Slashdot Mirror


User: maxwell+demon

maxwell+demon's activity in the archive.

Stories
0
Comments
12,279
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,279

  1. Re:Faster than a speeding on Superman Comic Saves Family Home From Foreclosure · · Score: 1

    At the stock exchange, selling his stock.

  2. Re:Which OS? on Large Zeus Botnet Used For Financial Fraud · · Score: 1

    The average user wants to be able to use a computer like they use a car, [...]. No need for technical training

    You got your driving license without any technical training?

  3. Re:Timings on Coronal Mass Ejection Hits Earth · · Score: 1

    lol@overrated mod... it wasn't even rated in the first place.

    Yes it was. It wasn't moderated yet, but it was rated (it had a score).

  4. Reflections on trusting trust on Malicious Hardware Hacking May Be the Next Frontier · · Score: 1

    Since nobody seems to have mentioned it yet: Reflections on trusting trust.
    Note that he already mentions planting exploits into microcode, which is already quite close to the hardware. Do you know for sure there's no exploit planted in the microcode of your CPU? Maybe someone manipulated the compiler for the microcode? The compiler on which the compiler for the microcode was compiled?

    But even with the actual hardware, that's possible: Just as you can place an exploit in the C compiler, you can also place an exploit in the VHDL compiler. Then the VHDL code will be unsuspicious, and run correctly in the simulator, but the actual chip will still be modified. Again, several levels are possible.

    OK, is there anything which can protect us? Well, on one hand it's getting more complicated with each intermediate step. But then, there's also another protection: Exactly the fact that not everything isn't done by the same company! And this even applies for the simple case mentioned in TFA: A company which is asked for a component which, say, adds up a bunch of numbers, doesn't know how it's combined with the other blocks, or what the other blocks actually look like. Therefore he likely cannot tell how you could actually trigger the bad behaviour in the complete chip, or how to do something "useful" on that condition. The same is true on all the other levels: The chip developers will not write their own VHDL compiler, and the VHDL compiler writers have no clue what the chips which will defined with them will look like. The microcode developers likely don't write the microcode compiler, and the microcode compiler people probably don't have access to the microcode source code.

  5. Re:The new jailbreak is amazing on iPhone Jailbreak Uses a PDF Display Vulnerability · · Score: 1

    Are you really more worried about warrantless wiretaps than about completely anonymous people on the internet having the ability to take over your computer?

    Well, most completely anonymous people on the Internet don't, eg, have access to nuclear weapons and Navy SEALs.

    The US government does.

    Just sayin'.

    On the other hand, the US government (or any other government, for that matter) wouldn't have much use for the amount of money I've got on my bank account (that amount is negligible compared to government budgets).

    Most completely anonymous people on the Internet would.

    Just sayin'.

  6. Re:I hear differently from Users on iPhone Jailbreak Uses a PDF Display Vulnerability · · Score: 1

    What he probably meant is that the function pair HasSpecialPluralization/DoThatSpecialPluralization isn't formally specified. Especially that it's valid to have in HasSpecialPluralization:

    if word == "virus"
        true

    and in DoThatSpecialPluralization:

    if word == "virus"
        word <- "virii"

  7. Re:Too easily overcome on iPhone Jailbreak Uses a PDF Display Vulnerability · · Score: 1

    And how exactly do users install updates? I guess using some interface of the iPhone itself. So is there any reason an active root kit cannot interfere with the update process and install itself in the updated version right at installation time?

  8. Re:PDF on iPhone Jailbreak Uses a PDF Display Vulnerability · · Score: 1

    PostScript files may not render on certain devices, such as non-PostScript printers.

    And PDF files may not render on certain devices, such as non-PDF printers. Fortunately in both cases there are programs which can interpret that format and display or print it on printers which don't understand it. For PDF, the best-known such program is Adobe Reader (formerly Acrobat Reader). For PS, the most popular such program is Ghostscipt (with its companion Ghostview for more convenient viewing). Moreover, some operating systems transparently interpret postscript files which are sent to non-postscript printers.

  9. Re:This is an appropriate use. on Officials Use Google Earth To Find Unlicensed Pools · · Score: 1

    Well, just remember to not bath naked in your pool when the satellite crosses :-)

  10. Re:Coward #1478744 on Tracking the Harm Games Do · · Score: 1

    There's definitively a statistical correlation between length of copyright and climate. As copyright duration got longer, the climate got hotter.
    It's a slow effect, so you don't see clear steps in the pattern. However, if you look at the famous hockey stick curve, you'll notice that the bend of the hockey stick is not too long after the original Berne Convention. That it doesn't match exactly can be attributed to the inherent inertia of the climate. Since then, both duration of copyright successively got longer and the climate got hotter. This is a very clear correlation.

    So now we have the proof: Copyright damages our climate!

  11. Re:BBC on FBI Instructs Wikipedia To Drop FBI Seal · · Score: 1

    Assuming that with "BBC" you mean the British Broadcasting Corporation, I don't think American laws matter a lot for them (except for material they sell there). Especially they can show any amount of images which are illegal to show in the U.S., as long as they are not illegal to show in GB.

  12. Re:Difference between hole and jailbreak on Prankster Jailbreaks Apple Store Display iPhone · · Score: 1

    If all you need to do is to download a manipulated PDF from a web site, then the end user certainly can trigger it by accident, and therefore it's very clearly a hole. That you can use that hole to jailbreak doesn't make it less of a hole. The next PDF you download may use the same hole for something malicious instead.

    Claiming it's not a hole because you can use it for jailbreaking is like claiming that a web site's SQL vulnerability isn't a security hole because you could also issue SQL commands for useful things the web page doesn't allow you to do otherwise.

  13. Re:Really? on 'Project Vigilant' Recruits At Defcon To Track You · · Score: 2, Insightful

    Do you want to be the one doing the shafting, or the one getting shafted?

    No.

  14. Re:bogus on 'Project Vigilant' Recruits At Defcon To Track You · · Score: 5, Funny

    Romanes eunt domus!

  15. Re:pretty much over the browser wars on Firefox May Soon Overtake IE In Europe · · Score: 1

    And when did the ancestors of the native Americans discover America? I guess that was even earlier.

  16. Re:Wow on The Sun Unleashes Coronal Mass Ejection At Earth · · Score: 1

    No, it's not about Sun but about The Sun — look at the title!

    Oops, should of course have been Sun and The Sun instead.

  17. Re:companies on Firefox May Soon Overtake IE In Europe · · Score: 1

    Firefox portable anyone?

    Are employees generally allowed to run random software from USB sticks?

  18. Re:Browser market share on Firefox May Soon Overtake IE In Europe · · Score: 1

    What I don't get is why it is so complicated to just have two browsers installed: IE6 for legacy corporate apps, and a modern browser for the internet (there may be trouble having IE6 and IE8 at the same time, but there should not be any troubles having IE6 and Firefox, or IE8 and Opera). Maybe you can have a proxy which ensures the right browser is used for internet access (i.e. that blocks all IE6 traffic leaving the corporate network). That solution would be simple (no need to update internal ActiveX stuff) and even more secure than using another browser for everything (because any internet site which compromises the browser, but doesn't otherwise compromise the user's account, cannot access any internal stuff because of the lack of ActiveX; moreover non-IE6 access can simply be blocked for internal stuff for additional security). If you use Firefox, you can even make it almost seamless by using IE tab extension.

  19. Re:Browser market share on Firefox May Soon Overtake IE In Europe · · Score: 1

    Are those metric dollars or imperial dollars?

  20. Re:s/Wii/Windows on Attacking Game Consoles On Corporate Networks · · Score: 1

    Can't think of a single network connected device that couldn't potentially offer an attack vector...

    A hub?

  21. Re:Forced Browser Choice on Firefox May Soon Overtake IE In Europe · · Score: 1

    I wouldn't be surprised if also OS/2 had a larger following to elsewhere (or at least US).

    I wouldn't be surprised either. I bought a computer with OS/2 preinstalled in Germany, in 1995. Preinstalled by default, not as special wish. From the (AFAIK) largest German computer seller of that time (Vobis). It also had Star Office preinstalled.

  22. Re:Wow on The Sun Unleashes Coronal Mass Ejection At Earth · · Score: 1

    No, it's not about Sun but about The Sun — look at the title!

  23. Re:Terrific on The Sun Unleashes Coronal Mass Ejection At Earth · · Score: 1

    Don't worry. The world will not end before 2012. :-)

  24. Re:It's not the learning they're upset about on NAMCO Takes Down Student Pac-man Project · · Score: 1

    AFAIK it's completely legal to copy old art, even in high quality, as long as there's no chance that the copy may be confused with the original, and you don't claim it to be painted by the original artist (e.g. you shouldn't put the original artist's signature on it).

  25. Re:first post on NAMCO Takes Down Student Pac-man Project · · Score: 1

    You are violating the intellectual property rights of the first "first post" poster. Expect a C&D letter soon.