Slashdot Mirror


User: Hal_Porter

Hal_Porter's activity in the archive.

Stories
0
Comments
8,852
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 8,852

  1. Re:Hmm on All Five Smartphones Survive Pwn2Own Contest · · Score: 1

    It's only blackmail if you sell it to the vendor. If you sell it to someone else, there's no problem.

  2. Re:Hmm on All Five Smartphones Survive Pwn2Own Contest · · Score: 1

    To be honest though, all this talk of people paying tens of thousands of dollars for an exploit sounds more like a black hat's imagination running riot, which fits with the sad sack fantasists calling themselves "hackers" that I've encountered.

    Those sad sacks are actually androids. The real hacker is in a private moonbase or submarine somewhere with a load of fembots.

  3. Re:Chrome only browser ... on All Five Smartphones Survive Pwn2Own Contest · · Score: 1

    You have to wonder if it isn't a virtuous cycle. Opera has, as far as I can tell, been pretty good about fixing vulnerabilities. That said if it were more popular I'm sure the bot herders and password stealers would have found holes in it and exploited them.

    Right now, if it isn't hyped like Firefox, the market share will be low, people will ignore it in surveys and hackers won't bother to target it.

  4. Re:Chrome only browser ... on All Five Smartphones Survive Pwn2Own Contest · · Score: 1

    Market share may be down to but it ain't over until thecounter sings.

    http://www.thecounter.com/stats/2008/January/browser.php

  5. Re:That's it... we're dead on Microchip Mimics a Brain With 200,000 Neurons · · Score: 1

    The cake is a pie.

  6. Re:first on China Blocks YouTube, Again · · Score: 1

    Grass Mud Horse is an interesting phenomenon

    http://www.iht.com/articles/2009/03/12/asia/12beast.php

    It was against this background that the grass-mud horse and several mythical companions appeared in early January on the Chinese Internet portal Baidu. The creatures' names, as written in Chinese, were innocent enough. But much as "bear" and "bare" have different meanings in English, their spoken names were double entendres with inarguably dirty second meanings.

    So while "grass-mud horse" sounds like a nasty curse in Chinese, its written Chinese characters are completely different, and its meaning â"taken literally â" is benign. Thus the beast not only has dodged censors' computers, but has also eluded the government's own ban on so-called offensive behavior.

    As depicted online, the grass-mud horse seems innocent enough at the start.

    An alpaca-like animal - in fact, the videos show alpacas - it lives in a desert whose name resembles yet another foul word. The horses are "courageous, tenacious and overcome the difficult environment," a YouTube song about them says.

    But they face a problem: invading "river crabs" that are devouring their grassland. In spoken Chinese, "river crab" sounds very much like "harmony," which in China's cyberspace has become a synonym for censorship. Censored bloggers often say their posts have been "harmonized" â" a term directly derived from President Hu Jintao's regular exhortations for Chinese citizens to create a harmonious society.

    In the end, one song says, the horses are victorious: "They defeated the river crabs in order to protect their grassland; river crabs forever disappeared from the Ma Le Ge Bi," the desert.

  7. Re:OK, then... *WHO* is the official ext3 "moron"? on Kernel Hackers On Ext3/4 After 2.6.29 Release · · Score: 1

    Come and work with me. The pay is terrible, but the abuse is top notch.

    Maggot.

  8. Re:*Finally* on Kernel Hackers On Ext3/4 After 2.6.29 Release · · Score: 1

    That's not transactions though, in the ACID sense. A transaction is atomic, either it completes or is rolled back. fbarrier() doesn't quite cut it because it some file operations may complete.

    http://en.wikipedia.org/wiki/ACID

    Atomicity - a bunch of file operations ending with an fbarrier is not atomic because some operations will complete before the fbarrier cal.
    Consistency - it is consistent.
    Isolation - it's not isolated either, for the same reason it is not atomic.
    Durability - ok, it is durable

    NTFS has real, ACID compliant, transactions spanning several files.

    http://msdn.microsoft.com/en-us/library/aa365738(VS.85).aspx

    It's not surprising really NTFS is built like a database and has always had per file transactions. VMS was tradionally a transaction processing environment - I think that's where the culture comes from.

  9. Re:Saving grace on Kernel Hackers On Ext3/4 After 2.6.29 Release · · Score: 1

    Maybe Hans Reiser only ended up in San Quentin because he argued with Linus.

  10. Re:OK, then... *WHO* is the official ext3 "moron"? on Kernel Hackers On Ext3/4 After 2.6.29 Release · · Score: 1

    I'd use Linux if Linus force choked Ted T'so to death and then appointed a replacement at random, like Darth Vader did in Star Wars.

    In fact from what I've heard that's how David Cutler would have handled the situation.

  11. Re:lkml.org server is slashdotted. on Kernel Hackers On Ext3/4 After 2.6.29 Release · · Score: 1

    FAT doesn't have a journal, but it does guarantee metadata consistency. When a transaction starts on disk it sets a bit in the second FAT entry, then it starts the update, then it clears the bit. If you mount the volume and the bit is set you should run a chkdsk. Chkdsk is painfully slow in the absence of a journal because you have to scan every directory entry and check them against the FAT for consistency but at the end of the process the metadata would be consistent again.

    Of course for the sort of volume sizes FAT was designed for, even this sort of chkdsk isn't too bad. And on Windows chkdsk does a lot of consistency checks even on NTFS - it doesn't just undo any transactions which are marked as pending in the journal, it actually checks all the indexes too.

  12. Re:lkml.org server is slashdotted. on Kernel Hackers On Ext3/4 After 2.6.29 Release · · Score: 1

    Actually, Linus was, as he sometimes is, completely clueless. He's unaware of the fact that filesystem journaling was *NEVER* intended to give better data integrity guarantees than an ext2-crash-fsck cycle and that the only reason for journaling was to alleviate the delay caused by fscking.

    Most Linux users don't fsck very often though. Fscking is a very rare case where you must to be correct, but you only should be performant. It's an issue if the fscking fscks your data, which is what happens if the metadata is more recent than the data.

  13. Re:How we deal with pirated programs? on How Do You Deal With Pirated Programs At Work? · · Score: 1

    Packed exe files are suspicious though - if a file is compressed you can't scan it for viruses.

    In a deeper sense consider some polymorphic malware - most of the text segment would be encrypted with a random key when it copied itself, a small chunk of code would be unencypted and would know how to decrypt the rest. If you do a heuristic scan for extensive code section modification this looks exactly like a packed exe file. The things you linked too sound like this sort of heuristic test is failing when they are detected.

    I have a site with some binaries on it that used to be compressed with UPX and I actually stopped doing it, partly for this reason and partly because I was worried the unpacker might break on Vista or some future version of Windows. They're in a zip file anyway, so it doesn't save any bandwidth to UPX the exe files as well.

  14. Re:How we deal with pirated programs? on How Do You Deal With Pirated Programs At Work? · · Score: 1

    It seems like there are three possibilities here.

    1) The Keygen author is totally innocent (and works for free), but for some reason AV software has a very high false positive rate with keygens.
    2) The keygen authors are guilty as hell - the bundle some nasty botnet creating script with the keygen, they presumably get some sort of bounty from the bot herders for recruiting new victims.
    3) There's a conspiracy between the vendors and the AV writers to detect viruses in the keygens and thus stop piracy.

    I've always thought it was 2). I can't see what business model the keygen writers have otherwise.

  15. Re:How we deal with pirated programs? on How Do You Deal With Pirated Programs At Work? · · Score: 1

    Actually if you have Ghost you can do this

    1) Partition the main drive into a boot drive, C: and at least one spare drive, say D:
    2) After install make a Ghost image of C onto a file on D:
    3) When you want to reset the machine, boot off a USB stick with Ghost on it and overwrite C: with the image file. This takes only a few minutes

    Obviously you can use this to flip machines back and forth between different OSs too.

  16. Re:Colbert trumps Scientology; everyone wins. on Colbert Wins Space Station Name Contest · · Score: 1

    "Vile epithet" :-) Someone has been reading the thesaurus.

  17. Re:Cool - now how much ... on NASA Tests Heaviest Chute Drop Ever · · Score: 1

    It's a bit like the Titanic, which only had enough lifeboats for the First Class passengers.

    You could actually segment the market like this

    * Steerage class. A large cage at the back of the plane. Locked at departure, weighted to sink in the event of a crash landing on water. In the event of a crash landing on land, business class passengers will club the survivors to death.
    * Economy class. Small, uncomfortable seats. Life jackets are provided. In flight meal including peanuts to throw at the steerage class cage.
    * Business class. In the front section of the plane which is designed to break off and have its descent slowed by parachute. Clubs for self defense against invaders from economy class.
    * Overlord class. A luxurious private cabin just off the cockpit with a kingsize bed, equipped with retrorockets to slow descent. Droit de seigneur over the steerage and economy classes, also the option to redirect the plane to a new destination on a whim after takeoff.

  18. Re:1 Question on NASA Tests Heaviest Chute Drop Ever · · Score: 5, Funny

    An American pint is actually a copy of a British pint in 1707. The British later changed over to Imperial in 1824.

    We had a choice between Liberty and More Beer. I'm still not sure we chose wrong.

  19. Re:Cool - now how much ... on NASA Tests Heaviest Chute Drop Ever · · Score: 5, Funny

    Well over 350,000 pounds Boeing 767 so don't get any ideas.

    Planes would probably break up as well. Great that you attached to the mid section but you'll probably loose either the front 3rd or the rear as the thin cabin torsions apart.

    If you could guarantee the front third would survive it would help sell business class tickets in these troubled times.

  20. Re:Judge for yourself on Dealing With a Copyright Takedown Request? · · Score: 1

    That question, and the ones like it are to see if you are a hypochondriac

    http://en.wikipedia.org/wiki/Minnesota_Multiphasic_Personality_Inventory#Clinical_scales

    Number Abbreviation Description What is Measured
    1 Hs Hypochondriasis Concern with bodily symptoms

    The answer is no presumably.

  21. Re:Done on Dealing With a Copyright Takedown Request? · · Score: 1

    It's more subtle than that, they try to identify personality types in an organisation and hire people who match.

    So you should answer the questions in the way an FBI agent would answer them if you want to join the FBI.

    Actually it would be funny to see how an FBI agent would react if you asked him these questions in a bar and very carefully noted down his answers with a surprised look on your face.

  22. Re:My question to you is... on Dealing With a Copyright Takedown Request? · · Score: 1

    You know you've seen Blade Runner too many times if you imagine Leon saying

    "Hey! I'll tell you about my black, tarry bowel movements"
    [Gunfire and screams]

  23. Re:Sorry for replying to my own post, but.. on Dealing With a Copyright Takedown Request? · · Score: 1

    Yeah, and even worse the next post down says this

    Dear thugcop oh my gosh you are a god sent im going to be taking the test (mmpi 2) in 2 weeks and I would appreciate if you could send me the rest of the test and any pointers that you might have. I bought a book on it and I am studying what they want. I am taking the test for employment. I took a polygraph recently and scored a "unconclusive" so I have to take it again in 1 week at a differnt place if you have any info it would be greatly appreciated. thank god for people like you this is such a process and so much is riding on my results I want to be as prepared as possible.
    My EMAIL address is Flux123@hotmail.com
    please please please send anything you can.
    Thanks again!

    I.e. this is a website for people who want to research the correct answers to give. From the point of view of Pearson, the copyright holder, it seems that if the correct answers are available on the web, that does limit the value of their test.

    It's a bit like an exam really. If you own the copyright, it's not in your commercial interests to allow people to post chunks of it on the web. And as you point out, fair use allows quoting portions for critical purposes. So if he'd quoted less than 10% of the questions and pointed out how obvious the answers were, he'd be on surer ground.

    Ironically enough, he could have worked out what answers different personality types would give for the questions he quoted. From what I've read this test doesn't have right answers per se, it's about identifying your personality type. The people hiring you want you to fit in with the people they have.

    That would probably be ok in fair use terms and it would also be more useful to the people who wanted to essentially cheat on the test. Given that most of the questions have very obvious answers, he could pick the 10% where the question is non obvious and discuss those. That would allow people to 'emulate' the right personality type and might still be legal in fair use terms.

    Of course if you want to do this sort of thing, you'd be better off reading papers by psychologists on the test. I'd imagine that's what Hannibal Lecter would do...

  24. Re:Well, It Seems You Have Already Taken It Down on Dealing With a Copyright Takedown Request? · · Score: 1

    The demon on my right shoulder advised me to answer no.

  25. Re:Of course. on Researchers Demo BIOS Attack That Survives Disk Wipes · · Score: 1

    If that option wasn't overrideable by software later, then yes. You could imagine the chipset would power up in a state where writes could be enabled by some sequence of IO port operations. It would also have a state where writes were locked out until the next power cycle. The default would be to enter that state and the readme file for Bios updates would tell people to enable writes before running it.

    Another possibility would be to sign the Bios update file and have the bootblock verify it before flashing.

    Or you could go for the full on trusted system approach where the bootblock would verify all modules after decompressing them prior to execution. If the bootblock was write protected and only knew the public key used to verify the signature, not the private key used to generate it, this would be very secure.

    Ok, the private key may leak, but it seems like forcing malware writers to know one key, one signing algorithm and one chipset unlock sequence for each model of motherboard they target would make things much, much harder for them.

    Right now they already need to know a chipset unlock sequence per model, so this sort of thing is very hard to do if you want to work on a decent selection of boards. Still coreboot has helpfully documented that for a few boards.

    http://tracker.coreboot.org/trac/coreboot/browser/trunk/util/flashrom