Re:Alternative to one tough tablet
on
The $5,600 Tablet
·
· Score: 1
You're missing the part where if a slashtard gives you a dismissive alternate solution, and you can't use it because it misses some critical and non-negotialbe criterion in your use case, it's your fault because your cow isn't spherical enough.
Welcome to Slashdot, where all the Windows are evil, all the grits are hot, and your problem doesn't matter because it doesn't conform to someone else's biases.
The bug itself had to do with allowing a mismatch between the amount of data sent and the amount retransmitted in what's essentially an echo command that TLS implements. A hardened malloc() would make it impossible to exploit that, but OpenSSL would still have a bug even with one, just one that couldn't (probably, maybe, perhaps) be used to get confidential data.
Right. Instead of a remotely-exploitable information leak, it's most probably reduced to (at worst) a low-grade denial-of-service attack caused by crashing HTTPS server processes no faster than they can respawn.
By that critereon alone, I do surely wish OpenSSL had just stuck to the dog-standard malloc() rather than cowboying up their own.
The total length of a HeartbeatMessage MUST NOT exceed 2^14 or max_fragment_length when negotiated as defined in [RFC6066].
type: The message type, either heartbeat_request or heartbeat_response.
payload_length: The length of the payload.
payload: The payload consists of arbitrary content.
padding: The padding is random content that MUST be ignored by the receiver. The length of a HeartbeatMessage is TLSPlaintext.length for TLS and DTLSPlaintext.length for DTLS. Furthermore, the length of the type field is 1 byte, and the length of the payload_length is 2. Therefore, the padding_length is TLSPlaintext.length - payload_length - 3 for TLS and DTLSPlaintext.length - payload_length - 3 for DTLS. The padding_length MUST be at least 16.
HeartbeatMessageType is a single-byte enumeration (documented in Section 3) and the payload_length is a uint16 (two bytes)... and the packet always requires 16 bytes of padding, so that's the 1, the 2, and the 16.
I remember hearing a proposal that the barrel (or rail) would be magazine-fed along with the armature and round. Kinda defeats the probable space/weight advantages over a chemically-propelled round, but at least you don't have tons of explosive propellants in the magazine.
I don't know how serious the proposal was. But it would solve the rate-of-fire issue.
So, this explains why you were tipping those "Smarts".
What about your criminal confederates? More illegal thrill-seeking? Someone secretly paying to have the cars tipped? Voices in their heads? Hatred of tiny four-wheeled tin boxes arrogantly pretending to be cars?
The last is the reason I do it. I mean, would do it. Although I don't. Really.
It is if you have operators and engineers that have any brains
But out here in reality, what operators and engineers have in brains they make up for by the absence of give-a-damn. Laziness can trump smarts every day of the week, and the path of least resistance is a damn fine malware vector.
that have any brains, There are tons
Speaking of brains... that's a comma splice. If English is your first language, please return to third grade to learn not to do that.
There are tons of CNC machines not being infected out there.
There were tons of numerically controlled machines out there infected by this very mechanism. The fact that it wasn't CNC machines this time doesn't mean it can't be CNC any time in the future. The attack is feasible.
As far as I can tell, the point is "You're wrong, because I, and only I, am right. It doesn't even matter if you agree with me. You're still wrong, because you're not me."
Yeah, doesn't make sense to me, either. Probably all the heatstroke and pharmaceticals.
Heinrich Bimmler? From Minehead? I have no idea why the TSA would be interested in him. After all, he wasn't the head of the Gestapo for 10 years... I mean, 5 years... I mean never.
There's a special name for a "story to attempt to be positive": "propaganda".
Anyone with ciritcal thinking skills will demand to examine both the negatives and the positives.
Slashdot Mirror
You're missing the part where if a slashtard gives you a dismissive alternate solution, and you can't use it because it misses some critical and non-negotialbe criterion in your use case, it's your fault because your cow isn't spherical enough.
Welcome to Slashdot, where all the Windows are evil, all the grits are hot, and your problem doesn't matter because it doesn't conform to someone else's biases.
It's called surveillance.
FTFY.
Also commonly referred to as "sauce for the gander" and the answer to Quis custodiet ipsos custodes?
.
Theo, is that you?
The Imperial Third Person thing is certainly new and...interesting.
Anyways, thanks. I guess.
Ladies and Gentlemen, that was Theo De Raadt. Thanks for dropping by, Theo.
I dunno. I kinda liked the bit about going down to Morganville with an onion tied to his belt.
Damn autocorrect. "McCloud", not McClure.
Fly McClure? "Hi, I'm Fly McCulre. You may remember me from such vermin-borne illnesses as cholera and anthrax."
Sigh.
In the midst of a banked turn, the flies can roll on their sides 90 degrees or more, almost flying upside down at times, said Florian Muijres
"Do a barrel roll!"
The WTF part of this (the kind that thedailywtf.com lives on) is that the RFC, which he co-authored, has this strong and specific warning:
He knew about the risk. He documented the risk. But come coding time, he forgot the risk.
Ya gotta feel for that. How many times have I gotten up bleeding and dazed and said to myself "I knew that was a bad idea."
The bug itself had to do with allowing a mismatch between the amount of data sent and the amount retransmitted in what's essentially an echo command that TLS implements. A hardened malloc() would make it impossible to exploit that, but OpenSSL would still have a bug even with one, just one that couldn't (probably, maybe, perhaps) be used to get confidential data.
Right. Instead of a remotely-exploitable information leak, it's most probably reduced to (at worst) a low-grade denial-of-service attack caused by crashing HTTPS server processes no faster than they can respawn.
By that critereon alone, I do surely wish OpenSSL had just stuck to the dog-standard malloc() rather than cowboying up their own.
Many compilers precalculate arithmetic expressions consisting of constants, replacing them at compile-time with the result value constant.
I believe the different constants can be deduced from Section 4 of the original RFC proposing the TLS hearbeat message:
HeartbeatMessageType is a single-byte enumeration (documented in Section 3) and the payload_length is a uint16 (two bytes)... and the packet always requires 16 bytes of padding, so that's the 1, the 2, and the 16.
I remember hearing a proposal that the barrel (or rail) would be magazine-fed along with the armature and round. Kinda defeats the probable space/weight advantages over a chemically-propelled round, but at least you don't have tons of explosive propellants in the magazine.
I don't know how serious the proposal was. But it would solve the rate-of-fire issue.
Wait until the aliens start mutilating Smart cars. And abducting Smart car farmers.
So, this explains why you were tipping those "Smarts".
What about your criminal confederates? More illegal thrill-seeking? Someone secretly paying to have the cars tipped? Voices in their heads? Hatred of tiny four-wheeled tin boxes arrogantly pretending to be cars?
The last is the reason I do it. I mean, would do it. Although I don't. Really.
It is if you have operators and engineers that have any brains
But out here in reality, what operators and engineers have in brains they make up for by the absence of give-a-damn. Laziness can trump smarts every day of the week, and the path of least resistance is a damn fine malware vector.
that have any brains, There are tons
Speaking of brains... that's a comma splice. If English is your first language, please return to third grade to learn not to do that.
There are tons of CNC machines not being infected out there.
There were tons of numerically controlled machines out there infected by this very mechanism. The fact that it wasn't CNC machines this time doesn't mean it can't be CNC any time in the future. The attack is feasible.
You're not the target demographic. That doesn't mean it's a bad idea. These kinds of phones will be bought by tech nerds in their 20s.
Glassholes, you mean.
modular IBMPC / overclocking crowd.
Modular PC. Not exactly the stirring precedent I'd go looking for.
Thus, even if you have access to a movie for free through Netflix, using the Voice Search for that movie will only bring up Amazon's paid options.
You make that sound like a bad thing.
--Signed,
Jeff Bezos
Wait, what?
Burning Man has greeters like Wal-Mart has greeters?
O_o
I think you're missing the point.
As far as I can tell, the point is "You're wrong, because I, and only I, am right. It doesn't even matter if you agree with me. You're still wrong, because you're not me."
Yeah, doesn't make sense to me, either. Probably all the heatstroke and pharmaceticals.
Do we really want to send reality TV loving cretins to colonize other planets?
Three words:
Golgafrincham "B" Ark.
No, you're thinking of Raymond Luxury-Yacht (pronounced "'Throatwobbler Mangrove").
Heinrich Bimmler? From Minehead? I have no idea why the TSA would be interested in him. After all, he wasn't the head of the Gestapo for 10 years... I mean, 5 years... I mean never.
There's a special name for a "story to attempt to be positive": "propaganda". Anyone with ciritcal thinking skills will demand to examine both the negatives and the positives.
You gotta cook the beef somehow.
Ok, well, maybe not "gotta"...
Split screens can often be confusing (being distracted by another player's screen portion and missing something on your screen portion).
And that's why I will always regard split-screen console gaming as overrated and hopefully to never be resurrected.
"Hey, dude, where are you going? You're stuck on a wall!"
"Bullshit, I'm running my ass off. No, wait, I'm looking at the wrong half of the screen."
So I despise split-screen because I'm terribad at it.
Think of it as unplanned pen testing. Kinda like how rape is unplanned sex.
False equivalence. Trolls aren't human.