Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



"BadUSB" Exploit Makes Devices Turn "Evil"

janoc Re:and this is news why? (176 comments)

I would love to see malware that will reprogram a mask-programmed blob in a common throwaway hardware. Or a microcontroller in a webcam that doesn't even have the programming pins (typically some sort of ISP or JTAG) connected to anything USB accessible (or not even connected at all, at best to some test pads).

A typical USB stick or a webcam don't have hardware to permit firmware upgrades, even though the silicon inside could be theoretically upgradable. Not to mention that the exploit would have to be written specifically for the target hardware - different processors, memory layout, USB interface, etc - all that would make it really hard to produce a generic malware. If you want to see what is involved in something like that, look at the article on hacking HDD controllers: And that is a harddrive, which are produced by only few manufacturers, have relatively standardized interfaces and controllers. Now imagine having to do that sort of reverse engineering on every type of harddrive in common use if you wanted to write a reasonably effective malware (e.g. a data stealing worm). It is much easier to exploit some Windows bug or use a phishing scam than this.

So yes, this is potentially a threat, but panicking over your USB sticks or webcams going rogue on you is vastly overblown. This could be an issue for a very targeted attack where the benefits of compromising e.g. a keyboard of a high value target will outweigh the effort required, but not really anything else. And that assumes that the keyboard is actually able to be updated! It would be probably simpler to just send an operative in and install e.g. a keylogger ...

Oh and they mention the "BadBios" story ... Nobody was ever able to confirm that apart from the original very confused researcher.

10 hours ago

Popular Android Apps Full of Bugs: Researchers Blame Recycling of Code

janoc Load of ignorant crap (145 comments)

The entire article is harping on 3rd-party ad network libraries stealing personal data and phoning tracking info home. As these are libraries and developers are re-using open source libraries, then it follows that "Open source is no free lunch" and is stealing your data. What a majestic leap in logic!

They conflate open source libraries with various ad-network code stealing personal data, basically trying to portrait open source code as being responsible for it. Never mind that the ad-network code is almost never open source.

Granted, OSS is certainly not bug-free, but the spyware has little to do with it.

What a load of ...

3 days ago

Elite Group of Researchers Rule Scientific Publishing

janoc Not surprising ... (123 comments)

This is "news" only to people who don't have a clue how research works - and usually the ones setting the publication criteria - like "you have to publish 2 journal papers per year" for an assistant professor (fresh post-doc or a PhD student), along with all the teaching load, of course. I was teaching 10 different courses (!) one semester and was still expected to actually do research half of my time and to publish those 2 journal papers.
Never mind that shepherding a journal paper through the review process and publication takes a year or two on average alone, plus you have to actually have something to publish to begin with. Even conference papers can take 6 months to publish and you must attend them as well (but nobody wants to pay for that!).

The prolific "publishers" are mostly professors that are heads of labs. They are not actually doing any of the work themselves. It is the young PhD students and post-docs who are slaving away in the lab, writing the papers and then put the name of the prof on the paper as a coauthor. It is a very common practice, basically giving a nod to the prof for paying their salary and letting them graduate. If you have a large lab with 20 PhDs who write 1-2 papers a year, that's alone 40 papers for the prof's CV annually. Then you get invited to contribute to various book chapters (again PhD students write that), you get invited lectures and what not - all that counts as publications.

The young researchers have absolutely no chance to break through in such competition where the number of publications is a criteria. You can have two very good papers but when you apply for an academic job, you have no chance against a guy with 40+ (no matter that most of them are the same thing publishes under different names or it isn't really their work). Unfortunately, that often leads to BS publications - like doing few minor changes and publishing the same work several times in different venues, publishing obvious, non-interesting "results" in minor, often in-house workshops or conferences, in the worse cases even scientific fraud and various misconduct - all for the sake of getting that number of publications up. It is only your job and chance for tenure that is at stake.

I have left university pretty much because of this - with no/not enough publications no chance to get a permanent position, but no chance to get those papers published if all you are doing is teaching teaching and more teaching (even though I love teaching). And when not teaching you are doing paperwork and trying to justify your own existence to various clueless bureaucrats every few months so that they don't cut your funding again. That's not exactly a situation where you can do research.

about two weeks ago

TSA Prohibits Taking Discharged Electronic Devices Onto Planes

janoc More security theater? (702 comments)

I do wonder how this is going to stop someone from smuggling an explosive on board. It is vastly easier to conceal some nasty payload inside of a bulky laptop than inside of a battery. And it could still even work as a laptop - a brick of a plastic explosive the size of a disk drive or a secondary battery would be enough to cause a huge problem on board, without preventing the laptop from booting up and working.

And that is still assuming someone would actually want to bother with this - the guy with explosive underpants certainly didn't need a working battery ...

Mind boggling stupidity.

about three weeks ago

Qualcomm Takes Down 100+ GitHub Repositories With DMCA Notice

janoc Cyveillance (349 comments)

Oh that DMCA was issued by Cyveillance - the incompetent company Hollywood and music labels hired for policing P&P by string matching filenames and then carpet bombing service providers with DMCA requests, even though the content was not infringing at all. I bet they simply crawled Github for Qualcomm copyright notices, something that is often left in source code, even though it was relicensed long time ago already. Unfortunately, their bot is not that smart.

Some references:


These bozos are known and someone at Qualcomm should get fired for hiring them. This is going to backfire at Qualcomm in a spectacular way, IMO.

about a month ago

ARM Launches Juno Reference Platform For 64-bit Android Developers

janoc Open Source Drivers? (69 comments)

ARM doesn't build chips, thus no drivers neither. That falls on the silicon vendors - TI, Broadcom, Samsung, etc. They are a pure-IP licensing company.

BTW, their Mali GPUs have open source drivers.

about a month ago

Was Watch Dogs For PC Handicapped On Purpose?

janoc Ubisoft & PC? How is this news? (215 comments)

How does this surprise anyone? After Ubisoft CEO calling PC users "pirates" (, always-on DRM required on PC, Ubisoft changing focus to consoles because of piracy (,6152.html) and more and more of similar vibe coming out of the Montreal's company over the recent years. They don't give a crap about PC and ideally they wouldn't publish for it all if they could, as it is only an extra expense and liability for their piracy obsessed CEO.

They are obviously crippling their PC titles to both push people away from the platform towards the consoles and to not undermine the sales of their console versions at the same time, because PC can outperform the consoles without too much hassle. If the PC version looked significantly better, the console players would cry foul, having paid the same money but getting inferior product. If everything looks like the same crap, players will not think about it twice.

Any PC gamer still buying Ubisoft's stuff is a masochist.

about a month and a half ago

Ask Slashdot: PC-Based Oscilloscopes On a Microbudget?

janoc Re:Wrong tool for the job, IMO (172 comments)

Actually, it is being sold in reverse - you buy the DS1074Z for e.g. $500 and you get the basic scope as specced + some 50 hours of demo of extra features that would normally drive the cost to those $1500 if you buy all of them. You try whether you like them and if you do, you pay for the options (or use a keygen - Rigols were hacked long time ago).

However, if you are buying one of these from a shady dealer somewhere at a hamfest being sold out of a car boot and without doing your homework, you get what you pay for. I want the thing to have at least calibration and warranty, so I buy it from a proper dealer - that's where I have got mine from a month ago (for ~500 EUR, VAT included: ).

about a month and a half ago

Ask Slashdot: PC-Based Oscilloscopes On a Microbudget?

janoc Re:Wrong tool for the job, IMO (172 comments)

Actually the new DS1074Z is $500 bucks now (got one recently), the -S version with the built-in sig gen is $800. The old DS1052E is still being sold for about $400 new, but the DS1074Z is a much better deal - 4 channels, much faster waveform update, larger sample memory, intensity graded display, etc. It is more comparable to the 2000 series than the old DS1000 one.

I think it is pretty comparable with the low end Agilents also (which are actually rebadged Rigols sold for higher price - Rigol is OEM for Agilent).

The Agilent 2000 series is a higher class instrument, then you are in the $2000+ price category.

about a month and a half ago

Ask Slashdot: PC-Based Oscilloscopes On a Microbudget?

janoc Re:Wrong tool for the job, IMO (172 comments)

I have actually owned DS1052E, that one is not sw upgradable, no hidden surprises there. DS1074Z is on my desk today and you get something like 50 hours of usage from some advanced things like I2C/SPI decoding and triggering or double sample memory. Buying those options is not very expensive neither, but then there is also if you want.

about a month and a half ago

Ask Slashdot: PC-Based Oscilloscopes On a Microbudget?

janoc Wrong tool for the job, IMO (172 comments)

If you are an electronics teacher, you should know better. The PC-based scopes and the various "DSO Nano" clones are universally crap and none fits into your budget anyway.

Your students would be vastly better served by buying a used analog scope, those could be obtained on eBay and similar places for a song these days. A used Tektronix or Hameg scope will beat the pants off of any PC-based toy and, more importantly, the student will actually learn and understand how the instrument works and what is being measured, because there are no "magic buttons" to push.

If the student has a bit larger budget, then the Rigol DS1052E or the newer DS1074Z is a really hard to beat value. There are also Siglents or Attens for the budget conscious, but both brands tend to suffer from poor manufacturing quality and the price is not really much lower than the Rigols.

Forget spectrum analyzer - there is no decent one for less than $1000 on the market. Digital scopes can do FFT, that helps in a pinch, otherwise the student can always record the data from something like the Rigols above and do a proper spectrum analysis on the PC, e.g. using Matlab or some other tool.

about a month and a half ago

Amazon Escalates Its Battle Against Publishers

janoc Re:Not illegal (218 comments)

It could pretty well be illegal in Europe. Many EU countries have laws banning this sort of tactics as the abuse of the "market power". If you have more than a certain percentage of the market, you are treated as a quasi-monopoly and restrictions apply. These laws are mostly targeted at various retail chains that have abusive terms in their supplier contracts, but it is only a matter of time before this gets applied to Amazon, Google and similar.

about 2 months ago

Game Industry Fights Rising Development Costs

janoc Wrong priorities and self-inflicted wounds (111 comments)

The problem is that the industry is spending the money on wrong things - massive marketing, shiny graphics, motion capture for animation ... Unfortunately, most of that is extremely expensive and laborious. I really don't need my next stupid shooter game to have motion captured animations of every monster done by AAA Hollywood mocap specialists at several thousands of $/hour.

And as the "next gen" has to be bigger, better, shinier than the "last gen", the costs spiral out of control. Another consequence of this blockbuster mentality is that only few innovative "AAA" games get made, because nobody wants to take risks with such budgets - but how many times can you redo Doom?

It is possible to make and release games cheaper, even big titles (just look at the Witcher series). The companies and publishers need to start to work smarter, not just pour more money at the problem. However, when the most complex AI in games are finite state machines and motion capture is considered as "AI" (true quote from one major studio exec), every bit of content is hand modelled, textured and baked instead of some sort of automation or more clever game design, when the "next gen" game innovation stops with rendering more nose hair and dirty pores (or bigger boobs) of the main protagonist than the "last gen", then I am really sceptical ...

Oh and cut out the middle men and stop reinventing the wheel for the sake of greed (Origin by EA anyone?). You will cut your expenses by a factor of 2 right there.

about 3 months ago

A 32-bit Development System For $2

janoc Re:Digikey is expensive (138 comments)

Good luck trying to get these in Europe. They are pretty much unobtanium, because nobody stocks them or they sell these only to companies (Farnell), with a huge shipping and handling markup (Digikey, Mouser, Farnell) or they simply don't carry the DIP version at all (RadioSpares).

It is way easier to buy one of the QFP packages - they are both cheaper, more available and with more pins. And either get it pre-soldered on a breakout board or buy a simple QFP to DIP adapter on eBay (or make your own).

about 3 months ago

The Dismal State of SATCOM Security

janoc Re:They will take it seriously (54 comments)

Which is happening routinely. Many older birds don't require any authentication nor anything - they simply retransmit whatever they hear on one frequency on another one: http://spectregroup.wordpress....

And those are US NAVY (!!!) satellites!

Doing that with Iridium or Inmarsat hardware is a bit more complex, because the protocols are mostly digital, but not impossible neither.

about 3 months ago

The Dismal State of SATCOM Security

janoc OSS security debate (54 comments)

Wasn't it just yesterday that someone has posted a flamebait summary about the Heartbleed bug changing the "Open source is safer" discussion?

This is a great evidence of what happens when you rely on security by obscurity in proprietary software. Nobody is forced to fix things, sloppy coding is the norm and there are backdoors galore ...

Unfortunately, the bad guys laugh, the vendors play ostrich with the heads in sand and everyone else is suffering the consequences ...

about 3 months ago

Will This Flying Car Get Crowdfunded?

janoc Re:Likely joke posting or a really stupid scam (157 comments)

Certainly, nobody argued the opposite. However, they are also a "weapon of choice" for the various conmen and scam artists on IndieGogo looking for quick cash, because there is no obligation to deliver anything ("Hey, it wasn't funded, not our fault!").

about 4 months ago

Will This Flying Car Get Crowdfunded?

janoc Likely joke posting or a really stupid scam (157 comments)

So, Indiegogo flexible funding campaign? I.e. they get money even if the campaign doesn't meet the goals? 4 years in development and nothing to show on the project page apart from a few renders that any kid can do in a day in 3DS Max or Blender? They throw big names like DASSAULT or Airbus around, ostensibly as being interested, but they need a few millions on Indiegogo? The perks are an obvious joke (40k euro for an old Renault Espace? You got to be kidding ...).

Mr. Chorostecki appears to be an economic consultant (nothing to do with aerospace whatsoever: )
Mr. Buron is a design/creative consultant (with )
And the third founder Desauvage is, surprise, "creative director".

I wonder whether "inventor and designer" means "I have drawn something in Photoshop and now I only need someone to build it for me", because none of these guys has any relevant engineering qualifications whatsoever.

Oh and it seems they weren't very welcome in France for whatever reason in 2013 ( ), so that's why they want to go to Silicon Valley ... The article also mentions that the vehicle was to be all-electric (yeah right, pipe dreams ...).

The probability that any backers, who would put actually money into this, will see anything from this project, is pretty much zero, IMO.

about 4 months ago

Inside the Stolen Smartphone Black Market In London

janoc Re:Changing IMEI is illegal (109 comments)

That sounds as if the criminals actually cared about it being illegal. One of the guys has mugged someone to get the phone in the first place and the other one is dealing in them - both crimes with likely a lot stiffer sentence than a stupid IMEI change. C'mon ....

Don't be ridiculous - until there stops being demand for extremely cheap phones (so that one can show off in front of the peers) and the manufacturers and network operators actually start doing something about it (Why is IMEI changeable in the first place?), trade in stolen phones will continue. Unfortunately, it would have to stop being profitable for them. All those IMEI blocks and such by the operators are ineffective if the phone can have the IMEI changed and not even all of them are implementing those blocks.

The other issue is that when even BBC can easily find and film (!) fences dealing in stolen goods, then what is the police doing? Ah, right, that is UK, so they are likely busy detaining journalists as terrorists, there is no time to fight petty theft and muggers.

about 4 months ago

Ask Slashdot: Which NoSQL Database For New Project?

janoc Re:Database Scaleability. (272 comments)

Databases don't scale for people who don't understand SQL, don't understand data normalization, indexing and want to use them as flat files. Unfortunately, a way too common anti-pattern :(

The second group are too-cool-to-learn kids using the latest development tool fad on the market to build yet another Facebook/Twitter/Instagram/whatever clone ...

about 4 months ago



Intentional backdoor in consumer routers found

janoc janoc writes  |  about 3 months ago

janoc (699997) writes "Eloi Vanderbeken from Synacktiv has identified an intentional backdoor in a module by Sercomm used by major router manufacturers (Cisco, Linksys, Netgear ...). The backdoor was ostensibly fixed — by obfuscating it and making it harder to access.

The original report is here (pdf)

And yeah, there is an exploit available ..."

Link to Original Source

janoc janoc writes  |  more than 7 years ago

janoc (699997) writes "Apparently not only China is censoring Flickr. Flickr has recently introduced filters to filter out images deemed inappropriate. Unfortunately, the filters are now forced also on the German users (together with Singaporeans and Korean users). Photos marked "moderate" or "restricted" are invisible even to their own authors if they happen to be in one of the restricted countries. However, users from elsewhere can still see them just fine if they disable the "Safe search" feature in preferences — this option is not available to Germans anymore. There is a large discussion about this issue going on here: link."
Link to Original Source


janoc has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>