Slashdot Mirror


User: mysidia

mysidia's activity in the archive.

Stories
0
Comments
13,354
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,354

  1. Re:Perhap the kernel's size is becoming too unweil on Hole In Linux Kernel Provides Root Rights · · Score: 1

    I won't dispute the value of code reviews, but something much simpler should have detected a reverted security patch.

    A simple test suite ought to detect code reversions.

    Just make it policy to write a thorough 'test' for any security or other critical bug is discovered. The test should be thorough and designed to detect the bug, cause the kernel to crash, or panic, if any known bug is still present.

    Then simply require the test suite to be run against the binary and all tests pass before a new kernel can be released.

    Virtualization or running the kernel in user mode (as un User-Mode linux) could be utilized to facilitate testing.

  2. Re:Perhap the kernel's size is becoming too unweil on Hole In Linux Kernel Provides Root Rights · · Score: 3, Insightful

    1 reverted security patch is a mistake.
    2 reverted security patches is a major mistake
    3 unintentionally reverted critical patches in 6 months is a pattern of major fuck-ups.

    I'm not saying people don't make mistakes. Part of the purpose of version control is to prevent such accidental reversions.

    A pattern of reverting security changes, and not detecting those reversions before the software goes to world-wide release is pretty inexcusable, in most reputable development firms... people would get fired over this.

    I suppose an interesting characteristic of the OSS development module is you can't fire people for screwing up, because they're not paid in the first place, they can follow slipshod practices as much as they like, with 'accidental' reversions or other changes all over the place

  3. Re:Perhap the kernel's size is becoming too unweil on Hole In Linux Kernel Provides Root Rights · · Score: 2, Insightful

    Yeah... at this point i'm wondering if there are some kernel developers who like there to be security bugs in the kernel?

    Why else would they revert the security patch? Polticial reasons? They don't like the fix?

    Or perhaps some of the kernel developers a black hats working covertly, and the 'fixes' cause them problems exploiting their secret bugs.......

  4. Re:Name on Developers Fork Mandriva Linux, Creating Mageia · · Score: 1

    I suggest GIMP rename and use a simpler name such as ImageManip or PicEdit

  5. Re:piloted aircraft CAUSE hurricanes on Remote Operated Aircraft Targets Hurricanes · · Score: 1

    Damn straight.... because there are 4 corner days 4 quads; cubic time cubes. That's 16 corners, not 8.

    The 16 corners are the one true number.
    4 days rotating simultaneously within a single rotation of earth. [sic]

    etc etc etc [paraphrasing timecube.com]

  6. Re:400 foot wingspan, no unimproved airfields on Boeing Gets $89M To Build Drone That Can Fly For 5 Years Straight · · Score: 1

    Launch it from flight? Mount it to the back of a plane, with wings stowed, take off with it.

    At 10000 feet, someone climbs up to it, mounts the 200ft wings on, undocks it, gets back in their plane, and flies back to the ground, while the 400ft beast is powering up and launching its automated flight programs.

  7. Re:Satellite replacement? on Boeing Gets $89M To Build Drone That Can Fly For 5 Years Straight · · Score: 2, Insightful

    The downside is that a slow moving drone, even at very high altitude like that, is pretty easy to shoot down.

    Only if you are looking for it, and you have suitable instruments to detect its position, and something to shoot that can actually go that far up.

  8. Re:I'm waiting for transaction-specific codes on Credit Cards That Think They Are Gadgets · · Score: 1

    An added part of that is that you then what the CC clearing houses to deal with a much larger number of CC numbers so you can use them as one time numbers. They'd have to keep all those numbers stored if they are randomly generated, OR they have to use a clearly defined way to generate the numbers

    No... the bank determines what 'account number' the payment card number is associated with. The clearinghouse is only concerned about forwarding the details of each transaction, and it's up to the CC issuer to approve.

    In the end, the result is that you've made a protocol more complex trying to make it obscure ... but its an open protocol so obscuring it is pointless, anyone can tell you how to unobscure it ...

    Protocols should not be obscure. The point is to allow existing infrastructure to be used; schemes based on generating card numbers are compatible with existing infrastructure, which is designed to handle those numbers. With one time pads, the entire payment processing infrastructure from the credit card terminal to the bank would have to be replaced.

    With a security scheme based on multiple CC numbers, and CVV numbers, existing infrastructure is capable of handling this without much modification.

    Some banks already provide mechanisms to "generate virtual CC numbers" for use online.

    You suggest banks store one time PADs, I suggest they store pre-generated batches of CC numbers, and pre-generated batches of security data (CVV numbers and offsets) for authenticating their use.

    One time pads are definitely more secure, but they are also massively more expensive to implement, because the infrastructure is not in place to deal with those.

    Just in the same way the processing infrastructure is not in place to be compatible with simply adding more digits to a credit card number for 'transaction number', 'date', 'dollar limit', and 'digital signature'

  9. I'm waiting for transaction-specific codes on Credit Cards That Think They Are Gadgets · · Score: 5, Interesting

    Cards that will populate the mag-strip with transaction-specific codes each time. So you can type the code in, the guy at the restaurant can pick up the card with your ticket, and swipe it once.

    But if he tries to scan the stripe and clone the card, the number he gets is useless, because it is transaction specific.

    I would envision each CC being allocated a block of 200 random CC numbers, to be used in sequence, when it is printed, 200 random initial CVV2 numbers, and 1000 random CVV2 offsets in the form of a number between 0 and 999. For each transaction, pick a number, with no number re-used until 199 more transactions have been made.

    Each time a number is used, the CVV2 is to be the initial CVV2 number plus the next CVV2 offset, modulo 999. CVV2 offsets are not re-used until 999 more transactions have been made.

    Each time a number is used, the CC company can determine it is valid and compute exactly the right CC and CVV2 numbers that should be used by the next 10 transactions.

    Unless there is delayed processing involved, they can also know to reject any number other than those 10.

    Even if there is delayed transaction processing involved, the CC company can know a code 199 transactions ago is "too old", because there have been transactions made since then that are too old.

    There should also be a way to enter a special PIN to generate a 'vendor specific' code that can be used for multiple transactions.

    Possibly assigning card users larger pools of numbers, so expiration dates, and dollar limits can be encoded using the CC# and CVV2.

    If multiple failures are detected with a CC# (e.g. someone tries to clone one number and try it with multiple CVVs), then that CC# is retired permanently, and the CC company sends the customer a new file to flash their credit card's memory with.

  10. Re:not protects on HDCP Master Key Is Legitimate; Blu-ray Is Cracked · · Score: 1

    Apple vs. Psystar is fundamentally different. in that Apple vs. Psystar, Apple has designed a technology to protect their specific work. And the technology is part of their work and protects their work.

    The HDCP system, however, is not a technology that protects any particular work. It is a technology employed in devices used to view media.

    The DMCA conditions the prohibition of circumvention technology by saying prohibited technology also: has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or

    And there can be a lot of commercially useful devices that beat HDCP. An excellent use case would be a conversion device, to allow you to play blue-ray content on older HDTVs that lack HDCP input. The commercially significant purpose results in (a)(2) not applying to such devices.

    There is no special scrambling a blu ray disk contains to "get HDCP"; HDCP is not 'part of the work', because HDCP is not scrambling performed on the work itself at the authority of the copyright owner.

    HDCP technology is a process provided at the authority of the player; the work is not scrambled, once decoded, the player scrambles it. If the player establishes a HDCP connection, then the data is transmitted encrypted, irrespective of any 'authority of the author', because the player operates on its own authority as designed by a manufacturer who is unrelated to the copyright owner.

    The DMCA doesn't say anything about circumvention of technological measures that control access to entire categories of media and viewing outputs of a device. The anti-circumvention provision is about protections applied to a work by copyright owner, not protections applied by unrelated third parties to a work.

    a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner

    The HDCP scheme is a protection system provided at the volition of the manufacturer of the playback device, even under ordinary operation, meaning the copyright owner is not the ultimate authority in protecting the work with HDCP (there is no "scrambling a work with HDCP" on the blu-ray disk; any scrambling on the blu ray disk is of a different sort).

  11. Re:not protects on HDCP Master Key Is Legitimate; Blu-ray Is Cracked · · Score: 1

    The DMCA doesn't have clauses against "unauthorized encryption". The DMCA has clauses against circumvention of copyright protection measures that effectively protects the copyright holder's exclusive rights.

    If the HDCP master keys are widely published, then HDCP no longer effectively protects access to the work, because simple methods of copying despite the protection are well known and readily available, e.g. the protection is ineffective...

    However, it is doubtful much comes of this. Pirates want to rip the source media, not try to play it and capture. Ripped HDMI or HDCP output is not the same as the source, especially in regards to special features of Blu-Ray disks, such as 'extras'

  12. Re:TFS is confusing on HDCP Master Key Is Legitimate; Blu-ray Is Cracked · · Score: 1

    Just because the transmission medium is capable of that does not mean the source is capable of having that much data. It makes no sense to capture more bits than are expressed in the original source; that just increases the output size without increasing the fidelity of what's captured; throwing away bits that don't express information doesn't make the result "imperfect".

    It's like trying to scan a photo print at 7000 DPI... no, that doesn't make it any more perfect, than a 800 DPI scan :)

  13. Re:TFS is confusing on HDCP Master Key Is Legitimate; Blu-ray Is Cracked · · Score: 1

    Probably nowhere, as HDCP will soon be obsolete and replaced with HDCP2 which all bluray players will be required to support exclusively now, forcing all consumers to replace both their players and TVs... yielding uber $$$$ for electronics manufacturers, maybe, or the failure of blu-ray, but not ending the US economic recession.

  14. Re:not protects on HDCP Master Key Is Legitimate; Blu-ray Is Cracked · · Score: 2, Insightful

    Actually... I think of it more like this... the real name should be DRD: Digital Rights Denial.

    The idea is to 'manage' the right to access what is stored on the media, in order to deny the user rights or access they would have if not for DRD.

    They call it DRM, because it sounds more palatable, and consumers can swallow it. "Rights Management" is just a marketing term or euphemism

  15. Re:not protects on HDCP Master Key Is Legitimate; Blu-ray Is Cracked · · Score: 2, Informative

    Just because you call it a "fact" does not mean it is a fact.

    Fact (n) a concept whose truth can be proved; "scientific hypotheses are not facts"

    Therefore, I challenge you to prove that there are no more than five people alive today that legitimately want to back up a piece of blu-ray media.

    If you cannot prove it, then it is not a fact at all.

  16. Re: Not in their best interests on Study Shows Testosterone is Bad For High-Stakes Decisions · · Score: 1

    Except perhaps if they're young and male and haven't necessarily yet fully matured their ability to be self-centered and self-interested? :-)

  17. Re:First Bid! on SCO Puts Unix Assets On the Block · · Score: 1

    I guess your $0 bid beats my bid of ( - $10 million )

  18. Re:Easily solved on Study Shows Testosterone is Bad For High-Stakes Decisions · · Score: 1

    I think that's an overreaction. (s)he said nothing about castrating only males. Females would of course be included in any such proposition.

    However, I don't think the world would be a better place if MBAs couldn't have babies. There would be fewer things to distract the corporates from pillaging the average hard working citizen.

  19. re: Not in their best interests on Study Shows Testosterone is Bad For High-Stakes Decisions · · Score: 5, Insightful

    are 'more likely to initiate, scrap or resist mergers and acquisitions' — even when it's not in their best interest. '

    'For instance, young CEOs, who have higher levels of testosterone, tend to reject offers even when this is against their interest.'

    First of all it says "even when it's not in their best interest". This is a strange claim. CEOs are not supposed to make decisions that are in their best interest anyways, they are specifically supposed to make decisions that are in their company's best interest, and in particular, that best serve the shareholders of their company. To intentionally do otherwise would be reckless, not what they agree to do by becoming CEO, and could get them sued, nonetheless.

    Second of all what is in a person (or company's) best interest is subjective. To claim they are acting against their interest, you are applying prescriptive measures --- that they in your opinion should do certain things. For example "facebook should have agreed to merge with twitter". That is your opinion, which might or might not bear out.

    To cast a point of view about whether it was in their best interests or not is "in retrospect". In retrospect it is always easy to say someone should or should not have done that, knowing the outcome. Not knowing the outcome, it is not so clear, and they are CEO there, not you, which is presumably out of some merit.

    “We find a strong association between male CEOs being young and their withdrawal rate of initiated mergers and acquisition,” says Prof. Levi, whose research relies on the established correlation between relative youth and increased levels of testosterone.

    I sense a case of post-hoc ergo propter hoc here.

    Perhaps a better explanation would be, they are young, so they are as individuals less experienced, less wise, their age could have something to do with it.

    Also, the fact that they're male doesn't mean testosterone -- if a different pattern was observed in females, there would be other differences besides testosterone difference.

    You can't have an anecdotal study and have it be a legitimate study. You can't rely on knowing the fact that males of that age tend to have higher levels of testosterone and assume these groups of CEOs have higher levels of testosterone because they fall into that age category.

    If you drew blood, you might find a totally different correlation between these CEOs and low levels of testosterone. Without even sampling the variable you are trying to make claims about, this is not an experiment, and not science.

  20. Re:Impossible? on Left-Handed Gamers Getting Left Behind? · · Score: 1

    People abuse the word literally so much web comics have made fun of it. Kind of like the whole affect / effect kind of thing.

    At least the folks using 'literally' in that context, can say they are intentionally exagerating, hyperbole, even though the word literally specifically means you are not exagerating!

    I don't think using the word "impossible" fits into the same category, however. Someone using the word impossible is just being intentionally lazy, much the way someone using 'literally' like that is being unintentionally or negligently lazy.

    It's an error, but not a minor or pedantic one. It falls under extreme exagerations, or hyperbole such as "This day will never end" "indestructible computer", "unhackable server", or "unbreakable Linux"

    However, from the context of the article, the author was completely serious, the word impossible is not an idiom, and it didn't appear to be an intentional exageration or hyperbole, because it was insisted upon, which just made the whole rant in the original post look all the more foolish.

  21. Re:Impossible? on Left-Handed Gamers Getting Left Behind? · · Score: 1

    Based on looking at gameplay videos of this... I can't see any reason a person would be unable to play this game with their left hand. And i'm left handed.

    I think the author is just overreacting, because there's no "reverse the screens for lefties to make it easier" button ?

    I'll agree the game favors people who are right handed, that it might be easier... but to say the game is impossible to use without holding the stylus in your right hand appears to be ridiculous.

  22. Re:Why do the complicated expensive solution? on Preventing Networked Gizmo Use During Exams? · · Score: 1

    Yes, but all buildings' roof needs to be replaced eventually, most don't last that long. The school could always wait the 2 - 5 years or so, until its roof needs to be redone anyways.

    The expense in that case is also more so the cost of installing a roof, than the cost of materials.

    If the classroom has a tiled ceiling, it would probably be much cheaper for the professor to one night... take down each tile, glue/epoxy some tin foil to the back, let it dry, and replace the tile.

    Lather rinse and repeat, until all the ceiling tiles are covered.

    If it's a multi-story building, repeat with the ceiling tiles on the floor below.

    This eliminates air propagation and leaves a small possibility that signals could come in horizontally, through the walls, via ground propagation.

    These signals should be weaker, and a creative wallpaper job should do the trick to block out any other cell tower that seems to be getting reception; the professor can certainly test whether there's reception, providing he can get a hold of cell phones for every major carrier on a temporary basis.

    And make sure there are no desks near the walls: or students just aren't allowed to sit there.

  23. Re:In other words on EFF Says 'Stop Using Haystack' · · Score: 1

    It might in theory be something like "this program was written in collaboration with the authorities, to rat on anyone who dares try to use it". Make them think they're anonymous, while the program secretly leaks their every move

    The perfect way to root out dissidents.... fake 'anon'-ware.

  24. Re:and... on Steve Jobs Tries To Sneak Shurikens On a Plane · · Score: 1

    How exactly do you 'check a bag' to be carried on your private plane? And what does that matter anyways?

  25. Re:Well not sure if this is the right approach but on Preventing Networked Gizmo Use During Exams? · · Score: 1

    They may go back to the (oh my gosh) traditional writing the answers on their arms, shoes, or small notes. It's not the technology that needs to be fought, it's the fact that students will cheat.

    Based on the article, the students are allowed to bring in any materials they want. What they're not allowed to do is use network resources (such as 'google it'); unless they google'd that very thing ahead of time, before they knew about the test question, and had saved the top results, of course.