Slashdot Mirror


User: tlhIngan

tlhIngan's activity in the archive.

Stories
0
Comments
10,065
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,065

  1. Re:There's a few... on Ham Radio Still Growing In the iStuff Age · · Score: 1

    Talking with people from across the globe.
    Various sorts of technical challenges involved making a radio contact with somebody very far away.

    Off the globe too. The ISS and many, many shuttle missions carry amateur gear. What's geekier than talking to astronauts live? And doing so from your basement/backyard? Extra geeky and share that enthusiasm with a local school.

    (It's not hard - the ISS isn't that far away...)

  2. Re:Wi-Fi problems on iPad Progress Report · · Score: 2, Interesting

    Definitely true.

    If you take a look at the iPad Teardown, you'll see the WiFi antenna (step 24, bottom), which can only peer out of the Apple logo. There's no use thinking otherwise - it's just that one antenna out the spot in the back. The rest of the case is metal, and the screen probably has a metal backing on it, making the only place for signals to escape is that little patch of plastic.

    I'm surprised you get any signal at all without having to "aim" the back of the iPad at the AP.

  3. Re:You forgot the "so what". on Toshiba To Test Sub-25nm NAND Flash · · Score: 1

    Simple. Moore's Law. The number of transistors double every 18 months (roughly).

    The benefit? What device you use where the number of transistors directly affects you? Memory cards primarily - things like CPUs and GPUs and chipsets, not so much (most of the space is taken up with wires). But a 32GB card has over 16 billion transistors in it. Now we double that in 18 months, and that same card can have 64GB of data, or effectively the same cost.

    Maybe the card you use in your digital camera isn't too exciting. But if you wanted a decent sized SSD, it means once the next node is mature, SSD prices effectively tumble by half, so that 128GB SSD you were eyeing at $500 suddenly costs $250. Or that stratospheric 256GB SSD drops to something that a little saving can pay for.

    Of course, hard drives don't obey Moore's Law, and their increase in capacity is somewhat faster, making the spinning media-SSD gap even bigger.

  4. Re:Damn Chinese! on Journalists' Yahoo E-Mail Accounts Compromised In China · · Score: 2, Informative

    Out of curiosity, could someone actually provide a concrete example of a MITM attack ever being successfully carried out? Bonus points for anyone who can further provide reasons for why this means Firefox no longer likes self signed certs.

    Well, there's SSLSniff that was used to demonstrate faking Paypal certificates (via NULL attacks in browsers). There's also the neat SSLStrip that transforms a HTTPS transaction down to an HTTP one.

    They work by ARP spoofing right now, and if you combine with the IE WPAD (web proxy auto-discovery) mechanism, you could put together a pretty nice MITM attack unit.

    And wasn't there reports of a box sold to governments that was designed to do this MITM stuff? Like this appliance? This one's better than SSLSniff as it uses subverted CAs.

    More info - http://arstechnica.com/security/news/2010/03/govts-certificate-authorities-conspire-to-spy-on-ssl-users.ars

  5. Re:Dumb terminals and smart people don't mix on The State of the Internet Operating System · · Score: 1

    This whole "Internet OS" thing reminds me of the periodic resurgences of the dumb terminal/thin client idea that goes back to the mainframe days. It seems like every ten years or so, everyone is talking about thin clients in every office, with the OS and apps running on some offsite server somewhere (now with the added twist of multiple servers over the internet). Ostensibly this is seen as a good way to save IT money and overhead. But in every actual deployment I've seen, it only causes hassles, additional expense, and headaches.

    It's already happening though. Today's term for it is "cloud computing" - but it's the same idea, and people are embracing it to a huge extent. Services like GMail and Hotmail for e-mail, Google DOcs for office stuff, Google Apps - all being taken up rather quickly. Hell, Facebook is probably the top cloud-computing platform out there, offering messaging, gaming and many other services to millions of users.

    So it may be a fad, but it's one that's catching on again.

    Now, the forces pulling us back to the smart client model might very well be the iPhone/iPad, for its inability to run Flash means a lot of these cloud-computing apps don't work. Instead, users create local versions of the same apps. Hell, cellphones that require "the cloud" are also popular (Android, WebOS), and much to Palm's demise, switching from WebOS to Android is quite simple since Android just grabs your data "off the cloud" (like WebOS does), meaning you don't have to go through lengthy transfer procedures.

    A lot of stuff in computing is cyclical - hell, we seem to repeat history continually. The same goes for CPUs and offboard controllers - stuff done by offboard controllers is migrated into the CPU (e.g., FPU, memory controllers), and stuff used to be done by CPUs is migrated to offboard controller (e.g., GPU). And then CPUs will start spawning GPU-like things to move the GPU back onboard, while spurning other onboard tasks offboard...

  6. Re:Sorry kids on "Install Other OS" Feature Removed From the PS3 · · Score: 1

    It doesn't run linux anymore.

    You mean, "It only doesn't do everything"?! (Not sure if the "It only does Everything" PS3 thing is region-specific...).

    Good thing I backed up the Linux stuff the other day as I had to upgrade the hard drive (I ran out of space for games - what's with games requiring installing on hard disk?).

    You know, Sony just needs to get rid of two USB ports on the 4-port models, and remove the PS2 backwards compatibility, and that'll drop the market value of the launch units (which have hovered around their original price of $600 still). And I'll just sell my PS3 and get a slim so I can get the enhanced blu-ray playback (PS3 phats don't support DTS-MA or DD-TrueHD bitstreaming over HDMI). After all, they'd be the same thing nowadays. And I'd get lower power consumption to boot, and a dualshock controller over the crappy non-dualshock (I miss rumble).

    And not upgrading isn't an option unless you don't play games on it or watch movies - some games require new OS versions and movie playback may require updates. I could live without the ticker-tape ad in the corner so losing PSN isn't a huge loss - I have my Xbox360 for multiplayer.

    Just when the PS3 is getting good games, too. (Though, all mine are single player - Heavy Rain, God of War (Collection, 3), Final Fantasy XIII (wanted Xbox version, but Microsoft/Square gimped it)... the multiplayer exclusives for PS3 haven't tempted me, and the non-exclusives I get the Xbox version as my friends are on Xbox Live).

    Hell, maybe I shouldn't update and just get a Custom FIrmware for PS3 once the "security flaw" development improves to that point. I can always buy a Slim, and PS2 capability doesn't need an update.

  7. Re:Why they tell you to turn off your phone... on Do Car Safety Problems Come From Outer Space? · · Score: 2, Interesting

    I don't hear much about comsumer electronics being fritzed by cosmic rays, or microwave ovens, etc, though I suppose this might explain the random failurs. But comsmic radiation? That's a new one.

    It's quite common actually, and many documented studies have proven it does occur. You don't hear much because well, the effects are minimal in most cases. A flipped bit in RAM does nothing if it's just unused memory, for example. Or maybe it flips the bit in an unused register (that's getting reloaded with new data). Or alters the result of an unused computation unit. Heck, there were old RAM chips made with somewhat radioactive encapsulation - the computers they were in crashed more frequently than normal.

    Other times, it may show up as a graphical glitch in a game - a fiddly pixel that goes away on next refresh, or other unnoticed operation. If it damages a critical data structure, well, an application just crashes. If it gets really lucky and gets a crucial kernel data structure, then the computer crashes/panics/BSODs.

    The amount of data damaged is on the order of a bit. Depending on the whole system, that bit could be nothing (i.e., unused), unnoticable (a flicker in a pixel in the framebuffer), or crucial (application/OS crashes).

  8. Re:A hypothetical question. on Open Source Deduplication For Linux With Opendedup · · Score: 1

    off course, this would only be feasible for very small files, but /etc/shadow is usually small enough,

    /etc/shadow is typically >1kB, which is 2^(1000*8) possibilities. A stupid brute force approach isn't going to work. If you can be sure which users exist in the file in which order, and root is the only one with a password, then maybe, but I doubt you could get it fast enough even in that case. If it turns out the be a threat we just need to increase the salt size.

    But you can make simplifying assumptions. Firstly, /etc/shadow has a fixed structure so it can be parsed. Secondly, you know the usernames on that list (hey look, /etc/passwd *is* world-readable!). All you have left is to guess the hashes. On a many user system, that's hard, but on a single user system it's a lot easier - maybe a root hash and a user hash. Those other daemon users typically are non-logon and have * for a password. And unsurprisingly, the order in /etc/shadow tends to mirror that in /etc/passwd - new users added to the end of the file. Old users are deleted, which shifts the line up one.

    Dumb brute force may not work too well, but a smarter one might. And a timing attack that measures this might be able to detect it. To counteract it, an easy solution is to randomize user order (hard), or simply add a random amount of whitespace to the end of each line, or comments, or other such thing that are ignored by the tools.

  9. Re:A hypothetical question. on Open Source Deduplication For Linux With Opendedup · · Score: 2, Interesting

    I appreciate any deduplication solution for linux for sure, but isnt any deplucation creating a lot of shared ressources which could be possibly exploited for attacks (e.g. on the privacy of other users)?

    Most likely in the implementation itself, not the de-duplication process.

    Let's say user A and B have some file in common. Without de-duplication, the file exists on both home directories. With de-duplication, one copy of the file exists for both users. Now, if there is an exploit such that you could find out if this has happened, then user A or B will know that the other has a copy of the same file. That knowledge could be useful.

    Ditto on critical system files - if you could generate a file and have it match a protected system file, this might be useful to exploit the system. E.g., /etc/shadow (which isn't normally world-readable). If you can find a way to tell the deduplication happens, you can get access to these critical files for other purposes.

    Note that you can't *change* the file (because that would just split the files up again), but being able to read the file (when you couldn't before) or knowing that another copy exists elsewhere can be very useful knowledge. But the de-duplication mechanism must inadvertently reveal when this happens.

  10. Re:still useless on International Longest Tweet Contest Seeks Entries · · Score: 4, Interesting

    Huh, that's weird... I still don't have any use for twitter whatsoever.

    I mean, I guess I could update the entire world every time I eat something or run an errand... but to be honest, I can't see why anyone who doesn't already know would care, and if they did I think I'd be a bit creeped out by it.

    Guess I'm just crazy.

    I dunno, this could be useful. Introducing TwitterShare, like RapidShare, but uses Twitter for back end storage! 525 bytes ought to be enough to store a sector of data plus some metadata so you can find the other sectors of data and reconsititute the original file. And then, TwitterDrive, a hard drive in the cloud(tm)!

    It's not like there's much useful stuff posted anyways, so people posting their movies and other stuff would up the usefulness. And get the MPAA/RIAA to shut down twitter. That might be fun to watch.

    Hell, Wikileaks could use it spread files easily - hard to block a big site like twitter.

    Very interesting indeed.

  11. Re:Photos here on Balloon and Duct Tape Deliver Great Space Photos · · Score: 3, Informative

    BTW, interesting how the exterior temp rose near the apex of the flight - I'm not sure I understand why. But then, this is almost rocket science.

    We're in the troposphere, where as you go higher, temperature goes down (because the effect of the ground heating gets less as the ground gets further away).

    Above the troposphere (which is anywhere from 30k-70k feet high) is the region knokwn as the tropopause, where the temperature is constant (but cold - -53C I believe). Above the tropopause is the stratosphere, where temperature actually increases due to the ozone layer absorbing UV light. I think a good weather balloon can easily reach the stratosphere and see the rise in temperature.

  12. Re:Oops on Wikipedia Explains Today's Global Outage · · Score: 1

    I doubt anyone lost their job over this. What is the real cost of a 1 hour global outage for wikipedia if it only occurs once per year?

    Having to deal with the students who couldn't crib their report off Wikipedia an hour before it was due?

    (Yes, I'm joking. But I suppose we should continue this thread with other fun things we couldn't do with Wikipedia... like make bets about something on Wikipedia - only having edited the article in your favor minutes before).

  13. Re:CLEAN ROOM re-implemented? on DarkPlaces Dev Forest Hale Corrects Nexuiz GPL Stance · · Score: 1

    For me at least, the whole point of the GPL is preventing people from closing the source in the manner attempted here.

    True, however for a game, this can be quite limiting as it restricts consoles from being able to play. Good or bad, consoles do move a lot of games and it's a pretty good way to get your games in stores rather than an obscure website that no one knows about (even if it's Free and free).

    Sony/Nintendo/Microsoft developer agreements state that no open-source code is allowed, period. This causes some interesting results like having to relicense BSD code under a proprietary license, and using well-known game engines to ensure that no open-source code is actually involved.

    Heck, I'm sure the penalties for violation are pretty severe, including a monetary penalty, source code audits, and probably even recalls (all paid by the developer). Which can be expensive since they have to refund people at full retail price, which is more than they sold each unit.

  14. Re:CLEAN ROOM re-implemented? on DarkPlaces Dev Forest Hale Corrects Nexuiz GPL Stance · · Score: 1

    I'm willing to bet they'll violate the GPL to some extent, and I'm willing to bet they won't get caught, at least the way things currently stand. Why? PS3 DRM. Theft of artwork is easy enough to prove on a closed console title, but good luck getting a decrypted binary and statically analyzing it to prove portions were taken from the GPLed code, when the platform hasn't been broken yet (no, geohot's partial hack doesn't qualify as a break).

    Unlikely.

    First, this project already has garnered an "this game used to be open source" mentality. People will be looking through the binary for GPL violations.

    Second, what does DRM have to do with it? Unless the executable's encrypted (they're usually just signed, instead), it just involves someone dumping the disc to an image file and analyzing that. Sure they put wierd tracks and other crap to make it less easy, but it's not too difficult. You're free to buy the game on release, even if you don't have a PS3, stick it in a blu-ray drive and attempt to read it/dump it/etc. No PS3 needed for static analysis.

    Third, GPL violations in closed source code has been spotted before. We had someone rip off PearPC. Microsoft ripped off that DVD library. And many others.

    It's too high profile for someone to steal GPL code in the re-implementation.

    Hell, if they did that, the company behind it will be in a LOT of hot water. Using open-source code violates many developer agreements for consoles, be it Nintendo, Sony or Microsoft. It's not that they don't understand the licenses or that "BSD is safe", but they don't want any unthinking developer from possibly compromising the entire system because some library had the AGPL or other "must be fully open" type license. At the very least, there'll be hefty fines for violations.

  15. Re:Trace the signal from his internet key? on Mafia Boss Betrayed By Facebook · · Score: 1

    Or actual triangulated physical location. If you are a mobile provider, these things are quite possible, although whether the law enforcement agencies get access to this kind of data depends on the laws of your country.

    Or... just used GPS.

    Remember, most 3G chipsets do use USB, and the chipsets are identical to the ones used in smartphones (there are only a few big chipset manufacturers out there). Most of them connect via USB - whether it's to your PC, or to the smartphone's main processor. Many of these "USB Sticks" or "Internet Sticks" or whatever are just the phone part of a smartphone ripped out, so they support GPS and all sorts of other phone features...

  16. Re:Maybe people choose randomly? on IE Not Faring Well In the EU Ballot · · Score: 4, Insightful

    I hate to say this, but there is a set of people who should not be expected to use a computer. I don't know what we're going to do with them in 10 or 20 years, when absolutely everything is online.

    I think the solution is available soon - the iPad. It's not a full OS (at least, presented to the user) but ought to be easy and powerful enough to get online and do the stuff they need to do (email/web/etc).

    As much as we pan it, perhaps realizing that the iPad probably does 99% of what these people need to do and giving them one may save support headaches in the future.

  17. Re:Someone enlighten me on Mozilla Plans Fix For Critical Firefox Vulnerability In Next Release · · Score: 1

    Yes, i know.

    I'm asking why companies insist on patching 20-30 things all at the same time, surely it is easier to test for regressions when you're only including a single patch? Why can't you patch, test, release, and move on to the next problem?

    Isn't this what MS does with their micro-patch KB fixes?

    Because you'd be running the test case 20-30 times? And people really, really, really hate updating their software hourly?

    That means for each patch they have to go through a whole release test of the software, which even though there's lots of volunteers, still takes a long time and a lot of effort to do. Do it 20-30 patches at a time, and you only really have to do the testing once. If you find a regression, a binary search of the patches applied will get you the problematic patch.

    There's a lot more to releasing a product than "it compiles, ship it!"

  18. Re:VRML 2.0 on Google Launches 3D Driver Project For Chrome · · Score: 1

    VRML was never used. For anything. How is this going to be different? What's the application? Javascript games?

    As much as I'd think we'd see good WebGL content, I predict the application will be "3D interactive ads".

    Much like how Apple and Adobe are fighting it out, with the latter saying 93% of the websites out there need flash. Which is true, if you count non-Flash sites that run Flash ads (usually through syndication). Hell, I bet advertising agencies are trying to push Flash everywhere, explaining why what used to cost easily $10,000 to port Flash to your device, suddenly is cropping up on everything except the iPhone. Just so when you run those mobile browsers, those ads show up.

    Advertising agencies will now sponsor everyone to support WebGL, for those 3D ads they want to run.

  19. Re:My best guess.... on Microsoft Lifts XP Mode Hardware Requirement · · Score: 3, Insightful

    The "weird" hardware requirements are probably due to the fact that they expected AMD and Intel only to produce CPUs with hardware support for virtualization enabled. The fact that one of the major CPU manufacturers didn't, is most likely what bit Microsoft in the ass. Still, some OEMs also are at fault, I think: Just recently I got to look after a defective laptop (RAM module was broken...) and I looked in the BIOS. The CPU could do hardware virtualization, but by default it was disabled in the BIOS. Why? I have no idea...

    AMD did. Intel just makes chips for whatever their customer wants. Like how all Intel Macs have VT support, but it's iffy elsewhere (if an OEM can get a discount over chips with no VT, they'll take it).

    As for disabling VT support, it's probably to avoid "blue-pill" type malware from hitching a ride underneath the OS. At least, that's a reasonable explanation if you have the setting. Sonys don't (at least, they didn't use to), which was more of an OEM thing by trying to be more Apple-like in control. (After all, Apple doesn't give you any control in the matter. Except well, they see the need for VT and have it enabled).

    Ironic, too, since Sony and Apple use EFI firmware from the same company (Insyde).

  20. Re:I Am Shocked! on UMG To Price New CDs Under $10 · · Score: 3, Informative

    Bullshit. Most DJ's I know have gone to using MP3's for their business needs. Any time you hear music at a club, bar, or formal function these days, chances are you're listening to an MP3. You may be one of those audio-snobs who insist that they can detect a difference but, even if we accept that silly claim, there's no way you can go from "a few people say they can detect a sight difference" to "lossy codecs fail for regular listening".

    And those places aren't good listening conditions, nor do people really care about audio quality. Heck, I'd guess radio stations have gone MP3 as well simply because radio is a poor quality audio transmission medium to begin with. Plus, MP3 is great with some types of music (rock/metal/etc) where adding (dynamic-range) compression/distortions/etc and artifacting don't make a big difference, and can enhance the music. Hell, clipping can help, too.

    But other types of music, like say, classical, orchestral and the like, (data) compression can add unpleasant artifacts to the sound. Add in clipping and it makes it even worse (this kind of music also often has huge dynamic range variations which is very hard to compress).

    Finally, I will say that certain compression levels you can't tell, it's not being able to control the compression that hurts. I could buy reasonably sounding music through iTunes, confident in the 256kbps AAC to do a reasonably good job. But there's the little worry that if the music is too demanding, that 256kbps might not be enough (that's why people use VBR).

    I personally buy CDs, that way I can control how it's encoded (I know that LAME presets do a really good job). Since the quality loss happens in the encoder, a good encoder and a lousy encoder will have visible differences in final quality.

  21. Re:The wise user will wait on Microsoft Announces Windows 7 SP1 · · Score: 1

    Care to explain why Windows 7 is hated by far fewer people then? To me Windows 7 is Windows Vista with a few UI tweaks and the couple of less annoying default settings (like the UAP settings). There's few if any fundamental differences (neither user interface wise or code wise) between the two. Regardless of whether 7 is any good, if you hated Vista, you've got no reason to love 7 in my books.

    VIsta changed many things.

    First, least priviledge was enforced rather than something you had to do. UAC, while flawed, was the "gateway" to get admin priviledge. This alone would account for most of the Vista problems, because most XP apps assumed you had admin priviledges 24/7.

    Second, many things inside Vista changed kernel-wise. Things like SuperFetch and the like. And new stuff means new issues and things not working "the way they used to". Plus breaking the audio driver model didn't help a bunch of "enthusiasts" with super high-end expensive sound cards (i.e., Creative).

    Windows 7 had 2 years while developers straighened their stuff out. UAC is a pain in Vista, mostly because of how unoptimized everything is in Vista. But also applications couldn't get away with crap like opening protected registry keys read-write when they only needed to read it - once. The same sort of crap that makes it impossible to run apps as non-admin in XP. (Honestly, most developers suck, and they cheat and use tricks they shouldn't have. LIke hardcoding "C:\Documents and Settings\").

    I'd go as far as to say Vista is the reason why Microsoft spends so much money supporting backwards compatibility - because they made a few changes and saw how badly everything broke. Or why Vista has to do all sorts of contortions to isolate bad practices (like "virtualizing" the registry and such).

    With Windows 7, UAC is a lot better (expected as it matures), and apps are way more compatible now that developers have had to actually work and fix issues in their code. Drivers are also more mature and stable.

  22. Re:This was shocking to me on YouTube's Bandwidth Bill May be Zero · · Score: 3, Informative

    Here are some pics of some of Googles hardware. These are a few years old. The power interface is entirely foreign to me.
    When I uploaded them to photobucket they were resized and I've since lost the originals, but, if you zoom in close enough you can see that the powersupply has a part number printed on it that includes the word 'GOOGLE', and, the ram also has chips that are individually labeled Google.
    Does anyone care to explain to me how it is possible that doing such a thing is more cost effective than just purchasing stuff already on the market in bulk? I've been wondering it for years after seeing this.

    If you're willing to buy a LOT of stuff, parts manufacturers are willing ot customize. (The threshold for "lots" varies).

    Intel will sell you a custom spec'd chip if you wanted - only restrictions are it has to be based on a current production model. So if you want an i7 without 64-bit and VT, buy enough chips and Intel will provide it. Hell, if you're Google, they'll probably laser etch Google on it, too.

    Power supplies - ditto. Google uses a special arrangement too, so they're probably custom-made. Which is trivial for a power supply company (as they already have lines set up to do custom builds, since 99% of their business is custom power supplies for all sorts of devices).

    RAM - buy enough, and the manufacturer can do anything. Laptops often come with "custom" RAM from the OEM (usually just a label slapped on the stick). Given Google's order size, I'm sure the assembler can put GOogle on them. Heck, Apple got custom-manufactured RAM too (Mac Pro FB-DIMMs are custom made to have larger heatsinks).

    And yes, Google can order in bulk, but since few can supply the order directly, Google just buys direct - cut out some middlemen, and get customization ability.

    Heck, Google might get a custom motherboard too - sure it's based on an existing design, but configured to Google's specs.

  23. Re:Oh great, Sony on I Want My GTV · · Score: 1

    Well sony is going to disable HD on component out for ALL bluray players in a year or so anyways.

    No encrypted content will go out of a Bluray player if it is not protected from the scumbag consumer by the precious HDCP.

    Or ... just buy an HDFury already.

    HDMI to component adapter. Supports HDCP too. Hell, does 1080p over component (though I doubt there are many 1080p TVs that *don't* have HDCP compliant HDMI or DVI inputs).

    The future is already here - many A/V receivers don't support non-HDCP compliant HDMI or DVI sources. (Then again, practically every non-integrated video card supports HDCP the past 3 or 4 years...).

  24. Re:What we really need on Aussie Gamers Dress As Zombies To Raise R18+ Awareness · · Score: 1

    In the US, unless a game gets an Adult Only rating (which, aside from porn games, pretty much never happens anymore) it isn't "censored" by its rating...and as far as I know, there are no laws about selling M-rated games to minors...most stores just won't do it. Besides, with the advent of the Internet and things like Steam, not being able to buy a game because you are "underage" is mostly a thing of the past.

    Not really. Steam requires a credit card, so whoever's doing the purchasing is already 18+, or is a joint card with the primary cardholder who is 18+ (which still limits you to a credit card to someone who's 16-ish), so for all intents and purposes, paying with a credit card already "proves" M status. If you're 16 because someone trusts you enough (it's their credit, after all), then I'd think you'd be mature enough to handle an M game. The only way around this is to buy the game retail...

  25. Re:WTF? on Facebook Attracting More Visitors Than Google.com · · Score: 1

    Wow. I could expect a couple of braindeads. Not several dozen. Certainly not in the thousands.

    Facebook has how many million people? It doesn't take too many percentage wise to add up to over a thousand people... and they probably comment on everyone's "wall" so leaving a comment on a blog post isn't too different.

    On the plus side, that guy probably amassed a few thousand facebook logins...