Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Profanity-Laced Academic Paper Exposes Scam Journal

ChumpusRex2003 Reject (137 comments)

As a reviewer, I would have rejected the paper because I don't see where either of the references given are cited in the text. However, they would get a point for being up-to-date in citing RFC2821 rather than RFC 821.

about a month ago

Employers Worried About Critical Thinking Skills

ChumpusRex2003 Re:What is critical thinking? (553 comments)

Which is exactly why the "establishment" has been trying to ban it.

No, really! The Republican party had the opposition of "teaching of higher-order thinking skills, critical thinking skills and similar programs" in schools written in their platform document as one of their policy aims.

Wash post

about 2 months ago

FTDI Removes Driver From Windows Update That Bricked Cloned Chips

ChumpusRex2003 Re:Computer Missues Act 1990 (572 comments)

Why would FTDI have to ensure their driver doesn't break chips that aren't theirs? There's no agreement, licensing, or goodwill. The problem is that this was not accidental. The FTDI anti-clone code in the driver is very sophisticated and actually performs a "preimage" cryptographic attack, to ensure that the clone chip doesn't detect the invalid configuration and auto-reset to factory defaults. Deliberately and with premeditation setting out to "damage" (which in legal terms includes temporary malfunction or impaired function) hardware is not legal without a court order or similar legal basis. The 2nd issue, is that of ensuring that they do not inconvenience wholly innocent parties. They failed at this. The FTDI anti-clone code will also deactivate genuine FTDI chips which have been configured with an external configuration memory in certain circumstances. This has been reported by a company which build development boards with numerous FTDI chips in different configurations; they found that the chip with an external EEPROM would get corrupted by new driver, even though the components were obtained from an authorized distributor.

about 2 months ago

FTDI Reportedly Bricking Devices Using Competitors' Chips.

ChumpusRex2003 Re:"Reasonable" my ass (700 comments)

However, a lot of manufacture is contracted out. If you're buying 10 or 20 chips for internal R&D you'll likely get genuine ones.

However, when you find a contract manufacturer and ask them to make 100,000. You require an XYZ, Inc. ABC123 chip and ask the manufacturing contractor to source it. Unbeknown to you, they obtain a counterfeit source. The chip is virtually identical externally, and functionally very similar, so that your product passes validation testing.

You as the device designer and seller may have no idea that you have fake chips on your device. Perhaps, your RMA rate is higher than you expected due to chip failures, or perhaps you are getting a lot of bug reports from the field which are not reproducible on your prototypes, but are on production devices.

This isn't the first time a USB->UART vendor has taken vigilante action against fakes. The vendor Prolific had major problems with low-quality, buggy and slow fake chips, causing major support headaches for customers and themselves. I believe they ended up discontinuing their main product and replacing it with an incompatible version, while poisoning the drivers so that they would BSOD/Kernel panic if they detected a fake chip.

about a month ago

FTDI Reportedly Bricking Devices Using Competitors' Chips.

ChumpusRex2003 Re:The good news (700 comments)

Yes. A company called Supereal is selling enormous volumes of "FTDI" chips into the Chinese market. The chips are labelled with the FTDI name and logo and during the USB negotiation, they announce themselves using the FTDI vendor unique ID, in order to use the ubiquitous and flexible FTDI driver (rather than require any development work for their own driver).

See http://zeptobars.ru/en/read/FT... for an example of a fake chip - labelled FTDI on the outside, but supereal on the silicon.

The problem is that the fake chips are buggy and slow compared to the genuine article, causing headaches for USB peripheral designers and support and reputation headaches for FTDI. There is a huge market for USB UART chips, and it is quite competitive, but few of the products on the market are actually as reliable, fast and robust as you would expect them to be. The FTDI FT232RL is one of the best in terms of reliability and has the best drivers, while also providing some handy bonus functionality.

It appears that FTDI have reverse engineered the fake chips and found that they can be reprogrammed. When their driver detects a fake chip, it uses the internal configuration commands to erase the EEPROM memory containing the Vendor Unique ID. With this EEPROM blanked, the chip is unable to complete the device detection process in the OS's USB stack.

about a month ago

Snowflake-Shaped Networks Are Easiest To Mend

ChumpusRex2003 Re:no? (38 comments)

The aim was not to find the "best network", but the "best network without redundancy".

The point was that most networks are designed with redundancy in mind, but not all networks require that degree of reliability. For those networks where reliability is not necessary, it would be helpful to know what the lowest cost configurations are.

about 3 months ago

Miss a Payment? Your Car Stops Running

ChumpusRex2003 Re:Oh good (907 comments)

one or both of them are full of something. Not necessarily. They could both be right. The interlock device only defeats the starter. However, if the car lessee is defaulting on lease payments, then it is likely that they are also cutting back on scheduled maintenance and repairs. It is entirely possible that the engine is unreliable and idles poorly, being prone to stall when idling. It is perfectly possible in such a case, for a driver to reach an intersection, have the engine stall, and then be unable to restart it because the interlock has defeated the starter.

about 3 months ago

Data Archiving Standards Need To Be Future-Proofed

ChumpusRex2003 Re:Keep your important data on current storage. (113 comments)

And only one variant of one JPEG protocol ever found widespread use. JPEG actually published both a lossless and a lossy compression algorithm and accompanying file format. The lossless format faded into near total obscurity, apart from some medical software, where the lossless JPEG data would be encapsulated in a medical (DICOM) container. Technically, lossless JPEG is a mandatory part of the DICOM specification, but not every product (free or commercial) supports it, and it's virtually impossible to find an opensource implementation of lossless JPEG outside of limited implementations as part of medical imaging tools. There have also been a variety of extensions published to the JPEG lossy algorithm - notably extension to 12 or 16 bit depths. Good luck finding any support for these, at all. Again, these formats were nominally supported in the DICOM standard for medical imaging, but were very poorly supported. A flurry of naive new-entrant machine vendors, ended up embracing these "novel" formats, only to cause total chaos for their customers, as they found that the files were unviewable on incumbent viewing software or untransmittable to other systems.

about 3 months ago

2 Galileo Satellites Launched To Wrong Orbit

ChumpusRex2003 Re:Interesting difference between GPS and Galileo (140 comments)

The SAR component of galileo is a separate service to the positioning service. The intention is that it can operate as an EPIRB receiver. Conventional emergency beacons can be located by satellites, but the resolution is poor (tens of miles) and the time to fix is long (30-60 minutes). The beacon transmits a signal, and suitably equipped satellites detect the beacon, and relay it to ground stations, which then compute the location of the beacon by measuring the change in Doppler shift as the satellite flies by. The SAR component of galileo was designed with the intention that the overhead satellites would detect the time-of-arrival of the beacon signal and cross reference it with the satellites' atomic clocks, effectively performing a reverse GPS-fix. Such a system would be able to obtain a fix within minutes or seconds, and such a fix would likely have a resolution of 1-2 miles. The SAR component is not a mandatory service. You can use the passive location service without implementing SAR in a device. You would only use the SAR service, in an emergency locator beacon device. At the time the galileo SAR system was designed, feedback was a problem with locator beacons. The user had no idea if the signal had been received. Later revisions to the system mean that modern beacons and satellites now offer two big upgrades - the beacons can contain a passive GPS reciever, and can embed the location data in the beacon signal; and the satellite system can transmit feedback to a compatible receiver telling it that it's signal has been received and a position fix made. The Galileo SAR function is therefore rather redundant, but it's often helpful to have a 2nd independent and redundant safety system available, so I can see that it would still get used.

about 4 months ago

Network Hijacker Steals $83,000 In Bitcoin

ChumpusRex2003 Re:Where is the validation? (101 comments)

The mining hardware/software will report a realtime hash rate, based upon the operation of the hardware/software.

However, the process of mining is a stochastic random process. Essentially, the job of a miner is to find a partial "hash collision" - essentially, the miner hashes the transaction data and a random nonce, and aims to find a hash as close to 000000000....00 as possible. The bitcoin/alternative network agrees a priori, what threshold counts as a "hit". The miner essentially tries random nonces, until it either gets a hit, or is told that its transaction data is stale, and needs to be refreshed.

Because, in the case of bitcoin, the network sets the target such that on average 1 "hit" is found every 10 minutes worldwide. This means that an individual miner might have to run for weeks or months to get a win and be awarded the (currently) 25 BTC reward for successfully computing a hash below target. In practice, therefore most miners operate on "pools", where a central server coordinates multiple diverse pieces of mining hardware operated by multiple individual operators. The pool operator when they receive a 25 BTC reward, then divides it up amongst the contributors.

The way the individual pool servers account for hash rate is to set a lower hash target, and count the number of "hits" each miner gets. E.g. if the main bitcoin network has target is Because pools can only detect hashrate by the rate at which "hits" are delivered, the reported hashrate will necessarily vary by virtue of the statistical properties of a stochastic process. The degree of variation depends upon the "difficulty" (target) set by the pool operator, the degree of "smoothing" that the pool operator applies to the displayed statistics, your hash contribution (a bigger contributor, will have a smaller coefficient of variation in their displayed hashrate, again for statistical reasons) etc.

Things are further complicated because many of the affected pools are "multi-coin" pools. The pool server automatically scans multiple cryptocoin networks, and various cryptocoin exchanges, to work out which coin is most profitable, the server will then jump between coins every few seconds or minutes as needed. For various technical reasons, different coins have different "stale" and "orphan" rates - "hits" which should have resulted in new coin creation, but where the hit was rejected (either immediately - stale) or initially accepted, then rolledback (orphan). Some of the alternative coins had rather dubious technical designs which could lead to massive reject rates, and this too could result in displayed hash rates fluctuating like mad.

The final issue is that many pools were often run by rank amateurs, and were targets for hackers/DDos like red-rags are to a bull. DDoSes, random server crashes, bandwidth exceeds, etc. were all common place, as well as various software bugs in "multi-pool" backend software would cause miners to end up disconnected from servers. Smarter miners would have typically have several pools configured on their mining hardware, so that the software could fail-over to another server. However, even that wasn't always successful. I once left my mining hardware unattended for a week, and configured it with 8 pools. When I checked the logs when I got back, there was a period of about 24 hours when the mines were idle, as all servers were off line.

about 4 months ago

TEPCO: Nearly All Nuclear Fuel Melted At Fukushima No. 3 Reactor

ChumpusRex2003 Communications and knowledge were a problem (255 comments)

This is the crux of the problem. No one knew what was going on and what to do. Investigations over the last few years have shown that typical TEPCO safety drills were very limited and basic; there was little planning or rehearsal of complex accident scenarios, just basic minor incidents.

There were poor decisions and communication between various designers and operators. Take for example, the situation at reactor 1. After the generators started, the emergency reactor cooling condensers should have switched on to provide cooling. However, operators had found that they were very effective and being unfamiliar with their use were concerned that they would cause thermal shock to the reactor. Not familiar with the operation of this system, the operators decided to manually switch off the condenser system to arrest the temperature drop. They would then switch them on again manually as reactor temp rose again. This worked fine, until the generators failed, removing control and monitoring from this system.

Operators at emergency control, in a separate quake-proof building asked for confirmation of operation, but the control room could not give it. So,workers went out to inspect the reactor building for steam rising from the condenser stacks. They reported some steam rising, and it was assumed that the system was operational. However, the condenser system had never been used or tested since the plants were constructed 40 years ago. No one knew how they worked and how quickly they could cool the reactor, no one knew how much steam was produced during operation. It turns out that the workers sent out for reconnaissance saw only faint steam trickling from the stacks, consistent with the system having been switched off for many minutes, but still containing some residual heat. Had the system been switched on, the clouds of steam would have been so profuse and so dense that the it would have been impossible even to see the reactor building, let alone identify the condenser stacks.

On the assumption that the system was operational, other attempts to provide emergency cooling were suspended or delayed. A steam/battery powered pump system was available to deliver fresh water to the reactor, but without a heatsink (condenser) available, the reactor temperature rapidly rose and so did reactor pressure, eventually overcoming the maximum discharge pressure of the coolant injection system. After a few hours, the UPS controlling this system discharged and it also failed.

After 24 hours, reactor pressure unexpectedly dropped. Operators realised that this might permit external coolant injection and fire engines were called in. There was a huge delay, as the fire engines were unable to reach the site due to debris and some had been destroyed by the tsunami. Subsequent investigation showed that despite massive coolant injection, coolant did not rise in the reactor. The cause was thought to be due to damage to the reactor vessel or a pipe. In retrospect, it probably indicated damage to the reactor following meltdown of the fuel.

There were also design oversights in the emergency systems for the plants. One of the final backup schemes for reactor cooling was the ability to connect fire engines to the reactor to inject coolant. It subsequently became apparent that in units 2 and 3, this water didn't reach the reactor, and collected in a condenser unit instead. This was always going to happen, due to the way in which the water pipes were connected. There was a pump connected between the storage tank and the injection flow pipe. Under normal injection conditions, the pump would have been running, and any additional water from the fire engine would likely have gone towards the reactor, and this presumably was the assumption under which the water injection protocol was developed. However, under power failure conditions, the pump was unpowered. Due to the design of the pump - a rotodynamic (impeller) pump. this pump would have offered little or no resistance to reverse flow when unpowered.

about 4 months ago

UK Computing Student Jailed After Failing To Hand Over Crypto Keys

ChumpusRex2003 Re:Seems appropriate (353 comments)

This would not help. The exact offence is "failing to make readable encrypted data". In order to convict, the prosecution only have to prove that the data is encrypted, that you had control over that encryption and that they have not been able to read it. Loss of damage of the encryption keys is not a defence. The law was specifically designed this way in order to discourage self-destructing encryption keys, etc. The only defence against such a prosecution is to keep a backup of the encryption keys available, so that they can be handed over on request.

about 5 months ago

Qualcomm Takes Down 100+ GitHub Repositories With DMCA Notice

ChumpusRex2003 Re:Counter-notice! (349 comments)

Once the ISP receives a "put back" notice, they must pass to the original complainant in a timely manner.

The ISP must then wait for 10 days, to give the original complainant time to consider the "put back" notice, and decide whether a court case should commence. After the 10 day waiting period, if the ISP has not received notice of a restraining order blocking the put back because of an impending court hearing, then it is allowed to restore the content.

In order to avoid liability to their customer, the content must be restored with 14 days of receiving the "put back" notice, provided that the complainant has not obtained a restraining order blocking the put back.

about 6 months ago

EU's Online Shoppers Get an Extended "Cooling Off Period"

ChumpusRex2003 Re:Wait what? (140 comments)

The change to digital data is welcome.

At least in the UK's interpretation of this EC directive (the Distance Selling Regulations), digital downloads were NOT excluded. The purchase could cancel the purchase at any time up to 7 days after purchase and receive a full refund. Technically, you could download a software package or a movie, and then change your mind and claim a full refund.

While the Distance Selling Regulations specifically excluded copyright material such as computer software, movies, music, etc. - they do so only in physical form i.e. CDs, DVDs, etc. Downloads are treated as a "contract for a service" which do not fall in the scope of this very limited exclusion.

The ambiguity over digital downloads has caused a lot of heartache for a couple of small software developers that I know - albeit not enough to try to take it to court. I'm not sure that there is any caselaw actually addressing this loophole in the current system.

about 6 months ago

Did the Ignition Key Just Die?

ChumpusRex2003 Re:I don't like the control it takes away from you (865 comments)

That's correct, but the same system also has lots of other complex behaviours which could cause confusion.

How do you turn the car off but leave the radio on for the passenger - e.g. at a gas station?
A: Come to a stop. Put the transmission in neutral. Press start/stop button. Engine turns off, and the power system is switched to "accessories" mode.

Q: How do you turn the power off completely?
A: Put transmission in Park. Then press start/stop button

Q: What if I want to turn the power off and leave the car in neutral e.g. for maintenance?
A: You have to switch into Park first. The press start/stop. Then use the transmission shift override to select Neutral.

Q: How do you turn the car off in an emergency - e.g. stuck accelerator pedal?
A: You can't just press start/stop, as the vehicle speed sensor inhibits the button, so you can't turn off the ignition whilie the vehicle is moving. This isn't even in the manual. However, pressing and holding start/stop for 10 seconds will cause the ignition to turn off completely. This is a surprisingly long time in an emergency. In fact, in several "unintended acceleration" episodes, the drivers said they tried to turn off the push-button ignition, but couldn't turn it off.

Q: How do you give a prolonged crank, if the car fails to start (e.g. poor fuel, or cold weather)?
A: You have to let the computer attempt 3 failed starts. After that, the behaviour of the start/stop sequence changes. After the 3rd attempt, a momentary push of the button, will make the computer crank the engine for up to 30 seconds, for as long as the brake pedal remains depressed.

about 8 months ago

Why Are We Made of Matter?

ChumpusRex2003 Re:Ah, antimatter (393 comments)

That's almost right. Nuclear fission reactions have a mass -> energey conversion of ~ 0.1%.

about 8 months ago

Blender Foundation Video Taken Down On YouTube For Copyright Violation

ChumpusRex2003 Re:I don't get it (306 comments)

The summary is quite clear.
Blender produced the video, Sintel, and publish it to Youtube under the creative commons license.
Sony reuses the video as part of their 4k marketing material.
Sony provides youtube with a "reference" copy of their marketing material, and tells youtube to find copies of the material and to exercise Sony's rights over it.
Youtube finds the original Sintel video and matches it to a "reference" copyrighted work (Sony's marketing material).
Youtube arranges for forced commercial licensing of the Blender video with proceeds going to Sony.

about 8 months ago

Blender Foundation Video Taken Down On YouTube For Copyright Violation

ChumpusRex2003 Re:Stop using Youtube (306 comments)

Which is more or less exactly what happens with the DMCA.

The accuser sends a notice to the hosting company saying they believe they are publishing infringing material.
Hosting company informs customer, and will remove content if no reply is received within 24 hours.
Customer responds, that they own the copyright, and once done hosting company restores the content, if removed, or does not remove it if the time period has not elapsed.

Once that stage is reached, the accuser must pay all costs and the video stays up until the case is closed.

The issue is that most providers will remove the material fist, and ask questions later - even though, they are permitted to leave the material for 24 hours to allow the accused to respond.
The other issue is that there is no penalty or cost for an accuser to make false claims under the DMCA. A malicious accuser can easily cause huge administrative headaches for hosting companies and content creators, and face no penalty or cost for it. Things get a lot more expensive and risky for the accuser at the 2nd phase once, and the number of copyright cases that progress after a DMCA counter-claim is very small indeed.

about 8 months ago

UK Government Pays Microsoft £5.5M For Extended Support of Windows XP

ChumpusRex2003 Re:Why not use GNU/Linux? (341 comments)

There may not be a satisfactory alternative.

I was last month negotiating over the purchase of a results reporting and communication system. I spoke to one of the biggest suppliers and asked what platforms they supported: "We support Windows 7 with IE 8." "We're increasing moving to mobile devices, what support do you have for Windows 8, IE9, Mac OS, Android, iOS and other browsers such as Safari, Chrome and firefox". "We will be adding Windows 8 support in our next annual update, which will be available for the standard version upgrade fee. There are no plans to support any other browsers or OSs".

There are a variety of other products in this field, but they all have widely different features, integration capability (can it integrate with neighbouring hospitals systems, or primary care physician systems), etc.

If the only product which can provide your "core specification" is restricted like this, then you can't just go elsewhere.

about 9 months ago

UK Government Pays Microsoft £5.5M For Extended Support of Windows XP

ChumpusRex2003 Re:Proprietary (341 comments)

Actually, they often do care about open-source, but in the wrong way.

I was recently purchasing some specialist medical software, and one of the key terms in the contract specified by senior management, was "the software should not contain any open-source components, except where no close-source alternative exists, and the vendor must ensure that appropriate restrictions over access to the source code are maintained at all times during the duration of the contract".

I managed to get that one negotiated to something less unrealistic (i.e. open source 3rd party libraries permitted), as the only realistic product choice made heavy use of technologies such as xuggler, libpng, openjpeg, etc.

The reason for this, "security". The management were adamant that "open source" was a catastrophic security risk, because "it exposed vulnerabilities in the software". They could/would not be educated on this matter.

about 9 months ago


ChumpusRex2003 hasn't submitted any stories.


ChumpusRex2003 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?