Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment Re:Privlege escalation exploit change looks like t (Score 1) 33

Modifying the sudoers file was only one example use for this. It allows you to write to any file that is normally only writeable to root. Modifying sudoers is a fairly simple and visible change, but modifying one of the system startup scripts that launchd runs as root would work just as well. I think it only lets you append to a file, but it would also be possible to temporarily modify sudoers, then set your worm's setuid bit and change the owner to root, then revert the sudoers change. The only user-visible thing would be the setuid bit on a suspicious binary hidden somewhere in the system (how many people check for this?). Of course, once you are root then you can do things like modify firmware and boot settings and hide inside the kernel...

Comment Re:Better link (Score 1) 33

NO, Code execution in a browser CANNOT escalate privileges.... none of those applications have sufficient rights to change the /etc/sudoer file

Way to miss the point. If they had the rights to write to /etc/sudoers then they wouldn't need a privilege escalation vulnerability. The entire point of this exploit is that it allows someone with an unprivileged account to gain root access. That said, both Chrome and Safari run the WebKit renderers in sandboxes that don't have the ability to run any setuid binaries (which this needs), so the grandparent is only partially correct: only Firefox would be vulnerable, out of the ones that he listed.

Comment Re:DC is more dangerous (Score 1) 358

DC is harder to turn off safely. A high current contactor will arc under both AC and DC - but an AC arc tends to be self extinguishing

There's also the issue of touching the live wire. If you touch a DC main, your hand will spasm and you're likely to end up gripping it. If you touch AC, then you feel a buzzing at the frequency, but it's a lot easier to pull away.

Comment Re: Nonsense (Score 1) 358

He doesn't do laundry - but the charity he donates clothes is forced to do it. He's basically pushed the environmental impact, energy and cost of laundry onto some other 3rd party

That's fairly minor in comparison with the energy cost of having a new set of clothes shipped all of the way from China every time whatever he's wearing gets dirty. Does he really think that producing new clothes and shipping them half way around the world has a lower energy cost than running a washer-dryer for a couple of hours?

Comment Re:Most global diseases involve energy and water (Score 1) 143

Even in a modern mechanised war, where you have a relatively small percentage of the population fighting, success depends on a strong economy. Russia's ability to turn on massive production of tanks in the second world war was the most obvious example of this, but even before that in the Napoleonic wars the British ability to mass-produce rifles was a key factor. Without a healthy population, you can't easily maintain the civilian infrastructure that you need to drive the war machine. The drones won't fly without working power, the operators won't make it to work without working transportation infrastructure and food distribution.

Comment Re:Does anyone remember... (Score 1) 143

This is also true of the Bill and Melinda Gates Foundation. They donate a huge amount of 'free' medicine around the world to poor countries. There's only one very small catch: if you accept the donation (which it's basically impossible to refuse when it is likely to save millions of lives in your country) you have to sign a one-sided IP protection treaty with the USA. Not pushed by the B&MGF, you understand, it's a requirement of the pharmaceutical companies providing the drugs. The fact that it happens to significantly benefit the investments of the major donors of the foundation is purely coincidental, as is the long-term harm that it does to developing economies.

Comment Re:Microsoft (Score 3, Insightful) 185

Windows Phone is pretty nice. It's main drawback is the lack of apps (which is hard to fix, as no one wants to develop for a platform with few users and no one wants to buy a phone with no software). It's main problem selling is that people associate it with Windows on the desktop, which is a usability disaster that somehow manages to get worse each version, in spite of having passed the point where people thought it couldn't get any worse some time ago.

Comment Re:steve ballmer's legacy gets one last sucker pun (Score 2) 185

Around 2005, Nokia had a shiny new kernel (Symbian EKA2), designed from scratch to scale to future mobile systems with a good security model, clean abstractions, and power management built in at all layers. It was still hampered, however, by userspace APIs that were designed for a far more memory-constrained environment. Their solution to this involved multiple phases. Their first part was to try to replace the kernel with Linux. This did not go well. They then had no idea how to design a new set of userland APIs, so they set up multiple teams internally competing. These teams were very good at sabotaging each other, but not so good at bringing a usable product to market.

Elop came in when Nokia had failed to produce anything to compete with the iPhone or even with a moderately decent Android handset. He managed to persuade Microsoft to buy Nokia for what now turns out to be a significant multiple of their real value. Of all the companies that benefitted from this, Microsoft was pretty low down the list.

Comment Re:The solution nobody asked for (Score 1) 185

Furthermore Google is basically giving Android away

Half true. If you want to ship Android, it's free: go to AOSP, download, tweak to your device, ship. If, on the other hand, you want the Google Play store, then you have to pay Google, agree to ship other Google apps in the default firmware install, and agree not to ship competing apps in a few categories in the default install.

Microsoft lacks the design culture and brand to compete with Apple on the high end

A lot of that is marketing. It's far more a brand problem than a design culture. In terms of usability, I'd place Windows Phone a little bit ahead of iOS at the moment (which surprised me a lot, because Windows is a UI clusterfuck on the desktop, OS X is worse than it was but still in a completely different league to Windows 8.1 - I've not tried Windows 10 yet). Possibly MS moved all of their competent HCI people to the mobile team, or possibly management doesn't care as much about mobile so doesn't insist on multiple layers of design by committee. No one who's used Windows on the desktop would go out of their way to buy a Microsoft product though.

Comment Re:Microsoft (Score 4, Informative) 185

Symbian EKA2 was a great kernel design for mobile (and still does security and power management better than Linux), but a lot of the Symbian userspace APIs were designed at a time where 1MB of RAM was a lot, 4MB was huge. When 64MB was entry level, they were really showing their age: saving 1MB at the cost of a big increase in developer effort wasn't worth it. Nokia needed to provide a modern API and a clean migration path. They provided neither and they set up groups within the company competing to provide both and actively sabotaging each other. Maemo/Meego is an example of this: Switching from GTK to Qt shortly after launching the product doesn't instil developer confidence.

Windows Phone actually made sense for Nokia: they needed a software stack that let them differentiate themselves (and no one else seemed to be using WP) and they had managed to set up their corporate structure in such a way that it was impossible for them to develop it themselves. Some of their apps were really nice (their maps app, which was just bought by a consortium of German car makers was a lot better than the Apple or Google offerings, for example).

"Well, it don't make the sun shine, but at least it don't deepen the shit." -- Straiter Empy, in _Riddley_Walker_ by Russell Hoban