×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Apple Announces iPad Air 2, iPad mini 3, OS X Yosemite and More

malvcr Re:Not improved (355 comments)

My mistake ... mm, just put a LGA 1150 CPU there


Intel Core i7-4790K Processor (8M Cache, up to 4.40 GHz) (BX80646I74790K) $329.99


Not so big difference in price ... even more, the mini is not improved at all.


... trying a little deeper in apple site ...


Specifications
3.0GHz Dual-Core Intel Core i7 (Turbo Boost up to 3.5GHz)
16GB 1600MHz LPDDR3 SDRAM
1TB Fusion Drive
Intel Iris Graphics
Apple USB SuperDrive
User's Guide (English)
Accessory Kit


$1,478.00


//
The i7-4790K has an Intel® HD Graphics 4600
So? There IRIS i7 based processor is the 4770R that must be purchased on specific brand motherboards ...
... but the i7-4790K is a better performer CPU, so just add around $150 for an NVIDIA GTX 750tI or similar graphics card, being much more superior than the IRIS.


Many numbers ....


The point is. The mini is a well built machine, but it is overpriced for modern standards.

about 2 months ago
top

Apple Announces iPad Air 2, iPad mini 3, OS X Yosemite and More

malvcr Not improved (355 comments)

I have a very nice Mac Mini latest 2012 with a 2.3 GHz Intel Core i7 Quad-Core processor with Eight logical threads. It has a 1TB disk and I put 16 GB memory to this machine, costing me around $900.

Now I see the options ... No i7 quad, only dual core, and many i5. No more than 16GB two years later. The disk options are neither better. What they did was to add a less than 2 GHz CPU for the $499 version (yes, the i5 and i7 have more MHz in the "options" but applications are becoming more parallel, so the extra cores are important).

From my perspective as a developer, these machines are not state of the art. They are really becoming "mini" in the current menu of computing options, so what I think is that Apple is reserving "something else", maybe a Server or something that it is not yet published.

And I made a little exploration in Amazon, just for comparison:

Lite-On 24X SATA Internal DVD+/-RW Drive Optical Drive IHAS124-14 $20.16
Intel Core i7-3770 Quad-Core Processor 3.4 GHz 4 Core LGA 1155 - BX80637I73770 $299.99
2 WD Green 2 TB Desktop Hard Drive: 3.5 Inch, SATA III, 64 MB Cache - WD20EZRX $82.99
Corsair CX Series 430 Watt ATX/EPS Modular 80 PLUS Bronze ATX12V/EPS12V 384 Power Supply CX430M $49.99
Gigabyte LGA 1150 Intel H87 Dual LAN DVI HDMI UEFI DualBIOS Mini ITX DDR3 1600 Motherboard (GA-H87N) $111.22
Cooler Master Elite 130 No Power Supply Mini-ITX Tower Case- Midnight Black (RC-130-KKN1) $39.99
Crucial 16GB Kit (8GBx2) DDR3L 1600MT/s (PC3-12800) DR x8 ECC UDIMM 240-Pin Server Memory CT2KIT102472BD160B $178.97


TOTAL $866.30


This is comparable by price, but as a machine this is two times the capacity of the mini. A real i7 Quad, 2 2TB disks and a much better, although not so beautiful box. And the motherboard has 10 USB ports, 2 Net ... etc.

about 2 months ago
top

If Your Cloud Vendor Goes Out of Business, Are You Ready?

malvcr Re:You don't need the bandwidth (150 comments)

"There are no guarantees" is the key of the problem.

You need to make them, it is not possible to trust blindly on anyone else, and this is a life fact, it is not related solely to cloud providers.

about 2 months ago
top

US Says It Can Hack Foreign Servers Without Warrants

malvcr Re:Sovereignty Issues ? (335 comments)

The problem with this type of behaviour is that the consequences are never the best ones.

The Internet could become a more dangerous place to be and the security measures the others, than the US, will take will make the traditional openness of the Internet a thing of the past, reducing the universality of the medium.

Although, if you think carefully, this stuff was partly developed by DARPA, so wouldn't be strange that what we see today in the news was in fact part of the hidden goals when they participated creating the Internet. It is simple. It is easier to observe people in a wire than in the open wild.

about 2 months ago
top

Smartphone Kill Switch, Consumer Boon Or Way For Government To Brick Your Phone?

malvcr Re:Undo! (299 comments)

Yes!!!!!!! ... this is simply a backdoor with another name.

And all backdoors go bad at the end.

about 4 months ago
top

Microsoft Considered Renaming Internet Explorer To Escape Its Reputation

malvcr Re:Why not just deprecate IE and save some serious (426 comments)

Microsoft can't quit an HTML engine from their OS because they need an HTML engine some place to draw their own screens when not having a browser installed (XHTML is a defacto standard for some GUI operations).

And ... mm ... that's all ... oh I forgot that MS made many proprietary products depending on IE ... if you quit IE then all these products won't work. First the need to clean everything else and to work with standards.

For me, a real OS must offer some way to attach an external composition engine for user interfaces if these engines have no security holes by themselves, in such case the OS will be broken on its roots.

about 4 months ago
top

Law Repressing Social Media, Bloggers Now In Effect In Russia

malvcr Re:More details (167 comments)

Let's see.

That "particular" law (I don't know others by now), indicates that if one person can influence a big quantity (> 3000) of the population writing something publicly in a blog, this person must be able to be monitored by the State. Also, that it is oriented to Russian speakers, and if the foreign Russian sites don't apply this law they will be blocked in Russian territory.

It seems, as somebody said in the discussion, that they are giving blog writers the same treatment as journalists. And thinking carefully, bloggers with that quantity of readers are really journalists. So, I don't see a problem with that ... the problem could be in "what" they do with the journalists in general.

The other issue is related with the Internet technology in general. Because they are controlling what the people can read in Russia even produced in another country. And here the problem is how they apply their rules, because the rules are not wrong by themselves. If what they are blocking is information about how to commit suicide, how to kill your neighbour, pornography, how to make damage to children, about difamation and these types of things, then it is a more than welcomed task; but when the facilities are there, it is very easy to jump beyond what "bad" is and to arrive to political censorship... and then we are talking about something completely different.

Anyway, each person has a different concept about "what" "good" "is".

about 5 months ago
top

Judge: US Search Warrants Apply To Overseas Computers

malvcr Re:Air through the fences (502 comments)

Then this means "no absolutes" here.

If an US citizen let something in Ireland (or whatever other place), then the Ireland located service provider can't guarantee than that information "never" will be acquired by the US government, as the US government would perform an international request to Ireland to obtain such data. And "if" Ireland agrees, will provide the data to US. In fact, this is not new in any country in the world.

But if an US based company, as Microsoft is, has data stored in another country and pretends than that data is outside US law, it seems not too be the case and the US law allows the US government to ask for such data. This is new.

But if a foreign ISP (i.e. non US company) offers services that can be accessed by an US citizen inside US, and the US courts declare that the information must be accessed by the US legal system for whatever purpose without passing through all the international legal system and without the aid of the foreign country, then this could be legal for US but illegal for the other country, and even declared as spying if the US proceed to obtain the data.

And if something is illegal in the US but it is not illegal in the other country, then the US legal system has nothing to do there (legally).



At least a miniseries could be developed from this :-)

about 5 months ago
top

Judge: US Search Warrants Apply To Overseas Computers

malvcr Air through the fences (502 comments)

This is like if you to go to a country border to talk with a friend you have at the other side. Each one will stay in their corresponding country without breaking any immigration law, but you can talk through the fences (the air is not restricted to one particular country .. yet). Then, your country authorities could demand the person, at the other side of the fences, to said them what you were talking about when you left the place. But this person has all the right to say nothing, because he/she is living in "another" country, with different rules and laws.

Also, this is co-related with what the Europe rules demand about information their citizen have in other countries. So, this means that each country is not an independent one and that anybody can break the physical borders in their quest about what they think, with their current laws and though, that justice could be?

It seems that a basic international ruling on the Internet it is needed to clarify limits before any judge in any country be able to invent whatever thing that, obviously, will break the other country laws.

about 5 months ago
top

Soccer Superstar Plays With Very Low Brain Activity

malvcr Focus (160 comments)

Don't mistake it ... this doesn't mean that it is not necessary to think to have the job done.

This means that some people has the capability of turning off some parts of their brain that they don't need in some specific moment to focus better in what they are doing. This is not negative, this is a very special capacity.

I could call this the "soldier effect". A good soldier is the one that when given the order to kill perform the task without any complain. But a bad soldier could not to decide to kill because is thinking very much. The same happens with terror, then somebody is terrified he/she doesn't perform what is important, because the brain (that it is confused in that moment) will take the place of the automatic internal system that really knows what to do.

Corollary: to use very much the brain doesn't mean that we do a better job. It depends on what the job is.

about 5 months ago
top

German NSA Committee May Turn To Typewriters To Stop Leaks

malvcr The problem is.... (244 comments)

The problem is NOT what they are trying to resolve.

As some pointed, there are ways to collect data that were in use several decades ago, combined with modern technology.

They need to perform a serious risk analysis to remake their procedures (all them), and to implant a serious educational programs with corresponding verifications (regular tests and checks).

To change computers by typewriters to resolve their problems is like to cure a cancer with a cup of tea.

about 5 months ago
top

Ask Slashdot: Easy-To-Use Alternative To MS Access For a Charity's Database?

malvcr SQLite (281 comments)

I am recommending this without enough information about the problem.

In my case, I wrote my own multiuser access layer on top of SQLite and it works very well. I don't rely in any type of file access control because, as the SQLite documentation says, it could be not reliable.

But if you can make an application that works in only one place within one machine, SQLite is extremely more powerful than MS Access, and uses almost no resources. Also, if you need to backup the data or to send the data to another place, you only need to copy the data file.

There is a Firefox add-on for basic database management, and that's all, you need no other thing to work more than the way to present the data to your users.

****

One comment here.

When we have only hammers to work, we see every problem as a nail.

Depending on how you model your solution, SQLite is just enough as any other database system also, even XML or plain text files.

Other people recommended HSQLDB (Libre/Open Office); as I remember, the database works in memory and have a backup in disk with a statement based storage. When you start your application, this database runs ALL the statements and refill the memory structures. I am not sure if this works for you. In the case of SQLite, it is a standard database system and the database file is analogous to an Oracle datafile or MySQL data structure.

about 7 months ago
top

Akamai Reissues All SSL Certificates After Admitting Heartbleed Patch Was Faulty

malvcr Re:Financial Institution Vulnerabilities? (56 comments)

I was checking the source code of the original and the "official" (not the Akamai) patch itself.

In fact, the original code (with the bug) is more ordered and clear than the patch. But in general, the issue is that OpenSSL is a very big and complex piece of code maintained by a group of people with a very small quantity of resources, but being used by many important organisations around the world.

The problem is not that the software is open source. The proprietary source also have the same level of problems, being the only difference that we can check the open sourced products and we have no idea what they did on the proprietary (a.k.a. closed) products. The problem is that the Internet has not a good international and neutral organisation to help verify the important parts that make it work and the users of the technology invest no resources to verify how well these products are made.

And yes, if a Bank has a router having OpenSSL with the bug, the router has the bug. Or it is better to say that the router has been with that level of bug for nearly two years by now, and that it is possible somebody was able to bypass the security WHEN the SSL protocol is exposed.

So ... there are many sources of problems, much more than the web servers, although these vulnerabilities will become real problems depending on how well defined is the security of the network infrastructure. Good practices let to reduced exposition to existing vulnerabilities, this is why it is important to know, to understand and to apply these good practices.

about 8 months ago
top

Ask Slashdot: What Do You Consider Elegant Code?

malvcr Re:Elegance only exists in textbooks (373 comments)

I have more than 20 years coding, and lately I have been working with a security-oriented framework on C++.

I must admit my primary goal was security and I have been trying to be strict on security problems usually others have and that usually are defined as weaknesses. However, you also need to work with usability and effectiveness for having something really usable.

For me, elegant code helps you to express your needs following a very clear and understandable way, be for you in the future or for others to maintain. That code not only needs to be clear, but also needs to be secure and efficient. I do nothing inventing a beautiful piece of code that will use 100 times more CPU because it has been excessively layered, or that permits me to create beautiful pieces of crap that will leak any possible memory and to produce many different types of concurrent problems.

Elegant doesn't mean to hide responsibilities. I don't believe in the garbage collector "for everything" philosophy, because you lost the control on what you are dealing with, even in places where it is a must to have very precise control. Elegant code is clear, having well defined preconditions and postconditions, with no surprises. Every new has a delete (everything be created must be destroyed), and your programming rules are logical and built up your understanding about the problem you are resolving.

In a few words : elegant means you are in control.

about 9 months ago
top

Ask Slashdot: Can an Old Programmer Learn New Tricks?

malvcr Re: what you need them for? (306 comments)

Wrong assumption from my part :-)

Let me see ... all the languages using { } come from C, or more precisely from BCPL, although in their evolution several things changed (for some reason they were created).

According with (http://www.levenez.com/lang/lang.pdf), Python comes from Modula3, ABC and C. Eiffel comes from Simula and Ada, so although they share concepts they are different languages.

I don't think that C++ or Java have broken implementations, what I think it is that they follow different approaches. Eiffel seems to be more strict (CLU in its past can have some reason on this and was my first OO language in University). and ...

It is possible to create good software with any language and to create bad software with any language. In fact, it is possible to have perfectly coded software, following all the language rules but with a completely lost (aka broken) sense of the semantic it want to work on. This is, in fact, the biggest problem on the security area and it is not related with the nature of the languages.

And I understand you. I learned Pascal before C, so when arriving to C it was very "free" for me and was forced to understand the inner logic of the pointer world. With C++ things where more strict although not as systematically defined as Eiffel. What for me is terrible is to work the old fashioned Basic; this is as a short circuit in my brain, but I was able to do nice things with that language a lot of time ago (that, of course, I won't try to repeat).

about 9 months ago
top

Remote ATM Attack Uses SMS To Dispense Cash

malvcr Re:Physical Access = owned (150 comments)

Let me explain what happen with the ATM devices.

The ATM has a computer having the operating system and a basic bootstrap software. In fact, the configuration itself it is not located in the ATM but when the ATM is turned on, it is sent to it from the Bank. One important reason is that when somebody steal the ATM, will lost all the configuration including many different types of keys, making the task of opening it or to learn more about the ATM's network behaviour a difficult task.

When the security employees load the ATM with money, they actually have no access to such money. The Bank fills security money boxes (actually small security boxes that are not so easy to open). These boxes have a special key that is used only inside the Bank's vault. The employes that will give maintenance to the ATMs receive the loaded boxes from the Bank's personnel and replace the previous ones "complete" in the ATM (they don't have the keys), and deliver the full or partially empty boxes to the Bank for internal maintenance (to count remaining bills, clean, reload, etc.).

So, the security employees are the ones that could install the phone in the computer because they need to open the ATM to replace the money boxes. As they are the ones do this work, they also could put the phone, and the next time they load the ATM, they will quit it for let no trace of such action. So, it is not necessary for them to violate the physical boxes or to cut the ATM by half (that it is not easy anyway), but just to connect a phone, continue with their daily work and somebody else will come to extract the money with the help of the phone and the ATM itself.

As 80% of the attacks are from "insider", this have all the sense for me. To resolve the problem, however, it is not so easy, because they need to replace their ATM system for one would be invulnerable to USB or other type of ports access, something was not thought when the current systems where designed many years ago.

about 9 months ago
top

Ask Slashdot: Can an Old Programmer Learn New Tricks?

malvcr Re: what you need them for? (306 comments)

Let me add to this that the answer is not the framework but the paradigm. You are coming from C so you are not working object oriented. First, choose the program you like to write, then design it thinking in object oriented way, then choose the language according with your final required platform and this will tell you if a framework is required. For example, if you choose c++ you will work with STL for sure and maybe something else; and if you choose Java or C# you have no choice than to use the base framework because they are platforms more than only languages (Strousstrup words). But start with the design if you really like to learn well.

about 9 months ago
top

20 Freescale Semiconductor Employees On Missing Malaysia Airlines Flight

malvcr Re:Summary needs a slight rewrite (190 comments)

What about "something" can fly for a little landing from the plane and returning to depart again? ... this is not for 2014, but could be in the future, with a different design of what a plane is.

about 9 months ago
top

20 Freescale Semiconductor Employees On Missing Malaysia Airlines Flight

malvcr Re:Summary needs a slight rewrite (190 comments)

This is material for many new books and movies, even without knowing what really happened. Your description is a possibility (better knowing, as another reader point to, that Malaysia security control are very lax ... until now at least).

Other options:

  • These are flying by wire devices. You don't need to go to the cabin to destroy the plane, you only need to disturb the plane network to make it useless.
  • It is supposed the plane was turning to south before loosing contact. Could be possible it was hijacked instead of destroyed?
  • There are ways to disturb the satellite and GPS systems so the device believe they are in one place while they are really in a another one... but the lack of communication makes this a not so good option.
  • Static in te cabin .... what about our atmosphere, that is presenting many changes lately, is developing some type of unknown new, for us, electro magnetic disturbance that could destroy the electronics in a plane? ... I expect this not to be real, because many other planes could be in trouble very soon.
  • Errant and/or out of control Drone?
  • A meteorite?

In fact, I just realised that the Drones have a very nice possible future usage. Many planes with troubles are alone in their space. What about if we "always" send a small recognisance Drone with each plane? It is "outside" the plane, so if the plane explode or lost control, the Drone can be a first class witness. Also, if there is a strange air flow or some atmospheric disturbance and the Drone is flying in front of the plane, it will be affected first. Some seconds are the difference between life and death. And, they could give a hand if the pilots have very serious situations inside the plane.

about 9 months ago
top

Free (Gratis) Version of Windows Could Be a Reality Soon

malvcr Re:Free as in... (392 comments)

In fact ... it is not free at all.

You need to have a Windows 7 to have Windows 8.1 with Bing, and Windows 7 was not free. Also, Win7 it is not very old. They are just copying what Apple did with Mavericks, but with restrictions.

What I see is that Microsoft is in trouble because their business model from the 80s is not working well today. Apple have no problems, because they are not selling Operating Systems now, they are selling devices (many of them) ... and Microsoft almost no one, and this is why they needed Nokia. The Operating Systems, as the old days of computing, are returning to be a complementary free part of the systems, as must be.

A side note : There is a mistake with what an O.S. is. When trying to catch the market, Microsoft put every imaginable piece of technology inside the O.S. ... but this is not really an O.S., this is a "distribution". The O.S. must be a small part of the system. Look at Linux, it is really "ONE" file ... this is why people can make distributions, can put Linux in appliances, to create Chrome OS or Android on top, etc. Microsoft must evaluate to do the same, a small free element and to ask for money on the complementary parts for particular purposes. Forget the UI, forget the Server edition. Make them independent products, who knows, maybe this work for them...

about 10 months ago

Submissions

top

Want your points of view - Secure by definition

malvcr malvcr writes  |  about a year and a half ago

malvcr (2932649) writes "I have been a developer for 20 years by now, and have been dedicated to security my last years. My impression is that the current state of the affairs are carrying all the industry, in particular the Internet, to nowhere in security. Huge privacy concerns, basic mistakes with enormous consequences, a generalized lack of good programming practices leading to many security vulnerabilities, etc.

Having this into consideration, I started a company (http://www.hausmi.com) and an open source project (http://hausmisep.sourceforge.net). My purpose is to help as I can doing what I know, but instead of fighting hard to close holes and providing aspirins, I want to change the basic rules governing the creation of software. Secure by design, secure by construction, secure by definition.

Nobody has all the answers and this is why I am posting this on Slashdot. I have been reading here for a lot of time with some small replies, and I know there are many good and sharp comments, serious and funny (we need to laugh time to time), and your points of view will help me to adjust this attempt to work better what the security means for all us. Have no sense only to do what I want to do, but to know what the people need to have.

Thank you"

Journals

malvcr has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?