Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Cloud

Red Hat Strips Down For Docker 23

Posted by timothy
from the wearing-or-not-wearing-dockers dept.
angry tapir writes Reacting to the surging popularity of the Docker virtualization technology, Red Hat has customized a version of its Linux distribution to run Docker containers. The Red Hat Enterprise Linux 7 Atomic Host strips away all the utilities residing in the stock distribution of Red Hat Enterprise Linux (RHEL) that aren't needed to run Docker containers. Removing unneeded components saves on storage space, and reduces the time needed for updating and booting up. It also provides fewer potential entry points for attackers. (Product page is here.)

Comment: Re:What about the race of the escapee? (Score 1) 243

by arth1 (#49188369) Attached to: Racial Discrimination Affects Virtual Reality Characters Too

No, excluded implies that steps or barriers were put in place to prevent them from participation. That is not the case here.

It may be news to you, but in many countries the population is far more homogenous than where you may be, and in some of them, black people are few and far between. That no black volunteer students participated is not due to exclusion but because of there being none to exclude.

Can you point at just one "black participant that was removed from consideration"?
In other news, they did not exclude any Sami or Maori students either.

Comment: Re:What about the race of the escapee? (Score 1) 243

by arth1 (#49182101) Attached to: Racial Discrimination Affects Virtual Reality Characters Too

Um, no. First of all, there is no indications that they excluded anyone. The study was done with volunteers, and presumably with the students they had available at the Italian university.

Secondly, it's not clearly "black vs white" - the situation was "white vs anything else". Black was not in a special situation, vs. brown, red, green, blue or anything else not white.

From what I can tell, the study notes a racial bias. That does not prove or preclude racism. The bias can have other causes, but this study does not tell us.

Comment: Re:Missing the problem by a mile (Score 1) 560

by arth1 (#49174109) Attached to: Why We Should Stop Hiding File-Name Extensions

If you put an infected executable on my machine and gave it a TXT file extension it's totally harmless. So it tries to open the file in notepad....no harm there.

But how do you know that it will open it in notepad? Do you examine the registry?

How do you know that an app you tried a year ago and quickly uninstalled didn't change the extension association for .txt to run a small wrapper that examines the file, and if it's an executable, executes it, and otherwise opens it with Notepad?
It doesn't have to be a trojan you ran either - it could have been done through an IE/Flash exploit a long time ago too.

Comment: Re:Missing the problem by a mile (Score 1) 560

by arth1 (#49173977) Attached to: Why We Should Stop Hiding File-Name Extensions

You cannot tryst the extension to be what the file actually is. But you CAN trust the extension to determine what Windows will do with it. That .jpg might not actually be an image, but Windows will try to load it like one.

No, this is what I have tried to tell here, and keep getting modded down for. You cannot trust that. Really. You can trust that Windows will treat it as a .jpg file, but you cannot trust that Windows will treat .jpg files as images .
What Windows treats .jpg files as depends on registry values that are changeable by the user (and apps). An app can change .jpg files to be treated as executables, without you knowing it.

All that's needed is to modify HKEY_CURRENT_USER\Software\Classes\.jpg and it will override the system defaults. It's in the user hive, and does not even require admin privileges.
Apps do this all the time, benignly to associate file types with themselves. That your .mp3 files suddenly open with WinAmp after installing WinAmp is because of this. But that's not all they can do - they can associate ANY file types with ANY programs, not just themselves. That includes making Windows execute the file as a binary, if they so choose.
So you cannot trust that Windows treats a .jpg file as an image. That is only the case if you (or an app) hasn't changed that.

Few people will check the registry before "running" a file. They trust that Windows will open the .jpg file with an image viewer (or editor), but they have no way of knowing if a boring game they installed and uninstalled a year ago changed that, and that .jpg files now get executed if containing executable content and otherwise shown in an image viewer.

Comment: Re:Good luck with that. (Score 1) 560

by arth1 (#49172777) Attached to: Why We Should Stop Hiding File-Name Extensions

And you want to try to get the average end user to understand the difference between ".XLS", ".XLSX", and ".XLSX.EXE"?

Or to trust that no one is ever clever and malicious enough to use one trojan to modifiy the default action for .XLSX to run the files, and then a few months later send people .XLSX files that contains executable content?

Seeing that it's named .XLSX does not tell you anything about what (a) the file contains, or (b) what the OS will do with it. You trust that no-one would ever be mean enough to put non-spreadsheet info in a file named .XLSX, and trust that nothing has changed the actions taken for that file extension.
That's too much trust.

ASHes to ASHes, DOS to DOS.

Working...