Slashdot Mirror


User: argent

argent's activity in the archive.

Stories
0
Comments
12,456
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,456

  1. This is more "smart network, dumb device" logic. on The Dumber Android Is, the Better, Say Experts · · Score: 4, Interesting

    This is the old telecom industry chant. "Let's put the smarts in the network, they say, where they're out of touch and nobody can even get in to attack them, and have dumb devices out on the edge. Blue boxes are just a rumor."

    By all means it should be possible to make dumb phones with Java sandboxes around third party software using Android. Yes, every layer of security is good. But it's not perfect... if you put everything you want to protect inside the sandbox, who cares whether someone breaks out of it or not?

    Don't forget, the OS they're basing it on was designed for timesharing use, where it was common for people who had very different security requirements running code together on the same computer. Linux is a relatively young implementation of UNIX, but it's still using the same design that was able to keep some of the world's smartest CS undergrads from getting at the test papers and scores stored on the very same computers as their class accounts in the early '80s.

    And some of the biggest vulnerabilities available to attackers on any platform are in application layers, in code doing what it was designed to do, with no individual component violating any constraint that a sandbox would prevent. The biggest problems are not implementation flaws, they're design flaws.

    That's why, despite years of warnings from antivirus company experts, we don't have a flood of smartphone viruses... because PalmOS and Pocket PC and the rest don't have multiple internal firewalls like UNIX or Windows NT, but they're also not designed around a model of accepting code from untrusted sources and running it, like Windows is.

    Get the application design right, and you're solid. Get it wrong, and you lose... no matter whether the kernel is inviolate or not.

  2. Or antimatter, cosmic string, or other buzzword. on Crater From 1908 Tunguska Blast Found · · Score: 1

    The speculation that the Tunguska impact might have been a quantum black hole was rife during the brief period between Hawking's conception of the idea and his later demolition of it. Larry Niven used it as part of the background for his 1975 short story "The Borderlands of Sol", starring Beywulf Schaffer and a distant descendant of the physicist and SF writer Robert Forward.

    David Brin's 1990 novel Earth is about an artificial super-dense object, a quantum string as massive and much longer lived than a black hole, that has been injected into the Earth to destroy it. The possibility that the injection point was Tunguska is brought up.

    Antimatter has been another popular explanation for the Tunguska event.

  3. "Open access" means "NIH pays" on Bill to Require Open Access to Scientific Papers · · Score: 1

    We're talking about research funded by NIH grants, so if it costs $X,000 extra to publish in an OA journal, that's money the NIH will have to provide one way or another.

  4. Re:Undercutting TFA by $15.00... on Low-Cost Board Runs Linux, Google Apps · · Score: 1

    You can always spend more money and get a better system, or spend less money and get a worse. The board in TFA's main advantage was price... lord knows the VIA chips are none of them bahn-burners. If you really need more capability than the board I dug up provides, will the GOS system be any better suited to the job? I also found a better setup for about as much more than the board in TFA just down the street from here: which I previously posted about.

    And on the other hand, if the GOS box will do the job, it's probably one even a pre-MMX Pentium will do just as well. Like my firewall: an almost 10 year old white-box PC I recovered from a dumpster, and I haven't found a good reason to replace it yet.

  5. If the CPU isn't good enough, is the GOS? on Low-Cost Board Runs Linux, Google Apps · · Score: 1

    Over 4 years (expected lifespan?) how much is your time worth to you?

    Enough to spend an extra $15 over TFA and get an AMD CPU, and a motherboard with an AM2 socket and nVidia GPU. If this setup isn't good enough, then likely the C7 1.5 GHz isn't either.

  6. Undercutting TFA by $15.00... on Low-Cost Board Runs Linux, Google Apps · · Score: 1

    http://www.newegg.com/Product/Product.asp?Item=N82E16813185103&ATT=13-185-103
    * PC CHIPS M789CG(3.0A) VIA C3 Samual 2 2000+(800MHz/133) VIA CLE266 Mini ITX Motherboard/CPU Combo
    * $44.99

  7. Directron FTW on Low-Cost Board Runs Linux, Google Apps · · Score: 2, Informative

    How about this then?

    http://www.directron.com/nf61sm7comb58.html

    Biostar NF61S Micro 754 Motherboard and AMD Athlon 3100+ CPU with Cooler, $72.99

    1 ATA + 2 SATA, plus nVidia GPU.

  8. Not until we get real-time raytracing. on Nintendo's Iwata Says Old Console Cycle Dead · · Score: 1

    Let's keep the arms race up long enough that we get real-time raytracing for arbitrary geometry at a reasonable price.

    That way we can do reasonable quality VR without having to spend thousands of man-hours fine-tuning every goddamn detail, prebaking textures, oversimplifying scenes to suit the limitations of conventional rasterization, ...

  9. Re:It's not just targeted phishing... on Highly Targeted Phishing From Salesforce.com Leak · · Score: 2, Insightful

    Crying wolf isn't the problem.

    It sure is.

    This isn't just phishing I'm talking about, this is a remote execution attack that works because the user is trained to answer "yes" when they see a security dialog.

    If your software is asking the user "Do you want me to do (dangerous thing)?" often enough that the user is conditioned to respond in the affirmative, that's a problem. Internet Explorer should have had every single capability related to the one that Gator used removed from the browser in 1997. In fact, I honestly expected Microsoft to do to logical thing and back out most of the browser/desktop integration and reimplement it with a "default closed" model that required explicit installation of plugins by the end of that year. Boy was I naive.

  10. Have NetApp changed their OS? And who shot first? on Sun To Seek Injunction, Damages Against NetApp · · Score: 1

    The port is done to FreeBSD, the OS on which Net App's filers are built.


    Last I checked NetApp's filers contained code from NetBSD, not FreeBSD. And they're definitely not just an application running on top of Net, Free, or any other BSD.

    Unless NetApp's made some big changes somewhere, this sure sounds like Jonathan's own research is a bit shakey.

    Bill Todd's comment, starting Methinks you'd have a somewhat stronger leg to stand on if the legal posturing hadn't begun with *your* demanding $36 million from NetApp due to alleged infringement of *your* patents. While their response was also heavy-handed, it's difficult under those circumstances to call it unjustified. and the linked comment a couple messages further down on NetApp's blog make me wonder which of these guys is Han and which is Greedo.
  11. It's not just targeted phishing... on Highly Targeted Phishing From Salesforce.com Leak · · Score: 4, Funny

    If you know about a security hole in a product, and you write a program to attack it, and fire it off at a specific target, odds are poor that any antivirus software will catch it. And if it's a remote execute vulnerability, the target won't have a chance to avoid being phished, because it'll all happen automatically.

    Also, there's software (like Internet Explorer) that pretty much trains people to fall victim to "thin" social engineering attacks (by, for example, crying wolf hundreds of times a day). This means that these attacks work often enough that if you can target a few hundred people at a specific location you'll get one, and they happen often enough that it's not even suspicious for a few hundred people at a location to get a dialog box asking if they want to infect their computer now.

    Antivirus software can't help.

    Security is like sex.

    Once you're penetrated you're fucked.

  12. Um, that's what Apple *does* on Asus Insider Claims Apple Tablet Is Real · · Score: 1

    It still doesn't explain the fact that Apple offered a crippled device just to protect their "experience", instead of giving users something far more powerful, and giving them the choice to use it if they want to.

    That's what Apple *does*. That's their *business model*. It's why I was amazed when they failed to commoditise OS X to the level that they were originally rumored (they were allegedly not even going to provide the BSD subsystem as a user-visible feature).

  13. Re:Niche market... on Asus Insider Claims Apple Tablet Is Real · · Score: 1

    Tablet technology is not so needed outside of artistic purposes and taking notes purposes.

    I think I'd put that "tablet technology is not so much needed outside of art and highly mobile use."

    You can't use a conventional laptop two-handed. You need a third hand... a flat surface or some other support, to type or interact with it. The name "laptop" is almost a misnomer, because even a lap isn't really enough in many situations... you really need an easy chair, couch, or bed for your lap to be big enough, stable enough, and the seat comfortable enough. When you have that surface a keyboard has significant advantages over a tablet, but when you don't the keyboard is pretty much unusable. Note taking is one kind of highly mobile use, and a very obvious one, but it's by no means the only one.

    I'm not a big tablet fan, I prefer the handheld form factor myself, but I could easily see using a decent mobile tablet instead if it was small enough and worked well enough. Microsoft hasn't been willing or able to fill that niche, Windows NT has been too heavy for handhelds and the tablet PC is too expensive for general use (Tablet PCs make Apple notebooks look cheap), and they pretty much killed the more affordable Windows CE tablets by not updating them to along with Pocket PC.

    Being that Macs are a niche market

    I don't think that you understand the term "niche market". It doesn't mean "a small market share".

  14. I think you're reading too much between the lines. on Asus Insider Claims Apple Tablet Is Real · · Score: 1

    What are the reasons (according to the news item submitter) the iPhone would be a miserable failure if not for Apple's usual getting away with murder tricking the consumer into buying inferior products?

    The range between 'a miserable failure' (what you think you read) and 'the most desirable phone on the planet' (what the submitter wrote) is pretty damn large. A phone can just be "really successful" or even "one of the most popular phones on the planet" without being "the most desirable phone on the planet", so it's not exactly reasonable to assume only the two extreme outcomes were on the submitter's mind.

    In addition, the submitter didn't imply that the iPhone succeeded because of a trick. There have been a number of reasons given for the iPhone's popularity, by people both pro- and anti- Apple, as well as every preference inbetween. Why apply the worst cast to the text?

  15. Niche market... on Asus Insider Claims Apple Tablet Is Real · · Score: 1

    The Tablet PC is a failure outside a niche market. You've got a lot of friends in that market, but that doesn't mean it's not a niche, and it's pretty rare to find one anywhere else.

    What would make a Tablet Mac seen as a success or a failure would be whether it could get broad usage outside that niche, so not having OC isn't necessarily as important as you think it is.

  16. Re:Couldn't replicate this bug on Data Loss Bug In OS X 10.5 Leopard · · Score: 1

    What's more likely that, the remote filesharing process will go down, or that something will go wrong with the network connection along the way?

    Depends on what actually happened, and what broke the Finder.

    If the Finder broke because it blocked writing data to a hung socket, that's different than if the Finder broke because of an error handling bug when it wasn't expecting the condition reported when the connection was torn down.

    In the former case, any failure on the server that closes the connection will likely still trigger the bug. And since Leopard Finder uses multithreading more aggressively it may avoid getting badly blocked on a hung thread.

    In the latter case, there are likely to be other data loss scenarios lurking.

    Either way, it's a real problem.

    Finder's pretty long in the tooth. It needs a fresh rewrite, starting over from with the NeXT file manager and without the legacy Carbonized Classic code that came over from the OS 9 Finder.

  17. Re:Couldn't replicate this bug on Data Loss Bug In OS X 10.5 Leopard · · Score: 1

    The Finder crashed and relaunched, leaving an orphaned Spotlight search window which forever hung there in an unusable state.

    If the finder crashed, then why would you expect your test to be replicating this failure mode?

    Try killing the file sharing process on the other side instead of just killing the network connection.

  18. You can do the same thing without Windows. on Data Loss Bug In OS X 10.5 Leopard · · Score: 1

    You can pull a USB drive out.

    You can kill smbd on another Mac.

    You can pull your bloody network cable out.

    don't disconnect drives while doing destructive commands.

    It happens. You're right, this is only a problem when you're faced with an unexpected I/O error. The thing is, when that occurs, you're supposed to recover from it and NOT complete the copy-and-delete as if it hadn't.

  19. FIX THE FUCKING FINDER on Data Loss Bug In OS X 10.5 Leopard · · Score: 1

    The workaround for this is to not use Finder, basically.

    Apple, fix the fucking finder. At the very least dig the fucking source code to the NeXT file manager out of the crypt and put it up under the APSL so we can take over for you with a file manager that isn't based on the rotting corpse of Classic Mac OS.

    Finder is pretty much the last revenant shred of the grave-cloths of the old Mac. We know you're really really into it, but it's really really bloody horrid. Let it go to its rest, 'kay?

  20. Military training, sir. on Bot-avatar Pesters Second Life Users (For Science!) · · Score: 1

    Just keeping track on potential recruits, sir.

  21. And for five people reading slashdot... on Google Announces "Open Phone" Coalition, No gPhone [Updated] · · Score: 1

    From the video, referring to the UNIX command line, "five people reading slashdot will be all over this"...

  22. Re:Reciprocal licensing. on Google Announces "Open Phone" Coalition, No gPhone [Updated] · · Score: 1

    If you can't add your app to the menu without cracking the menu system, and you can't replace the menu without recompiling the relevant parts of the operating system / firmware, you're pretty much screwed.

    You're only screwed if you're not willing to recompile the kernel. You dismiss that option, but I don't think you should.

    In essence, your argument that no such "walled garden" exists can be falsified if the following is false: 'GPL software can't be used to encrypt data, because you can read the source code'.

    I disagree. An accurate analogy would be 'GPL software can't be used as a basis for copy protection style DRM, because you can read the source code'. I happen to agree with that statement... if you have the hardware in your hand, and the keys necessary to use the hardware are in the hardware, then the only thing keeping those keys out of your hands is keeping those keys in an obscure location. If you have the source code, you can find that location and extract those keys.

  23. Funny, but... on Bot-avatar Pesters Second Life Users (For Science!) · · Score: 1

    Your kid ever play paintball, laser-tag, or anything like that?

  24. How heavy's your battery? on Ultracapacitors Soon to Replace Many Batteries? · · Score: 1

    So if you want to replace a 1KG laptop battery, you are looking at at least 10KGs of modern ultra capacitors to replace it.

    So perhaps his laptop has a 0.3kg battery?

    PS: it's "kg", not "KG".

  25. Open source, yes. Open system? Don't know. on Google Announces "Open Phone" Coalition, No gPhone [Updated] · · Score: 1

    is the OS of the phone truely open source, or have they just opened up specifications for utilizing the OS?

    If it's Linux, the kernel is open source. The article says it's Linux.

    The bigger question is whether the specifications are open, or whether it's got binary blobs to talk to the hardware.