Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

$30 GPS Jammer Can Wreak Havok

Halo- Re:ATMs (386 comments)

Why would ATMs need GPS for accurate timing?

They don't. Article is wrong.

There is a strong trend recently to install GPS-based trackers inside the unit, and if they start moving, call the cops on the included cellphone.

Assuming you're not using the jammer to steal the unit, the only other use for jamming the GPS, is as a denial of service.

Actually, if you read the article, they do need accurate timing:

"And ATMs sometimes communicate wirelessly, using a time-based encrypted code that requires synchronisation."

Using a cryptographically secure PRNG seeded from a known time as an authentication token is a well-known, and frequently used technique. For example, many of the "keyfob" type tokens such as the RSA SecureID things. (Which didn't use GPS, and instead used an internal clock and server-based skew tracking if I recall correctly, but the the principle is the same.) I don't know enough about ATMs to weigh in on what schemes they actually use for authentication and encryption, but it certainly is plausible some could use a time-based, GPS-driven scheme. And, as a bonus, you then have a GPS in the machine for tracking. :)

more than 3 years ago
top

Why You Shouldn't Reboot Unix Servers

Halo- Re:Persistent myth? (705 comments)

... what are you talking about? You know forward slashes don't need to be escaped, right?

grr.... of course there don't. However, as a long-term Unix-only developer, my fingers pretty much type forward slashes for paths, even when trying to write an example of backslashed paths.

But, if you replace my forward slashes with backslashes, my above example holds. :)

more than 3 years ago
top

Why You Shouldn't Reboot Unix Servers

Halo- Re:Persistent myth? (705 comments)

Going the other direction, I can't count the number of times I've seen clueless software devs writing software for Windoze -- usually former Unix devs -- who use double backslashes in their pathnames, e.g.: ...
#if !defined(WIN32)
FILE* fp = fopen("/path/to/a/directory/filename"...);
#else
FILE* fp = fopen("\\path\\to\\a\\directory\\filename", ...);
#endif ..

(Not to mention the Java System.file.separator being "\\" on Windows.)

And before some twit tries to claim that those are actually not incorrect, let me remind you that command.com and cmd.exe are not the C/POSIX APIs and programming at the C library level has allowed the '/' path separator since DOS 2.0 (and probably even DOS 1.0 too. And yes, either one works, but '\\' is not necessary and it's a POS pattern that too many people follow because they don't or can't read the docs.)

I'd argue that have a variable which might end up being used in a string context not being properly escaped is a pretty sizable mistake.
For example:

const char* filename = "/wow/windows/lets/me/fopen/without/escaping/this";
#if !defined(WIN32) FILE* fp = fopen(filename,...);
if(fp == NULL) {
fprintf(stderr,"Failed to open %s\n",filename); // ut-oh...
}
...
#endif

more than 3 years ago
top

Chevron Got North Sea Contract Despite IT Safety Crashes

Halo- Why allow such shoddy programming? (89 comments)

In Chevron’s North Sea drill, the oil firm said the spill modelling software usually crashed when left to run for long periods of time, adding that this was typical of standard industry systems.

If your software crashes when run for long periods, the root cause is almost always one of the following:

  • Memory Leaks
  • Boundary Overflow/Underflow (of either buffers or types)
  • Race Conditions

None of these should be present in the "standard industry systems" of multi-billion (trillion?) dollar industries, especially if they pertain the safety systems. Memory leaks and boundary overflow/underflow are trivial to avoid by any programmer who takes the time to code defensively. Race conditions can be a bit harder to detect and avoid, but they are a less common issue, and handling them is well within the expectations of even a newly-graduated programmer.

There are also more esoteric error conditions. For example, in locations which are higher above sea-level, the "average neutron flux density" (i.e. number of cosmic rays hitting your chips) is higher, and thus the incidence of random transient faults in electronics is higher. It is not unheard of in large computer clusters to have the occasional bit-flip error in RAM due to a random cosmic ray. At the same time, these systems have built-in checkpointing, and when for whatever reason the running software develops a fault, the entire system can roll back to the last known good checkpoint, and restart.

Serious customers would never accept a system or simulator which exhibited the sorts of problems these "industry standard systems" seem to be plagued with. More to the point, I have worked indirectly with some petroleum companies on simulation software, and know for a fact the acceptable "unrecoverable error rate" was written into the contract in a very forceful way. Then again, the simulation software was being used to locate oil, so I guess that says something about the industries priorities. (And it was designed to run on a "real" cluster)

more than 3 years ago
top

Google Faces EU Probe Over Doped Search Results

Halo- But is there a "right" to impartiality? (193 comments)

I'm not in favor of Google "weighting" their search results in favor of their own interests; however, where does it say they have to be impartial? A search engine is fundamentally a "weighting" engine, and what makes (made?) Google more successful is that the public (in general) agreed more with their method of weighting results and with other engines. If the quality of the results (as perceived by the users) falls off, then other search engines will become more popular.

more than 3 years ago
top

'Robin Sage' Social Hoax Duped Military, Security Pros

Halo- Re:Only link that matters (191 comments)

I actually find it rather odd that they choose that picture. I know pretty much instantly that if I get a friend request of a girl in a bikini - unless I know her instantly I know it's just spam and ignore it.

If you read the article, you'll see the picture was intentionally chosen to throw up some red flags. FTFA:

He purposely left several clues that Robin was a fake, including choosing a woman who appeared to be Eastern European and a potential spy, he says.

about 4 years ago
top

Tornado Scientists Butt Heads With Storm Chasers

Halo- Re:Dr. Joshua Wurman.... (402 comments)

This just sounds like sour grapes. You could see the annoyance on the part of the "funded" scientist when that little no-name crew successfully flew a model airplane around a tornado and dropped sensors into it. The fact that was done on a budget put together by selling Tornado videos to news channels sounds like a win/win for me. Took none of my tax dollars, and reaped novel data.

I think you are seriously blurring the line better "serious amateur" and "asshat with his kids in the back of his pickup truck".

While I agree that banning storm chasing is stupid, there is a huge difference between someone with a thought-out (if unfunded) passion, and some yokel who sees a tornado on TV, and loads all his kids in the car on a whim.

Just because you have a "right" to be somewhere or do something, doesn't mean you should. Especially if your actions take away from others. And yes, I am saying that in the case of storm chasers, the guy with IMAX camera, or bad-ass RADAR is more special than you. Why? If those guys get a peek, everyone can benefit from it. If Cletus Q. Localhick drives the ol' F150 right into the tip of the funnel and takes some crappy iphone pictures, I don't see the payoff for the rest of humanity being as large. (Unless Darwin comes out to play)

more than 4 years ago
top

Facebook Crawler Speaks Back

Halo- Re:I suspect this was totally legal (317 comments)

Making physical analogies to Internet issues always runs into problems, since eventually the differences between "real" and "virtual" start becoming obvious. However:

You can go into that store and take as many pictures as you like. You can go into the store, take pictures, and then write a story about what you think of the store.

Actually, I don't think you can. Well, you can go in and start taking pictures, but can be asked to leave or be declared trespassing.

And the fliers my be on FB's property, but they're posting the fliers to the outside of their wooden fence. I can take pictures of that and post them on the internet as much as I like. You have no right to privacy in public. FB posts data in a public forum. They have not right not to have pictures taken and redistributed.

I think this is mostly right in spirit. The issue here is not so much "right to privacy" but of "usage agreements". Facebook is trying to have it's cake and eat it too here. Essentially, they want to say: "you can stand on the sidewalk and look at the stuff on the fence, but you can't look TOO much, and you can't tell people what you saw" which doesn't work. Facebook has no authority over what you do while standing on the "sidewalk". If the guy was using a crawler which required him to "log in" then Facebook may have a point, but if he was making generic "public" requests, they do not. (In my completely-not-a-lawyer opinion)

more than 4 years ago
top

Facebook Crawler Speaks Back

Halo- I suspect this was totally legal (317 comments)

I am not anything even approaching a lawyer, but I suspect his actions were probably legal. The Internet is a public medium, unless you specifically put walls around content, it has the same protection as if you posted fliers on a physical bulletin board in a public place. Yes, you retain copyright over your content, but you have ZERO ability to say "by reading this, you agree to additional terms". If I want to produce a review of all the fliers posted around town, I can. If I want to make excerpts (within "Fair Use") I can. Pretty much the only thing I can't legally do is deface them or copy them outright. Unless he was doing this from a logged in account, I can see how they can limit what sorts of derivative works he makes. (So long as the derivative doesn't violate copyright)

more than 4 years ago
top

Government Could Forge SSL Certificates

Halo- Mechanisms exist to prevent these "attacks" (168 comments)

A lot of these "attacks" can be prevented by properly implementing your PKI. For example, some of the articles (and several commenters) make mention of "using a Root CA to generate sub-CA's which then generate rogue certs". Sure, the system allows this to happen, but it also provides constraints to prevent it. One of usual "basic constraints" (which is an X.509 attribute) of a certificate is: "Max path length" which means: "how deep can a signature chain extend from me, if I am trusted" For most people, there should never be a trusted CA in their keystore which has a max path length greater than 1. (Meaning it can vouch for others, but those others cannot vouch for a second level of trust).

Additionally, all X.509 certificates contain a "Key Usage" field, which specifies what the key can be used to validly sign. For most people, they should never have a certificate in their root store which has the "CA signing" bit set. This is another way to prevent a "trusted" CA from creating a rogue CA which can then issue bad certs.

Finally, there are multiple methods for checking if a certificate is still trusted as part of a regular, ongoing, and sometimes even per-use basis. (OCSP, CRL, etc...) In the past, when I worked on PKI's, these often weren't implemented, but increasingly they are today most browsers support them. (Which is not to say browsers are the only users of X.509 certs.)

What this should mean is that as soon as evidence emerges that a formally "trusted" CA has done something shady, it can quickly be disabled in the field.

In a perfect world, a CA should be sufficiently incented by the threat of being "revoked" via OCSP or whatever that it would never entertain the idea of creating a rogue cert. Imagine the pressure on a large CA like Verisign if they got a root cert yanked. Suddenly ALL of their customers get labeled as compromised.

more than 4 years ago
top

US To Build Nuclear Power Plants

Halo- Small vs. Large problems (622 comments)

No one will say nuclear is without serious drawbacks, but modern reactor design has pretty much reduced those to a single large "what do we do with the waste?" issue. I would rather have a comparatively small amount of containable waste and eons of time to figure out how to make it "go away"(TM) then have much larger environmental impacts which aren't so simple. It's reasonable to expect the human race to come up with a way to render a few hundred tons of radioactive waste inert in the semi-near future. It's much less reasonable to expect us to figure out how to scrub (billions/trillions/quadrillions?) tons of CO2 and other nasties out of the atmosphere, and deal with the other larger scale issues coal/oil/gas produce.

more than 4 years ago
top

Google Attackers Identified as Chinese Government

Halo- Re:No, Seriously... (651 comments)

I doubt this had anything with them doing business in China. Google is a big, juicy target. This attack would have happened even if Google had been giving China the finger for a long time. In fact, it would have been more likely, since China was apparently after information of people who disagree with Chinese policies. What's interesting, is that rather than saying: "Yeah, well, we got hacked, what can you do?" Google is actually looking to smack them.

more than 4 years ago
top

Infrared Fibers Can Protect Against Chemoterrorism

Halo- Re:Israelis are so amazingly brilliant (71 comments)

I think what is really displayed here is the human capacity to engineer when placed under stress or threat. Look at the major technological booms which accompanied the the World Wars and the Cold War.

more than 5 years ago
top

Time Warner Cable Won't Compete, Seeks Legislation

Halo- Re:So to everybody complaining ... (621 comments)

For all those complaining about TW and Embarq's business practices, how many of you are currently using TW or Embarq - regardless of where in the country you are located? How many of you are planning to cancel your service along with a clear and concise letter stating that you are leaving them in disgust due to their conduct in North Carolina?

Okay, so they write a fantastic letter, discontinue, and then go where? This is the crux of the issue. Businesses like TW and Embarq are virtual monopolies. In the case of this town (and many, many others) there is no other option. Either pay them, or use dial-up (which still would require a phone line provided by one of these people usually...) "Voting with your feet" is great, but in this case the only other option is standing outside in the cold.

more than 5 years ago
top

Palm Announces Killer New Phone

Halo- Re:How many iPhone killers is that? (617 comments)

2) Palm is apparently allowing access to the hardware via CSS, HTML, and JavaScript (details are scarce right now), something no one else does right now

Yeah... what could possibly go wrong with that idea? :)

more than 5 years ago
top

(Stupid) Useful Emacs Tricks?

Halo- Re:align-regexp (412 comments)

Wow! An emacs trick I actually like! Thank you!

more than 5 years ago

Submissions

Halo- hasn't submitted any stories.

Journals

Halo- has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>