Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Yes, point is to keep adversary out. It fails. (Score 1) 375

by Dahan (#48932789) Attached to: Why Screen Lockers On X11 Cannot Be Secure

When you come back from the bathroom, you want to regain access to your own computer. Think about exactly how you do that. Do you press the power button and reboot, and then enter your authentication credentials into a dialog that you know is your login screen, because you know that every step from boot to login, is intended to protect your interests?

You're stuck there anyways because you can never be sure someone didn't reboot the system, run a keylogger designed to act like the lock screen, and then send your password and reboot the machine.

As the guy you're replying to said, "you know that every step from boot to login, is intended to protect your interests." If you're concerned about someone rebooting the system and running some malware, you should make use of the various features designed to mitigate against that. All PCs these days let you password-protect the BIOS settings, so if you've configured it to only boot from the HD, it's not as simple as an attacker putting in a CD or plugging in a USB flash drive with their keylogger. And for even more protection, you can get a computer with more "enterprisey" features, such as a physical case lock and a chassis intrusion detection switch. If the attacker thinks they'll just open the box up and do a quick hard drive swap or something like that, that's not gonna work. And these days, there's also UEFI Secure Boot. Sure, there are ways to attack all of this, but a BIOS password plus case lock is sufficient for the vast majority of people. If you need more than that, you should probably focus on keeping intruders from getting access to your computer in the first place.

Whether it's user mode per se or not, there are tools to change the behavior of ctrl-alt-delete.

As far as I can tell, that's just a utility that changes the options that are already available in Windows--they're normally controlled via Group Policy. It's not actually running any new code, it's just changing behavior in a way that MS has already allowed. It actually is possible to write your own code that runs when the user presses Ctrl+Alt+Del though; it's called a custom GINA DLL. Of course, if an intruder already has Admin access to install their GINA DLL, it's already too late... The point of Ctrl+Alt+Del is to thwart malware running as an unprivileged user.

PS - The other major thing is that Ctrl-Alt-Delete was originally a DOS-ism that had more to do with dealing with misbehaving, yet not malicious, programs and trying to regain some level of control.

That key combo was selected because no application uses it. Other than that, there's no relation to its use in DOS. Bill Gates has said that he (or Microsoft in general) had wanted a dedicated key for it, but IBM (which was a major keyboard manufacturer at the time) didn't want to add a key for MS. I guess MS eventually had enough clout to get everyone to add the Windows and Context Menu keys, but it wasn't worth changing Ctrl+Alt+Del to use the new keys.

Comment Re:There is more than NYC (Score 1) 397

by Dahan (#48921557) Attached to: "Mammoth Snow Storm" Underwhelms

And? This is about a blizzard that was supposed to hit the US northeast and ... didn't really happen. It was hyped as "Snowmageddon 2015" and instead of dropping a couple of feet of snow it's dropping inches. The weather reports were completely wrong yet again.

Uh, what? It most certainly did happen. Multiple feet of snow. In the US northeast. Where did you hear that it didn't happen?
Communications

Your High School Wants You To Install Snapchat 157

Posted by timothy from the just-ask-ram-sweeney dept.
Bennett Haselton writes: They would never admit it, but your high school admins would probably breathe a sigh of relief if all of their sexting-mad students would go ahead and install Snapchat so that evidence of (sometimes) illegal sexting would disappear into the ether. They can't recommend that you do this, because it would sound like an implicit endorsement, just like they can't recommend designated drivers for teen drinking parties -- but it's a good bet they would be grateful. Read on for the rest.
Transportation

Why Didn't Sidecar's Flex Pricing Work? 190

Posted by samzenpus from the you-get-what-you-pay-for dept.
Bennett Haselton writes Sidecar is a little-known alternative to Lyft and Uber, deployed in only ten cities so far, which lets drivers set their own prices to undercut other ride-sharing services. Given that most amateur drivers would be willing to give someone a ride for far less than the rider would be willing to pay, why didn't the flex-pricing option take off? Keep reading to see what Bennet has to say.
Education

2014 Geek Gift Guide 113

Posted by Soulskill from the watch-out-for-robot-santa dept.
With the holidays coming up, Bennett Haselton has updated his geek-oriented gift guide for 2014. He says: Some of my favorite gifts to give are still the ones that were listed in several different previously written posts, while a few new cool gift ideas emerged in 2014. Here are all my current best recommendations, listed in one place. Read on for the list, or to share any suggestions of your own.
Twitter

An Algorithm To Prevent Twitter Hashtag Degeneration 162

Posted by samzenpus from the read-all-about-it dept.
Bennett Haselton writes The corruption of the #Ferguson and #Gamergate hashtags demonstrates how vulnerable the hashtag system is to being swamped by an "angry mob". An alternative algorithm could be created that would allow users to post tweets and browse the ones that had been rated "thoughtful" by other users participating in the same discussion. This would still allow anyone to contribute, even average users lacking a large follower base, while keeping the most stupid and offensive tweets out of most people's feeds. Keep reading to see what Bennett has to say.
Cloud

Clarificiation on the IP Address Security in Dropbox Case 152

Posted by samzenpus from the read-all-about-it dept.
Bennett Haselton writes A judge rules that a county has to turn over the IP addresses that were used to access a county mayor's Dropbox account, stating that there is no valid security-related reason why the IP addresses should be exempt from a public records request. I think the judge's conclusion about IP addresses was right, but the reasoning was flawed; here is a technically more correct argument that would have led to the same answer. Keep Reading to see what Bennett has to say about the case.

Comment Re:Of course there will be... (Score 1) 171

by Dahan (#48438323) Attached to: Windows Kernel Version Bumped To 10.0

But that's not a Windows program. That's a Java program and that is the coder's issue not MS. The Windows API that returns the Marketing Name have been deprecated as far as I know.

I don't what distinction you're trying to make between a Windows program and a Java program. Windows is an OS, Java is a programming language. Java programs can run on Windows. And sure, it's a problem with the code, but Java programs are popular in big "enterprise" apps, so MS is especially interested in keeping those apps running. The last thing they want is for some company to not upgrade thousands of copies of Windows because a program that company needs won't run on the new version. "DOS ain't done until Lotus won't run" is a myth; MS jumps through a lot of hoops to make sure that almost all programs that run on an older version of Windows will continue running on the new version, even when the coder did something stupid.

Comment Re:Of course there will be... (Score 1) 171

by Dahan (#48437145) Attached to: Windows Kernel Version Bumped To 10.0

Personally I think it's just an excuse. How many Win 9x programs still exist that would be tripped up by Windows 9?

Lots of programs that were written when Win9x was still popular are still around... an example given in the last /. story about MS skipping Windows 9 is jEdit. As of right now, the current revision of that file (r23738), last modified about a year ago, still detects the OS as Windows 9x if the OS name supplied by Java contains either "Windows 9" or "Windows M".

Comment Re:Electricity can be erratic (Score 2) 223

by Dahan (#48390053) Attached to: Ask Slashdot: Programming Education Resources For a Year Offline?

This "sheds" (gets rid of) the "load" (electricity on the line).

No, an electrical load is something that uses electricity, not electricity itself. E.g., "that circuit can handle a 20 amp load." And "load shedding" is shutting off electricity to certain users so that there are fewer loads on the system. See this definition, for example.

Comment Re:NFC alone isn't enough (Score 1) 122

by Dahan (#48339519) Attached to: New NXP SoC Gives Android Its Apple Pay

But difficulty? You haven't used it have you?

The person you replied to didn't say it was difficult; he said it wasn't convenient: "it ... is simply not convenient to use compared to swiping a credit card." And it's not. You have to wake up your phone, unlock it, and then enter the Google Wallet PIN. With Apple Pay, you just have to hold the phone with your thumb at the correct location; the phone display doesn't need to be turned on first, and the fingerprint reader takes the place of the unlock and PIN entry.

I've tried Google Wallet a few times for the novelty value, but using a regular credit card takes fewer steps, and hence is faster.

Comment Re:This is rich! (Score 1) 264

by Dahan (#48328501) Attached to: We Are Running Out of Sand

It was only 7 days before cases in the US skyrocketed, and no one with a brain would dare to repeat his retarded comment about how Ebola can't spread in the US. Keep trying though.

When did the cases in the US skyrocket? The number has always been extremely low. It's currently at 1, and the 21-day monitoring period for those in contact with the Dallas nurses ends tomorrow. Face it, your perverse wish for an Ebola outbreak in the US didn't come true. While I know you're disappointed, the rest of us are glad to see Ebola on the decline.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close