals. (Prison time appears to not be much of a deterrent these days.) So despite your calling punishment "juvenile" or people who desire it "fetishists", it serves both of these purposes. And don't forget that the U.S. Constitution provides for punishment; as long as it's not "cruel and unusual." It makes no mention of 'rehabilitation," or "retooling" or "reentering society."

    Criminal sentencing needs to take all of this into account -- I just think the penalty phase of a trial always needs to be seen through the victim's eyes.

    Yes, I'd like to not waste money on useless incarceration. But when you look at how imperfect the criminal justice system is, you realize it's really a bad idea to kill people. And the controversies, well, it's not worth that either. Let them rot, forever.

    (Sorry these posts have been more than a bit rambling.)

  17. Re:Your numbers are flawed on AMD 'Venice' Core Shows Big Drop in Power Needs · · Score: 1
    I live in Minnesota. Yes, the waste heat was beneficial in the winter, but it needs to be removed by air conditioning through much of the summer (calm air and high humidity.) And I pay much more per BTU for electricity than I do for natural gas. Finally, the heating season is only six months or so -- the rest of the time the heat is truly wasted, either blown out the window by a fan or pumped out through the air conditioner.

    It's not that I can't afford it (I can.) Back then, bumping my key cracking rate was even a (small) factor in buying a faster CPU. But now my point is that the contest is done. The energy itself doesn't need to be expended. The coal doesn't need to be burned anymore. The RC-64 contest was terrific -- it proved that a distributed.net effort could happen, and served to confirm the mathematics. The RC-72 contest is only proving that people are too sheep-like to recognize that the proof already exists.

  18. Re:And why do we let them go free? on Tracking Sex Offenders via GPS for Life · · Score: 1, Interesting
    These are not people that can be rehabilitated. Sex offenders have amongst the highest rates of recidivism.

    They're wired wrong. They're defective people. What society needs is to protect itself from these people. Death penalty, life in prison, whatever it takes, just keep them away from the rest of us forever.

    Sure, if you can find a way, feel free to end the "punishment" phase of their sentence at 25 years. But the containment needs to be forever. Show me a system that enforces keeping these predators away from innocents while not punishing them, and I'll take that. But a GPS anklet is simply going to lead the cops to the guy who raped another child. And another child is going to be raped. So why did we let him out to reoffend? Because someone believed he could be "rehabilitated."

    That's what's wrong with us. We like to believe that some of these human-shaped cockroaches might have some good on the inside, that they can be fixed. But once they've actually committed child rape, that should be enough to permanently identify them as "defective". Permanently.

  19. Re:And why do we let them go free? on Tracking Sex Offenders via GPS for Life · · Score: 2, Interesting
    For predatory sex offenders, it's not so much about punishment as it is the protection of society as a whole. These are not people who "add value" to the rest of us. They cause misery; they give nothing. They spread mental illness amongst their victims in almost the same way that insects spread disease. These are defective people, they are not people we need to "help" or fix, they are people we need to keep away from other people forever and ever and ever.

    All that said, I'm still not a big fan of the death penalty. Since I don't buy into the whole "afterlife" thing, I think death is the easy way out for these people.

  20. Computing is not free. on AMD 'Venice' Core Shows Big Drop in Power Needs · · Score: 4, Interesting
    I did the math to figure out how much energy was being used by the distributed.net project a few years ago. I don't still have all the numbers handy, but I remember I came up with roughly 10 trains filled with coal were required to break RC-64. That was making assumptions that an idle CPU consumed 15 W and a busy CPU consumed 60 W.

    Now, these numbers were completely extrapolated from the key cracking rates I saw generated on my Athlon 1200, and estimates based on published power consumption. But it pointed out to me that these distributed contests are not good for us, and they're not free. It personally cost me about $40.00 / year in electricity. So, I don't play the distributed computing games any more.

  21. And why do we let them go free? on Tracking Sex Offenders via GPS for Life · · Score: 1, Flamebait
    From TFA: It establishes a mandatory sentence of at least 25 years behind bars for people convicted of certain sex crimes against children 11 and younger, with lifetime tracking by global positioning satellite after they are freed.

    Maybe I'm just not realistic about this, but why are we ever allowing child predators to go free, ever? I'm half-wondering what part of a civilized society even allows people like this to continue to consume food and oxygen?

    I know that historically, the rich and powerful (especially amongst conquering armies) chose children as spoils of war. (And it still occurs in many third-world countries, especially amongst war orphans.) But why do we continue to allow this behavior to go mostly unpunished? What's wrong with us?

  22. Re:Don't want it, don't use it on Kernel Changes Draw Concern · · Score: 1
    It's also true for Windows.

    Windows eXP (embedded XP) allows the OS embedder to pick and choose exactly which modules they want to include in their build, or which modules to omit. It comes with a GUI tool that allows you to prune entire branches of functionality (telephony, group security policy, that sort of thing) or tiny individual pieces (parallel port drivers.) We've used it at work to produce a slimmed down (*cough*) version of XP that has a 200MB footprint. Compare that to the over 1GB footprint of retail XP, and it offers the ability to extend the lifetime of some of our older hardware.

    It also offers some minor security benefits: if you've trimmed out RPC functionality, for example, you don't have to worry about Sasser worms or distribute the updates to protect against them.

    Of course, it's not free. You get to pay a lot to remove functionality. I just wanted to point out that it's not an advantage inherently belonging only to open source.

  23. Re:Don't confuse encryption with undocumented RAW! on Adobe Blasts Nikon's Closed File Format · · Score: 1
    I thought it was Nikon that raised the ruckus by threatening Adobe with it.

    No, Adobe is preemptively whining about it, wanting to follow the letter of the law because they themselves have a lot invested in crappy "encryption".

  24. Re:Don't confuse encryption with undocumented RAW! on Adobe Blasts Nikon's Closed File Format · · Score: 1
    Oh, I know that white balance info is indeed useful. Personally, I hate going back to a block of pictures and "fixing" things because I forgot to set the WB before shooting. I was only pointing out that it's not "end of the world" kind of stuff.

    And yeah, the Nikon / Adobe thing is somewhat interesting. What I find most intriguing is that this is the same Adobe that filed a DMCA complaint against Dmitri Skylarov for "breaking" their exact same crappy XOR encryption model.

  25. Re:Don't confuse encryption with undocumented RAW! on Adobe Blasts Nikon's Closed File Format · · Score: 5, Insightful
    Umm, no.

    I just looked at dcraw.c and the parts pertaining to parsing Canon's white balance info simply use the camera model name to determine where in the RAW file Canon put the WB. Hardly "encryption", it's just an offset that varies by format.

    Canon appears to develop a unique RAW file format by camera model. That makes a "tiny" bit of sense in that each file can accurately describe precisely the data the camera is capable of producing. It makes it harder in the long run to support dozens of file formats, but that's a trade-off Canon appears to be willing to live with. Keep in mind that Canon has to eat their own dogfood, too -- every format they produce means a new software release to parse the RAW files. And Canon doesn't charge for these downloads -- once you've bought their camera, it comes with software and upgrades (so far) have been free. So there's no real economic incentive for them to continue this, but they do.

    What I think is most important regarding this issue is that it's simply a tempest in a teapot, being stirred by Adobe for their own political reasons. First, it's only on a single high-end pro camera -- affecting only a select set of professional photographers, most of whom have never heard of Open Source. Second, it's only white balance information. It's what the photographer told the camera about "white" or "gray" at the time of the shot, but it doesn't change the underlying image data. It's nothing that can't be recovered in the digital darkroom during processing. Finally, the encryption is trivial to break -- Adobe is raising a ruckus claiming the DMCA is preventing reverse engineering. In reality, most Open Source developers would simply ignore the DMCA and perform the decoding anyway.

    In the camera world Nikon stands alone in this stupidity, but it's really too small of a matter to concern any of us, (unless you're looking for a DMCA poster child to nail to the wall.)