Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Sapphire Glass Didn't Pass iPhone Drop Test According to Reports

ameline Re:Just Apple? (207 comments)

I've got a 3 year old iPhone 4S. Never broken the glass on it, but it does have some minor scratching on the display.

I'm not surprised Apple went with gorilla glass -- sapphire is very hard, but also brittle -- cornings product is a bit softer, but much more resilient.

I'll probably be upgrading to a 6 sometime in the next month or so.

about two weeks ago
top

How Astrophysicists Hope To Turn the Entire Moon Into a Cosmic Ray Detector

ameline Re:100 kph? (74 comments)

And you, sir, are technically correct -- the best kind of correct. :-)

about three weeks ago
top

Web Trolls Winning As Incivility Increases

ameline Re:Define Troll (457 comments)

I award you 9.5 out of 10 troll points for that post -- brilliantly subtle, and almost guaranteed to draw people into your semantic argument.

Bravo.

about a month and a half ago
top

Boston Trying Out Solar-Powered "Smart Benches" In Parks

ameline Re:how long before (119 comments)

People are going to have to be smart (I know, it'll never happen) and use charge-only cables with the data lines physically disconnected.

Then you'll have to trust whoever makes those.

about 3 months ago
top

Astronomers Solve Puzzle of Mysterious Streaks In Radio Images of the Sky

ameline Aliens (66 comments)

UFOs sending out distress calls.

(I'll just adjust my tinfoil hat now)

about 4 months ago
top

Americans Hate TV and Internet Providers More Than Other Industries

ameline 2 Garbage Trucks Colliding... (255 comments)

When I read of mergers like this, I imagine two large garbage trucks colliding at speed -- the result is inevitably twisted smoking debris strewn wide, and oh God, the smell.

I find, as a metaphor for large mergers, I have yet to find a more accurate one.

about 4 months ago
top

Phil Zimmermann's 'Spy-Proof' Mobile Phone In Demand

ameline Re:open source? (107 comments)

I think any designer of a "secure" phone needs to assume that the baseband is running hostile software.

If the baseband has write access to application cpu ram, you're screwed.

There needs to be uncompromised hardware enforced protection to ensure the baseband cannot write to application ram or to the flash memory of the application processor. I'd be very suspicious of DMA capabilities under control of the baseband unit.

I'm not saying it's impossible to make a secure phone, but you as a creator of such should assume that every byte of code not under your control is out to get you. (including closed source graphics drivers).

I'd also be nervous of the toolchain/compiler. That classic Thompson compiler attack (http://cm.bell-labs.com/who/ken/trust.html) is a worry.

about 5 months ago
top

CryptoPhone Sales Jump To 100,000+, Even at $3500

ameline The problem... (68 comments)

With something like RedPhone is that there are multiple CPUs on the phone -- in particular, the base-band is a full ARM chip with complete access to all ram on the device. And the software running there is almost never under the users control. So it doesn't matter how good red-phone is -- if it ever leaks *any* plaintext or key bits out to ram, or across any wires outside the cpu it's running on, the baseband chip and the software running on it can wiretap you. And even if those things never leak off the main cpu die, the baseband can probably inject processes/instructions into that main chip's address space that would steal those critical key bits.

Unless you have control over *all* the firmware running on *all* the processors in a phone, I wouldn't trust it any farther than I can comfortably spit out a rat.

(and this is not accounting for hardware tricks -- I think you cannot trust your communications are secure unless you trust everyone involved in its design, manufacture and programming (including the compiler and related toolchain, and its compiler and toolchain -- and so on ad-infinitum) -- and that is probably a *very* sizable list indeed -- the odds that some lettered agency (looking at *you* cse/csis, nsa, gchq, fsb, etc) have not corrupted *someone* on that large list are so small that only god/fsm could tell the difference between it and 0.)

about 6 months ago
top

Weak Apple PRNG Threatens iOS Exploit Mitigations

ameline Should be plenty of sources for entropy (143 comments)

Take a shot from each camera, sample each microphone for a few milliseconds, Sample the gyros and accelerometers for a few milliseconds. Sample the current battery voltage/charge state, Salt in the current time/date and last known location, along with the various readable serial numbers, SHA each of these sources and fold them into each other and SHA the result, and you should be good to go.

Once the device is booted, it can do a lengthy and more sophisticated RNG to make a seed that will be folded into the above entropy sources on the next boot.

But it does sound like apple should put in a good hardware entropy source on their A8 (and future) chips. (One with no NSA/CSEC/GCHQ/KGB/FSB backdoors please!)

That can also be folded into the above sources (I think you would never want to rely on only one source of entropy, no matter how good or trusted.)

about 7 months ago
top

Lies Programmers Tell Themselves

ameline I don't need test cases (452 comments)

This code is so simple it doesn't need any tests Always write tests -- yes, missing tests should be considered an important part of your technical debt.

about 7 months ago
top

Tesla Used A Third of All Electric-Car Batteries Last Year

ameline I'll buy one when... (236 comments)

I'll buy one when I can get a consistently reliable 500 mile range (at -20 degrees C exterior temperature, +20 interior, with headlights on too) out of it. Recharge at 40 to 60A (230V) at home is acceptable. That likely means a 200 kwh battery pack. So about 2.5x increase in energy density over what we have now. This will probably be available in the next 10 years. The advantages of electric given this sort of range will all but kill other powertrains for most cars. Those advantages will easily pay for a battery swapout every 5 years or so.

about 7 months ago
top

Judge Says You Can Warn Others About Speed Traps

ameline Re:Common sense? In MY judiciary? (457 comments)

If they drop classic, I'm gone. I'll never come back. Beta is *horrible* in every way.

about 8 months ago
top

Previously-Unseen Photos of Challenger Disaster Appear Online

ameline Re:Thanks, but no thanks. (207 comments)

I remember watching it live on TV with some friends -- I semi-jokingly asked one "So when do you think the Russians are going to blow up the shuttle?" about 5 seconds before it happened. Everyone in the room was a bit freaked out by that coincidence.

about 8 months ago
top

Swarms of Small Satellites Set To Deliver Close To Real-Time Imagery of Earth

ameline Re:if civilian tech can do this.. (112 comments)

So your contention is that the NSA is ceiling cat?

about 9 months ago
top

Yahoo Advertising Serves Up Malware For Thousands

ameline Reminder... (184 comments)

> "The Washington Post cites this incident as a reminder that Java has become an Internet security menace."

That should read "The Washington Post cites this incident as a reminder that advertising has become an Internet security menace."

Adblock+ -- part of a sensible security policy.

about 9 months ago
top

Cairo 2D Graphics May Become Part of ISO C++

ameline Re:That's unfortunate (430 comments)

Why are all the insightful posts in this thread being modded "funny"?

C++ is *way* too big a language already. It's got the PL/1 problem (yeah, get off my lawn) -- when everyone only understands 0.8 of your language (or some amount under 1.0) it winds up being a different 0.8 for everyone. And this means that virtually any programmer will write code that is unreadable to another. (and if there is one thing that over 25 years of programming has taught me is that code readability trumps almost everything else).

Interestingly enough, IBM created PL.8 (an 80% subset of PL/1) for internal use. The original XL compiler back-end for RS6000/PPC was written in PL.8

/ Really -- my lawn -- get off of it!

about 9 months ago
top

NuScale Power Awarded $226 Million To Deploy Small Nuclear Reactor Design

ameline Thorium.. (210 comments)

Canadian designed CANDU reactors support the thorium fuel cycle, and have a long and excellent safety record.

about 10 months ago
top

How Big Companies Can Hamper the Surveillance Infrastructure

ameline Re:They should be much more paranoid. (153 comments)

I'm very happy to hear that they aren't just encrypting cross DC links. I always suspected Google had world-class talent in this area -- I'm glad to have it confirmed. It's good that google's security people are aware and upset about the taping.

about 10 months ago
top

How Big Companies Can Hamper the Surveillance Infrastructure

ameline Re:They should be much more paranoid. (153 comments)

An excellent question -- and not one I have an answer to.

I think that perhaps they should get Bruce Schneier to help design their systems for them.

about 10 months ago
top

How Big Companies Can Hamper the Surveillance Infrastructure

ameline Re:They should be much more paranoid. (153 comments)

| They should also assume that some of their own employees are moles.

I mention that they should assume that.

about 10 months ago

Submissions

top

BackScatter machines really safe?

ameline ameline writes  |  more than 3 years ago

ameline writes "A number of respected scientists (expert in relevant fields of study) call into question the safety of the new back-scatter screening machines. Their concerns are well outlined in their letter to the Assistant to the President for Science and Technology, Dr John P. Holdren. The areas they specifically highlight are the uneven absorbtion of radiation from these machines, and the potential for mechanical or other failures to deliver even more concentrated doses than were intended. Given the cumulative nature of the risk presented by exposure to ionizing radiation, is it really wise to acquiesce to these new security requirements?

Their letter and attached memo can be found at the NPR site: http://www.npr.org/assets/news/2010/05/17/concern.pdf
 "

Link to Original Source
top

ameline ameline writes  |  more than 7 years ago

ameline writes ""The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations."

Apparently they can download software to your phone that will keep it transmitting when you have turned it off. The only defense is to disconnect the battery. Welcome to 1984....

Story original is at; http://news.com.com/FBI+taps+cell+phone+mic+as+eav esdropping+tool/2100-1029_3-6140191.html"

Journals

top

joke modded "informative"

ameline ameline writes  |  about 9 years ago I thought I might get modded funny -- but "informative"? His noodlyness must be laughing at you people with mod points. :-)

top

Submitted my forst story

ameline ameline writes  |  more than 8 years ago

Lets see if slashdot considers it relevant -- no source code -- no DUI convictions. Full story at
http://www.local6.com/news/4558531/detail.html

"Hundreds of cases involving breath-alcohol tests have been thrown out by Seminole County judges in the past five months because the test's manufacturer will not disclose how the machines work."

"if a DUI defendant asks for a key piece of information about how the machine works -- its software source code, for instance -- and the state cannot provide it, the breath test is rejected"

Slashdot Login

Need an Account?

Forgot your password?