Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Passport Database Outage Leaves Thousands Stranded

arglebargle_xiv Re:Change management fail (160 comments)

I have dealt with Indians for years, and have learned how to ask questions so that I get the answer I am looking for. It is not that hard.

Paleface no ask question with forked tongue, paleface get correct answer.


Put Your Code in the SWAMP: DHS Sponsors Online Open Source Code Testing

arglebargle_xiv Re:Looks good to me (61 comments)

By doing this continuously you end up with releases which are free of known errors.

Weeellll... you end up with something that's been run through gcc -wall, which is a long way from "free of known errors". Now admittedly "free of known errors" is a nice circular definition meaning "free of things gcc warns about", but even then it's not necessarily the case, there's plenty of code that ships with avalanches of warnings when you build it, but no-one's bothered fixing it up.

At best, you get something that doesn't produce warnings in gcc and clang. At worst you get code that hasn't been changed from the default release because the maintainers decided none of the warnings were serious.

3 days ago

Put Your Code in the SWAMP: DHS Sponsors Online Open Source Code Testing

arglebargle_xiv Re:Looks good to me (61 comments)

The knee jerk reaction, of course, is to look for a catch in anything Homeland Security is doing. However, this seems like a really good idea. Finally, they are contributing in a positive way to public safety.

Barely. If you look at what they're offering it's FindBugs, clang, gcc, and cppcheck. Completely bog-standard tools that anyone should be using anyway, but they're being paid $23M taxpayer dollars for it. Shee-it, I could do the same thing with $10K to cover the cost of renting some EC2 space, and I'll spend the remaining $22.99M on coke and hookers (seriously, how can they have spent $23M on this? One person could set it up in a few hours, the only constraint is how many VMs you need to spin up if lots of people sign up for it).

This looks very much a DHS solution, vast sums of money spent on something that should be nearly free. Not to mention that while gcc -wall, clang, and FindBugs aren't bad as far as free software goes, they're nowhere near the level of commercial offerings like Fortify, Coverity, and others.

OK, so in terms of cost/benefit it's more of a TSA solution then strictly a DHS solution.

3 days ago

UK Team Claims Breakthrough In Universal Cancer Test

arglebargle_xiv Re:Cause/Effect? (63 comments)

This also relates to the problem of the "cure for cancer" that will never be found because "cancer" isn't a single illness but a generic name for a huge range of different ones, with a wide range of etiologies and manifestations. A single "test for cancer" seems about as likely as a single "test for virus".

As you say, it's a cool study, but like far too many other studies I think it got released to the PR department of the research institute a bit too early (I've experienced this myself on several occasions).

4 days ago

New SSL Server Rules Go Into Effect Nov. 1

arglebargle_xiv Re: Why? (92 comments)

And, as proof of that, starting in November, the official CAs will stop issuing those types of certs.

Not quite. As of November, the official CAs will claim that they've stopped issuing those types of certs. When something like the SSL Observatory points out that they're still issuing them, they'll say that this (and the other 8,192 times they did it) was a one-off mistake and they've updated their policies to make sure it never happens again. Then when they get caught again they'll say that it was test certificates that accidentally escaped. After that, they'll stop responding to reports. And we'll all be much, much safer, and phishing will be eradicated once and for all.

about a week ago

China Plans Particle Colliders That Would Dwarf CERN's LHC

arglebargle_xiv Re:Super-collider (218 comments)

Will they have to buy a new one every year?

No, but the first one will turn out to be a cheap knockoff with out of date hardware that only gets a tenth of the advertised resolution and fails to work when it's cloudy outside.

They'll offer to replace it, but only if you pay the shipping costs to send it back to Shenzhen.

about two weeks ago

Intel Launches Self-Encrypting SSD

arglebargle_xiv Re:Big Brother has your encryption keys by default (91 comments)

It's not big brother, it's anyone. All of the IPMI systems used by Intel, Dell, HP, etc, are unaudited cesspits of remote-rootkit capabilities full of buffer overflows, authorisation bugs, parser errors, and so on. It's hard to know where to begin, but here's one starting point. Hack like it's 1999.

Intel SSD's have had AES encryption built in for years, it's no big deal. What they've added with their IPMI support is a capability for remote attackers to get at the encryption, which is kind of a big deal if you're worried about your privacy.

about two weeks ago

Microsoft's CEO Says He Wants to Unify Windows

arglebargle_xiv Re:Best Wishes ! (322 comments)

I'd love to see a single UI that works across...

Microsoft have already done that. In Windows 8 they unified the Windows interface around the design for the vast number of Windows cellphones out there, leaving the totally insignificant Windows desktop/laptop market to wither. The overwhelming market response has justified this decision, in as little as twenty years Windows 8 could even overtake XP.

about two weeks ago

Google Offers a Million Bucks For a Better Inverter

arglebargle_xiv Re:I dunno (260 comments)

That'd be a logic inverter, while they specifially say power inverter.

So you use it to drive an NPN transistor in common-emitter mode, say a 2N6338.

about two weeks ago

Experiment Shows People Exposed To East German Socialism Cheat More

arglebargle_xiv Re:Money (617 comments)

Otherwise they might be just testing whether richer people give a lesser value to a small amount of money than poorer people.

It's not money, it's access to goods (and pretty much everything else). If you wanted anything in East Germany (or Poland, Hungary, Romania, Russia, ...), you had to take shortcuts. My west German relatives used to visit their east German relatives with the car packed with luxury goods like tins of paint (for their roof), which were unavailable to most people in the east unless you knew how to game the system. All this study seems to be showing is that if you grow up in a society where you need to be able to game the system in order to get anywhere, you end up gaming the system in order to get somewhere.

about two weeks ago

Why My LG Optimus Cellphone Is Worse Than It's Supposed To Be

arglebargle_xiv Re:...The hell? (290 comments)

In the olden days, we'd have said he's "looking a gift horse in the mouth."

I think this phone came from slightly further back on the horse. You probably wouldn't want to look in there too much.

about two weeks ago

Microsoft CEO To Slash 18,000 Jobs, 12,500 From Nokia To Go

arglebargle_xiv Re:And in totally unrelated news.... (383 comments)

Well with a bit of luck the layoffs will include the cretins who decided to inflict the Win8 UI on the world. In fact I think they need to fire them several times over just to make sure they're really gone.

about two weeks ago

Marvel's New Thor Will Be a Woman

arglebargle_xiv Re:I am Woman! (590 comments)

That's the problem when you're playing with a hammer that big, accidentally drop it on your crotch and first you're thore, then you're not thure you're Thor any more.

about two weeks ago

Ode To Sound Blaster: Are Discrete Audio Cards Still Worth the Investment?

arglebargle_xiv Re:Shut up and take my money! (502 comments)

I can't wait to buy a shiny new Sound Blaster ZxR so I can get that noticeably superior audio.

It's important to note that in order to truly experience the noticeably superior audio from a Soundblaster ZxR you need to pair it with an appropriate Purity Audio Ultra GT preamp (retail $53,000), WAVAC SH-833 monoblocs ($350,000 each, you'll need two sets) driving Moon Audio Titan 2's ($510,000 each), with the equipment on an NTT Audiolab RC4 stand ($18,000) and Walker Audio speaker cables ($13,500 a pair, you'll need two pairs because you're bi-amping) alongside a PurePower 2000 power conditioner ($2,800).

Actual measurements of music reproduction quality rather than liberal use of the listener's imagination as in the HotHardware review have shown that even the crappiest DACs built into a cheap motherboard or laptop produce sound that's as good as anything from a professional sound system of 5-10 years ago. The important factor beyond that point is (a) noise immunity of the low-level signal portions (the inside of a computer isn't a good environment for those) and (b) the speakers. Whether you're using a Creative Labs or Intel Express chipset DAC doesn't make any difference.

about three weeks ago

Algorithm-Generated Articles Won't Kill the Journalism Star

arglebargle_xiv Re:Journalism died a long time ago (29 comments)

Indeed. If they automatize things, we will at least have consistent low quality...

Actually I think the use of algorithms to write articles is great, I'm currently working on an anti-article algorithm that extracts just the facts from algorithm-generated articles and turns them into tweets. So instead of having to plough through a long slew of pseudo-intelligent analysis, all you get are the essential sound bytes: "Cat explodes; canary charged by police", that sort of thing. Pretty soon it'll be bigger than Facebook.

about a month ago

Microsoft Opens 'Transparency Center' For Governments To Review Source Code

arglebargle_xiv Re:TLS? who cares? (178 comments)

Microsoft is still operating under NSL restraints. That means the NSA has the keys anyway.

TLS doesn't work that way, the implementation trusts, and uses, whatever keys it's told to trust (via certificates). And that's the problem, while most implementations will allow you to manage your own certs, for example by creating self-signed certs, the Windows implementation will only trust certs from commercial CAs. You know, Diginotar, Trustwave, Comodo, those sorts of guys. So you can't just generate and manage your own keys and certs but are forced to pay, and trust hundreds of external CAs to manage your certs (and by extension keys) for you.

about a month ago

IEEE Launches Anti-malware Services To Improve Security

arglebargle_xiv Re:Taggant (51 comments)

I can't get the linked PDF to load

Basically they want the people who write malware packers to tag the packed malware as malware so it can be easily identified. Sort of like asking burglars to wear a shirt with I AM A BURGLAR printed on it in large letters, and perhaps notify the police when they're planning to break into a house.

It's a cunning plan, but somehow I can't see it catching out many bad guys.

about a month ago

Windows 9 To Win Over Windows 7 Users, Disables Start Screen For Desktop

arglebargle_xiv Re:I won't upgrade. (681 comments)

Something about a security vulnerability that didn't make a lot of sense.

The problem was that Windows 7 gadgets had no security whatsoever, the only security setting you could have for them was "everything all the time" (there were theoretical config.options you could use that tightened things up a bit, but they weren't actually used). So you had the situation of ActiveX circa 1995 in a current OS that was touted as very secure (or at least "we tried really hard to make it very secure"). The issue wasn't why they discontinued it, it was how it ever got out the door in that state in the first place.

about a month ago

HP Unveils 'The Machine,' a New Computer Architecture

arglebargle_xiv Re:Run a completely new OS? (257 comments)

There was also AIX.

Of the three, HP-UX sucked less.

That's like saying that gonorrhea isn't as bad as syphilis.

about 1 month ago



The upcoming Windows 8.1 apocalypse

arglebargle_xiv arglebargle_xiv writes  |  about 3 months ago

arglebargle_xiv (2212710) writes "As most people will have heard, Microsoft will end support for anyone who hasn't upgraded to Win8.1 Update 1 on May 8. What fewer people have heard is that large numbers of users can't install the 8.1 Update, with over a thousand messages in this one thread alone, and that's for tech geeks rather than home users who won't find out about this until their PC becomes orphaned on May 8. Check your Windows Update log, if you've got a "Failed" entry next to KB2919355 then your PC will also become orphaned after May 8."

Windows 8.1 Update creates chaos for many users

arglebargle_xiv arglebargle_xiv writes  |  about 3 months ago

arglebargle_xiv (2212710) writes "Microsoft's Windows 8.1 Update has been creating chaos for many users, as demonstrated by threads running to six hundred and eight hundred messages respectively in Microsoft's support forums. Users report spending days trying to get it to work, with the Microsoft-recommend solution of using the Deployment Image Servicing and Management (DISM) tool fixing some failed updates, followed by more recent reports of it corrupting the Windows component store and requiring a complete reinstall of Windows. For users with OEM pre-installs, that means going out and buying a Windows 8.1 CD. Since no further updates are possible without the 8.1 Update, this now leaves large numbers of users of Microsoft's latest OS in the same boat as Windows XP users."

Sophos A/V riddled with vulnerabilities

arglebargle_xiv arglebargle_xiv writes  |  about a year and a half ago

arglebargle_xiv (2212710) writes "Security researcher Tavis Ormandy has had a look at Sophos A/V and found that it'll actually make your system less secure after you install it:

The paper contains details about several vulnerabilities in the Sophos antivirus code responsible for parsing Visual Basic 6, PDF, CAB and RAR files. Some of these flaws can be attacked remotely and can result in the execution of arbitrary code on the system. Ormandy even included a proof-of-concept exploit for the PDF parsing vulnerability which he claims requires no user interaction, no authentication and can be easily transformed into a self-spreading worm.

The findings also include this gem:

Ormandy also found that a component called the 'Buffer Overflow Protection System' (BOPS) that's bundled with Sophos antivirus, disables the ASLR (address space layout randomization) exploit mitigation feature on all Windows versions that support it by default, including Vista and later.

Original paper here."
Link to Original Source


Is Google targeting Firefox?

arglebargle_xiv arglebargle_xiv writes  |  more than 2 years ago

arglebargle_xiv (2212710) writes "As of about two weeks ago, Google searches carried out from Firefox are returning meta redirects that require manually clicking through every search result in order to reach your target. In doing this Google is specifically targeting Firefox and no other browser (switching your user agent to anything other than Firefox gets rid of the problem). Presumably switching to Chrome would also resolve the issue. Could this targeting of Firefox be because it's Google's main competitor in the open-source browser market?"

(Possible) Diginotar hacker comes forward

arglebargle_xiv arglebargle_xiv writes  |  more than 2 years ago

arglebargle_xiv (2212710) writes "At the risk of burning people out on the topic of PKI fail, someone claiming to be the Diginotar hacker has come forward to claim responsibility: It's the ComodoGate hacker. He also claims to 0wn four more "high-profile" CAs, and still has the ability to issue new rogue certificates, presumably from other CAs that he 0wns."
Link to Original Source

The end of the end-to-end principle

arglebargle_xiv arglebargle_xiv writes  |  about 3 years ago

arglebargle_xiv (2212710) writes "The Internet was designed around the end-to-end principle, which says that functionality should be provided by end hosts rather than in the network itself. A new study of the effect of vast numbers of middleboxes on the Internet indicates that this is no longer the case, since far too many devices on the Internet interfere with traffic in some way. This has serious implications for network (protocol) neutrality (as well as future IPv6 deployment) since only the particular variations of TCP that they know about will pass through them."
Link to Original Source


arglebargle_xiv has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>