Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Bruce Perens (Score 1) 240

by QuietLagoon (#48039007) Attached to: Back To Faxes: Doctors Can't Exchange Digital Medical Records

When Bruce Perens was getting questions from slashdot, I asked whether Obamacare should have mandated the use of open source software....

Easy to ask, difficult to do.

.
Obamacare barely passed when Congress considered it. If such an open-source requirement were in the law, then lobbyists from EPIC-type companies would be all over Congress, and Obamacare would have never passed.

Companies pay lobbyists to make sure Congress passes laws that put money into the companies' coffers. Things like cost-efficiency are not part of that equation.

Comment To be used as a justification... (Score 1) 269

by QuietLagoon (#48027369) Attached to: Microsoft's Asimov System To Monitor Users' Machines In Real Time
Asimov is going to be used by Microsoft to justify what Microsoft wants to do, no more, no less.

.
Microsoft will be the sole collector and interpreter of the data.

Microsoft will release information about the data collected only when such information justifies what Microsoft had wanted to do anyway.

Comment To summarize: (Score 3, Informative) 304

by QuietLagoon (#48010103) Attached to: Consumer Reports: New iPhones Not As Bendy As Believed
The iPhone 6 Plus, the iPhone 6, and the HTC one (M8) have abnormally low resistance for bending forces (less than 90 pounds).

.
While the iPhone 5, the LG G3, and the Samsung Galaxy Note 3 are much better in this regard (all >= 130 pounds), with the Samsung Galaxy Note 3 at the top of the tests with 150 pounds.

Comment Re:C# using xamarin (Score 2) 316

If you plan to develop for more than one platform, keep in mind that the greatest amount of effort will be expended as you port the single-platform app to the second platform.

.
So, as the parent suggests, start from the beginning targeting multi-platform in your design stages. A small amount of extra effort in the beginning will save you a large amount of work down the road. And your apps will be less buggy.

Comment Following the law... (Score 1) 354

by QuietLagoon (#47999781) Attached to: FBI Chief: Apple, Google Phone Encryption Perilous

... "I like and believe very much that we should have to obtain a warrant from an independent judge to be able to take the contents," FBI Director James Comey told reporters. ...

Unfortunately his statement is not reflective of the government's behavior over the past few years.

.
If the government had obtained warrants when they wanted to browse through peoples' emails and conversations (on the phone, on the network, or in the datacenter), then I doubt if google and apple would have seen the need to take this step.

Comment Re:"could be worse than Heartbleed" (Score 5, Informative) 318

by QuietLagoon (#47996055) Attached to: Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

Outside of malicious HTTP headers landing in environment variable in CGI land, I'm hard pressed to think of another reasonable vector for this bug to be a problem...

This blog post mentions php, c++, python, et alia, as another attack vector.

This means that web apps written in languages such as PHP, Python, C++, or Java, are likely to be vulnerable if they ever use libcalls such as popen() or system(), all of which are backed by calls to /bin/sh -c '...'. There is also some added web-level exposure through #!/bin/sh CGI scripts, calls in SSI, and possibly more exotic vectors such as mod_ext_filter.

Comment Not just bash... (Score 1) 2

by QuietLagoon (#47994941) Attached to: Significant BASH vulnerability found
There appear to other aspects of this vulnerability.

.
For example, if /bin/sh is symlinked to /bin/bash...

Another good overview is here.

Reports on the latest Bash bug have gone from bad to worse, as damage from the bug spreads and many early patches are proving ineffective. Unlike Heartbleed, Bash attacks allow for remote code execution, allowing an attacker to exploit the vulnerability for malware distribution. Most attacks from the bug will target web servers and network devices, with experts saying that PHP-based web applications will be particularly vulnerable. Connected devices like smart appliances are also expected to be vulnerable in the long-term, since the devices are often slow to be patched, but early reports indicate an alarming number of systems may be at risk. As Kaspersky Lab's David Jacoby put it, "the real scale of the problem is not yet clear."...

Submission + - Significant BASH vulnerability found (us-cert.gov) 2

Submitted by SpuriousLogic
SpuriousLogic writes: US-CERT is aware of a Bash vulnerability affecting Unix-based operating systems such as Linux and Mac OS X. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system.

US-CERT recommends users and administrators review the Redhat Security Blog (link is external) for additional details and to refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch. A GNU Bash patch is also available for experienced users and administrators to implement.
Operating systems with updates include:
CentOS
Debian
Redhat (link is external)
Ubuntu

Slashdot Top Deals

"Protozoa are small, and bacteria are small, but viruses are smaller than the both put together."

Close