Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Wireless Keylogger Masquerades as USB Phone Charger

Smerta Re:One more reason to use a wired keyboard (150 comments)

Serious question (in case it sounds like I'm being antagonistic):

Since AES is a block cipher, and an AES block is 16 bytes, and since keypresses appear to be transmitted "instantaneously", does that mean for each keypress, a 16-byte block is formed, and encrypted? And what about the encryption mode? (Otherwise doesn't it basically become ECB?)

Seems like a stream cipher would make more sense, although you'd need a protocol on top of that to stay synchronized, since packets can become lost/corrupted.

I could only find a very non-technical PDF on the topic. Interestingly, the wording seemed to imply something like a DH key exchange (one time, during pairing).

about two weeks ago

Sony Leaks Reveal Hollywood Is Trying To Break DNS

Smerta John Gilmore (388 comments)

Anyone remember Gilmore's quote from 1993:

The Net interprets censorship as damage and routes around it.

Here we have Sony trying to interfere with routing in order to accomplish censorship. That certainly won't backfire...

about a month and a half ago

Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor

Smerta Re:Verizon admits it's a "weakness" (170 comments)

Well it depends.

Mr. Polansky himself (while certainly not a security expert or a cryptographer) describes it as a "weakness" built into the system. The streets are littered with products and systems built with backdoors/weaknesses that are found & exploited by attackers (sometimes an insider who knows about or helped implement the weakness.)

On the other hand, while still subject to abuse, if the "weakness" is a 2nd, high entropy key, then you either have to get the key, or break the crypto (getting the key obviously being the attacker's 1st choice). This is different than a backdoor.

about a month and a half ago

How Relevant is C in 2014?

Smerta Re:C had no real successor (641 comments)

C++ is no more complicated to use than C.

This I have to take issue with. I will agree that C++ is a useful language, including embedded systems, but it's much, much more complicated than C. You can write in a subset of C++ which is largely the same as C (never quite the same though), but if you were to draw a Venn diagram of C++'s features vs. C, it's crazy (I went through this exercise, for a presentation). Again, don't get me wrong, I've been using C++ on real time systems for 20 years, but it is an entirely different animal. For an example (this is a quote from Peter van der Linden's outstanding book "Expert C Programming", in fact I think he was quoting Tom Cargill):

"If you think C++ is not overly complicated, just what is a protected abstract virtual base pure virtual private destructor and when was the last time you needed one?"

There are other examples, but hopefully that one serves as a good example.

If you don't like a particular part of C++? Don't use it.

Here I am 100% in agreement with you, at least when it comes to personal projects. The problem is that when you work in a larger organization with a disparate knowledge of the language, you've got some people writing "C with classes" (if even that) and some people using template metaprogramming, complicated overridden copy constructors, placement new, custom allocators in STL containers, etc. Now, sometimes you can either just "use" that wizard's code and hope for the best, or just read it and run away, but sometimes you have to maintain it.

I am working with a group right now where I am the "C++ expert" in the group (I don't consider myself an expert), and there were a few individuals in the group, years back, that /clearly/ were language wonks. Their code is (mostly) correct, but it's almost inscrutable, and when it needs to be changed or fixed, everyone in the group except for me is terrified. So here is where the whole "Just use what you're comfortable with" breaks down. You can try to address this with a coding standard that restricts usage, subsets the language, etc. but still, it's very easy to introduce code that some in the group just can't understand. IMO this is possible in C too (hello, IOCCC!) but it's "harder" to do, because the language is simpler, there's just less you have to understand and keep in your head while you're reading someone else's code.

about a month and a half ago

IsoHunt Unofficially Resurrects the Pirate Bay

Smerta Re:Well DUH, You can't stop piracy. (116 comments)

I won't be surprised if something like Lenticrypt (crypto using a running key cipher which ends up decrypting into different plaintexts) ends up being the nail in the coffin.

It's an interesting thought experiment... just how far will the desperate & ravenous copyright cabal go to claim ownership of bits that aren't even related to their product?

Let's say I have a bitstream that is *almost* bit for bit identical to an MP3, an MKV, etc. How bits have to change before it is no longer infringing? Don't start with things like, "Well, it depends how it was created and for what purpose..." Bits are bits. If I AES encrypt something (e.g. Linux distro) that ends up being 500 bits away from "Star Wars", am I in trouble? Do I have to prove how I created my "almost Star Wars" .bin file to avoid going to jail? What if it was different by 5,000 bits? 50 bits? Is it the data that is infringing, or how I created it?

I think pretty soon we're going to start seeing big binary blobs (my term, BBBs) that can be transformed into Star Wars, the Oreilly book collection zipped up, or a backup of my dropbox (of course that would be possible today using OTP and 3 different keys, but Lenticrypt simplifies it). So am I going to get sued because these 30 billion bits, manipulated in one specific way, could become Star Wars?

My point is that at a certain point, common sense must prevail. I understand that Amy Pascal likes her $100M payouts, and Tom Cruise likes his $50M movie checks. But all good things must come to an end. Many IT & software development professionals met head-on with the whole "adapt or die" reality when outsourcing to Asia & eastern Europe began years ago. And yet here we are.

about a month and a half ago

New Destover Malware Signed By Stolen Sony Certificate

Smerta Re:Here come the certificate flaw deniers....... (80 comments)

First of all, kudos to your small shop for actually signing your executables. I still find myself needing to install software from companies ($100M+ companies) that don't sign their executables (IAR Systems (ARM cross compiler), I'm looking at you, for example...)

Anyway, I just wanted to clarify one thing that you wrote, because a lot of people don't understand the security implications:

Note that all this provides is proof that the exe was created by us

Technically, all this provides is proof that the exe was created by someone who has your private signing key. That's exactly what's going on here with Sony. The whole signing / certificate thing works, right up to the point where the signing key is leaked or extracted. I know you know this, but it's important enough IMO that it merits re-stating...

about a month and a half ago

The New-ish Technologies That Will Alter Your Career

Smerta Embedded Systems - new?!?! (66 comments)

It's good to know embedded systems are new-ish technology!

Really makes me feel good about the implantable cardiac defibrillators, hard disk drives, engine control units, CNC machines, remote weather stations, mobile phones (baseband), insulin pumps, etc. that I've worked on for the last 20+ years.

A home might have 3-5 desktop/laptop processors in it, while that car on the driveway probably has at least 20, maybe 50, processors in it.

Embedded systems, and the engineers who design the hardware, software, firmware, etc. are kind of like air - all around you, and you don't really notice them, but you sure would if they disappeared.

Now if you'll excuse me, I have a soapbox to step down from, and a lawn in need of protection from young whipper-snappers.

about 2 months ago

Ask Slashdot: Is Non-USB Flash Direct From China Safe?

Smerta Re: There will be. (178 comments)

Absolutely correct.

Remember that kerfuffle a couple weeks ago about FTDI bricking products that were using counterfeit FTDI USB-serial chips? Some of the product designers were unknowingly using counterfeit chips bought from companies we've all heard of (no, not Alibaba or Ebay...)

about 2 months ago

AT&T Won't Do In-Flight Wi-Fi After All

Smerta LTE speed limit (35 comments)

I don't know exactly how this would have worked anyway.

It's been a while since I worked on LTE (call processing, not RF or hardware or even baseband), but I thought that with UTRAN there was a 350 km/h "speed limit" (perhaps up to 500 km/h under certain circumstances) with motion relative to the base station.

(Now that I spent 5 seconds thinking about it, I suppose the sine of the angle (from base station to aircraft, relative to vertical) would reduce the velocity that the plane was moving away from the base station... I think?)

I'm sure there are many other effects such as transmit power, interference, fading & multipath, etc. Sheesh I'm getting rusty...

about 3 months ago

Codecademy's ReSkillUSA: Gestation Period For New Developers Is 3 Months

Smerta Re:This just proves... (173 comments)

I'm not trying to be antagonistic, but basically in the same breath, you said that you're not a programmer, yet you judge programming to be a trade like plumbing.

I can't reconcile those two, and I respectfully disagree.

By the way, I totally agree about code riddled with bugs. I work on safety-critical software, and I can assure you, not all software (firmware in my case) is of such low quality. But I'll also concede that the cost and time to develop such software is much longer than your typical slap-happy PHP script running on foo.com's webserver...

about 3 months ago

What People Want From Smart Homes

Smerta Re:Nothing. (209 comments)

When I lived in Germany I saw quite a few of them. Lawns tend to be smaller and flatter than in the U.S. Also, landscaping services are more expensive, in general, over in Europe. Last thing, and unfortunately I'm being serious, the U.S. is pretty litigious, so companies are hesitant to jump into the market.

I think there are about 10 companies or so making robotic mowers. Could be wrong, but I thought you could get a Husqvarna in the U.S. now. They require a wire to be buried along the perimeter of your yard so the 'bot knows when it needs to stop & turn around.

I';ve always wondered what happens if you lose power at home, and the buried wire no longer emits its signal. Probably a battery backup, and you have to tell the 'bot to run no longer than the battery can last.

about 3 months ago

Rosetta Code Study Weighs In On the Programming Language Debate

Smerta Re:C++ = Clear Language Choice. (165 comments)

Sincere question - I've heard that Fortran blows away (or at least beats) C++ for scientific/calculation programming, and considering the 2 languages' history and "raison d'etre", I'm not surprised... but can you lend any insight into what accounts for that, specifically? I mean, if I create arrays or matrices or whatever in C++, and I pay attention to cache effects, etc. it seems like my C++ still can't be as fast when it's compiled down into machine code... I've never seen a good explanation of what's going on under the hood to account for that. Thanks.

about 4 months ago

Indian Mars Mission Has Completed 95% of Its Journey Without a Hitch

Smerta Re:But (117 comments)

the last few feet that count
or is that meters

I see what you did there

about 4 months ago

After Celebrity Photo Leaks, 4chan Introduces DMCA Policy

Smerta Re:Effectiveness (134 comments)

Serious question: Do you know of any instance where the originator of a bogus DMCA takedown request was punished?

From what I understand, the originator can't just search for "Lindsay Lohan" on BitTorrent and Usenet, and fire out a bunch of takedown requests -- the signed/authenticated takedown notice stipulates that they are the owner of the material.

Said another way, if you uploaded a Linux distribution and called it "Rihanna Nudes" or something, and Rihanna's people sent a DMCA takedown notice for this, I think (at least theoretically) they'd be in hot water.

Of course, that's the theory, and that's my question: is there any incentive for content creators to not shotgun-blast out a ton of notices?

about 5 months ago

Software Error Caused Soyuz/Galileo Failure

Smerta Re:Russian Programmer's are Brilliant! (157 comments)

I agree with the sentiment about programming skill, but I think Toyota, not Honda, had the more significant unintended acceleration issues (according to CBS News and NHTSA, as many as 89 deaths).

about 4 months ago

FBI Investigates 'Sophisticated' Cyber Attack On JP Morgan, 4 More US Banks

Smerta Re:Honest question from a non-USian (98 comments)

The FBI is under the Department of Justice, not Treasury.

about 5 months ago

Wheel Damage Adding Up Quickly For Mars Rover Curiosity

Smerta "We'll just re-flash it" (162 comments)

As an embedded systems (electronics/firmware) engineer, I was going to half-jokingly, half-seriously say, "Well, we'll just send a new firmware update to Curiosity to help with the problem." And then of course as I read the article, that was one of the proposed mitigations:

Changing driving software to reduce the forces experienced by wheels hanging up on pointy rocks. <snip> The rover can sense wheel currents, so it can sense when a wheel is sticking. <snip> By implementing a "smart controller" on the wheel current and allowing wheel rotation rates to vary intelligently in response to sensed conditions, they might be able to mitigate the damage.

I've been developing embedded systems for more than half my life, and I never get bored...

about 5 months ago



Toyota's Killer Firmware

Smerta Smerta writes  |  about a year ago

Smerta (1855348) writes "On Thursday, a jury verdict found Toyota's ECU firmware defective, holding it responsible for a crash in which a passenger was killed and the driver injured. What's significant about this is that this is the first time a jury heard about software defects uncovered by plaintiff's expert witnesses. An interesting summary of the defects discussed at trial is interesting reading, as well the transcript of court testimony. Wonder what the impact will be on self-driving cars?"
Link to Original Source


Smerta has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?