×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Grinch Vulnerability Could Put a Hole In Your Linux Stocking

jandrese Re:Grinch is not a flaw - has no CVE!!! (116 comments)

About 3/4 of the way down the "article" they explained the vulnerability:

To control administrative access, Linux keeps a list of all the registered users on a machine, in a group typically known as “wheel,” who can be granted full root access (usually through the Unix sudo command).

A knowing attacker could get full root access by modifying the wheel group, either directly or by manipulating an adjoining program such as the Polkit graphical interface for setting user permissions, Alert Logic said.

This is patently stupid. Yes, if you give a badguy administrative access, bad things can happen--even if you use a fancy GUI to give the bad guy administrative access. The only thing that is even slightly newsworthy here is that maybe a novice admin won't understand the purpose of the wheel group and could be tricked into giving permissions, but there are a lot of ways you can trick a dumb admin, there's no need to single this one out.

3 days ago
top

Did Alcatraz Escapees Survive? Computer Program Says They Might Have

jandrese Re:Who cares (87 comments)

What's so crazy about the idea that they lived out the rest of their lives with assumed identities?

3 days ago
top

Top Five Theaters Won't Show "The Interview" Sony Cancels Release

jandrese Re:So stream it... (580 comments)

Sony should say screw you to North Korea and release the entire movie for free on the internet. Make sure everybody has a chance to see it. Of course they won't because they still have to monetize it somehow, but it would be something to say "we're not going to give in".

4 days ago
top

Sony Leaks Reveal Hollywood Is Trying To Break DNS

jandrese Re:DNS was always optional (387 comments)

The hosts file doesn't scale. It's only useful for LAN traffic and has a last ditch hack anymore. Especially since if a site is being attacked by a media cartel, they're probably going to have to switch servers a few times.

4 days ago
top

Sony Leaks Reveal Hollywood Is Trying To Break DNS

jandrese Re:DNS was always optional (387 comments)

This will of course fail if the site you are trying to visit is virtually hosted. Even if you know the IP, you have to tell the proxy/load balancer what site you are trying to load.

4 days ago
top

Sony Leaks Reveal Hollywood Is Trying To Break DNS

jandrese Re:Beyond 404 HiJacking (387 comments)

It's not really 404 hijacking, it's DNS resolution failure hijacking. If you get a 404, then you at least got to the site. Anyway, DNS hijacking is why I don't use my ISP's DNS.

4 days ago
top

Backblaze's 6 TB Hard Drive Face-Off

jandrese Re:Backups are not secure (173 comments)

This is really not a good approach to using public key crypto. The private key shouldn't be on the servers, it should be on the client. I know it's a pain to handle per-file backups and especially deltas when everything is encrypted, but that's the tradeoff for proper security. In fact there's really no need for expensive public key crypto here at all. Just have the client use a cheapish symmetric key (AES256 perhaps) and send only encrypted data to the servers. There's no need at all for the servers to ever have the data in the clear.

4 days ago
top

Backblaze's 6 TB Hard Drive Face-Off

jandrese Re:360K already double-sided (173 comments)

You could punch a hole to turn a double-density floppy into a high density floppy, at least with the 3.5" floppies. It worked the few times I tried it but the need for antics like that faded pretty quickly as technology marched on.

4 days ago
top

Backblaze's 6 TB Hard Drive Face-Off

jandrese Re:Man, am I old ... (173 comments)

At the risk of being unable to read any of the tapes you made with the old misaligned head. It's saying something when the horribly brain damaged 1541 disk drive for the C=64 was considered a major step up from the other options.

4 days ago
top

Apparent Islamic Terrorism Strikes Sydney

jandrese Re:Tech angle? (876 comments)

Uber also turned it off once they read the news and instead gave everyone free rides out of the city, paying the drivers out of their corporate reserve.

about a week ago
top

Apparent Islamic Terrorism Strikes Sydney

jandrese Re:It's just some dipshit with weapons and no hope (876 comments)

From what information the police have released since then, it looks like you're right on the mark. The guy is a violent nutjob that also happens to be an Iranian Muslem; and he has lived in Australia for almost 20 years now. I doubt he has much connection with Islamic State beyond their chat boards.

about a week ago
top

Raspberry Pi In Space

jandrese Re:Cosmic Rays (56 comments)

It's really the same mechanism. In one case the high energy rays impart enough energy to charge or drain a gate, and in another high energy rays impart enough energy to break a DNA bond. The parent was talking about being continually hit with enough high energy rays to instantly crash a normal computer, which is well above the amount you need to kill a person.

about a week ago
top

Raspberry Pi In Space

jandrese Re:Cosmic Rays (56 comments)

It also sucks that every astronaut we send up there dies in like 3 days from radiation poisoning from the apparent containment-core levels of radiation the ISS flies in...

about a week ago
top

Forbes Blasts Latests Windows 7 Patch as Malware

jandrese Not sure if my problem is related (229 comments)

After the patch my box started complaining endlessly that it was not genuine windows, but when I went to activate Windows page it said I was already activated and just told me all of the great benefits of having genuine Windows and that I should install MS Defender.

It non-activated dialog box wanted me to install some application to double activate it or something? I've had a tough time figuring out exactly what's up with it. The links all point to genuine microsoft.com websites, so it doesn't appear to be malware, but I'll be damned if it's not acting like malware.

about a week ago
top

3D Printer Owner's Network Puts Together Buyer's Guide

jandrese Re:And the #1 option is... (62 comments)

The big reason for the huge price drops in the past couple of years is a whole bunch of the patents expiring. At this point the primary limitations to making them cheaper are technical, not legal. This means we shouldn't expect to see the same magnitude of price reduction going forward that we've seen in the recent past. The only area where I expect to see significant movement is on the filament, which still strikes me as overpriced for what it is. It's only a matter of time till some factory in China is spitting that stuff out by the ton and undercutting everybody.

about two weeks ago
top

The Case For Flipping Your Monitor From Landscape to Portrait

jandrese Re:View angles (567 comments)

I've never seen a subpixel rendering system that didn't allow you to account for different pixel configurations. Even the default windows one allows you to set the configuration of your pixels.

about two weeks ago
top

The Case For Flipping Your Monitor From Landscape to Portrait

jandrese Re:View angles (567 comments)

In general: avoid TN displays if you intend to rotate the screen. IPS displays are much better for this.

about two weeks ago
top

$35 Quad-core Hacker SBC Offers Raspberry Pi-like Size and I/O

jandrese Re:XBMC Finally? (140 comments)

It doesn't help that the Raspberry Pi foundation finally released an update after 2 years...and left the specs almost completely unchanged. Not even a badly needed speed bump on the CPU or an ARM architecture update that makes it less of a pain in the butt to support. Not even a RAM bump, even though many many apps (XBMC included) bump into the RAM limit on the Pi constantly, severely degrading its performance.

The situation is so ridiculous that overclocking is officially supported on their default distro (Raspbian) in the installer. It really helps too. Even a little 300Mhz clock bump makes the Pi feel twice as fast (mostly from the increased clock on the RAM). Unfortunately, in my experience the built-in "turbo" mode is generally over aggressive with the Core and GPU and you'll eventually get crashes when doing 3D games or hitting the USB controller (and remember, the networking on the box is all USB).

For what it is worth, if you have Samsung memory (Hynix sucks), I've had good success across several Pis with the following config:
arm_freq=1000
sdram_freq=600
core_freq=400
gpu_freq=333
avoid_pwm_pll=1
over_voltage=6

This setup plays Quake3 smoothly (mostly) at 1280x1024 and runs Chromium reasonably well if you don't have too much other stuff open (beware hitting the memory limit though, swapping on the Pi makes it nigh unusable--no more than 2 or 3 tabs open at once). Another caveat: The analog audio will be crackly with this config, use HDMI audio or remove the "avoid_pwm_pll" line and reduce core_freq to 333 to match the gpu_freq. I don't have any of the B+s to try it out, but given the extra couple of years they've had I expect them to overclock even better than the old model Bs. If you are one of those poor suckers with a Hynix Pi, you are probably going to have to remove the sdram_freq line as well, it just doesn't overclock for beans.

about two weeks ago
top

$35 Quad-core Hacker SBC Offers Raspberry Pi-like Size and I/O

jandrese Re:XBMC Finally? (140 comments)

The Pi is actually surprisingly good at streaming video, but with a big list of caveats. The biggest is that it is only good at streaming 2 (3 if you pay a little extra money) formats. Luckily one of them is mp4 so it's not a complete disaster, but anything it can't do on the GPU is too slow to be useable. XBMC's interface is also a poor choice for the Pi, as it is not GPU accelerated on the Pi and quite slow as a result.

The Broadcom chip on the Pi is really designed to stream video. The CPU is almost an afterthought, and is mostly there to service the USB controller and feed data into the GPU.

about two weeks ago
top

New Destover Malware Signed By Stolen Sony Certificate

jandrese Re:Why wasn't this already revoked? (80 comments)

Because CRLs suck and using them is a last resort. Plus, Sony has to re-issue the certs first or it will break existing consumer equipment. There is a chicken and egg problem where you want to push down the new certs securely before you invalidate the old ones, otherwise the consumers will get a warning about an improperly signed server trying to mess with the security on their machine.

Or they have to wait for some third party (Windows Update for instance) to push it out, which takes time.

about two weeks ago

Submissions

top

Help save historic space data

jandrese jandrese writes  |  about 2 years ago

jandrese writes "The Lunar Orbiter Image Recovery Project has been recovering and digitizing NASA's old images from the Apollo program from dusty old tapes found in a barn. They are using modern techniques on the old data to achieve stunning results from the old material, but have run out of funding and are looking for help. They have a very modest goal of $75,000 and only 5 days left to reach it."
Link to Original Source
top

Verizon CEO: US #1 in Broadband; Because I say so

jandrese jandrese writes  |  more than 4 years ago

jandrese writes "Verizon CEO Ivan Seidenberg went on the record with the Council of Foreign relations to say that the US has far and away the best Broadband in the world, and that the European model has not served its customers nearly as well as the US model. Also how the FCC is making a big mistake if it starts regulating broadband and wireless.

Murray: So on the measures that matter most to you, where does the United States rank in terms of

Seidenberg: One. Not even close.

Seidenberg then goes on to explain how Verizon has laid more fiber than all of the telecom companies in Europe combined, and how Europeans have to carry multiple cell phones if they want to avoid roaming fees. He also promises to go after wireless bandwidth hogs."
Link to Original Source

top

1.474 Gigapixel image of the Inagural Address

jandrese jandrese writes  |  more than 5 years ago

jandrese writes "David Bergman used a gigapan Imager to create this stunning 1.474 Gigapixel image of the inaugural address by taking 220 images with his Canon G10 with the robotic mount quickly and precisely aiming the camera for every shot. A fullscreen version of the image viewer is also available. The level of detail is amazing, you can almost read the band's sheet music."
Link to Original Source
top

Clear Channel wants to clean up XM/Sirius

jandrese jandrese writes  |  more than 6 years ago

jandrese writes "It seems that Clear Channel's terrestrial stations are tired of the XM and Sirius counterparts being free from the FCC decency guidelines, especially after they are forced to pay $1.75 million in fees. To fix the problem they are asking the FCC to impose additional restrictions on the pending XM and Sirius satellite radio merger. In particular, they want the FCC to apply the over the air decency guidelines to all channels on satellite radio. The worst part is that the FCC has not rejected this idea out of hand."
Link to Original Source
top

jandrese jandrese writes  |  more than 7 years ago

jandrese writes "LONDON (Thomson Financial) — Microsoft Corp and Apple Inc could face a possible lawsuit for failing to include measures to control access to copyrighted material in products such as Vista OS, iTunes and the iPod, two companies have warned.

Media Rights Technologies and BlueBeat.com have issued cease and desist letters to both companies and to Adobe Systems Inc and Real Networks — which produce the Adobe Flash Player and Real Player respectively — for actively avoiding their X1 SeCure Recording Control, which they said is an effective copyright protection system.

I guess DRM companies have gotten so used to suing their customers that suing potential customers seems like a good idea."

Journals

top

Why does C not have a heap checking function?

jandrese jandrese writes  |  more than 7 years ago One of the things that has bothered me from the first day I learned about the Memory Management in C over a decade ago is how there is no apparently method in C for knowing how much memory is allocated behind a pointer that you are passed. I asked my teacher back in the day how we would prevent stuff from running off of the end of a buffer if we can't find out how big a buffer is and he just shrugged his shoulders and said "very carefully". It is no surprise to me that buffer overflows are by far the most common form of exploit on C based languages. The worst part is that a lot of that could be avoided with one simple function:

int heapsize(void* buffer, void** start);

Passed in your target pointer it would set the start pointer to the start of the buffer and return the length of the buffer in bytes. Now you would know exactly where your pointer is and how many bytes are left. Bounds checking suddenly gets really simple and buffer overflows, while not completely a thing of the past (lazy programmers would never check), appear far less often.

The normal argument against this function is "it's your program, you should know how big the buffers are", but frankly in an age of libraries and team coding this is just not true.

The worst part is that C already knows this stuff. It has to or the "free" command would not work. It is just hidden away and impossible to get at for some reason. Even with the many revisions of C over the years, it seems like this is one feature we're never going to get. I wonder why?

top

Mkisofs

jandrese jandrese writes  |  more than 11 years ago Why in the world does mkisofs have such a crummy method for specifing what files you want burned?

In case you don't know, here's how it works, you specify one or more directories after the options to mkisofs like so:
mkisofs options_here directory1 directory2 etc...
If directory1 contains the file foo and directory2 contains the file bar, your CD will have foo and bar on the root. Directory1 and directory2 are gone.

This design is as frustrating as it is stupid. If you want to burn directories like that you either have to create a third directory and temporarily move them in there, or create symlinks in the third directory and turn on the (unreliable) -follow-symlinks option (hope you don't have any symlinks in those directories that you cared about).

The worst part is, the correct interface is trivial to implement. If mkisofs didn't get rid of that last directory, it would work perfectly. Using the above line you would get a CD with directory1 and directory2 at the root. If you want the old behavior, all you would have to do is explicitly glob the files like so:
mkisofs options_here directory1/* directory2/* etc...
Maybe it's time to pull out the source...

top

S-Box mod chip

jandrese jandrese writes  |  more than 11 years ago I've had the S-Box (also called the NeoKey) installed in my PS2 for some time now, and there are a few things I need to get off my chest:

  • Installation: The first problem was that the documentation was wrong. I apparently have the generation 3 PS2, but it has all of the markings of a generation 1 PS2. When I talked to one of the vendors about it, they said that Sony has been doing that to try to thwart the modchip crowd. Ok, they can't do anything about that. What they could do is actually mention that somewhere. I went to at least a dozen different mod sites and none of them had any sort of waring about that whatsoever. Also, they all appear to have copied the instruction pages from a single source, lock stock and barrell. The originals weren't very good though (the pictures were kinda small and fuzzy). Finally, as for the actual process of installation, it was no too bad, except that the PS2 has an incredibly compact PCB, my pencil tip soldering iron was almost too big for that tiny little patch I had to solder on. I'm also not sure if that USB port will ever be usable again (I suspect not). Fortunatly almost nothing on the PS2 uses the USB port.
  • Import/Burned PSx games: The chip works as advertised sometimes, and lets me play DDR on my US PS2, however it is rather flaky, only working about 50% of the time and requiring a reboot the other times. I've found that it works best if you power the PS2 completely off (using the switch in the back) and back on when trying to play an import. It does blink ALL of the time when it is on however, which is rather annoying (fortunatly the light is covered up by the controller plugs).
  • Import/Burned PS2 games: there were some conflicting reports on the sites about support for Ps2 games. Apparently you need a Gameshark, and even then you can only play PS2 games that are burned on CDr. I suppose that would be fine for pirates, but all I really care about are import games. I guess I'll just be playing the PSx imports instead. Also, instead of a Gameshark, I already had a Code Breaker. The Code Breaker is apparently not sufficent, as it does not work. Actaully, I havn't had a gameshark to test with either, so I don't know if it works at all.
  • Final Verdict: If your soldering skills are only so-so, and you only want to play PSx games, and don't mind a bit of a headache in the install procedure, then this is an acceptable modchip. It is also reasonably inexpensive compared to some of the more full featured mods.

Slashdot Login

Need an Account?

Forgot your password?