Slashdot: News for Nerds


Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Favorite "Go!" Phrase?

ka9dgx Our Lady of Blessed Acceleration (659 comments)

"Our Lady of Blessed Acceleration, don't fail me now!" and/or

"Our Lady of Blessed Power Application, don't fail me now!"

3 days ago

Google Reader: One Year Later

ka9dgx I stopped reading so much (132 comments)

I just gave up, and read the following things
    email /.
    doc searls web log

and that's it. The internet was nice while it lasted.

about three weeks ago

Kids With Operators Manual Alert Bank Officials: "We Hacked Your ATM"

ka9dgx If this happened in the US (378 comments)

If this were a couple of kids in the US... they would both be on their way to Gitmo, the anti-rejection drugs the kid probably needs to stay alive wouldn't be addressed... then the remaining kid would probably go on a hunger strike in Solitary.

Oh... and someone at the Bank would be put in charge of a new "cyber security" division, with a big bonus and a corner office.

I wish we could be more like Canada some times.

about a month and a half ago

The Coming IT Nightmare of Unpatchable Systems

ka9dgx Re:"Coming IT Nightmare?!?" (240 comments)

That doesn't address the issue of unintended side effects from existing bugs. I agree that a separate LAN can help mitigate things, but it doesn't eliminate the odd things that can happen in a world where code is trusted by default.

Imagine if your garage light switch would 1 out of every 1000,000 times, cause your roof to fall off your house.... this is the world of software that can do anything.

about 2 months ago

The Coming IT Nightmare of Unpatchable Systems

ka9dgx Trusted by default - right phrase, wrong context (240 comments)

The problem IS that things are trusted by default... but not in the way the author thought. If you trust every program you run by default, you are doomed. An operating system should NEVER trust anything by default... Linux, Windows, OSX all violate this principle. So do embedded devices base on some variant of them.

Never trust by default, and you stop having to worry about side-effects, and start deciding what the limits are ahead of time.

about 2 months ago

Microsoft Demos Real-Time Translation Over Skype

ka9dgx Re:Real Time Text to Speech to NSA (169 comments)

I find it interesting that an insightful mention of some spooks gets down voted at the same time some spammer shows up and spoils the story.

about 2 months ago

Do Embedded Systems Need a Time To Die?

ka9dgx Progress IS being made (187 comments)

I sit here in the Cassandra suite, watching the tech community finally waking up to the reality of the world. You are starting to panic because you know none of the operating system choices you have are viable for truly secure systems. Soon you will learn about Multi-Level Secure systems, Capabilities, and other features of the secure computing..

About 10 years from now, you'll get the hints the universe has dropped on you, and start implementing these systems.

About 10 years after that, some real old timers (or young punks who've read history) will point out that this stuff was actually figured out in the late 1960s, and early 1970s.

about 2 months ago

Europe's Cybersecurity Policy Under Attack

ka9dgx Re:Multi-Level Security? (22 comments)

Multi-Level Security was worked out in the late 1960s in order to allow computing both Secret and "Top Secret" information in the same computer at the same time. The use of the Bell-LaPadula model ensures that a lesser privileged user can never cause grief for a more privileged user. If we had Mutli-Level secure systems, we could safely run any program we want in a sandbox, and it could never, ever crawl back out of it.

The closest you're likely to approach is if you enable the MAC option in FreeBSD, which is experimental.

The Genode project aims to provide a capability based security system which can run Linux Apps... it is the best chance I see going forward for a truly secure system that isn't military grade. In such systems, you specify at run time exactly which files can be accessed by an application. This has the benefit of explicitly limiting the side effects of said application, and thus making for a far more secure system. You might be tempted to think this would make it unusable (as App-Armour tends to be)... but it doesn't have to be that way. In fact, it's possible to make apps behave almost identically, as far as the user is concerned, without compromising anything.

I think we're still 10 years out before people wake up and realize that our collective assumptions about computer security are wrong, and this needs a more rigorous, carefully engineered solution, instead of the layers of patch we currently employ. I'm hoping that my frequent postings on this subject are informative, and help shorten that timespan significantly.

about 3 months ago

Europe's Cybersecurity Policy Under Attack

ka9dgx Multi-Level Security? (22 comments)

Are any of these systems Multi-Level Secure? This stuff was figured out in the 1970s, we're still 10 years away from collectively realizing we needed it yesterday.

about 3 months ago

Why Microsoft Shouldn't Patch the XP Internet Explorer Flaw

ka9dgx Re:It never ceases to amaze me... (345 comments)


I just "upgraded" some Windows 7 machines to IE8 (from IE10) because that is the standard the automobile industry has settled on.

Linux is not any more secure than Windows in the long run... its not a multi-level secure system, nor is any other choice you've ever heard of. Until we adopt something like the Bell-LaPadula security model, we're going to be chasing our collective tails, and this is going to be happening for years!

about 3 months ago

US War Machine Downsizing?

ka9dgx Re:Jobs (506 comments)

The InterNet was created because the guy in charge of things didn't want a teletype in his office for each and every machine he could access. A network to access all of them, and a single terminal made more sense.

It had NOTHING to do with nuclear war, or reliability, at first.

about 5 months ago

Can Wolfram Alpha Tell Which Team Will Win the Super Bowl?

ka9dgx Superb Owl? (126 comments)

No mention of the Superb Owl watching over all this?

about 6 months ago

In an Age of Cyber War, Where Are the Cyber Weapons?

ka9dgx Re:Self weaponizing infrastructure. (94 comments)

Access control lists are not adequate security, no matter how careful you are. You need the Bell-LaPadula or something like it that implements mandatory access controls to actually secure a system.

SELinux is an attempt to push a little bit towards a secure system, but it's not the real deal.

about 6 months ago

In an Age of Cyber War, Where Are the Cyber Weapons?

ka9dgx Self weaponizing infrastructure. (94 comments)

If we started building bunkers out of blocks of TNT, someone would rapidly figure out it was a bad idea.... but not so when it's abstracted several layers deep.

In conventional munitions, it's necessary to deliver an explosive to a target. Thanks to the Unix security model, with its lack of any notion of multi-level security, we've created an entire infrastructure that's ready to self-destruct at a moment's notice. The military went on to actually procure and use multi-level security in a number of cases, while the idea is perceived as impossible, or unnecessary in the civilian space.

All of our Linux, Mac OS, and Windows machines share the same brain dead security model. When you run code, you have to trust it not to be a virtual grenade, each and every time.

The existence of billions of computers which blindly run code without actual security protecting the operating system (as a multi-level secure system does) is astoundingly stupid, and yet 99.9% of the "tech" community is just fine with this state of affairs.

The infrastructure IS the weapon, its your job to change that over the next 20 years.... get crackin'

about 6 months ago

Rovio Denies Knowledge of NSA Access, Angry Birds Website Defaced Anyway

ka9dgx Trusting software is stupid (71 comments)

This is the kind of thing that happens when you trust an application to do what it says on the tin. An OS based on a capability architecture would have made this pretty much impossible.

about 6 months ago

Protesters Show Up At the Doorstep of Google Self-driving Car Engineer

ka9dgx Re:Wait so now (692 comments)

This isn't about being a Luddite, it's about pointing out the economic disparity at play in the world. When you create conditions in the rest of the world such that we give them pieces of paper, and they are willing to die trying to get something to sell for those pieces of paper... we have some social responsibility.

The US exports paper promises of ... (well, nothing actually, Nixon closed the Gold window in 1971) paper, and over throws any resource rich country that wants to sell for some other paper, or... gasp... actual Gold. We've got a gun to the heads of the rest of humanity.... ... is that enough of a rant to show it's not about the technology.... its the economics?

about 6 months ago

Security Experts Call For Boycott of RSA Conference In NSA Protest

ka9dgx Missed point - off topic comment to follow (112 comments)

We're all running systems based on some derivative of Unix. The user based permission model was fine for 1970s computer science departments, but it's totally crap for the world we now live in. We all should be running systems that are at least Orange Book A1 level secure, but we aren't. The resources are available to do it, we could totally pump this out in a year or two in the open source world.... but we won't.

Everyone thinks they have secure enough systems... but they don't, not by a country mile. Nobody seems to understand that trusting applications to do their jobs, and not subvert the systems, is a stupid thing.

We have persistently insecure computing... encryption, even if done perfectly, doesn't help fix that.

about 6 months ago


ka9dgx hasn't submitted any stories.



Some good discussion about cabsec

ka9dgx ka9dgx writes  |  about 3 years ago

I was glad that there was some fruitful discussion about CApability Based SECurity (cabsec). I learned some things, and hopefully passed on some lessons as well. Thanks to all who joined in the comments in response to mine.


Pushing the iceberg

ka9dgx ka9dgx writes  |  more than 8 years ago I've gotten tired of the bias towards snarky bashing... and just used my 5 moderator points to help push the iceberg that is /. towards a more sane area of the sea. I hope others do the same.


Million Bit CPU?

ka9dgx ka9dgx writes  |  more than 9 years ago Ever wonder what would happen if you had a computer with 1,000,000 single bit processors? If I'm right, you might actually get one, for less than a buck, and it'll be darned useful.

Non Von-Neuman architectures are tough to wrap your mind around, but it can be worth it. I hope to find a few other people who can see the power of this idea, and bring it to realization.


Intellectual Property is EVIL

ka9dgx ka9dgx writes  |  more than 12 years ago As I stated in the forum..."Intellectual Property is a VIRUS. Once you accept the notion that you can license an idea, algorithm, or way of doing something (as opposed to the very narrow to a novel mechanical device), you've already given in.

We're slipping a long way towards corporate ownership of ideas, and the public discourse. This is one of the many embodyments of the forces of darkness, and should be fought tooth and nail.


I'm not depressed any more, now I'm just amused.

ka9dgx ka9dgx writes  |  more than 12 years ago Ok, Now that they're trying AGAIN to do DivX, with rentable downloadable movies, I've realized that the boys at RIAA and otherplaces might have political power, and have severely warped reality to thier twisted view, and the STILL can't come up with a plan to grab some real power.

They've killed off the only hope of a mass distribution system for music which they could monitor or control (or... gasp... make some money off of), and in so doing killed off viral free advertising.

They're clueless morons, and... as it says about Earth in the Hitchhikers Guide to the Galaxy... Mostly Harmless


Soooo... slashdot does Journals now

ka9dgx ka9dgx writes  |  more than 12 years ago Oh... a "permanent record"... I get to record my transient thoughts of the day, the questions I ponder, and maybe even get some feedback from others. This seems to be a cool idea, and might even generate some traffic, more than my home pages elsewhere, which I never seem to get around to updating.

I just finished reading "Hackers" by Steven Levy, and now I'm depressed... it seems that the true hackers are all gone, and there's noplace to find them anymore... maybe Slashdot is it, and I just don't recognize it... hard to be sure.

Well, there it is... a comment, to be preserved forever in the machine.


PS... you can edit them after the fact, a nice feature.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account