×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Heartbleed Sparks 'Responsible' Disclosure Debate

viperidaenz Re:Not that good (156 comments)

I recently worked on a project where two weeks of development time was followed by 4 months of testing.
Although 3 and a half months of those 4 was waiting for environments to be built and paperwork to go through

12 hours ago
top

Plant Breeders Release 'Open Source Seeds'

viperidaenz Re:Safeguard the farmers? (130 comments)

With seeds?

They should safeguard them from heat-seeking drones flown by Monsanto.

yesterday
top

GoPro Project Claims Technology Is Making People Lose Empathy For Homeless

viperidaenz Where's the raw data (318 comments)

How many homeless volunteers took off with the camera and sold it to buy booze?

2 days ago
top

Code Quality: Open Source vs. Proprietary

viperidaenz Re:Code Quality Sucks on Either (131 comments)

"none, because someone might find out I've made the code worse, not better"

2 days ago
top

Code Quality: Open Source vs. Proprietary

viperidaenz Re:Not a surprise, but no reflection of O/S vs Pro (131 comments)

The more things are isolated from each other, across lots of levels (in a fractal dimension sense, perhaps) the better things are likely to be.

Language has a lot to do with that.
If your project is written in a managed language, allocated memory is always initialised first, there is no pointers arithmetic and array bounds are always checked, so it's impossible to read random data from memory.
If your project is written in C, all code has access to all memory.

2 days ago
top

Code Quality: Open Source vs. Proprietary

viperidaenz Re:Managed langauges (131 comments)

Resource leak in Java = DoS, as mentioned already
Resource leak in C = Heartbleed.

Personally, I'd rather my application crash than expose my private keys and other data that was supposed to be encrypted.

2 days ago
top

Code Quality: Open Source vs. Proprietary

viperidaenz Re:Not a surprise (131 comments)

bugs, like DRM?

2 days ago
top

First Phase of TrueCrypt Audit Turns Up No Backdoors

viperidaenz Re:memset() is bad? (171 comments)

This is actually tangentially related to heartbleed - if the memory had been zeroed when freed, the scope of the exploit would have been greatly reduced, as only currently allocated blocks would have been vulnerable

The blocks holding the certificate private key are always allocated, so always vulnerable.

This is completely incorrect. Until it is freed (or realloc'ed), the address returned by malloc will point to the same data, regardless of whether it is in the L1 cache, RAM, or paged to disk. Were this not the case, each program would need to implement its own MMU.

So virtual memory is completely useless, because paging to disk doesn't free up the physical RAM or other processes?

Perhaps you should have read the article linked in the article you linked. http://www.viva64.com/en/k/004...

There is SecureZeroMemory() function in the depths of Win32 API. Its description is rather concise and reads that this function overwrites a memory region with zeroes and is designed in such way that the compiler never eliminates a call of this function during code optimization.

So don't use memset to zero memory.

There is still the risk that another process reads data from RAM that another process was using, unless the OS zeros out the memory before allocating it.
That's something you can't get around in application code because you don't control the other applications.

2 days ago
top

'Thermoelectrics' Could One Day Power Cars

viperidaenz Re:power cars? technically no (171 comments)

If the thermoelectrics are significantly more efficient that than internal combustion engine, removing it completely would save a lot of weight and may result in a more efficient system.

2 days ago
top

San Francisco's Housing Crisis Explained

viperidaenz Re:BS (356 comments)

I could buy the house I currently own in less than two years. What's your point again?

3 days ago
top

San Francisco's Housing Crisis Explained

viperidaenz Re:BS (356 comments)

... or toxic waste from the oil industry?

3 days ago
top

How Apple's CarPlay Could Shore Up the Car Stereo Industry

viperidaenz Re:The Real Breakthrough - non auto-maker Maps (193 comments)

This won't stop the car industry.
I can't easily replace the navigation system in my car, because it controls the air-con.
The whole system is integrated in to the dash, the steering wheel controls, the trip computer and air conditioning.

There are aftermarket options on ebay, but the risk it won't work is high - The car is made in Japan with several options for air con (single/dual zone) and is visibly identical to other models made in USA which may or may not be wired the same. Added to the fact the model name of the Japanese car is the same as a completely different USA model and the one that's physically the same as a different name.

3 days ago
top

Apple's Spotty Record of Giving Back To the Tech Industry

viperidaenz Re:They had it integrated into XCode before (266 comments)

Apple didn't choose clang, they developed it. Therefore all the reasons for its existence are the reasons Apple use it.

3 days ago
top

First Phase of TrueCrypt Audit Turns Up No Backdoors

viperidaenz Re:memset() is bad? (171 comments)

But the program performs functionally the same.
That's the rule followed when doing compiler optimisations.

memset has nothing to do with Heartbleed by the way, nor does any compiler optimisation.

You also don't guarantee the original data is overwritten. If your application is paged out of RAM before the call to memset, when it gets loaded back in to RAM it can be pointing to a different physical memory location. You're now overwriting.... something completely different.

3 days ago
top

Microsoft Confirms It Is Dropping Windows 8.1 Support

viperidaenz It's spelled out isn't it? 24 months support. (571 comments)

Microsoft only support the current service pack level and all those less than 24 months old for Windows Client and Server.
That's the agreement they've given to their customers.
They will drop support for 8.1 in 24 months time.

http://support.microsoft.com/l... .... wait a minute. They should at least update their support policy before cutting support.

4 days ago
top

Microsoft Confirms It Is Dropping Windows 8.1 Support

viperidaenz Re:Nope, not okay for either (571 comments)

and you should accept that down-grading will mean you are vulnerable to any issues later versions have fixed.

4 days ago
top

IRS Can Now Seize Your Tax Refund To Pay a Relative's Debt

viperidaenz Re:Joke's on you feds (630 comments)

I'm sorry, the center you were raised at has unpaid tax bills. They've since shut down so we're recovering all debts from the orphans.

4 days ago
top

First Phase of TrueCrypt Audit Turns Up No Backdoors

viperidaenz Re:memset() is bad? (171 comments)

If you call memset on some allocated memory and then free that memory, what (apart from clearing sensitive data from physical RAM) functional difference does removing the call to memset make? None?

4 days ago
top

First Phase of TrueCrypt Audit Turns Up No Backdoors

viperidaenz Re:Bootloader & Windows Driver (171 comments)

It depends why you're hiring an American to do your security audit.

Is it stupid for someone in China to hire an American to look for back-doors that may have been added by a Chinese Government agency?

4 days ago

Submissions

viperidaenz hasn't submitted any stories.

Journals

viperidaenz has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...