Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



The Dismal State of SATCOM Security

mveloso Why would you think otherwise? (51 comments)

Anyone talking on a sat phone is by definition interesting to the government - any government. Why would you think that these would be secure?


Nokia Had a Production-Ready Web Tablet 13 Years Ago

mveloso Welcome to 1995 (240 comments)

General Magic's and Sony's PIC-1000 had a graphical web browser back in 1995. Even back then nobody wanted one.

2 days ago

How Apple's CarPlay Could Shore Up the Car Stereo Industry

mveloso I recently bought a peripheral that didn't work! (193 comments)

I recently spent $35,000 on a peripheral for my phone, but I forgot to check if the peripheral worked with my phone.

Can someone write a law that says that all peripherals have to work with my phone?

Thank you very much.

Signed, ignorant consumer.

2 days ago

Stung By File-Encrypting Malware, Researchers Fight Back

mveloso Not really bad (84 comments)

One of the probably reasons they store the key on the box is because it's easier than having it on a remote server. A remote server can be taken out, unreachable, and you have the extra added problem of associating the decryption key with a specific box. That's a pain if the box isn't connected to the public network (i.e. it was infected through another vector).

If the key is local it's easier. You can even mail them a USB stick with the decryption application if you wanted to.

about a week ago

Navy Debuts New Railgun That Launches Shells at Mach 7

mveloso Aiming and targeting? (630 comments)

With these sort of weapons, how does the navy effectively target something? It's ridiculous to think the Navy would be targeting say, a truck. Would they just stay offshore and throw these at a building or something?

about a week ago

OpenSSL Bug Allows Attackers To Read Memory In 64k Chunks

mveloso Re:We're all fucked (303 comments)

If you have something else front-ending the SSL for your process on a compromised system, only that SSL process should be vulnerable. However, that still compromises your root cert and key, AFAIK, unless your SSL handler encrypts that stuff in-RAM.

Unfortunately, some people use SSL on tomcat or the app server directly, which means that whole app is vulnerable.

It's too late to mitigate now, but it's something to think about down the road.

about two weeks ago

OpenSSL Bug Allows Attackers To Read Memory In 64k Chunks

mveloso We're all fucked (303 comments)

Any data kept in RAM on an open-ssl box has probably been compromised. It sounds like that includes private keys, root certs, passwords, etc.

This is why passwords etc should be encrypted in RAM. It's funny, there's a Security Technical Implementation Guides (STIG) on that very item. It always sounded sort of ridiculous, but now I know why it was there.

about two weeks ago

It's Time To Bring Pseudoscience Into the Science Classroom

mveloso Re:Unfalsifiable does not mean untestable (470 comments)

Exactly. Something that's dismissed out of hand as ridiculous without any data may actually be an effect that nobody understands. The "unfalsifiable" poster is essentially a priori dismissing something which they believe to be false, even though that belief is really just as unscientific as the people who believe in whatever that phenomenon is.

It's actually really a hard problem to design tests for this sort of thing, and yeah, that would be what a lot of the classes would degenerate into. But it's a real life process that would make their lives better. It's like a backdoor way of introducing critical thinking, which almost guarantees it won't be part of any normal curriculum.

about two weeks ago

It's Time To Bring Pseudoscience Into the Science Classroom

mveloso Unfalsifiable does not mean untestable (470 comments)

The point of bringing these into the classroom is not to prove they are bogus - the point would be for kids to think how they would go about proving that the belief(s) in question are right or wrong.

What if you find that 98% of the people who buy magnetic bracelets feel better, and have a significant effect on back pain? If three double-blind studies said so, would you believe it, even if it makes no sense?

How would you test to see if ghosts exist? Magic? Gnomes? What would you actually test for? You could start getting into signatures, etc.

It's actually really entertaining to think about, and would be a great curriculum addition if you handle it right.

about two weeks ago

TCP/IP Might Have Been Secure From the Start If Not For the NSA

mveloso Encryption would have been too slow (149 comments)

If TCP/IP had encryption way back when, it never would have worked because it's too slow. Shit, stuff was so slow that people turned off checksumming. Imagine having to do something exciting, like actual encryption. It'd be worse than running a 300 baud modem.

about two weeks ago

Indie Game Jam Show Collapses Due To Interference From "Pepsi Consultant"

mveloso Re:I'd watch that for a dollar (465 comments)

I wish they'd put the raw footage online, just so we could watch the show collapse.

It'd be a meta reality show: "how our reality show crapped out and we all lost money."

about two weeks ago

Indie Game Jam Show Collapses Due To Interference From "Pepsi Consultant"

mveloso Re:I'd watch that for a dollar (465 comments)

As an aside, it shows how one person can make a difference - whether that difference is negative (in this case) or positive.

about two weeks ago

Indie Game Jam Show Collapses Due To Interference From "Pepsi Consultant"

mveloso I'd watch that for a dollar (465 comments)

I'm only about a third of the way into the article, and it's already hilarious.

You generally don't read a lot of crash and burn stories, so this is great. The author needs more drugs, though, and some speed.

about two weeks ago

Book Review: Money: The Unauthorized Biography

mveloso Das Kapital (91 comments)

Have you heard the good news about Das Kapital? I actually should re-read this, as it's one of the better treatises on money, capital, etc ever. Ignore that communist part if you want, since that part from what I remember was pitched as a logical conclusion but is more of a future prediction.

about two weeks ago

Tesla Model S Gets Titanium Underbody Shield, Aluminum Deflector Plates

mveloso Cowcatchers? (314 comments)

Next up: CowCatchers on the Tesla X!

about three weeks ago

One Billion Android Devices Open To Privilege Escalation

mveloso Luckily, Android is never updated (117 comments)

Luckily for most Android users Android is almost never updated, so in real life there's no real vulnerability.

about a month ago

Ex-Head of Troubled Health Insurance Site May Sue, Citing 'Cover-Up'

mveloso Oregon is run by Democrats. (162 comments)

Dude you're fucking retarded. Oregon is run by Democrats and has been for decades.

about a month ago

Engine Data Reveals That Flight 370 Flew On For Hours After It "Disappeared"

mveloso ELINT tinfoil hat (382 comments)

The VHF ACARS data was probably intercepted by the NSA and was the basis for the info provided to the WSJ. Note the original article said "intelligence sources."

The satellite ping BS was essentially a "uh, we didn't want anyone to know we were intercepting ACARS data." They walked that back pretty fast.

I thought Sat links were expensive, but it's only $7/MiB transferred over BGAN/inmarsat. However, they would need the hardware installed and someone would be eating that connection charge - and it if it wasn't Boeing, Malaysian Airlines, or Rolls Royce, then the connection didn't exist. I'm pretty sure you don't get SATCOM hardware for free when you buy your 777, but I have no idea about the specific deal that Malaysia Airlines has.

about a month ago



If you could rewrite your application, what would you do differently?

mveloso mveloso writes  |  about 2 years ago

mveloso (325617) writes "Lots of readers are in development — web, software, etc. After a few iterations everything gets crufty — requirements change, hacks get put into place, the architecture doesn't fit, and real-world performance is terrible.

With the benefit of your current experience, how would you have rewritten your application given what you know today?"

Tracking zombies and botnets?

mveloso mveloso writes  |  more than 6 years ago

mveloso (325617) writes "Like many people here, I run a couple of servers that do various things. The machines run firewalls as a matter of course, and have large numbers of log entries showing machines that, for one reason or another, are poking and prodding them.

But — besides proactively shutting off access to the machines by blocking their IPs (which may or may not be useful), I was wondering: is there a repository somewhere for tracking infected machines or botnets? Some of the signatures match known vectors used by infected machines, and some don't...but it all may be useful informtion for somebody.

Does anyone know of a blacklist-type service that can use this information?"


mveloso has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account