Dangerous Vulnerability Fixed In Wget
Lcamtuf writes that that running strings over a maliciously crafted file can probably result in code execution on your system.
The big picture is nothing new, when you use software, particularly software which is written in C/C++, to process data from untrustworth sources there is a reasonable chance of hard to spot security vulnerabilities.
Virtual Machine Brings X86 Linux Apps To ARMv7 Devices
4.5 times faster than QEMU is still very slow
200-400 Gbps DDoS Attacks Are Now Normal
I tried one against myself for a minute last year and saw about 4Gbit/second of port 53 UDP traffic. Enough to cause problems for an amateur-hour webhosting service. Any half decent webhost can handle that these days.
Space Junk May Require ISS Maneuver In Advance of SpaceX's Dragon
"forward deflector array" ? Modded informative ?!?
The international space station is a real thing in orbit around the earth with real people on board.
Deflector shields are not real. Star trek is fiction, Captain Kirk was an actor in front of some cameras.
UK Government To Offer Free TV Filters For 4G Interference
For a few more months in the UK analog TV will use 470-862MHz
The last few analog transmitters will soon be switched off,
the replacement digital transmitters will just use 470-790MHZ.
806-854MHz was auctioned off in 2009. 790-806MHz may be used for other tings in areas where it is not used for digital TV.
The worst case scenario for TV interference is roughly this.
Someone's house is on the edge of the coverage area of a digital TV transmitter which is on the highest multiplex frequency. They are 35miles from the transmitter and have a big TV antenna on a twenty foot pole on the chimney with a wideband preamp on the pole.
The TV signal is just barely strong enough to give a picture and only freeze occasionally when a pigeon flies in front of the antenna.
The TV signal is 8MHz wide ending at 790MHz.
A mobile internet base station push out 100 watts is installed 100 meters away from the house using frequencies starting just 16MHz higher at 806MHz.
In terms of power the mobile internet signal might be 70dB stronger, that's ten million times the received power.
The base station signal is strong enough that it overloads the masthead preamp. It dosn't even matter if the TV decoder can handle a massive signal close to a very weak signal, (and it probably can't) because the preamp is clipping and the weak TV signal is lost before it even gets to the TV.
In theory with good planning will mitigate this considerably.
In practise vast amounts of existing TV equipment is specifically designed to receive and amplify the frequencies that have been sold oof for other uses.
Mobile applications need lots of base stations close to the users.
Inevitably lots of people will have a base station on a tall building that they can see out of the window in an area where the TV transmitter is twenty miles away.
New Mac OS Trojan Produces BitCoins
Bitcoin is not in trouble.
Some idiot speculators lost their money. Some people who were stupid enough to trust online wallet services lost their money. Some people who got their windows machines infected lost money. A few idiots who didn't keep backups lost their money. The people who are holding BTC are likely to find it looses value for years but it was their choice to get into it in the first place.
The system still works fine. You can still transfer bitcoins from one user to another across the internet with a few clicks. If you keep your private keys safe nobody can steal your coins.
Bitcoin will be in trouble if a significant attack on the cryptography is found.
Bitcoin will be in really big trouble if someone finds a remotely exploitable hole in the client software.
So far, it is not in trouble.
It can drop in value to 1 US cent per BTC and still not be in trouble.
New Mac OS Trojan Produces BitCoins
Anyone can mine bitcoins, you don't have to be a politically connected bankster to participate.
The creation of new BTC is predictable and publicly documented.
Participation is voluntary. Anyone can read about how it works, see that the the amount of BTC in circulation is going to more than double in the next five years, see that the level of commerce with BTC is low and decide if they want to hold any. (Personally I think holding BTC is a bad idea and will be for a years unless commerce increases considerably.)
Having your fiat currency devalued to cover the deficit spending of long retired spendthrift politicans is not voluntary.
New Mac OS Trojan Produces BitCoins
Applying more computer power to bitcoin mining won't devalue bitcoin any more than it will anyway. The software adjusts the difficulty of generating blocks so that it generates approximately 7200 BTC every day for the next year, fewer after that. More computing power applies to mining just means that individual people mining get a smaller share of the coins being generated.
So Long, CmdrTaco, and Thanks For All The Posts
I just wish I could find the setting to show the site as it was six or seven years ago. Bandwidth is cheap and my browser can cope with large pages, I don't want to see or click a "get more comments" button ever. I just want it to show every comment at my chosen score threshold by default.
Middleboxes vs. the Internet's End-to-End Principle
From the report
TcpCrypt was motivated by the observation that server computing power is the performance bottleneck. To make ubiquitous encryption possible, highly asymmetric public key operations are arranged so that the expensive work is performed by the client which does not need to handle high connection setup rates. This is in contrast to SSL/TLS where the server does more work.
I think thats a really insightful observation. I'd really like a new version of the HTTPS that takes away the most common objection to using it by making the client do most of the work. Most computers being used for web browsing have processor time to spare, not sure about smartphones though.
ClamAV For Windows Open Beta Begins
The clamAV engine is designed for scanning incoming email. These days any sensibly configured email system deletes all email with any forum of executable attachment before it gets anywhere near the end users so email scanning is a bit of a niche market.
The ClamAV engine may be good at email scanning but that does not mean it is good for general malware scanning. Clamwin, which uses the clamAV engine in a general windows malware/virus scanner has very poor detection compared to the top few antivirus packages (Eset Nod32, AVG, kaspersky, avira paid version, panda).
Malware delivered via the web is the main source of the epidemic of crap on the windows platform these days. In geek circles I feel like a suspected plague carrier because I carry a windows laptop instead of running ubuntu or carrying an apple.
I do nearly all my browsing in windows virtual machines. The basic firefox only VM is little trouble. A vm with flash player, Sun java, acrobat reader, dotnet addon etc results in the "whats all this network traffic, shit the VM is sending spam" or "popups WTF?" every few months, followed by going back to a known good copy of the VM and redownloading lots of updates.
Over that last year I'v uploaded a couple of dozen malware .exe's from the web to virustotal, (mostly attempts to exploit user ignorance that didn't getting running on my machine eg desirable-file.pdf.exe). I keep the exe's and check how long it takes for AV companies to add detection. Kaspersky and AVG usually add detections within 36 hours, avira is usually "next day" provided next day is monday-friday.
Half the time Clamwin does not detect the malware and typically takes a couple of weeks to start detecting my sample if they get it at all.
I have little confidence in another package using the clamAV engine doing any better.
Also the ony real cleanup response for malware arriving by email is 'delete', removing malware that has installed itself into windows takes much more work. A of people rely on antivirus software to clean up messy infections instead of being organised enough to have current backups and known-good images of every machine.
Oscilloscopes For Modern Engineers?
I recommend NOT buying a Hantek USB oscilloscope.
I got a DSO-2250 which sounded good for the money. I would have spent more time reading reviews, this review sums it up.
The software for windows is buggy and limited. They seem to have largely rewritten the software between version 6 and version 7 but have just replaced old bugs with different bugs.
The most frustrating bug is that it gets stuck and stops triggering until you close and reopen the software. It's really annoying to have your hands full poking the probes into some equipment and not knowing if you have missed the packet of data you are trying to catch because it wasn't sent or because the scope software didn't work.
The manufacturer claims 8bit sampling and 250 megasamples/second.
Sadly the hardware is noisy and the lowest two bits randomly change. The software has a smoothing option to hide the noise but then you don't get anything like the time resolution you paid for.
If the software was better I could live with that as I mostly look at digital signals.
I still personally favour a PC oscilloscope since I haul a laptop around and might as well make use of it's high resolution screen.
For digital work a 'scope that can capture a one time event to look at at your leisure is far better than an analog scope that needs a repetitive signal to keep refreshing the CRT.
eBay to Drop Negative Feedback on Buyers
There is a very large number of posts in ebay's forums from sellers complaining about this.
If I was a larger seller I'd be trying to get together with other big sellers to create a private system to share information about scamming/deadbeat/irrational/insane buyers and hijacked accounts.
On another note, ebay UK has announced that all prices must included VAT (value added tax) if it is going to be charged. In typical ebay fashion until now their help pages said that VAT would be included but they refused to enforce it so lots of people have had the irritating experiance of being unexpectedly asked to pay 17.5% more. People should have read the small print in the auction saying VAT would be added but it's easily done when you are tryign to grab a bargain.
throwaway18 hasn't submitted any stories.
Dahhh, must preview
I must must must use the preview more. I'v got too used to forums and wiki's that let me edit my stupid mistakes.
The ability to edit a digg comment for a couple of minutes is great. I'd be happy with a three minute delay on slashdot before comments become part of the site.
(Although I don't bother looking at digg much anymore, there's lots of amusing stuff but not much that actually matters to me and the comments I think are worth reading are often not the ones that get high scores).
I'v mainly posted this journal entry on the off chance anyone wants to leave me a mesage. Feel free to write comments about anything though I may delete the whole entry.
Wifi and mesh networking
Currently gathering parts to build an SWR meter for 2.4GHz.
Nullsoft Waste, slashdot test network
I'd like to play with Waste and see how well it works with a group of people spread across the internet. Would anyone like to form
a waste network of random slashdotters?
I'm busy now so this will probably not start rolling until the
Leave a message in my slashdot journal or use my current
throwaway email address firstname.lastname@example.org
I suspect the thing we need most is someone with a static
ip or domain name to announce thier public key and leave
waste running continuously for a few days.
I'm not using a network name in waste.
I have a windows machine running waste. It won't be up
continuously but you may be able to use it to get connected.
I'l try to set up a node that is allways on but it depends
on getting waste running on a linux shell without xwindow.
Edit:changed port and added instructions.
First send me your public key by posting it in my journal
(next entry up has comments enabled) or by email
Next import the public key below into waste.
Enter tortoise.zapto.org:30000 in the top box in the
network status dialog.
WASTE_PUBLIC_KEY 20 1024 Throwaway18