Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment: Re: Clickbait (Score 3, Interesting) 128

Allowing unsigned code into the app bundle changes the app bundle and makes the signature invalid. That's how signatures work. The idea here is that a legitimately signed and installed app can then execute code outside the app bundle which will run without additional controls in place.

It depends. If you can add metadata to the bundle without it being detected (a problem that has cropped up with Linux repositories several times) then this is a genuine vuln. If OTOH it's something like "If you install a Python interpreter then you can use that to run arbitrary code that isn't validated by Gatekeeper" then it's a "Code execution results in code execution" issue. In the great tradition of journalists everywhere, the ThreatPost article never provided any links to any original material, so all we have is the writer's interpretation of what's actually going on,

Assuming the previous reply was by the guy who gave the talk, is it online anywhere?

Comment: Re:Won't guard against signed malware (Score 1) 189

by arglebargle_xiv (#49532763) Attached to: Microsoft Announces Device Guard For Windows 10

Hell, some manufacturers like Lenovo even included malware like Superfish on new laptops. Will Deviceguard prevent that from happening?

Nope. Quoting from TFA

The following OEMs are endorsing the use of Device Guard on their Windows 8 certified devices [...] Lenovo.

So you still get SuperPhished, only now it's DeviceGuarded.

Comment: Re:They should be doing the opposite (Score 1) 298

Okay, then artists would release a bunch of shit sequels just to extend copyright. That benefits no one.

How would that differ from current practice, at least in Hollywood? No film franchise is complete until it's had at least two or three shit sequels.

Comment: Re:Back end (Score 1) 77

by arglebargle_xiv (#49532695) Attached to: GCC 5.1 Released

I am more interested in what it produces. Is the produced code fast and correct?

It's sometimes correct. When it's not correct, your bug report that it (for example) produces code that segfaults with -O3 on x86-64 is closed as "by design" because if you stare at the manpage long enough while drunk it could be interpreted as being allowable behaviour under certain circumstances and therefore doesn't need to be fixed.

Comment: Re:People? (Score 0) 77

by arglebargle_xiv (#49532663) Attached to: GCC 5.1 Released

That was my reaction too. "Latest update of bug-ridden, bloated alternative to LLVM released".

(And no, I couldn't give a toss about Apple, I just want a compiler where, for each new release, I don't have to spend a long-tail of several months identifying new compiler bugs and design "features" and adding code workarounds to deal with them).

Comment: Re:Poor Design... (Score 1) 73

by arglebargle_xiv (#49526409) Attached to: Networking Library Bug Breaks HTTPS In ~1,500 iOS Apps

Before you lambast Apple for poor engineering decisions, think carefully about the ramifications of using shared third-party libraries. DLLs have their own problems - hence the well known term "DLL Hell".

Uh, yeah, that was an issue for Windows 3.1 more than twenty years ago. There have been a few advances in dealing with this since then. Using Windows 3.1 engineering issues as an excuse for current bad engineering issues doesn't really cut it.

Comment: Re:Why it did not go further (Score 1) 134

Having heard drunks argue, I can assure you it was not an articulate and well-reasoned discussion. The argument could have been about anything from a favorite phone operating system to a favorite sports team or a favorite color. The fact that they reached for the nearest beer bottle as a weapon is unsurprising.

Good point. I mean, arguing over who has the biggest and resolving the issue with broken bottles is kinda wimpy, nothing like the real arguments we had about serious issues like whether the Amiga was better than the Atari ST, which often came close to armed conflict. I mean, I personally beat some idiot to death with a VIC20 for suggesting that his Commie 64 was better than my IIgs. Now those were real arguments, none of this cellphone woosiness there.

Anyone can hold the helm when the sea is calm. -- Publius Syrus