Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Cybercrooks May Have Stolen Billions Using Brazilian "Boletos"

DeKO Re:~$7500 per transaction? (69 comments)

Sounds like they replace the barcode to redirect the payment to an account they own, so they are really stealing the whole amount. Funny thing is, after you enter the code (by scanning or typing) you get a confirmation screen (either on the ATM or on the online system) with the name of the receiving entity; it's hard to imagine the bank would allow somebody to create an account with a name that looks like an utility company or something like that.

I agree, the average amount seems way too high; things at that range are usually paid with credit cards, cheques, or direct transfers between bank accounts. I'm really curious to find out what kinds of transactions average at 100 times the typical boleto value. Was every victim buying a 65" 3D 4k LED TV over the internet?

about three weeks ago
top

Cybercrooks May Have Stolen Billions Using Brazilian "Boletos"

DeKO Blame the banks (69 comments)

From TFA:

In Brazil, when banking customers access their online banking site for the first time, they are often asked to install a security plugin. [,,,] However, the Boleto malware [,,,] searches for specific versions of client side security plug-ins detects their shared libraries and patches them in real-time to dodge security.

I've closed my account in 3 different banks for pulling this bullshit. So it turned out the "security plugin" is full of security holes; worse than that, they are educating their users that they need to install/update software every time they access their bank online, so most accept plugin installation confirmations right away.

The fact that it attacks boletos is a minor detail, it's a traceable and reversible money transfer once suspicious activity is identified.

about three weeks ago
top

Sony Overtakes Rival Nintendo In Console Sales

DeKO Re:Bad marketing (127 comments)

Nintendo's marketing after the Wii was not effective.

I agree with this statement, but for a different reason. I have a Wii U and a 3DS, and none of the competitors'. Google knows that very well due to searches and through the websites I visit. Yet, I only see ads for the other systems, and PC games (my gaming laptop is more than 3 years old, so every "recent" game has to be on lowest settings to be playable... so I don't play on it).

Maybe they are too full of themselves and think they don't need to make the effort? Maybe they don't really understand how to use the internet? My theory is that they didn't learn how to grow. The industry grew, the competitors came from companies that already knew how to grow, yet Nintendo still works centralizing everying in Kyoto with little human resources to manage a global market. Their strategy of disruption from the DS/Wii era went tot heir heads, now they think they can do it again on a whim (like their new "Quality of Life" strategy... heck, let me sync my Fit Meter with my phone or my 3DS, and make my data available on the web) whenever they get cornered.

about a month and a half ago
top

How Your Compiler Can Compromise Application Security

DeKO Re:OK, before somebody else points it out... (470 comments)

There are actually 3 categories:

  • Implementation Defined: the implementation (compiler, standard library, execution environment) has to document what happens. Code relying on this is not portable.
  • Unspecified: the implementation can choose to do what makes sense, and not tell you. Even reverse-engineering and relying on what you found out, is unreliable. The actual address returned by malloc is unspecified; is it aligned? Does it always grow in value if nothing was free-ed? You shouldn't even care about this detail, so the standard leaves it unspecified.
  • Undefined Behaviour: you wrote something that doesn't make sense, if you get lucky the compiler/standard library/operating system will react in a sensible way, but the standard says it's not the implementation's fault you get something wrong as a result. Things like reading variables before initializing them.

Diagnosing UB can be too demanding from the implementation, so the standard doesn't even require it. How would you diagnose incorrect usage of realloc? Add run-time checks? Write a special rule in the compiler so it knows about realloc? Extend the language with metadata? What if realloc is hidden behind a user-defined function? At some point you have to stop, otherwise you could even solve the halting problem.

about 9 months ago
top

New Unix Implementation Turns 30

DeKO Re:Megalomanic (290 comments)

Good troll, sir. Try removing everything except /boot, see how much your computer can do.

about 10 months ago
top

OpenGL 4.4 and OpenCL 2.0 Specs Released

DeKO Re:OpenCL (66 comments)

The gpuocelot project has been able to run CUDA in non-NVIDIA hardware for some time now, including x86 CPUs and AMD GPUs.

Too bad the CUDA compiler often segfaults on ordinary C++ libraries even when they are host-only (in which case nvcc is supposed to just forward it to GCC). Hopefully the LLVM-based compiler for OpenCL 2.0 won't be as buggy.

1 year,1 day
top

Ask Slashdot: How To Handle a Colleague's Sloppy Work?

DeKO Re:Easy (332 comments)

This. If it's your job to go and fix his mess, do it without complaining. And document all the effort you put into it, to avoid being labeled as someone that just rewrites code without adding anything.

If you are not responsible for cleaning after the senior, then don't do it, let it all rot until somebody (your boss, or even your colleague) makes the decision it's time to clean the mess.

about a year ago
top

Pushing Back Against Licensing and the Permission Culture

DeKO Re:In world without copyrights (320 comments)

Oh, I just looked up his info, the guys is a lawyer, so he's fully aware of the contradiction. He's either trolling or utterly incompetent in copyright law.

about a year and a half ago
top

Pushing Back Against Licensing and the Permission Culture

DeKO Re:the point is to keep the leachers in line (320 comments)

No, if there is no license, nobody is allowed to make use of the software. Look up what the word "license" means. Copyright laws assume that every creative work is fully protected unless explicitly stated otherwise.

about a year and a half ago
top

Pushing Back Against Licensing and the Permission Culture

DeKO In world without copyrights (320 comments)

In a world without copyright laws that would be feasible. But we don't, and it isn't. Commit code with no license and legally nobody is allowed to distribute your software. No company will ever willingly use your code, even if it does something unique and useful.

Grow up you hippie and accept that you have to learn something about laws before you interact with society.

about a year and a half ago
top

Apple Hides Samsung Apology So It Can't Be Seen Without Scrolling

DeKO Re:Facts... (743 comments)

Posting to cancel incorrect moderation caused by accidental click.

about a year and a half ago
top

Ask Slashdot: How To Find Expertise For Amateur Game Development?

DeKO Re:Rotation is the hardest stuff (188 comments)

ODE only does rigid body dynamics, no force fields. The guy just need a basic game dev tutorial on force integration.

more than 2 years ago
top

Ask Slashdot: Easiest Linux Distro For a Newbie

DeKO Re:NOT Ubuntu -- try Mandriva. (622 comments)

Wrong. They use different kernel versions, with different kernel patches. And most importantly, the userland apps certainly differ here and there. The most important example is the Mandriva Control Center. It's task-oriented, making it far more friendly than searching for configuration tools by name - in particular, if you have a localized system, where translations are often arbitrary and non-intuitive.

For specific examples, check out Mandriva's wizards for video cards, disk partitioning, network setup, network sharing. Now try to setup those things under Ubuntu without hitting the Ubuntu forums first.

That said, network card compatibility is pretty much hit or miss, as they often depend on binary blobs (either proprietary or windows drivers) that break in different ways with different kernel versions. My dad's current laptop's wifi only works reliably with WEP, not WPA, while mine kernel-panics with WEP. I bet bugs would manifest themselves differently on Ubuntu.

about 3 years ago
top

Book Review: Software Build Systems

DeKO Re:Cmake? Maven? (29 comments)

CMake is there in the summary. Maven is not that popular probably due to its design to do "everything".

What seems to be really missing is autotools. Even if you don't want to admit it is better than most alternatives, it's the only one that really solves a ton of problems that no other tool is able to handle. Simply reading through the autoconf, automake and libtool manuals will teach you a lot about the many issues most other tools just ignore, or solve poorly.

about 3 years ago
top

Smithsonian Unveils 'Art of Games' Voting Results

DeKO Re:I dont understand what the "Target" category is (183 comments)

Apparently, games where you launch deadly projectiles at enemies. I'm surprised they didn't have a "Jump" or "Save the world" genre to match that. Read it as "random genre because we don't actually play games so we have no clue".

more than 3 years ago
top

Sony Gets Geohot's Hardware, But Not YouTube/Twitter User Info

DeKO Re:One amusing aspect. (254 comments)

It's funny how the so called "homebrew" community is quick to hand anyone's head in a plate, when these companies would very much like to hang them all together. It's not like the bits fail0verflow didn't break were any harder anyways. They brought the pirates 80% of the way in, Geohotz already had the last, say, 15%, only feasible because of the first 80%. And fail0verflow now claims they have no responsibility on the piracy matter.

I don't have anything against the fail0verflow dudes, but I'm sure I will have an ironic smile on my face once one of them gets canned in the same way.

more than 3 years ago
top

An Anonymous, Verifiable E-Voting Tech

DeKO Re:Problems with Verifiable Voting (236 comments)

Sure, they could switch candidates A and B. Then you can get some of the unused ballots and feed into the same system and check that every permutation is being counted properly.

more than 3 years ago
top

An Anonymous, Verifiable E-Voting Tech

DeKO Re:Problems with Verifiable Voting (236 comments)

You always depend on a 3rd party to verify it. The entity responsible for the counting can be dishonest even with paper ballots.

Sure, they can count every vote for #3 as a vote for #2. But the system must then be designed to count the votes incorrectly. This is easy to verify later (take one of each ballot type, feed the votes into the system, see if it is counted properly).

Or they could just not give a shit, and ignore the counted votes, and using some arbitrary number instead. Because if you are not trusting the system to count the votes correctly, why would you trust a person to write down the totals to the proper candidate?

more than 3 years ago
top

An Anonymous, Verifiable E-Voting Tech

DeKO Re:Problems with Verifiable Voting (236 comments)

You do know that TED Talks consist of people going in front of other people and cameras, and talking, right? So perhaps the substance is indeed in the video.

The guy actually presents a very simple way to verify your vote was correctly registered, without ever revealing who you voted for. The secret is to remove the candidate names (by shredding that part of the ballot), scanning your vote into the system, and taking home the receipt, which contains no names. Only the system knows which is which. You can later use your receipt's code to see if it registered your vote properly (because it will match your receipt), but there is no way to know which candidate actually received that vote. It actually solves the problem of verification without compromising privacy.

more than 3 years ago
top

How Should Poll Numerical Increments Be Set?

DeKO Re:Fibonacci (311 comments)

You are right, it starts with 0 and 1.

more than 3 years ago

Submissions

DeKO hasn't submitted any stories.

Journals

DeKO has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...