×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Fruit Flies, Fighter Jets Use Similar Evasive Tactics When Attacked

idontgno Re:Peppy Hare to Fly McClure (65 comments)

Damn autocorrect. "McCloud", not McClure.

Fly McClure? "Hi, I'm Fly McCulre. You may remember me from such vermin-borne illnesses as cholera and anthrax."

Sigh.

5 days ago
top

Fruit Flies, Fighter Jets Use Similar Evasive Tactics When Attacked

idontgno Peppy Hare to Fly McClure (65 comments)

In the midst of a banked turn, the flies can roll on their sides 90 degrees or more, almost flying upside down at times, said Florian Muijres

"Do a barrel roll!"

5 days ago
top

Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

idontgno Re:Whatever you may think ... (444 comments)

The WTF part of this (the kind that thedailywtf.com lives on) is that the RFC, which he co-authored, has this strong and specific warning:

If the payload_length of a received HeartbeatMessage is too large, the received HeartbeatMessage MUST be discarded silently.

He knew about the risk. He documented the risk. But come coding time, he forgot the risk.

Ya gotta feel for that. How many times have I gotten up bleeding and dazed and said to myself "I knew that was a bad idea."

5 days ago
top

Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

idontgno Re:Not malicious but not honest? (444 comments)

The bug itself had to do with allowing a mismatch between the amount of data sent and the amount retransmitted in what's essentially an echo command that TLS implements. A hardened malloc() would make it impossible to exploit that, but OpenSSL would still have a bug even with one, just one that couldn't (probably, maybe, perhaps) be used to get confidential data.

Right. Instead of a remotely-exploitable information leak, it's most probably reduced to (at worst) a low-grade denial-of-service attack caused by crashing HTTPS server processes no faster than they can respawn.

By that critereon alone, I do surely wish OpenSSL had just stuck to the dog-standard malloc() rather than cowboying up their own.

5 days ago
top

Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

idontgno Re:This may be a dumb question, but... (444 comments)

Many compilers precalculate arithmetic expressions consisting of constants, replacing them at compile-time with the result value constant.

I believe the different constants can be deduced from Section 4 of the original RFC proposing the TLS hearbeat message:

4. Heartbeat Request and Response Messages

The Heartbeat protocol messages consist of their type and an
arbitrary payload and padding.

struct {
HeartbeatMessageType type;
uint16 payload_length;
opaque payload[HeartbeatMessage.payload_length];
opaque padding[padding_length];
} HeartbeatMessage;

The total length of a HeartbeatMessage MUST NOT exceed 2^14 or
max_fragment_length when negotiated as defined in [RFC6066].

type: The message type, either heartbeat_request or
heartbeat_response.

payload_length: The length of the payload.

payload: The payload consists of arbitrary content.

padding: The padding is random content that MUST be ignored by the
receiver. The length of a HeartbeatMessage is TLSPlaintext.length
for TLS and DTLSPlaintext.length for DTLS. Furthermore, the
length of the type field is 1 byte, and the length of the
payload_length is 2. Therefore, the padding_length is
TLSPlaintext.length - payload_length - 3 for TLS and
DTLSPlaintext.length - payload_length - 3 for DTLS. The
padding_length MUST be at least 16.

HeartbeatMessageType is a single-byte enumeration (documented in Section 3) and the payload_length is a uint16 (two bytes)... and the packet always requires 16 bytes of padding, so that's the 1, the 2, and the 16.

5 days ago
top

Navy Debuts New Railgun That Launches Shells at Mach 7

idontgno Re:Power? (630 comments)

I remember hearing a proposal that the barrel (or rail) would be magazine-fed along with the armature and round. Kinda defeats the probable space/weight advantages over a chemically-propelled round, but at least you don't have tons of explosive propellants in the magazine.

I don't know how serious the proposal was. But it would solve the rate-of-fire issue.

about a week ago
top

Smart Car Tipping Trending In San Francisco

idontgno Re:It's not the Midwest (369 comments)

Wait until the aliens start mutilating Smart cars. And abducting Smart car farmers.

about a week ago
top

Smart Car Tipping Trending In San Francisco

idontgno Re:It's not trending. (369 comments)

So, this explains why you were tipping those "Smarts".

What about your criminal confederates? More illegal thrill-seeking? Someone secretly paying to have the cars tipped? Voices in their heads? Hatred of tiny four-wheeled tin boxes arrogantly pretending to be cars?

The last is the reason I do it. I mean, would do it. Although I don't. Really.

about a week ago
top

Slashdot Asks: Will You Need the Windows XP Black Market?

idontgno Re:Application and driver compatibility (244 comments)

It is if you have operators and engineers that have any brains

But out here in reality, what operators and engineers have in brains they make up for by the absence of give-a-damn. Laziness can trump smarts every day of the week, and the path of least resistance is a damn fine malware vector.

that have any brains, There are tons

Speaking of brains... that's a comma splice. If English is your first language, please return to third grade to learn not to do that.

There are tons of CNC machines not being infected out there.

There were tons of numerically controlled machines out there infected by this very mechanism. The fact that it wasn't CNC machines this time doesn't mean it can't be CNC any time in the future. The attack is feasible.

about two weeks ago
top

Google Project Ara Design Will Use Electro-Permanent Magnets To Lock In Modules

idontgno Re:modular but never taken advantage of (62 comments)

You're not the target demographic. That doesn't mean it's a bad idea. These kinds of phones will be bought by tech nerds in their 20s.

Glassholes, you mean.

modular IBMPC / overclocking crowd.

Modular PC. Not exactly the stirring precedent I'd go looking for.

about two weeks ago
top

The Amazon Fire TV Is Kind of a Mess

idontgno NOTABUG (96 comments)

Thus, even if you have access to a movie for free through Netflix, using the Voice Search for that movie will only bring up Amazon's paid options.

You make that sound like a bad thing.

--Signed,
Jeff Bezos

about two weeks ago
top

Algorithm Challenge: Burning Man Vehicle Exodus

idontgno Re:tl;dr (273 comments)

I think you're missing the point.

As far as I can tell, the point is "You're wrong, because I, and only I, am right. It doesn't even matter if you agree with me. You're still wrong, because you're not me."

Yeah, doesn't make sense to me, either. Probably all the heatstroke and pharmaceticals.

about two weeks ago
top

TSA Missed Boston Bomber Because His Name Was Misspelled In a Database

idontgno Re:Ellis Island Syndrome (275 comments)

No, you're thinking of Raymond Luxury-Yacht (pronounced "'Throatwobbler Mangrove").

about three weeks ago
top

TSA Missed Boston Bomber Because His Name Was Misspelled In a Database

idontgno Re:Jeez (275 comments)

Heinrich Bimmler? From Minehead? I have no idea why the TSA would be interested in him. After all, he wasn't the head of the Gestapo for 10 years... I mean, 5 years... I mean never.

about three weeks ago
top

Hacking Charisma

idontgno Re:"hacking charisma" (242 comments)

There's a special name for a "story to attempt to be positive": "propaganda". Anyone with ciritcal thinking skills will demand to examine both the negatives and the positives.

about three weeks ago
top

Is This the End of Splitscreen Multiplayer, Or the Start of Its Rebirth?

idontgno Re:This whole thing seems like an ad for the Wii U (126 comments)

Split screens can often be confusing (being distracted by another player's screen portion and missing something on your screen portion).

And that's why I will always regard split-screen console gaming as overrated and hopefully to never be resurrected.

"Hey, dude, where are you going? You're stuck on a wall!"

"Bullshit, I'm running my ass off. No, wait, I'm looking at the wrong half of the screen."

So I despise split-screen because I'm terribad at it.

about a month ago
top

Inside NSA's Efforts To Hunt Sysadmins

idontgno Re:This has gone beyond madness (147 comments)

Think of it as unplanned pen testing. Kinda like how rape is unplanned sex.

about a month ago

Submissions

top

9th U.S. Circuit Affirms Ban of WoW Glider Bot

idontgno idontgno writes  |  more than 3 years ago

idontgno (624372) writes "In its judgment yesterday, 9th U.S. Circuit Court of Appeals decided that the World of Warcraft bot software Glider violates the "Anti-circumvention" provisions of the DMCA and cannot be distributed. Oddly, though, it also decided that Glider doesn't actually violate Blizzard's copyrights in the process. So exactly why does the DMCA apply?"
Link to Original Source
top

US Dems fill inboxes with 419 scams

idontgno idontgno writes  |  more than 4 years ago

idontgno (624372) writes "Looks like the U.S. Democratic National Party is hosting an unprotected web-based mail sending application which 419'ers are exploiting to get past mail filtering. (In some cases, I guess. I'd blacklist both major political parties, but that's just me.) As reported on The Register (http://www.theregister.co.uk/2009/08/28/democratic_party_419_abuse/)"
Link to Original Source
top

Bush White House Must Find Lost Official E-Mail

idontgno idontgno writes  |  more than 5 years ago

idontgno (624372) writes "According to this Associated Press story (which I saw via El Reg, a U. S. District Court has ruled that Citizens for Responsibility and Ethics In Washington (CREW) and the National Security Archive can continue in their lawsuit to force the White House to recover up to 225 days of "lost" official e-mail traffic from 2003. The Administration's position, rejected by U.S. District Judge Henry Kennedy, was that the courts had no authority to order the recovery of the e-mail.

This ruling appears to settle the issue mentioned in this earlier Slashdot story.

On a personal note, I stand gobsmacked that the Administration's argument boiled down to "You're not the boss of me!""

Journals

top

Free software modtrolls strike!

idontgno idontgno writes  |  more than 7 years ago

Weird.

I posted a reasonable, well-intentioned, and sincere query about how anyone could think that the FSF has any real leverage over Suse--any meaningful way of expressing their evident displeasure at Novell signing on with Microsoft.

There was no inflamatory language. There were no waving red flags. There was no fanboi-ism. Frankly, I don't think there was any discernable bias one way or the other.

And along comes some clueless n00b to "-1 Flamebait" it.

Simply amazing. Amazing that mod points could be graced upon a slashdotter who could be most charitably characterized as a waste of oxygen. Amazing that once said slashdotter (henceforth known as "Puddinhead") got those mod points, he could wipe the drool off his chin and summon the intellectual muscle to work the moderation combobox. Even more amazing, if this moronic abuse of moderation represented Puddinhead's idea of taking a genuine and well thought-out position on the subject rather than the spastic twitches and burbles of the defective mentality he surely has.

Sigh. I am guessing the metamods will address this, but there are plenty of fanboi sheeples who M2 here who will agree with what they read into the moderation ("How dare he question The Stallman and his Crusade!?!"). But it doesn't matter. My karma remains excellent, because in the end, this moderation is "a tale told by an idiot, full of sound and fury, signifying nothing."

top

WTF!??! A no-comment poll?

idontgno idontgno writes  |  more than 8 years ago Today's poll, "Favorite tool of destruction?" has among other choices "Other (specify)". (Sadly, not a CowboyNeal option, but I'll get over it.)

Anyway, great. I love chiming in. After all, "High explosives" wasn't one of their offerings, so I had to vote "Other."

Ooh, lookie, no comments at any mod level. Schweet, I get FP!

WTF!?! No "Reply" button? And why the flaming hell does it say that the discussion has already been archived? It's been up maybe a day! With NO COMMENTS! Only 5000 votes! AND NO COMMENTS!?!?!? "Archived" my caucasian butt!

Feh. So much for "Other". I just wasted my vote.

Somebody screwed up most cleverly here.

I've not angry, just terribly, terribly hurt. -- Marvin Martian

top

Mod points!

idontgno idontgno writes  |  more than 8 years ago Well, out of the blue, 5 mod points! After months of moderation drought. I wonder if this is the beginning of something big?

On the other hand, Scientific American's "Skeptic" column pointed out that we primates have a bad habit of using our acute little pattern recognition cability to draw little causal connection arrows between completely unrelated but coincidentally-timed events. So maybe it just means /.'s PRNG hiccuped just so and bestowed precious precious mod points on me.

Naah, it's really because I'm extra spe-shul.

top

wikiwikiwiki! That's a sound effect!

idontgno idontgno writes  |  more than 9 years ago I find myself slowly falling in love with wikipedia. Damn. It's scary.

Yeah, I know, it lacks authority, it's just a rabble spewing their institutionalized ignorace, it's a blog pretending to be an encyclopedia.

So, it's a lot like /. How's that for scary?

Anyways, it's fun. Lately I'm mostly playing whack-a-vandal. It's a petty game, really, but I get the cheap and vindictive thrill of undoing some yutz's graffitization of a perfectly good article. There's a moment of "In your FACE, Mr. 204.23.152.19! Don't bring your weak editing crap here NO MORE!" And then I have to ride herd on the article, because I know the foo' is coming back for more.

Eventually, I'll outgrow this phase. I guess it's like the first 5 mod points here, where the desire to smack down offtopics and flamebaits is irresistable. I'm sure in time I'll move on to more positive pursuits there, just like whenever I get modpoints here I try to upmod, not down.

top

Ampersand entities, national currencies, and stealth changes

idontgno idontgno writes  |  more than 9 years ago In a not-so-recent journal entry, I noted the rather sudden and unheralded ability of Slashcode to display the Euro currency mark: €

At the time, I tested to see whether some other currency marks would work. The yen, the pound, and the cent all failed to display.

Examine that journal entry now, and you'll find that the Yen mark (¥) and Pound mark (£) display beautifully. As they do now in this very entry.

WTF!??! How and when did this suddenly get fixed!? My old journal entries are beginning to look like unwarranted whining. I'm beginning to look like a clueless putz because of it.

Dammit. At least the cent mark isn't working:

<-- see, nothing!

(At least for now.)

top

Damn. I'm not getting any moderator love.

idontgno idontgno writes  |  more than 9 years ago My "excellent" karma is not bringing me the adulation and peer respect I was expecting. I mean, isn't karma the coin o' the realm, the key to the voting public's heart, the precious bodily fluids of human kindness?

Maybe I'm a lame-o weenie for missing it. Maybe I'm off my game. Maybe they've wised up and caught on.

Naah. It couldn't be my fault.

top

Maybe I'm not an HTML idiot after all!

idontgno idontgno writes  |  about 10 years ago Amazing. In my last journal entry, I was bemoaning the fact that the Euro currency character ampersand-entity didn't seem to work here. Now, all of a sudden, it does. I don't think I changed anything, but right there, in my untouched post, the Euro character sits where I entered my &euro; character.

Does it still work? €

Amazing. On the upside, I can now discuss European money issues with almost the same ease with which I discuss American, Australian, Canadian, or Singapore financial topics.

Now, what about others?

Yen: ¥ <- Nope
Pound: £ <- Nope
Cent: <-Nope

Oh, well, at least the Euro is there. I wonder if non-break space is still gone, or will we be inundated by page-widening trolls? No, actually, I don't want to know.

top

Maybe I'm just an HTML idiot..

idontgno idontgno writes  |  about 10 years ago But why does slashcode seem to have problems with ampersand-entity characters? I can't insert a Euro character to save my life.

Witness: €

Shoulda been a Euro character there. I bet there wasn't. Now, some seem to work: < for less than, > for greater than.

Perhaps it's my Mozilla settings? No, it shouldn't matter, because I seem to see Euro signs on other websites OK. I don't get it, and it seems kinda unfair to have to type out "Euros" when talking about European economic issues when I can just hit "$" for American (and Canadian, and Australian, and a few other) money.

Is there a kind soul who can explain which amp-entities work, and why the others don't?

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...