Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment: Re:Neville Chamberlin was not available for commen (Score 2) 227

by Rei (#48630561) Attached to: "Team America" Gets Post-Hack Yanking At Alamo Drafthouse, Too

Germany was spending far more on their military during that time than Britain was. If Britain and France had stepped in earlier, Germany would have been totally unprepared and the war would have ended quickly. Not to mention all of the horrors of the Holocaust that would have been prevented.

If Britain and France had managed to delay the war to "prepare" even more, say a few years, the Luftwaffe would have been dominated by jets, German ballistic missiles would have been longer range and more precise, and they might even have become a nuclear power. I really don't think this is the analogy you're looking for.

Comment: The "wheel" group is an admin group (Score 4, Informative) 116

by mr_mischief (#48629205) Attached to: Grinch Vulnerability Could Put a Hole In Your Linux Stocking

Truth: some Linux distros have a "wheel" group.
Truth: this group is used as a list of people with elevated permissions
Truth: one of the elevated permissions often assigned to this group is the ability to become root, especially with sudo
Falsehood: all users on a Linux system are members of the "wheel" group
Falsehood: one can add oneself to the "wheel" group without having permissions already elevated above regular user status

tl;dr: someone misunderstands groups and called it a vulnerability

Comment: Re:Grinch is not a flaw - has no CVE!!! (Score 5, Informative) 116

by jandrese (#48628921) Attached to: Grinch Vulnerability Could Put a Hole In Your Linux Stocking
About 3/4 of the way down the "article" they explained the vulnerability:

To control administrative access, Linux keeps a list of all the registered users on a machine, in a group typically known as “wheel,” who can be granted full root access (usually through the Unix sudo command).

A knowing attacker could get full root access by modifying the wheel group, either directly or by manipulating an adjoining program such as the Polkit graphical interface for setting user permissions, Alert Logic said.

This is patently stupid. Yes, if you give a badguy administrative access, bad things can happen--even if you use a fancy GUI to give the bad guy administrative access. The only thing that is even slightly newsworthy here is that maybe a novice admin won't understand the purpose of the wheel group and could be tricked into giving permissions, but there are a lot of ways you can trick a dumb admin, there's no need to single this one out.

Comment: Re:Never attribute to stupidity (Score 1) 571

by Rei (#48626209) Attached to: Reaction To the Sony Hack Is 'Beyond the Realm of Stupid'

Propaganda campaign by who? I think Singer needs to check his haughtiness at the door:

the ability to steal gossipy emails from a not-so-great protected computer network is not the same thing as being able to carry out physical, 9/11-style attacks in 18,000 locations simultaneously. I can't believe I'm saying this. I can't believe I have to say this."

Except, of course, for the fact that the prime suspect is the hand-picked hacker squad of the Hollywood-obsessed leader of a nuclear armed state with ICBMs, whose family's Hollywood obsession has gone to such extremes in the past as kidnapping filmmakers and forcing at them at gunpoint to make movies for them. I can't believe I'm saying this. I can't believe I have to say this.

Comment: Re:Hmm (Score 1) 81

by Rei (#48623175) Attached to: SpaceX To Attempt Falcon 9 Landing On Autonomous Spaceport Drone Ship

That's not all that different from how he got started with Tesla. He had no intention of starting a car company (he already had SpaceX), he just wanted AC Propulsion to build him a copy of their t-zero - but they had no interest, even for a small fortune. But then they pointed him to this guy named Martin Eberhard who had this wild idea to commercialize the t-zero's tech base on a Lotus Elise body and was looking for funding... and thus Tesla was born.

Comment: Re:So stream it... (Score 5, Interesting) 580

by jandrese (#48621733) Attached to: Top Five Theaters Won't Show "The Interview" Sony Cancels Release
Sony should say screw you to North Korea and release the entire movie for free on the internet. Make sure everybody has a chance to see it. Of course they won't because they still have to monetize it somehow, but it would be something to say "we're not going to give in".

Comment: Re:Pretty sad (Score 1) 155

by Rei (#48619997) Attached to: Dr. Dobb's 38-Year Run Comes To an End

g++ supports it with __restrict__. And if you're writing high performance code but not having support for the features of modern compilers, you're an idiot. In appropriate situations, the performance difference for using restrict or not is huge. Array-heavy tasks like image processing often get a 2-fold or more benefit with using restrict. There's very few places in the coding word where a single keyword can raise your performance that much.

Comment: Re:Backups are not secure (Score 1) 172

by jandrese (#48619981) Attached to: Backblaze's 6 TB Hard Drive Face-Off
This is really not a good approach to using public key crypto. The private key shouldn't be on the servers, it should be on the client. I know it's a pain to handle per-file backups and especially deltas when everything is encrypted, but that's the tradeoff for proper security. In fact there's really no need for expensive public key crypto here at all. Just have the client use a cheapish symmetric key (AES256 perhaps) and send only encrypted data to the servers. There's no need at all for the servers to ever have the data in the clear.

* * * * * THIS TERMINAL IS IN USE * * * * *