Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Satellite Captures Burning Man From Space

Tyger Or look at the GeoEye .5m resolution image (141 comments)

http://www.geeked.info/burning-man-2011-geoeye-satellite-image/

I can't believe the 16ft resolution image is getting so much press, when the 0.5m resolution image is so much better, and was announced ahead of time (And scheduled, as you can see from people forming shapes in it).

more than 2 years ago
top

Google NativeClient Security Contest

Tyger Re:2^13? (175 comments)

The PDF was an interesting read, though I agree that the money they are dishing out is pretty paltry for all the free review they are trying to garner. Furthermore, I think they are taking platform neutrality in the wrong direction by locking the idea in to the x86 architecture.

But about how it would work, they are basically enforcing strict limits on how the code can be structured. The limits are designed to make the code easily analyzed. Anything that falls outside the strict requirements is rejected. It doesn't work for antivirus because they have to deal with any code that comes in without restriction.

As to why it doesn't work for OS... There is no reason the basic concept wouldn't, aside from the performance penalty and increased code size. (Though further compiler optimization could minimize or eliminate some of that).

However, if you want to go that route of making an OS do it, you might as well pick up a decent modern RISC architecture, because you're already breaking compatibility with any past program for any OS on the x86 CPU. Most of what they are doing is basically taking something that is standard on RISC and shoehorning it into the CISC architecture of the x86. Namely that instruction boundries can be reliably tested for jumps. They enforce that by requiring jumps only to 32 byte boundries, and then verifying each 32 byte block for correctness. Combined with disallowing self modifying code and eliminating the stack completely, all code that executes can be properly analyzed ahead of time.

The concept looks sound to me (Experience working low level with x86 architecture) but the security still relies on the implementation. Off the top of my head I can think of several ways to break the sandbox depending on how it is implemented. However the PDF is quite short on the details to evaluate the implementation. Namely, what exactly qualifies as an allowed x86 instruction, and for the syscalls that are checked, what the check is, not to mention the potential for bugs in the syscall handler for what would otherwise be valid calls, and even potentially the state of the OS or process when the protected code is executed.

Overall, I don't think this is the right direction for the web platform. Theoretically interpreted byte code should be more secure because it doesn't do anything that the interpreter doesn't explicitly allow (Javascript, Java, Flash, etc) and we see where that got us.

more than 5 years ago
top

Online Billpay Provider Loses Control of Domains

Tyger Re:DNS Hijacking (232 comments)

Funny thing is it's a step back for Network Solutions security. You USED to be able to set it up to require a RSA key for domain changes, back when everything was done via odd forms over email.

more than 5 years ago
top

Playstation 3 Video DRM Only Allows One Download

Tyger Re:Rental only (316 comments)

Personally I'm all for companies like Sony forcing such intrusive DRM on the public.

The quicker they cross the line where it inconveniences your average consumer, the quicker we'll get to the point where DRM becomes a total flop.

more than 5 years ago
top

Stephen Hawking Unveils "Time Eater" Clock

Tyger Re:one every five minutes?? (198 comments)

The clock only tells the correct time once every 5 minutes. The rest of the time it can run fast, slow, pause, etc. You can see this in the video near the beginning where it slows down very drastically, or near the end when it chimes the hour and is just going back and forth a few times before advancing.

more than 5 years ago
top

"Anonymous" Hacks Palin's Private Email

Tyger Re:I've looked. Check Gawker (1733 comments)

Proof has to be admissible to be proof. The protection from illegal search and seizure comes into effect here. Just because it was a private individual who did it and not the government does not mean it is free game.

more than 5 years ago
top

"Anonymous" Hacks Palin's Private Email

Tyger Re:The crossed the line this time (1733 comments)

When the McCain announced Palin as his running mate, I recognized quickly it was quite an ingenious move on their part. I wouldn't be surprised that one of the big reasons she was picked was because of all the issues and drama surrounding her. It is enough to create a media feeding frenzy, diverting the major coverage away from the issues that could defeat them. As they say no publicity is bad publicity, and all the negative coverage paints her as the victim or underdog, whom literature has taught us to root for.

more than 5 years ago

Submissions

Tyger hasn't submitted any stories.

Journals

Tyger has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...