Slashdot Mirror


User: betterunixthanunix

betterunixthanunix's activity in the archive.

Stories
0
Comments
6,598
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,598

  1. Re:donation of HDTVs? on Software Freedom Conservancy Wins GPL Case Against Westinghouse · · Score: 1

    Particularly since they are currently undergoing some sort of bankruptcy proceedings -- they may be legally required to liquate the remaining merchandise before they comply with this particular court order.

  2. Confused on Software Freedom Conservancy Wins GPL Case Against Westinghouse · · Score: -1, Troll

    A copyright ruling...but it is good for freedom...

    Head explodes

  3. Re:I can see compromised hardware being an issue on Malicious Hardware Hacking May Be the Next Frontier · · Score: 1

    Unless, of course, you can compromise the TPM too. The issue is that hardware can be compromised; the solution is to either design hardware that is difficult to compromise without creating faulty operation, or to have a secure manufacturing chain where everyone needs a minimum level of clearance to even enter the facilities.

  4. Re:A playground for Intelligence Services on Malicious Hardware Hacking May Be the Next Frontier · · Score: 1

    Neither would I, considering that intelligence agencies have done this sort of thing in the past. There was a pipeline in Russia that (supposedly) exploded because a microchip design that Russian spies had copied from the USA had a malicious block. The Israeli air force seemed to mysteriously not be fired upon from enemy computerized antiaircraft installations, although there was never any official confirmation.

    Hardware hacking is not new, and neither is malicious hardware hacking.

  5. Re:Uhhh... on Malicious Hardware Hacking May Be the Next Frontier · · Score: 1

    It is not too hard to create a block that is very difficult to route around, considering that the routing problem is NP-hard. It is one thing to tamper with a single block and hide something malicious in it, especially a large and complex block; it is something else entirely to try to rearrange in the interconnect between blocks without affecting the ability of the device to function. Your adversary in this case does not want to be obvious, and so they cannot ship devices that are less reliable as a result of the tampering, nor can they ship a device with a easy to detect form of tampering (like an extra block that would be obvious upon visual inspection).

  6. Re:Uhhh... on Malicious Hardware Hacking May Be the Next Frontier · · Score: 2, Informative

    There is a good bit of research on this topic, actually. I think the idea with the "block that takes over functionality" is that it is perhaps simple enough (and thus lower performance) that inserting malicious functions into it would be difficult to do without being detected. So, for example, you might have a very high performance DSP block that can do a 1024 point FFT in a few clock cycles, but that is going to be a lot of logic and leaves a lot of places for a malicious manufacturer to hide something; your fallback if extra circuitry was detected would be a less complex FFT circuit that takes thousands of clock cycles to do the FFT, and which would be harder to tamper with. Detecting hardware that has been tampered with is pretty hard, though, and that is where a lot of the research is.

    It is not just about outsourcing; a chip fab in this country might have a worker who is on the payroll of the Chinese government, and who tampers with a chip layout just prior to manufacturing. It is pretty expensive to run a secure chip fab, and even if all chip fabs were domestic, you would still have a number of important computers (think of utilities, critical services, etc.) being manufactured at facilities where the employees might be engaging in sabotage of this sort.

  7. Re:[Insert scary possibility] on Malicious Hardware Hacking May Be the Next Frontier · · Score: 1

    'Hacker' carries a very negative connotation and it seems like, from this article, that some people are trying to perpetuate it.

    "Some people?" More all, "almost everyone except hackers themselves." In a way, you can divide the population in four groups: hackers, non-hackers who respect hackers (a tiny minority), people who are annoyed by hackers and want to discredit them, and people who never knew what hacking was about and believed the mainstream media's attacks and propaganda about hackers. Even movies that have hackers as the protagonists seem to portray hackers as people who do nothing but break through security systems.

    "Hacker" has become a synonym for "enemy of society" as far as most people are concerned.

  8. Re:Uhhh... on Malicious Hardware Hacking May Be the Next Frontier · · Score: 1

    It could be as simple as checking power consumption against the design of the hardware, and falling back on slower but logically equivalent hardware if something is wrong. When you can fit a billion transistors on a single microchip, that is not really asking too much.

  9. Re:CPLD? on Malicious Hardware Hacking May Be the Next Frontier · · Score: 5, Interesting

    People have been hacking hardware for a really long time, longer than they have been hacking software. My security engineering textbook lists a number of hardware hacks that were used for espionage, particularly side channel attacks and other signals intelligence. Creating hardware trojan horses is an old trick; you might even say it dates back as far as the Trojan war.

  10. [Insert scary possibility] on Malicious Hardware Hacking May Be the Next Frontier · · Score: 4, Insightful

    "A hardware hack could do [bad thing] or even [really bad thing]!" What about, "A hardware hack could free users from restriction systems?" or perhaps "A hardware hack could allow a mechanic to work on a transmission that was locked down by the manufacturer?"

  11. Re:PDF? on iPhone Jailbreak Uses a PDF Display Vulnerability · · Score: 1

    Note that he did not say we have to like Adobe -- he said if you are worse than Adobe, you definitely have a problem. We can safely hate both Apple and Adobe, a fairly routine day on /.

  12. Re:Use the FreeBSD userland please! on Illumos Sporks OpenSolaris · · Score: 2, Insightful

    Here I was, thinking that GNU was the premier userland, at least in terms of the number of users who depend on. Oh, wait, I see what you did there, you started a GPL-vs.-BSD license flamewar.

  13. Re:Well, good on Tor Developer Detained At US Border, Pressed On Wikileaks · · Score: 1

    His work on Tor was the reason for his communication with Wikileaks. So as someone doing cryptography research, I have to be careful about who I speak with, because if I give details about my work to the wrong people, I could be "detained?"

  14. Re:Is it worth the effort? on Illumos Sporks OpenSolaris · · Score: 2, Insightful

    Would you perhaps like to explain to me and people like me how "Zones" are different from "virtual machines?"

  15. Re:Is There A Sufficient Community/Demand? on Illumos Sporks OpenSolaris · · Score: 3, Insightful

    The way I see it, OpenSolaris should have happened five years earlier, when people might have still cared. By the time Sun announced OpenSolaris, it was already an uphill battle to find open source developers who even cared about Solaris.

  16. Re:Is it worth the effort? on Illumos Sporks OpenSolaris · · Score: 2, Informative

    Unless I am confused, "Zones" are virtual machines. If you think there is no equivalent, I guess you are not familiar with Xen or KVM, or the dozens of other VMs out there. ZFS is available as a FUSE driver, and Linux already has attachable debugging, although perhaps not with "feature parity."

  17. Re:Is it worth the effort? on Illumos Sporks OpenSolaris · · Score: 2, Insightful

    No, but perhaps the codebase is cleaner and has fewer bugs? Clearly, someone is interested in it.

  18. Re:USB? on Hardware Hackers Reveal Apple's Charger Secrets · · Score: 1

    Perhaps because you want to get your power from a device that does not have USB outputs?

  19. Re:Should we have a... on Hardware Hackers Reveal Apple's Charger Secrets · · Score: 4, Insightful

    Do you even have to ask? Yes, we should have a right to repair, and a right to build interface devices.

    People often talk about how wasteful Americans are and the problems of a throw-away society. If people were more willing to repair their devices, especially complex electronic devices (most of which fail because of simple and repairable problems, like a broken lead), we would be better off. Aside from less electronics in landfills (let's face it, few people actually dispose of electronics properly), people would not be spending their money so quickly, and presumable that would mean fewer debt problems (or they might just spend it elsewhere).

    Of course, we will never see anyone other than a few activists pushing this sort of mentality -- corporations have enjoyed ever larger profits because people are unwilling and unable to repair their own equipment (or to find a local repairman to do it for them).

  20. Re:Ah the joys... on The Recovery Disc Rip-Off · · Score: 1

    I have been finding that Linux compatible hardware is becoming pretty easy to obtain. Certain companies are still on the "bad list" -- Broadcom certainly stands out -- but for the most part, I have no problems anymore. Of course, I do not demand particularly high performance 3D graphics, so maybe that is why...

  21. Re:Manning/wikileaks connection on 'Project Vigilant' Recruits At Defcon To Track You · · Score: 4, Insightful

    Was it specifically bad to turn in Manning? No, things are no black and white. From where I sit, though, Wikileaks is doing a good thing by exposing government lies -- we cannot trust the government to be honest about classified documents, which is why we need Wikileaks. If these guys are fighting against Wikileaks, that means they are pitted against those of us who want a more open government.

    What worries me is that these guys are not required to abide by the constitution; they voluntarily collect information, and then turn it over to the government, which allows the government to obtain evidence that it would not otherwise be able to collect. These "fourth party" arrangements have been discussed in the past, and just because they are not hot news items anymore does not mean they are less worrysome.

  22. Re:please oh please on WikiLeaks 'a Clear and Present Danger,' Says WaPo · · Score: 1

    Hundreds of years? More like hundreds of thousands of years. I am not aware of any ciphertext only attacks on AES, and with a 256 bit key, that would be one hell of a brute force attack.

  23. Re:Sex... or orgasms? on Sex Boosts Brain Growth · · Score: 1

    intellectual discussion

    Which /. have you been reading?

  24. Cue up the religious right on Sex Boosts Brain Growth · · Score: 1, Funny

    First those scientists tell our kids that they are just monkeys, and now they are telling them that they should be having sex! Just look at how they are trying to destroy our society!

  25. Here we go again on Does Net Neutrality Violate the Fifth Amendment? · · Score: 1

    More net neutrality FUD. Net neutrality is not regulation of the Internet, it is regulation of businesses that provide access to the Internet, in particular requirements that those businesses provide nondiscriminatory access.

    As for your lovely examples of competition for TV and Internet...what has it gotten you? In my home town (a major urban area with millions of residents), the competition between cable TV companies has not resulted in better service; in fact, the service is absolutely terrible, and has been getting worse during a period of increasing competition. You are still required to use particular equipment to access the cable TV system (none of the providers, last I checked, allowed any "unauthorized" equipment). During prime time, there are frequently outages, particularly on "On Demand" channels. At least once in my memory, a disagreement between one of the cable providers and a particular channel resulted in the channel becoming unavailable for that provider's subscribers.

    That is exactly the sort of situation that net neutrality regulations are designed to protect consumers from. There is no technical reason why ISPs can't dictate which equipment you use to access the Internet, or block access to particular hosts who fail to pay up, or even block access to particular services (imagine if your ISP said that you need to pay extra to use SSH -- much in the same way that many cell phone companies demand an extra fee to allow you to send a fax over their network). "The market will solve it" just does not seem very plausible, considering how well "the market" has done in providing decent cable and cellular service.