×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

EFF Unveils Plan For Ending Mass Surveillance

hawkinspeter Re: Anti 1984 sign (275 comments)

Why do you think it takes balls to log in? Just be thankful that your safe and comfortable life means that you don't need anonymity. (I also don't need anonymity, but at least I have some understanding that other people are in different situations).

2 days ago
top

Fake Engine Noise Is the Auto Industry's Dirty Little Secret

hawkinspeter Re:Just give the option to turn it off... (809 comments)

I'm also a cyclist, but I don't think engine noise is that critical. I get a lot of info about where a car is behind me from the noise that it makes, but the majority of that is the noise of tyres on the road. Engine noise is only useful in warning me when someone is aggressively accelerating (presumably to overtake).

Also, it's perfectly legal for deaf people to drive cars and ride bikes, so relying on sounds for safety doesn't work for everyone.

5 days ago
top

Ridley Scott Adapts Philip K. Dick's 'Man in the High Castle' For Amazon

hawkinspeter Re:Colour me apprehensive. (94 comments)

I don't mind occasional loose ends, but Prometheus was nothing but badly thought out loose ends that made no sense. It was a real shame as I love Ridley's other films and was really looking forward to Prometheus.

about two weeks ago
top

Ridley Scott Adapts Philip K. Dick's 'Man in the High Castle' For Amazon

hawkinspeter Re:man ih hi castle (94 comments)

I really enjoyed it, but then I'm a big fan of PKD. What aspects of it don't you like or was it his general writing style rather than the content? (I didn't know it was planned as 2 novels - I wasn't aware that PKD actually planned his writing that much).

about two weeks ago
top

Ridley Scott Adapts Philip K. Dick's 'Man in the High Castle' For Amazon

hawkinspeter Re:Colour me apprehensive. (94 comments)

Nope, Alien makes a lot more sense than Prometheus no matter how you try to spin it. At least when they stick their face into an opening egg, they've still got their helmet on. The overall plot (evil company wants to smuggle an alien back to earth by flesh-wrapping it in a crew member) at least makes some kind of sense whereas Prometheus just doesn't (dying man decides to visit alien planet who had something to do with early humans so that they can keep him alive for some reason).

I don't even understand what the Engineer at the beginning was doing. His DNA somehow spawned humans except that we're clearly evolved from other life-forms on Earth, so maybe the Engineer spawned all life on Earth. Except, that would mean that he spawned all the dinosaurs and just got lucky that mammals ended up becoming the dominant life-form to eventually evolve into humans. How is that even supposed to work?

about two weeks ago
top

Out With the Red-Light Cameras, In With the Speeding Cameras

hawkinspeter Re:Speeding not always an issue (335 comments)

There's a difference between accelerating to a similar speed as the traffic you're joining and accelerating so that you wheel-spin past a single vehicle. It would take a bit of algorithm tuning to get it right, but I imagine that certain sections of road (especially junctions) require quick acceleration. There's also sections of road that you don't want to be accelerating ferociously e.g. before blind corners.

about a month ago
top

Out With the Red-Light Cameras, In With the Speeding Cameras

hawkinspeter Re:Speeding not always an issue (335 comments)

On average, drivers don't crash. Therefore the average speed must be reasonable for the road conditions, otherwise you'd get people having acrash on most journeys.

about a month ago
top

Out With the Red-Light Cameras, In With the Speeding Cameras

hawkinspeter Re:Speeding not always an issue (335 comments)

If you're going to be using "science", then a good first step would be investigating the correlation of accidents and speed. Speed by itself is not a reliable indicator of the recklessness of the driver.

I'd prefer more intelligent sensors/cameras that penalise aggressive acceleration (i.e. sudden rate of change of speed in close proximity of other road users) or can detect lack of awareness of the driver.

about a month ago
top

New Paper Claims Neutrino Is Likely a Faster-Than-Light Particle

hawkinspeter Re:Finally (142 comments)

And also true (as far as we can tell).

about 1 month ago
top

Apple Pushes First Automated OS X Security Update

hawkinspeter Re:Also affects Linux - patch now! (115 comments)

As it's stateless UDP, there's not much of a connection to the proper server. All you need to do is send the appropriate source and destination ports and IP address and you're good. It would involve waiting for an outgoing request and then sending spoofed packets that look like they are a reply. The one with the right ports will be allowed through the firewall as it looks like a reply.

about a month ago
top

Apple Pushes First Automated OS X Security Update

hawkinspeter Re:Also affects Linux - patch now! (115 comments)

I'd always thought they were expensive, specialist devices, but it looks like you can get pci express cards for laptops quite cheaply. I'd imagine you'd want to position the aerial outside of a server room though.

about a month ago
top

Apple Pushes First Automated OS X Security Update

hawkinspeter Re:Also affects Linux - patch now! (115 comments)

Thanks for your translation, it's most helpful. I don't see why you need to seize control of a server to spoof a response as spoofing implies that you're faking the response so it looks like it's come from the respective server.

about a month ago
top

Apple Pushes First Automated OS X Security Update

hawkinspeter Re:Also affects Linux - patch now! (115 comments)

I believe this is made easier as NTPd sends from port 123 whereas openNTP uses a random port.

about a month ago
top

Apple Pushes First Automated OS X Security Update

hawkinspeter Re:Also affects Linux - patch now! (115 comments)

That's reassuring, but I wonder why Apple have rushed out this update. How many OSX users run a public NTP server?

about a month ago
top

Apple Pushes First Automated OS X Security Update

hawkinspeter Re:Also affects Linux - patch now! (115 comments)

Okay, not an open port, but if you request a time update wouldn't an attacker be able to respond with a spoofed malicious packet? By sending out a request, the (stateful) firewall will usually allow a response back. I'm not an expert, so I'd be interested to see if someone more knowledgeable could explain that in more detail.

about a month ago
top

Apple Pushes First Automated OS X Security Update

hawkinspeter Re:Also affects Linux - patch now! (115 comments)

Yes, but often the easiest way to set up a time server is to sync with a time server on the internet (e.g. ntp.pool org). As far as I can tell, a big reason for people to use NTP is that they don't have a reliable atomic clock of their own, so they sync with other people who do.

about a month ago
top

Apple Pushes First Automated OS X Security Update

hawkinspeter Re:Put restrict ... noquery in your ntp.conf file (115 comments)

I hadn't spotted the "restrict ... noquery" mitigation (which luckily I already had in place), but wouldn't servers still be susceptible to spoofed packets from one of the trusted servers?

about a month ago
top

Apple Pushes First Automated OS X Security Update

hawkinspeter Re:Also affects Linux - patch now! (115 comments)

Really, what's one of those?

If you close all your NTP ports you're not going to be able to sync with a time source on the internet. Once you allow responses to your NTP queries, then you can be spoofed and compromised.

about a month ago
top

Apple Pushes First Automated OS X Security Update

hawkinspeter Also affects Linux - patch now! (115 comments)

This is a major bug in NTPd, so if you're using it on Linux, you'll want to patch it too (or switch to openNTP which isn't affected). The big problem is that it can be exploited with a single (specially crafted) UDP packet, so it's easy for malicious actors to probe lots of machines with very little overhead.

about a month ago
top

Apple automatically patches Macs to fix severe NTP security flaw

hawkinspeter Also affects Linux - patch now! (1 comments)

This is a major bug in NTPd, so if you're using it on Linux, you'll want to patch it too (or switch to openNTP which isn't affected). The big problem is that it can be exploited with a single (specially crafted) UDP packet, so it's easy for malicious actors to probe lots of machines with very little overhead.

about a month ago

Submissions

top

Serious flaws in NTP (the application, not the protocol) need to be patched

hawkinspeter hawkinspeter writes  |  about a month ago

hawkinspeter (831501) writes "A new set of vulnerabilities with the most common NTP daemon have been discovered by Google security researchers. There exist public exploits that target these flaws, so it's recommended to patch to version 4.2.8 (or switch to openntp which doesn't have the same issues) immediately. This is especially problematic for those systems that run ntpd with root privileges as a single carefully crafted packet can allow access at the privilege level of the process. This was reported by ZDNet a few days ago and I have yet to see the Ubuntu patches for this, but it looks like Red Hat are on top of things."
top

Microsoft Azure fails across the globe

hawkinspeter hawkinspeter writes  |  about 2 months ago

hawkinspeter (831501) writes "The BBC has reported that Microsoft's Azure cloud computing platform has taken down many third-party sites that rely on it in addition to disrupting Microsoft's own products. Office 365 (maybe they were optimistic with choosing that name) and Xbox Live services were affected.

This has happened at a particularly inopportune time as Microsoft has recently been pushing its Azure services in an effort to catch up with other providers such as Amazon, IBM and Google. Just a couple of hours previously, Microsoft had screened an Azure advert in the UK during the Scotland v England soccer match."

Link to Original Source
top

Philip K Dick's "The Man in the High Castle" to be produced by Ridley Scott

hawkinspeter hawkinspeter writes  |  about 5 months ago

hawkinspeter (831501) writes "Amazon has given the green light to produce the Hugo award-winning "The Man in the High Castle". This is after the four-hour mini-series was rejected by Syfy and afterwards by the BBC.

Philip K Dick's novel takes place in an alternate universe where the Axis Powers won the Second World War. It's one of his most successful works, probably due to him actually spending the time to do some editing on it (most of his fiction was produced rapidly in order to get some money). Ridley Scott has previously adapted PKD's "Do Androids Dream of Electric Sheep" as the film "Blade Runner", so it will be interesting to see how close he keeps to the source material this time.

This news has been picked up by a few sites: International Business Times; The Register and Deadline.

So, are any PKD fans excited about this and is this story already Godwinned?"
top

BBC ignores 50000 austerity protesters outside BBC in Portland Place

hawkinspeter hawkinspeter writes  |  about 7 months ago

hawkinspeter (831501) writes "It seems that the BBC didn't notice a crowd of 50,000 protesters right outside their front door on Saturday. The march was organised by the People's Assembly Against Austerity on their one-year anniversary and was led by comedian Russell Brand who has become a figure head for the movement. He called out for a "peaceful, effortless, joyful revolution".

The protesters started their march outside the BBC to protest against the broadcaster ignoring the impact of the cuts on the impoverished. Sam Fairbairn (the national secretary of the People's Assembly) spoke to the crowds at the end of the march, outside Parliament, saying "Make no mistake, these cuts are killing people and destroying cherished public services which have served generations".

Although this event seems to have been ignored by a lot if the UK press, it is covered by a few of them: Daily Express, The Independent and The Huffington Post."
top

China rejects 545,000 tons of US genetically modified corn

hawkinspeter hawkinspeter writes  |  about a year ago

hawkinspeter (831501) writes "The BBC is reporting that US corn that was found to contain an unapproved genetically modified strain. Although China doesn't have a problem per se with GM crops (they've been importing GM soybeans since 1997), their product safety agency found MIR162 in 12 batches of corn.

"The safety evaluation process [for MIR162] has not been completed and no imports are allowed at the moment before the safety certificate is issued" said Nui Din, China's vice agricultural minister.

The Chinese are now calling on US authorities to tighten their controls to prevent unapproved strains from being sent to China after the first batch of corn was rejected in November due to MIR162."

Link to Original Source
top

Doom comes to Kickstarter boardgame project

hawkinspeter hawkinspeter writes  |  about a year and a half ago

hawkinspeter (831501) writes "Kickstarter backers are up in arms and accusing the head of developer The Forking Path Erik Chevalier of fraud following the cancellation of a tabletop game that successfully brought in nearly $123,000 on the crowdfunding website.

According to Chevalier, the project — a game called The Doom that Came to Atlantic City — ran out of money following 13 months of development despite earning nearly four times the amount originally asked for through Kickstarter. Chevalier began the Kickstarter campaign in May 2012, asking for $35,000 to create the title.

"The project is over, the game is cancelled," he wrote. "Every possible mistake was made, some due to my inexperience in board game publishing, others due to ego conflicts, legal issues and technical complications. No matter the cause though, these could all have been avoided by someone more experienced and I apparently was not that person."

Chevalier added he hopes to personally refund the full amount to his backers beginning with those who pre-ordered the game through its official webstore.

"Unfortunately I can't give any type of schedule for the repayment as I left my job to do this project and must find work again.

"Again, I never set out to con anyone or to perpetrate a fraud but I did walk into a situation that was beyond my abilities and for that I'm deeply sorry." A number of backers since claimed to have reported Chevalier to the Oregon Department of Justice. According to the designer, he has contacted the department himself in response.

"While they gave no promises their agent didn't feel that I'd committed any fraud. I am going to provide them with more information and work with them to see what I need to do to make this right in their eyes. I will also be contacting any other agencies who receive reports in order to provide them with a transparent view of the scenario from all angles."

Angry backers are of the opinion that the project money was used to fund Erik's move to Portland and to set up a video production company (formerly Suicide Pact LLC and now renamed as Intrinsic Gray). Additionally, it appears that Erik had to have legal action threatened by the game designers themselves before agreeing to come clean about the wasted money."
top

MIT blocking release of Aaron Swartz's Secret Service files

hawkinspeter hawkinspeter writes  |  about a year and a half ago

hawkinspeter (831501) writes "Lawyers representing MIT are filing a motion to intervene in Wired's Kevin Poulsen's FOIA lawsuit over thousands of pages of Secret Service documents about the late activist and coder Aaron Swartz.

It looks like MIT are afraid of the public finding out about the individuals who thought that sending Aaron to prison (for the digital equivalent of checking out too many library books) was a really good idea. Does that justify a non-governmental interfering with a FOIA request?"

Link to Original Source
top

Ruby-on-Rails allows remote-code execution on over 240,000 websites

hawkinspeter hawkinspeter writes  |  about 2 years ago

hawkinspeter (831501) writes "Popular programming framework Ruby on Rails is affected by two critical security vulnerabilities — one allowing anyone to execute commands on the servers running affected web apps.

The bugs both involve the parsing and handling of data supplied by visitors to a Rails application. The CVE-2013-0156 hole is the more severe of the two because it allows remote-code execution against any Ruby on Rails application that has the XML parser enabled — a feature switched on by default. According to security tools firm Sourcefire the flaw allows hackers to run system commands on the server with the same level of privileges as the app.

Both vulnerabilities can be resolved by updating to the latest version of the Ruby on Rails platform.

But what makes the holes particularly nasty is that, until the patches are applied, every application running on the insecure open-source framework will be vulnerable — like castles built on sand and the tide is rising: at least 240,000 websites powered by RoR are thought to be at risk."

Link to Original Source
top

Caught on camera: quantum mechanics in action

hawkinspeter hawkinspeter writes  |  more than 2 years ago

hawkinspeter (831501) writes "Scientists at the University of Glasgow have captured images of ‘quantum entanglement’ on camera for the first time.

In quantum mechanics, entanglement is one of the bizarre behaviours exhibited by particles where the rules of classical physics are broken and seemingly impossible events are a reality.

Described by Einstein as ‘spooky action at a distance’, entanglement is the phenomenon whereby two particles act as one system even when separated by immense distances.

The entangled particles are in a superposition where their individual state isn’t known. However, as soon as one of them is measured or observed the other will take on a correlated state instantaneously, seemingly violating the speed of light.

Being able to exploit such behaviour would have major applications in communications encryption and could underpin the next generation of computer technology, known as quantum computation.

Their paper is available from Nature"

Link to Original Source
top

Microsoft drope 'Metro' name for Windows 8

hawkinspeter hawkinspeter writes  |  more than 2 years ago

hawkinspeter (831501) writes "The BBC is reporting that Microsoft is dropping the 'Metro' name for the new Windows 8 UI. Apparently, the catchy new name they've settled on is 'Windows 8 style UI'! This has happened due to a (potential) trademark dispute with Metro AG , a German retail giant.

I'm wondering if Microsoft planned this to get publicity for their new OS and UI or whether they just forget to check on how 'Metro' is used around the world."

Link to Original Source
top

Man claims cell phone taken by DC police for taking photos

hawkinspeter hawkinspeter writes  |  more than 2 years ago

hawkinspeter (831501) writes "Just one day after Chief Cathy Lanier made it illegal for MPD cops to take recording equipment, a 26-year-old local man had his phone taken as he was trying to record a violent arrest. They eventually gave back his phone, but without the memory card which also contained photos of his daughter along with the record of the alleged police brutality."
Link to Original Source

Journals

hawkinspeter has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?