Slashdot Mirror


User: gweihir

gweihir's activity in the archive.

Stories
0
Comments
19,136
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 19,136

  1. Back to the stone-age on Ajit Pai and the FCC Want It To Be Legal for Comcast To Block BitTorrent (theverge.com) · · Score: 1

    There is a lot of completely legal software distribution over BitTorrent these days. This guy wants to go back to the stone-age. He probably is deeply afraid of the freedoms network-neutrality gives to people and companies.

    Well, the western world is in decline. Desperately keeping old business-models alive and blocking new ones is a traditional sign of that.

  2. Re: We aren't using Rust enough. on Ask Slashdot: How Are So Many Security Vulnerabilities Possible? · · Score: 1

    Indeed. The "somebody else is at fault" people are a plague. They never learn anything from experience, because it is always somebody else that is responsible. Of course, that is usually not true, and hence they stay incompetent.

    Their vision of Rust is nothing but a "coding safe space" where the compiler will make even the dumbest fuckup write secure code. Of course, that is not how it actually works.

  3. Re: We aren't using Rust enough. on Ask Slashdot: How Are So Many Security Vulnerabilities Possible? · · Score: 1

    Indeed. Buffer overflows in security-critical code are mostly a sign of developer incompetence and they are getting far harder to exploit than other flaws like XSS.

  4. Re: We aren't using Rust enough. on Ask Slashdot: How Are So Many Security Vulnerabilities Possible? · · Score: 1

    Actually this "problem" is easily rectified in C by understanding of the "volatile" keyword. Apparently that is beyond the complexity the people that have this issue can manage.

  5. Re: We aren't using Rust enough. on Ask Slashdot: How Are So Many Security Vulnerabilities Possible? · · Score: 1

    The incompetent among the coders (the majority, unfortunately) is always on the lookout for the next, greatest language or tool that will remove their incompetence. It never pans out. This collective stupidity has been going on for a few decades and it is always nonsense.

  6. Re:We aren't using Rust enough. on Ask Slashdot: How Are So Many Security Vulnerabilities Possible? · · Score: 1

    With the Rust people you can never tell. They seem to be trolling themselves constantly about the miracles that their "one true language" can do.

  7. Re:We aren't using Rust enough. on Ask Slashdot: How Are So Many Security Vulnerabilities Possible? · · Score: 2

    Complete and utter bullshit. Language has little to no influence on code security. You can be insecure on many different levels and incompetent coders universally manage to make it insecure.

    Incidentally, the claim the Rust is safe-by-design is a shameless lie. It is not. It just makes some specific security issues more difficult (but not impossible) to implement. It does not do anything at all for most security problems.

  8. Re:10/90 on Ask Slashdot: How Are So Many Security Vulnerabilities Possible? · · Score: 2

    Indeed. Developer incompetence is 90% of the problem. Languages, coding styles, etc. do not really matter. Incompetent coders demonstrate time and again that they can make it insecure, no matter what.

  9. Re:And 90% of the 90% are the biggest boys on Ask Slashdot: How Are So Many Security Vulnerabilities Possible? · · Score: 1

    There are still people that believe programming languages actually matter for security? It is time for the dumb idea to die.

  10. And there are even more soccer-mom types who don't feel comfortable unless everyone is surveilled, because if you don't have anything to hide, why worry, right?

    Well, ask them to put cameras and microphones into their bathrooms and bedrooms and at least some seem to wise up.

    the problem here is you'd need a huge grassroots-type movement to get AMD or Intel to back-down on this. But sadly the truth is that the vast absolute majority of people:

    Do not care
    Don't understand enough about the hardware to have a valid opinion

    OR worst of all actively support this kind of capability to you know; keep their kids safe from terrorists and/or the child-predators that some app has clearly shown to be infesting their neighborhood.

    We live in a society that has completely run out of real threats, and so we've started to hyperfocus on statistically anomalies (partially thanks to a sensationalist media and 24 hour news cycle) to invent new ones.

    Call it the Nancy Grace syndrome.

    We will see. There is a real possibility using these CPUs may become illegal in some sectors of finance and medicine in the EU. Also, think about how much critical infrastructure is possibly affected. That would create a bit of pressure, I Imagine.

    While I agree on the hyperfocus on statistical anomalies, I do really not think this is one. I agree that "ordinary citizens" are clueless as always. Just look like about every fascist and totalitarian government was cheered in by these "ordinary people". I do expect this will have a lot of people very, very concerned for years to come in a professional capacity, and some of those people will be the ones that decide about really large hardware purchases.

  11. Re:Give me the list of impacted hardware on Intel: We've Found Severe Bugs in Secretive Management Engine, Affecting Millions (zdnet.com) · · Score: 1

    It is not "the same" vulnerabilities. It is "similar" ones. Nobody yet has found a way to dump the AMD PSP code. Also, AMD made at least sure that code has to be signed to get in there.

    Wile that is still not a good situation, it is a bit different from the "full compromise" Intel currently has.

  12. That is really interesting. Another failed MS API?

  13. Hahahah, nice. "Free as in Herpes" is something I have to remember.

  14. Re: Windows 10 runs unactivated just fine on Microsoft Offering Free Windows 10 Development Environment VM for a Limited Time (bleepingcomputer.com) · · Score: 1

    There are actual genuine ones. Like they are in a DB on MS side and they do not collide with other installations.

  15. Re:Windows 10 runs unactivated just fine on Microsoft Offering Free Windows 10 Development Environment VM for a Limited Time (bleepingcomputer.com) · · Score: 1

    Indeed. Or Amazon has them as well. I have two in VMs that checked out as genuine without trouble. (I will not put the Win10 spyware into anything by a VM at this time....)

  16. Why would anybody waste time with this? on Microsoft Offering Free Windows 10 Development Environment VM for a Limited Time (bleepingcomputer.com) · · Score: 5, Insightful

    I mean, a devel-environment that expires after two months? If you do things right, you are just in the middle of the first serious experiments when that happens.

  17. Re:Mock him all you want on Flat Earther Plans To Launch Homemade Manned Rocket (apnews.com) · · Score: 1

    Funny. And in actual reality he does not beyond a very basic level of mechanical engineering. He is doing zero science.

  18. Re:I remember... on Flat Earther Plans To Launch Homemade Manned Rocket (apnews.com) · · Score: 1

    The morale is to never start a ridiculous cult, as there will always be people stupid enough to take it seriously and make it a reality.

  19. Of course. Why would it not be? Unless people that do this kind of crap are locked away for life when discovered, this is not going to stop. There are far too many authoritarian assholes in governments around the world that do not feel comfortable until they can spy on everybody.

  20. Re:Give me the list of impacted hardware on Intel: We've Found Severe Bugs in Secretive Management Engine, Affecting Millions (zdnet.com) · · Score: 1

    Form most practical purposes "EVERYTHING" with an Intel CPU is a good approximation. AMD and alternate CPU architectures are not yet affected, may take a few years until the same attack is performed there and published.

  21. And now it demonstrated how it works in the face of a competent attacker: Full, catastrophic, immediate failure. It outperforms any other security in this regard as well, only that it does worse than any other for of security.

  22. Re: Further proof on Intel: We've Found Severe Bugs in Secretive Management Engine, Affecting Millions (zdnet.com) · · Score: 3, Insightful

    Credentials, crypto-keys, etc. are explicitly _not_ "security by obscurity". You just demonstrated extreme incompetence.

    Look up "Kerckhoffs's principle" some time to at least get a minimal clue.

  23. You are mistaken. This is an attacker that can locally execute code. It is not one with physical access. And a local code execution can sometimes be upgraded to a fully remote code execution, especially as the ME can snoop at least on chipset-integrated network cards.

    In addition, AV cannot detect an infection...

  24. There was no one that did "blab" here. Instead the "fucking idiots" are all with Intel and likely the NSA.

  25. Re: And that is why back-doors are a very bad idea on Intel: We've Found Severe Bugs in Secretive Management Engine, Affecting Millions (zdnet.com) · · Score: 1

    You seem to forget that this potentially compromises a massive amount of enterprise computing.