Slashdot: News for Nerds


Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Ask Slashdot: Where Can I Find Resources On Programming For Palm OS 5?

NotInHere Re:Dear Slashdot (114 comments)

Many times I've seen pieces of news about Amigas and usually they're warmly received (are they not outdated?).

The Amigas are outdated. However the stories are warmly recieved, because Amiga has been popular, and lots of people still have one in their basement. Palm OS wasn't this popular. People love their Amigas, Amiga became a part of culture. This has many reasons, not just popularity. The fanboy group for Palm OS is smaller but I doubt it doesn't exist. Its not mainstream culture though.

I don't know why you shouldn't "waste" your time learning about a dead platform. As long as you see it as your hobby. Some people like reenactments, and dress in historic uniforms to "play" historic battles. Others know every part of the steam engines used from 1860 to 1892 by Santa Fe. So why not Palm OS?

7 hours ago

Internet Census 2012 Data Examined: Authentic, But Chaotic and Unethical

NotInHere Re:Biased, much ? (29 comments)

I don't think that we shouldn't cover animal experimentation with flower words. I've no doubt animal experiments are OK, as you've said they mostly help the health of humans, but we should at least name what we do to the animals by what it is. How would you call it?

Of course, an internet census is not such an "ethical" goal as healing people, so my comparison might be a bit shaky from this perspective.


Internet Census 2012 Data Examined: Authentic, But Chaotic and Unethical

NotInHere Re:I wonder (29 comments)

What he did was illegal, and when he were found I'd have no problem of him being punished according to the law. But it is not unethic. Not when he uses default passwords, and creates no harm.
No, I'm not.


Internet Census 2012 Data Examined: Authentic, But Chaotic and Unethical

NotInHere I wonder (29 comments)

Why is using idle machines of other people (he's used only machines whose load was under a certain threshold), more unethic than to torment and kill mice in the name of science? I don't think that, when used responsible, latter is unethic, but I wonder why do they put things above biological life?


Popular Android Apps Full of Bugs: Researchers Blame Recycling of Code

NotInHere Re:Not surprised (141 comments)

When I've had no android, I've thought that too. But as I've purchased an android phone, I was quite impressed about the efficient and tight rights separation system of android. Don't misunderstand me: I didn't "activate" the play store app, as I needed to couple it with a google account. If you could install the free apps without an account I'd have tried it, but that way google had lost a customer. The next thing I was annoyed of was the samsung bloat, and the possible lock-in the case I really started to like one of those apps. I solved these two problems when I've installed CM and F-Droid. Of course, I can't install the fanciest whatsapp and so on, but at least I know my phone is truly mine (except for the baseband part), and that lock-ins are very hard. I was fascinated when I found out that every installed app has its own UNIX user assigned.

The rights separation in android is far more better than anything on the linux desktop. In X, every application can keylog me. In android, that's not possible. On the linux desktop, every application has access to all my files, including my .ssh directory.. In android, fs access is far more developed and limited. In linux desktop, every app has access to the webcam. In android, you can see which app has access. Of course, android could do better, perhaps by adding a "revoke right" option and an "always ask" option (osmand for example has a nice recorder feature, but most time I use it I don't need it so why does it have the right *all time*, rather let android ask for that permission the few times I need it), but right now it does best.

The most annoying features of the android ecosystem radiate from GAPPS, but almost none from AOSP.


Linus Torvalds: "GCC 4.9.0 Seems To Be Terminally Broken"

NotInHere Re:Why the asterisk? (663 comments)

And, Linus actually used asterisks, just placed another way:

Ok, so I'm looking at the code generation and your compiler is pure
and utter *shit*.


Linus Torvalds: "GCC 4.9.0 Seems To Be Terminally Broken"

NotInHere Re:Oe noes! A compiler bug! (663 comments)

End result, the GCC people will fix this bug in short order (what are GCC point releases for anyway)

The bug was reported 4 point releases ago. It just now started effecting the kernel.

In fact, it has been fixed in trunk even before Linus' rant.

2 days ago

Researchers Successfully Cut HIV DNA Out of Human Cells

NotInHere Re: With all this progress on HIV, (64 comments)

The normal evolutionary mutations happen only in (proto-)gamet cells. Cancer mutations happen mostly in non-gamet cells.

4 days ago

Comcast Carrying 1Tbit/s of IPv6 Internet Traffic

NotInHere Re:IPv6 How will it happen? (144 comments)

I have DNS in my home network, using the hosts file of my openwrt router.

4 days ago

Firefox 33 Integrates Cisco's OpenH264

NotInHere Re:At fucking last (194 comments)

OpenH264 only ships with a video decoder, no AAC audio decoder. The hack Cisco made with OpenH264 won't work, as the AAC licensing pool company removed caps. For WebRTC, this is no problem, as opus will be used as audio encoding.
But MP4 won't work. Perhaps there is potential for a matroska-based h.264+opus format, as when IE and safari (which don't have opus for the audio element yet) implement WebRTC, they need opus encoders and decoders. Then its only a small step to support this mixed format.

5 days ago

Critroni Crypto Ransomware Seen Using Tor for Command and Control

NotInHere OK you CAN take down onion addresses (122 comments)

but no one wants to do that. Doing it would mean to be responsible for subsequent takedowns, and what is seen as illegal in one country may be the opposite in another country, and you would need to establish a system for takedown, which can be misused for censorship.

about a week ago

Critroni Crypto Ransomware Seen Using Tor for Command and Control

NotInHere Re:You conceded my point on rogue DNS @ least (122 comments)

To bring this back to the original topic: you know what a command and control is? I hope so. My posts only have covered the time the malware already was installed on the device. Not before. Of course you won't get the virus when you click a link "download here" which leads into nothingness. And yes, you are true, single ips are easier to fight than dns entries in remote countries, spread over the world. I just said that IPs cannot be blocked by a host file, and I say that it makes no sense to give a DNS server a DNS entry, which would have to be resolved first using a dns server, but the only one available needs a dns lookup before working, and so on and so on.

The only cause that justifies this /. story is that this malware was the first ransomware that used an onion address for C&C, not just only "tor alone". It would gain almost no advantage when it then exited the tor network again through an exit node. It would still have needed some DNS entry somewhere. onion addresses are almost impossible to take down.

Please explain: what are hardcodes?

TOR isn't slow anymore. try it. today. then come back and tell me your opinion about the speed of tor but don't yell tor *is* slow while not having tried it recently (you may yell tor *was* slow though).

about a week ago

Critroni Crypto Ransomware Seen Using Tor for Command and Control

NotInHere Re:Block rogue DNS servers via hosts (122 comments)

Blocking ips using a hosts file... I'm sorry but I don't know of any way of doing this.
Even it it were possible, there tor uses no "rogue DNS" servers, and not using any DNS directly, the DNS is tunneled to the exit relay which then invokes the DNS request. Any block by any firewall or ISP DNS fails here -- not just DNS request blocks like the hosts files, but also IP level blocks. This is what TOR was invented for.

about a week ago

Snowden Seeks To Develop Anti-Surveillance Technologies

NotInHere Re:soviet era crypto (129 comments)

As long as it's not the latest curve, privacy preserving crypto can be written by NSA itself, and still be secure for you. SELinux was written by NSA, and I don't have a problem using it. Your security model shouldn't rely on the party your software came from. It should rely on the software itself, idependent reviews, and, if you can't afford your own review, the many-eyes-principle (which has chilling effects).
The russians could only say "this is too secure, design something that can be broken more easily".

about a week ago

Critroni Crypto Ransomware Seen Using Tor for Command and Control

NotInHere Re:Hosts override ANY DNS (even local)... apk (122 comments)

That might be true if the application is using the OS provided network stack, e.g. with DnsQuery. However AFAIK nothing prevents an application to bring its own DNS stack which queries external DNS, ignoring the host file. Does the OS block outgoing requests on port 53?
And, as I've said before, the DNS in TOR doesn't use the OS provided DNS. It uses its own one.
Blocking the C&C perhaps stops communication to the hq, but that doesn't help when the virus is written to first encrypt the HDD and then wait for further commands from C&C.

about a week ago

Critroni Crypto Ransomware Seen Using Tor for Command and Control

NotInHere Re:Angler PC malware? (122 comments)

The ldpreload attack is not a problem of the compositor, but the configuration of apparmor or SELinux:
The transparent window attack doesn't work, does it? It seems that it is possible to make a transparent window, but then I doubt the events will be passed on onto the below applications. The keylogger would need to fake user input, which isn't possible AFAIK.

about a week ago

Critroni Crypto Ransomware Seen Using Tor for Command and Control

NotInHere Re:Angler PC malware? (122 comments)

I haven't reviewed the source code for every single application and update I install. Nor have my distro's packagers. And the software is compiled on some server I don't know, and the server is a single point of failure.
But still I trust this model more as randomly installing blobs from various websites.
When I randomly install software from my package repo no ads pop up from the taskbar, and I don't see CPU constantly at 100%. Don't have tried it for randomly downloading windows software from the internet.

about a week ago

Critroni Crypto Ransomware Seen Using Tor for Command and Control

NotInHere Re:Correct me *IF* I am wrong, but... apk (122 comments)

The C&C Servers are what is communicated back against (as well as serving up exploits payloads etc. @ times also & IF they don't? Blocking out the payloads servers does the job... which hosts CAN do) - IF/WHEN I block that, should it NOT be disabled for communication, even via TOR?

blocking C&C can at least stop the bad guys from integrating your computer into a botnet. correct me if I'm wrong, but hosts only changes the host file? The host file blocks a website only when the OS' DNS is used, but tor has its own DNS, not even using the usual DNS port, but tunneling everything through a https-like connection.

* Fill me in...

(As far as "porting" it to Linux? I've thought about it... wouldn't be hard - & I WISH Borland didn't KILL Kylix (was Delphi for Linux for the most part) - however - there IS FreePascal & it's "Lazarus" IDE, which is VERY CLOSE to the Delphi IDE, & from what I understand, an ALMOST clone of its compiler commandset too! Thus, it IS, doable...)


P.S.=> See - I guess I don't *fully* understand TOR (as I don't use it myself, tried it once - TOO damned slow, just like anonymous proxies are, same idea iirc for the most part afaik - correct me IF I am wrong/off here too... I can stand to learn by it as I *admit* I do NOT "know it all" & can learn as much as the next guy since this field changes so fast & dynamically)

... apk

The first time I've tried tor it was also very slow, but after some years I've tried again and now its usually fast enough even for videos. Sometimes (seldom) a relay is slow, then wait 10 minutes or choose another circuit.

about a week ago



Firefox 33 gets Cisco's OpenH264

NotInHere NotInHere writes  |  about a week ago

NotInHere (3654617) writes "As promised, version 33 of the Firefox browser will fetch the OpenH264 module from Cisco, which enables Firefox to decode and encode H.264 video, for both the <video> tag and WebRTC, which has a codec war on this matter. The module won't be a traditional NPAPI plugin, but a so-called Gecko Media Plugin (GMP), Mozilla's answer to the disliked Pepper API. Firefox had no cross-platform support for H.264 before."
Link to Original Source

India forged Google SSL certificates

NotInHere NotInHere writes  |  about three weeks ago

NotInHere (3654617) writes "As Google writes on its Online Security Blog, the National Informatics Centre of India (NIC) used its intermediate CA certificate issued by Indian CCA, to issue several unauthorized certificates for Google domains, allowing to do Man in the middle attacks. Possible impact however is limited, as, according to Google, the root certificates for the CA were only installed on Windows, which Firefox doesn't use, and for the Chrom{e,ium} browser, the CA for important Google domains is pinned to the Google CA.
According to its website, the NIC CA has suspended certificate issuance, and according to Google, its root certificates were revoked by Indian CCA."

Are the hard-to-exploit bugs in LZO compression algorithm a hype?

NotInHere NotInHere writes  |  about a month ago

NotInHere (3654617) writes "In 1996, Markus F. X. J. Oberhumer wrote an implementation of the Lempel–Ziv compression, which is used in various places like the linux kernel, libav, openVPN, or the Curiosity rover. As security researchers have found out, the code contained integer overflow and buffer overrun vulnerabilities, in the part of the code that was responsible to process not compressed parts of the data. Those vulnerabilities are however very hard to exploit, and their scope is dependent on the actual implementation.
According to Oberhumer, the problem only affects 32 bit systems. "I personally do not know about any client program that actually is affected", Oberhumer sais, calling the news about the possible security issue a media hype."

Mozilla launches student coding program "Winter of Security"

NotInHere NotInHere writes  |  about 2 months ago

NotInHere (3654617) writes "Mozilla has introduced a new program, called MWoS or "Mozilla Winter of Security", to involve university students into security projects. The attending students will write code for a Mozilla security tool during (northern hemisphere) winter. Unlike GSoC, attending it involves no monetary payment, but the student's universities are expected to activlely cooperate and to give the students a credit for their work. From TFA:

MWoS is a win for all. Students get a chance to work on real-world security projects, under the guidance of an experienced security engineer. Professors get to implement cutting-edge security projects into their programs. Mozilla and the community get better security tools, which that we would not have the resources to build or improve ourselves."

Link to Original Source


NotInHere has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account