Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Put A Red Cross PSA In Front Of the ISIS Beheading Video

janoc Re:I forced myself to watch it (300 comments)

While I agree with your statement about removal of the video, the part on antisemitism in France is BS.

The recent uptick of antisemitism in France has nothing whatsoever to do with the ban on sale of nazi memorabilia (which is, btw, banned in Germany and many other countries as well), but with the war in Gaza. The people who attacked the Jewish stores and places of worship in the recent riots are mostly young Arabs (and there are plenty of them here in France due to the French involvement in Northern Africa, Lebanon, etc in the past) and various militant pro-Palestine groups.

I suggest that you practice your own advice - if you are not exposed to it (or too ignorant to actually know when to check the facts), shut the hell up.

5 days ago
top

Wiring Programmers To Prevent Buggy Code

janoc Re:False Premise (116 comments)

Mod parent up, please, this is spot on. You do this sort of "research" when you need to justify that the expensive toys you bought are actually used for something.

When I have seen the list of sensors they are sticking on the user, this has nothing to do with anything even remotely practical (have you seen a typical EEG sensor cap or eye tracker?). All the researchers are doing is running the test subject through a battery of experiments and classifying few measured values, based on some correlations - in an artificial setting.

This completely ignores the complexity of the problem - such as the biggest problem being constant interruptions from managers and colleagues, distractions in a noisy cubicle, bad specs, poor/inadequate tools, and many other issues. What they are proposing is basically a Clippy on steroids with a ton of expensive sensors. Such papers are published a dime a dozen (google "assistive agents" for example), not sure why exactly this one got picked out as somehow interesting.

about three weeks ago
top

Wiring Programmers To Prevent Buggy Code

janoc Re:Completely ignores bad specs... (116 comments)

Mod parent up, please, this is spot on. You do this sort of "research" when you need to justify that the expensive toys you bought are actually used for something.

When I have seen the list of sensors they are sticking on the user, this has nothing to do with anything even remotely practical (have you seen a typical EEG sensor cap or eye tracker?). All the researchers are doing is running the test subject through a battery of experiments and classifying few measured values, based on some correlations - in an artificial setting.

This completely ignores the complexity of the problem - such as the biggest problem being constant interruptions from managers and colleagues, distractions in a noisy cubicle, bad specs, poor/inadequate tools, etc. What they are proposing is basically a Clippy on steroids with a ton of expensive sensors. Such papers are published a dime a dozen (google "assistive agents" for example), not sure why exactly this one got picked out as somehow interesting.

about three weeks ago
top

"BadUSB" Exploit Makes Devices Turn "Evil"

janoc Re:Reprogramming at the factory. (205 comments)

Except that the article *was not* about chips being reprogrammed at the factory ...

about a month ago
top

"BadUSB" Exploit Makes Devices Turn "Evil"

janoc Re:and this is news why? (205 comments)

Yes? And how does that sort of tool help you install rogue backdoor? You can at best hide some files on the drive. Which you can pretty much do anyway, without any hardware hacking. It is not like you can convert the flash drive into a keylogger that will transmit captured data to NSA with it.

about a month ago
top

"BadUSB" Exploit Makes Devices Turn "Evil"

janoc Re:ftdi, Atmel are VERY common in devices. I did i (205 comments)

Nope. While these chips are common both are way too expensive for mass-produced hardware. Practically every microcontroller has a version with USB interface today and most of mass produced gear doesn't use these - an FTDI bridge is around $1/pop at quantity, that's crazy for an $20-40 end-user price item.

Anyhow, FTDI chips cannot be reprogrammed - you can modify their settings, but the are only an UART/I2C/SPI-to-USB bridge, they don't do anything by themselves. And that something uses e.g. an Atmel AVR chip (actually really rare, they are very expensive for the capabilities they have) doesn't mean that the programming pins are *actually hooked up* to something that is USB-accessible. Some may have the DFU bootloader, but typically they would have the firmware locked. You are way more likely to find various ARM micros and cheap Chinese clones of MCS'51 series these days, but again, that the chip is programmable doesn't mean it could be reprogrammed by the host system!

about a month ago
top

"BadUSB" Exploit Makes Devices Turn "Evil"

janoc Re:and this is news why? (205 comments)

I would love to see malware that will reprogram a mask-programmed blob in a common throwaway hardware. Or a microcontroller in a webcam that doesn't even have the programming pins (typically some sort of ISP or JTAG) connected to anything USB accessible (or not even connected at all, at best to some test pads).

A typical USB stick or a webcam don't have hardware to permit firmware upgrades, even though the silicon inside could be theoretically upgradable. Not to mention that the exploit would have to be written specifically for the target hardware - different processors, memory layout, USB interface, etc - all that would make it really hard to produce a generic malware. If you want to see what is involved in something like that, look at the article on hacking HDD controllers:
http://spritesmods.com/?art=hd... And that is a harddrive, which are produced by only few manufacturers, have relatively standardized interfaces and controllers. Now imagine having to do that sort of reverse engineering on every type of harddrive in common use if you wanted to write a reasonably effective malware (e.g. a data stealing worm). It is much easier to exploit some Windows bug or use a phishing scam than this.

So yes, this is potentially a threat, but panicking over your USB sticks or webcams going rogue on you is vastly overblown. This could be an issue for a very targeted attack where the benefits of compromising e.g. a keyboard of a high value target will outweigh the effort required, but not really anything else. And that assumes that the keyboard is actually able to be updated! It would be probably simpler to just send an operative in and install e.g. a keylogger ...

Oh and they mention the "BadBios" story ... Nobody was ever able to confirm that apart from the original very confused researcher.

about a month ago
top

Popular Android Apps Full of Bugs: Researchers Blame Recycling of Code

janoc Load of ignorant crap (150 comments)

The entire article is harping on 3rd-party ad network libraries stealing personal data and phoning tracking info home. As these are libraries and developers are re-using open source libraries, then it follows that "Open source is no free lunch" and is stealing your data. What a majestic leap in logic!

They conflate open source libraries with various ad-network code stealing personal data, basically trying to portrait open source code as being responsible for it. Never mind that the ad-network code is almost never open source.

Granted, OSS is certainly not bug-free, but the spyware has little to do with it.

What a load of ...

about a month ago
top

Elite Group of Researchers Rule Scientific Publishing

janoc Not surprising ... (123 comments)

This is "news" only to people who don't have a clue how research works - and usually the ones setting the publication criteria - like "you have to publish 2 journal papers per year" for an assistant professor (fresh post-doc or a PhD student), along with all the teaching load, of course. I was teaching 10 different courses (!) one semester and was still expected to actually do research half of my time and to publish those 2 journal papers.
Never mind that shepherding a journal paper through the review process and publication takes a year or two on average alone, plus you have to actually have something to publish to begin with. Even conference papers can take 6 months to publish and you must attend them as well (but nobody wants to pay for that!).

The prolific "publishers" are mostly professors that are heads of labs. They are not actually doing any of the work themselves. It is the young PhD students and post-docs who are slaving away in the lab, writing the papers and then put the name of the prof on the paper as a coauthor. It is a very common practice, basically giving a nod to the prof for paying their salary and letting them graduate. If you have a large lab with 20 PhDs who write 1-2 papers a year, that's alone 40 papers for the prof's CV annually. Then you get invited to contribute to various book chapters (again PhD students write that), you get invited lectures and what not - all that counts as publications.

The young researchers have absolutely no chance to break through in such competition where the number of publications is a criteria. You can have two very good papers but when you apply for an academic job, you have no chance against a guy with 40+ (no matter that most of them are the same thing publishes under different names or it isn't really their work). Unfortunately, that often leads to BS publications - like doing few minor changes and publishing the same work several times in different venues, publishing obvious, non-interesting "results" in minor, often in-house workshops or conferences, in the worse cases even scientific fraud and various misconduct - all for the sake of getting that number of publications up. It is only your job and chance for tenure that is at stake.

I have left university pretty much because of this - with no/not enough publications no chance to get a permanent position, but no chance to get those papers published if all you are doing is teaching teaching and more teaching (even though I love teaching). And when not teaching you are doing paperwork and trying to justify your own existence to various clueless bureaucrats every few months so that they don't cut your funding again. That's not exactly a situation where you can do research.

about a month and a half ago
top

TSA Prohibits Taking Discharged Electronic Devices Onto Planes

janoc More security theater? (702 comments)

I do wonder how this is going to stop someone from smuggling an explosive on board. It is vastly easier to conceal some nasty payload inside of a bulky laptop than inside of a battery. And it could still even work as a laptop - a brick of a plastic explosive the size of a disk drive or a secondary battery would be enough to cause a huge problem on board, without preventing the laptop from booting up and working.

And that is still assuming someone would actually want to bother with this - the guy with explosive underpants certainly didn't need a working battery ...

Mind boggling stupidity.

about 2 months ago
top

Qualcomm Takes Down 100+ GitHub Repositories With DMCA Notice

janoc Cyveillance (349 comments)

Oh that DMCA was issued by Cyveillance - the incompetent company Hollywood and music labels hired for policing P&P by string matching filenames and then carpet bombing service providers with DMCA requests, even though the content was not infringing at all. I bet they simply crawled Github for Qualcomm copyright notices, something that is often left in source code, even though it was relicensed long time ago already. Unfortunately, their bot is not that smart.

Some references:
https://www.techdirt.com/artic...
http://arstechnica.com/tech-po...

etc.

These bozos are known and someone at Qualcomm should get fired for hiring them. This is going to backfire at Qualcomm in a spectacular way, IMO.

about 2 months ago
top

ARM Launches Juno Reference Platform For 64-bit Android Developers

janoc Open Source Drivers? (69 comments)

ARM doesn't build chips, thus no drivers neither. That falls on the silicon vendors - TI, Broadcom, Samsung, etc. They are a pure-IP licensing company.

BTW, their Mali GPUs have open source drivers.

about 2 months ago
top

Was Watch Dogs For PC Handicapped On Purpose?

janoc Ubisoft & PC? How is this news? (215 comments)

How does this surprise anyone? After Ubisoft CEO calling PC users "pirates" (http://www.rockpapershotgun.com/2012/09/05/ubisoft-drm-piracy-interview/), always-on DRM required on PC, Ubisoft changing focus to consoles because of piracy (http://www.tomshardware.com/news/ubisoft-guillemot-E3-games-piracy,6152.html) and more and more of similar vibe coming out of the Montreal's company over the recent years. They don't give a crap about PC and ideally they wouldn't publish for it all if they could, as it is only an extra expense and liability for their piracy obsessed CEO.

They are obviously crippling their PC titles to both push people away from the platform towards the consoles and to not undermine the sales of their console versions at the same time, because PC can outperform the consoles without too much hassle. If the PC version looked significantly better, the console players would cry foul, having paid the same money but getting inferior product. If everything looks like the same crap, players will not think about it twice.

Any PC gamer still buying Ubisoft's stuff is a masochist.

about 2 months ago
top

Ask Slashdot: PC-Based Oscilloscopes On a Microbudget?

janoc Re:Wrong tool for the job, IMO (172 comments)

Actually, it is being sold in reverse - you buy the DS1074Z for e.g. $500 and you get the basic scope as specced + some 50 hours of demo of extra features that would normally drive the cost to those $1500 if you buy all of them. You try whether you like them and if you do, you pay for the options (or use a keygen - Rigols were hacked long time ago).

However, if you are buying one of these from a shady dealer somewhere at a hamfest being sold out of a car boot and without doing your homework, you get what you pay for. I want the thing to have at least calibration and warranty, so I buy it from a proper dealer - that's where I have got mine from a month ago (for ~500 EUR, VAT included: http://ovio-scope.com/index.ph... ).

about 3 months ago
top

Ask Slashdot: PC-Based Oscilloscopes On a Microbudget?

janoc Re:Wrong tool for the job, IMO (172 comments)

Actually the new DS1074Z is $500 bucks now (got one recently), the -S version with the built-in sig gen is $800. The old DS1052E is still being sold for about $400 new, but the DS1074Z is a much better deal - 4 channels, much faster waveform update, larger sample memory, intensity graded display, etc. It is more comparable to the 2000 series than the old DS1000 one.

I think it is pretty comparable with the low end Agilents also (which are actually rebadged Rigols sold for higher price - Rigol is OEM for Agilent).

The Agilent 2000 series is a higher class instrument, then you are in the $2000+ price category.

about 3 months ago
top

Ask Slashdot: PC-Based Oscilloscopes On a Microbudget?

janoc Re:Wrong tool for the job, IMO (172 comments)

I have actually owned DS1052E, that one is not sw upgradable, no hidden surprises there. DS1074Z is on my desk today and you get something like 50 hours of usage from some advanced things like I2C/SPI decoding and triggering or double sample memory. Buying those options is not very expensive neither, but then there is also http://riglol.3owl.com/ if you want.

about 3 months ago
top

Ask Slashdot: PC-Based Oscilloscopes On a Microbudget?

janoc Wrong tool for the job, IMO (172 comments)

If you are an electronics teacher, you should know better. The PC-based scopes and the various "DSO Nano" clones are universally crap and none fits into your budget anyway.

Your students would be vastly better served by buying a used analog scope, those could be obtained on eBay and similar places for a song these days. A used Tektronix or Hameg scope will beat the pants off of any PC-based toy and, more importantly, the student will actually learn and understand how the instrument works and what is being measured, because there are no "magic buttons" to push.

If the student has a bit larger budget, then the Rigol DS1052E or the newer DS1074Z is a really hard to beat value. There are also Siglents or Attens for the budget conscious, but both brands tend to suffer from poor manufacturing quality and the price is not really much lower than the Rigols.

Forget spectrum analyzer - there is no decent one for less than $1000 on the market. Digital scopes can do FFT, that helps in a pinch, otherwise the student can always record the data from something like the Rigols above and do a proper spectrum analysis on the PC, e.g. using Matlab or some other tool.

about 3 months ago
top

Amazon Escalates Its Battle Against Publishers

janoc Re:Not illegal (218 comments)

It could pretty well be illegal in Europe. Many EU countries have laws banning this sort of tactics as the abuse of the "market power". If you have more than a certain percentage of the market, you are treated as a quasi-monopoly and restrictions apply. These laws are mostly targeted at various retail chains that have abusive terms in their supplier contracts, but it is only a matter of time before this gets applied to Amazon, Google and similar.

about 3 months ago
top

Game Industry Fights Rising Development Costs

janoc Wrong priorities and self-inflicted wounds (111 comments)

The problem is that the industry is spending the money on wrong things - massive marketing, shiny graphics, motion capture for animation ... Unfortunately, most of that is extremely expensive and laborious. I really don't need my next stupid shooter game to have motion captured animations of every monster done by AAA Hollywood mocap specialists at several thousands of $/hour.

And as the "next gen" has to be bigger, better, shinier than the "last gen", the costs spiral out of control. Another consequence of this blockbuster mentality is that only few innovative "AAA" games get made, because nobody wants to take risks with such budgets - but how many times can you redo Doom?

It is possible to make and release games cheaper, even big titles (just look at the Witcher series). The companies and publishers need to start to work smarter, not just pour more money at the problem. However, when the most complex AI in games are finite state machines and motion capture is considered as "AI" (true quote from one major studio exec), every bit of content is hand modelled, textured and baked instead of some sort of automation or more clever game design, when the "next gen" game innovation stops with rendering more nose hair and dirty pores (or bigger boobs) of the main protagonist than the "last gen", then I am really sceptical ...

Oh and cut out the middle men and stop reinventing the wheel for the sake of greed (Origin by EA anyone?). You will cut your expenses by a factor of 2 right there.

about 3 months ago
top

A 32-bit Development System For $2

janoc Re:Digikey is expensive (138 comments)

Good luck trying to get these in Europe. They are pretty much unobtanium, because nobody stocks them or they sell these only to companies (Farnell), with a huge shipping and handling markup (Digikey, Mouser, Farnell) or they simply don't carry the DIP version at all (RadioSpares).

It is way easier to buy one of the QFP packages - they are both cheaper, more available and with more pins. And either get it pre-soldered on a breakout board or buy a simple QFP to DIP adapter on eBay (or make your own).

about 4 months ago

Submissions

top

Intentional backdoor in consumer routers found

janoc janoc writes  |  about 4 months ago

janoc (699997) writes "Eloi Vanderbeken from Synacktiv has identified an intentional backdoor in a module by Sercomm used by major router manufacturers (Cisco, Linksys, Netgear ...). The backdoor was ostensibly fixed — by obfuscating it and making it harder to access.

The original report is here (pdf)

And yeah, there is an exploit available ..."

Link to Original Source
top

janoc janoc writes  |  more than 7 years ago

janoc (699997) writes "Apparently not only China is censoring Flickr. Flickr has recently introduced filters to filter out images deemed inappropriate. Unfortunately, the filters are now forced also on the German users (together with Singaporeans and Korean users). Photos marked "moderate" or "restricted" are invisible even to their own authors if they happen to be in one of the restricted countries. However, users from elsewhere can still see them just fine if they disable the "Safe search" feature in preferences — this option is not available to Germans anymore. There is a large discussion about this issue going on here: link."
Link to Original Source

Journals

janoc has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>