Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Satellite Captures Burning Man From Space

Tyger Or look at the GeoEye .5m resolution image (141 comments)


I can't believe the 16ft resolution image is getting so much press, when the 0.5m resolution image is so much better, and was announced ahead of time (And scheduled, as you can see from people forming shapes in it).

more than 3 years ago

Google NativeClient Security Contest

Tyger Re:2^13? (175 comments)

The PDF was an interesting read, though I agree that the money they are dishing out is pretty paltry for all the free review they are trying to garner. Furthermore, I think they are taking platform neutrality in the wrong direction by locking the idea in to the x86 architecture.

But about how it would work, they are basically enforcing strict limits on how the code can be structured. The limits are designed to make the code easily analyzed. Anything that falls outside the strict requirements is rejected. It doesn't work for antivirus because they have to deal with any code that comes in without restriction.

As to why it doesn't work for OS... There is no reason the basic concept wouldn't, aside from the performance penalty and increased code size. (Though further compiler optimization could minimize or eliminate some of that).

However, if you want to go that route of making an OS do it, you might as well pick up a decent modern RISC architecture, because you're already breaking compatibility with any past program for any OS on the x86 CPU. Most of what they are doing is basically taking something that is standard on RISC and shoehorning it into the CISC architecture of the x86. Namely that instruction boundries can be reliably tested for jumps. They enforce that by requiring jumps only to 32 byte boundries, and then verifying each 32 byte block for correctness. Combined with disallowing self modifying code and eliminating the stack completely, all code that executes can be properly analyzed ahead of time.

The concept looks sound to me (Experience working low level with x86 architecture) but the security still relies on the implementation. Off the top of my head I can think of several ways to break the sandbox depending on how it is implemented. However the PDF is quite short on the details to evaluate the implementation. Namely, what exactly qualifies as an allowed x86 instruction, and for the syscalls that are checked, what the check is, not to mention the potential for bugs in the syscall handler for what would otherwise be valid calls, and even potentially the state of the OS or process when the protected code is executed.

Overall, I don't think this is the right direction for the web platform. Theoretically interpreted byte code should be more secure because it doesn't do anything that the interpreter doesn't explicitly allow (Javascript, Java, Flash, etc) and we see where that got us.

more than 5 years ago

Online Billpay Provider Loses Control of Domains

Tyger Re:DNS Hijacking (232 comments)

Funny thing is it's a step back for Network Solutions security. You USED to be able to set it up to require a RSA key for domain changes, back when everything was done via odd forms over email.

more than 5 years ago

Playstation 3 Video DRM Only Allows One Download

Tyger Re:Rental only (316 comments)

Personally I'm all for companies like Sony forcing such intrusive DRM on the public.

The quicker they cross the line where it inconveniences your average consumer, the quicker we'll get to the point where DRM becomes a total flop.

more than 6 years ago

Stephen Hawking Unveils "Time Eater" Clock

Tyger Re:one every five minutes?? (198 comments)

The clock only tells the correct time once every 5 minutes. The rest of the time it can run fast, slow, pause, etc. You can see this in the video near the beginning where it slows down very drastically, or near the end when it chimes the hour and is just going back and forth a few times before advancing.

more than 6 years ago

"Anonymous" Hacks Palin's Private Email

Tyger Re:I've looked. Check Gawker (1733 comments)

Proof has to be admissible to be proof. The protection from illegal search and seizure comes into effect here. Just because it was a private individual who did it and not the government does not mean it is free game.

more than 6 years ago

"Anonymous" Hacks Palin's Private Email

Tyger Re:The crossed the line this time (1733 comments)

When the McCain announced Palin as his running mate, I recognized quickly it was quite an ingenious move on their part. I wouldn't be surprised that one of the big reasons she was picked was because of all the issues and drama surrounding her. It is enough to create a media feeding frenzy, diverting the major coverage away from the issues that could defeat them. As they say no publicity is bad publicity, and all the negative coverage paints her as the victim or underdog, whom literature has taught us to root for.

more than 6 years ago


Tyger hasn't submitted any stories.


Tyger has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?