Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

New Russian Law To Forbid Storing Russians' Data Outside the Country

Myria Not all that new, but what is personal? (206 comments)

As another pointed out, Russia isn't anywhere near the first country to do this; in fact, doesn't the European Union require it Union-wide?

Anyway, I'm most curious how the Kremlin defined "personal". Being that a lot of us are software industry programmers, product managers, etc., it'd be useful to know what kind of changes we need to make to our respective companies' international back-end infrastructure.

about a month ago
top

Interviews: Ask Andrew "bunnie" Huang About Hardware and Hacking

Myria If any questions about the original Xbox come up.. (58 comments)

...and Andrew/bunnie doesn't answer them, I can. I'm very briefly mentioned in the book under a different Internet name that I'd rather not say here.

I was the person who figured out how to dump the second version of the MCPX's secret boot ROM without having to repeat the HyperTransport bus tap craziness that Andrew did in the first place. Namely, the A20M# attack, which was much easier to do. (If Andrew hadn't done his original attack, though, we wouldn't have had the knowledge necessary to pull off my attack. <3 Andrew)

We kept the A20M# attack secret until the 360 was released, in case another MCPX silicon revision was released. It turned out that Microsoft had, in fact, coded a new MCPX ROM to defeat many of the exploits used to hack Xboxes - they just never released it, probably because it would've cost a fortune for what was then a console in its late stages. We didn't find out about this MCPX ROM update until some people looked into how the Chihiro arcade boards worked in 2014, which showed the new MCPX code in the debug ROMs. The A20M# attack still would have worked on this design - it was an attack on entire secret boot ROM design, not the MCPX ROM's code =)

Myria

about 1 month ago
top

Hawaii's Oahu Used To Be a Bigger Island

Myria Waterworld (44 comments)

I'll probably sound crazy for asking this, or get modded off-topic, but... My understanding is that the scenario in the movie Waterworld can't happen by melting the polar ice caps because there isn't enough water frozen in them to rise enough enough to cover the continents. Goodbye to Florida and similar areas, but most of the continents would remain. (And thanks to global warming, we'll likely see that scenario... >.<)

But it seems to me as though one way in which it could happen is if we greatly expanded our use of geothermal power, to the point that we exhausted the energy driving plate tectonics. (Hopefully most of the leftover heat would escape into space, or we'd really be screwed.) Then the continents would gradually erode until the solid surface of Earth was at an even level, at which point the existing ocean would completely cover Earth.

To use that much geothermal energy seems pretty ridiculous, though. Just some random Myria musings...

about 2 months ago
top

Surface Pro 3 Has 12" Screen, Intel Inside

Myria Re: Can we install linux on it ? (316 comments)

The Surface Pro, like any other x86 PC that comes preinstalled with an OEM version of Windows 8/8.1, is locked down with Secure Boot UEFI. However, Microsoft follows its own rules--the Surface Pro also meets their own requirement that the BIOS allows you to disable Secure Boot given physical access.

Also, I believe that the Surface Pro's preconfigured UEFI Secure Boot NVRAM contains the Microsoft "Third Party Marketplace" UEFI certificate, which if true would mean that the Surface Pro would out-of-the-box recognize, as an example, the Secure Boot-compatible GRUB2 on the 14.x x86-64 Ubuntu disks as legitimate. I don't have a Surface Pro to check this, however.

about 2 months ago
top

Microsoft Confirms It Is Dropping Windows 8.1 Support

Myria No, not quite true. (575 comments)

Yes, apple want you to upgrade to iOS 7, but if you don't want to (or can't because your hardware is too old) they still provide security patches for iOS 6.

The last update was iOS 6.1.6 in Feb:

6.1.6 was only released for devices that cannot run iOS 7. If you have a device that can run iOS 7, you had to upgrade to iOS 7 in order to get the important security fix, even if the device had iOS 6.x at the time. There was never an iOS 6.1.6 released for iPad 2 or 3, for example.

If they had released an iOS 6.1.6 for iPad 2/3, it would've allowed downgrading from iOS 7.x to iOS 6.x then jailbreaking, something Apple hates with a passion.

about 4 months ago
top

OpenSSL Bug Allows Attackers To Read Memory In 64k Chunks

Myria Chrome's SSL uses a lot of the OS certificate mana (303 comments)

Chrome just uses the operating system for a lot of the certificate validation of HTTPS, so it can be vulnerable to security holes that apply to the operating system. Chrome wasn't vulnerable to "goto fail", but presumably it has been vulnerable to others in Windows and Mac OS.

about 4 months ago
top

Subversion Project Migrates To Git

Myria One big way in which Git is not SVN-compatible (162 comments)

(Technically, as Git is SVN compatible, so you could get this effect simply by using Git 'locally'.)

git2svn has a problem that we ran into recently: because git does not support hierarchical branching, if you do not keep all your branches in a single Subversion directory, it will take an excessively long time for a local git repository to synchronize with a Subversion repository.

For example, let's say that you have the typical /branches directory in Subversion. Now user "myria" comes along, and she wants to make her own directory of branches so that her own branches don't pollute the /branches directory. She does an svn copy of /trunk to /branches/myria/new-crypto. Now git2svn tries to import this change from Subversion into a local git repository and takes three hours. Why?

Because git doesn't support hierarchical branch names, from git's naive perspective, what Myria has done is make a copy of the entire repository into a new directory named "new-crypto" inside of her "myria" branch. Git does not interpret her commit as a creation of a branch - it sees "myria" as the branch, and "new-crypto" as merely a directory within the branch. Subversion gives no special meaning to the directory named "branches", so git2svn is simply using a hack of assuming that the "branches" directory contains objects that it can convert into git's branch objects. Git thus sees her commit as one giant commit of 100,000 files, and consequently takes forever processing it.

The above was a recently-encountered real-life situation at the office from about two weeks ago.

about 4 months ago
top

Adaptation From Flash Boys Offers Inside Look at High-Frequency Trading

Myria I'm not sure that any company can beat it (246 comments)

80% of firms CANNOT beat the S&P in the same timeframe.

Long-term, it's unsustainable for any company to beat the stock market as a whole. I wish I could find the Warren Buffet quote on this matter.

about 4 months ago
top

TrueCrypt Master Key Extraction and Volume Identification

Myria Why can't encryption be in the SATA controller? (222 comments)

Why can't there be SATA controllers with drive encryption support? Your drive encryption program could then just be an expansion UEFI ROM card that prompts you for your password and sends it to the SATA controller, then erases it from main memory. There's no need to do anything else after that point, because encryption and decryption would be completely transparent to all software on the system.

about 7 months ago
top

Simulations Back Up Theory That Universe Is a Hologram

Myria Re:so does this mean.... (433 comments)

So this means if a tree falls in the forest and no one was listening, it wouldn't be simulated and therefore would not make a sound. That was easy...

So long as it is provably impossible for anyone to feel or notice the effects of that sound for all of eternity, yes, a simulation could get away with not simulating it. Provable impossibility in our Universe would be something happening outside the light cone of the simulated area.

about 8 months ago
top

Microsoft May Finally Put Windows RT Out To Pasture

Myria If they hadn't locked it down... (293 comments)

If they hadn't locked it down, Windows RT could have just been another target to which developers could recompiled their software and that would have kick-started the application ecosystem somewhat. It would have been with desktop applications, though, which Microsoft considers deprecated. Desktop applications also don't work with touch control very well and more importantly don't make Microsoft any money.

It seems as well that Microsoft wanted the locked-down environment to prevent Windows RT from having viruses, an inevitable side effect of open development. Many more people bought the virus-laden Surface Pro than the Surface RT, so maybe people like their viruses =)

about 8 months ago
top

Microsoft May Finally Put Windows RT Out To Pasture

Myria Re: Windows RT (293 comments)

Was it because of the OS that the Surface did not have cell data support???

about 8 months ago
top

Microsoft May Finally Put Windows RT Out To Pasture

Myria Re: How should we have made it more differentiate (293 comments)

They should have just left it unlocked, rather than make us jailbreak it by force. By forcing us to jailbreak, they guarantee that commercial applications never get ported to it.

I guess Microsoft didn't care, because they consider the desktop to be deprecated, something they will remove in a future version.

about 8 months ago
top

Experts Hail Quantum Computer Memory Stability Breakthrough

Myria Wrong number of atoms in the Universe (53 comments)

It's about 10^80, not 2^80.

I think we'll find that the amount of energy required to hold X entangled particles in coherence will be exponential in X. This would make quantum computing essentially worthless.

If not, wake me when we get to 2048 qubits, for the original Xbox's public key and I have some unfinished business from last decade...

about 9 months ago
top

The State of ReactOS's Crazy Open Source Windows Replacement

Myria Re:Just ignore it. (208 comments)

ReactOS keeps changing their targets, and not getting anywhere.

So does Windows itself, or any other evolving project.

about 9 months ago
top

How Your Compiler Can Compromise Application Security

Myria These bugs exist even *without* signed integers! (470 comments)

The first mistake was using signed integers.

The problem is C's promotion rules. In C, when promoting integers to the next size up, typically to the minimum of "int", the rule is to use signed integers if the source type fits, even if the source type is unsigned. This can cause code that seems to use unsigned integers everywhere break because C says signed integer overflow is undefined. Take the following code, for example, which I saw on a blog recently:

uint64_t MultiplyWords(uint16_t x, uint16_y)
{
    uint32_t product = x * y;
    return product;
}

MultiplyWords(0xFFFF, 0xFFFF) on GCC for x86-64 was returning 0xFFFFFFFFFFFE0001, and yet this is not a compiler bug. From the promotion rules, uint16_t (unsigned short) gets promoted to int, because unsigned short fits in int completely without loss or overflow. So the multiplication became ((int) 0xFFFF) * ((int) 0xFFFF). That multiplication overflows in a signed sense, an undefined operation. The compiler can do whatever it feels like - including generate code that crashes if it wants.

GCC in this case assumes that overflow cannot happen, so therefore x * y is positive (when it's really not at runtime). This means the uint32_t cast does nothing, so is omitted by the optimizer. Now, the code generator sees an int cast to uint64_t, which means sign extension. The optimizer this time isn't smart enough to know again that it's positive and therefore can ignore sign extension and use "mov eax, ecx" to clear the high 32 bits, so it emits a "cqo" opcode to do the sign extension.

So no, avoiding signed integers does not always save you.

about 9 months ago
top

How Your Compiler Can Compromise Application Security

Myria Re:Fix the C standard to not be so silly (470 comments)

* Fixation of two's complement as the integer format.

Are you trying to make C less portable, or what?

The "broken" code is already nonportable to non-two's-complement machines, and much of this code is things critical to the computing and device world as a whole, such as the Linux kernel.

about 9 months ago
top

How Your Compiler Can Compromise Application Security

Myria Fix the C standard to not be so silly (470 comments)

The C standard needs to meet with some realities to fix this issue. The C committee wants their language to be usable on the most esoteric of architectures, and this is the result.

The reason that the result of signed integer overflow and underflow are not defined is because the C standard does not require that the machine be two's complement. Same for 1 31 and the negative of INT_MIN being undefined. When was the last time that you used a machine whose integer format was one's complement?

Here are the things I think should change in the C standard to fix this:

  * Fixation of two's complement as the integer format.
  * For signed integers, shifting left a 1 bit out of the most-significant bit gets shifted into the sign bit. Combined with the above, this means that for type T, ((T) 1) << ((sizeof(T) * CHAR_BIT) - 1) is the minimum value.
  * The result of signed addition, subtraction, and multiplication are defined as conversion of all promoted operands to the equivalent unsigned type, executing the operation, then converting the result back. (In the case of multiplication, the high half is chopped off. This makes signed and unsigned multiplication equivalent.)
  * When shifting right a signed integer, each new bit is a copy of the sign bit. That is, INT_MIN >> ((sizeof(int) * CHAR_BIT) - 1) == -1.

That should fix most of these. Checking a pointer for wraparound on addition, however, is just dumb programming, and should remain the programmers' problem. Segmentation is something that has to remain a possibility.

about 9 months ago
top

How Your Compiler Can Compromise Application Security

Myria Re:x86 memory model is to blame? (470 comments)

Do you think most-all exploits are down to the defective x86 segmented memory architecture.

I think those who coded for the SNES or Apple IIGS in C would disagree with blaming the x86 exclusively =)

about 9 months ago
top

Grand Unifying Theory of High-Temp Superconducting Materials Proposed

Myria Practical applications... (48 comments)

Just let me know when I can build my dream of a hoverboard arena. =^-^=

about 9 months ago

Submissions

top

Alaska's "Bridge to Nowhere" Project Aband

Myria Myria writes  |  more than 6 years ago

Myria writes "The Associated Press reports that Alaska's Gravina Island Bridge project, most of whose funding had once been secured by Sen. Ted "Series of Tubes" Stevens, has officially been abandoned. The $398,000,000 bridge, widely dubbed "the bridge to nowhere", would have connected Ketchikan, population 7,410, to its airport on Gravina Island."
Link to Original Source
top

Myria Myria writes  |  more than 7 years ago

Myria writes "Saturday's Los Angeles Times is running an article about how the RIAA and MPAA are lobbying the California Senate for an exemption from a proposed law making "pretexting" illegal in the wake of the Hewlett-Packard scandal. The attempt appears unlikely to succeed. From the article:

The trade group asked that any owner of a copyright, patent, trademark or trade secret be able to use "pretexting or other investigative techniques to obtain personal information about a customer or employee" when seeking to enforce intellectual property rights. ... The industry's proposed amendment is unlikely to get anywhere when it comes up for an initial hearing in the California Senate's Judiciary Committee on Tuesday.
"
top

Myria Myria writes  |  more than 7 years ago

Myria writes "Microsoft has announced that the 32-bit version of Windows Vista will not be able to play HD-DVD and Blu-Ray content for copy protection reasons, according to APC Magazine here. Vista 64 will not let the user install device drivers that are not signed. Vista 32 allows them for compatibility. Poised by Microsoft as a safeguard against rootkits, required driver signing is really a DRM scheme. If only signed drivers work, it's not possible to make fake sound card and video card drivers that dump everything to disk. Its protection against rootkits is dubious at best, since overwriting the MBR and rebooting is enough to install a rootkit regardless of driver signing. With so few reasons to use Vista, and so many reasons not to, what's the point?

Joanna Rutkowska showed an exploit against driver signing on August 3 at Black Hat. Now that it's publicly known that driver signing is tied to DRM, is what she did now illegal under the Digital Millennium Copyright Act?"

Journals

Myria has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>