Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

+ - Valve's Economist Yanis Varoufakis Appointed Greece's Finance Minister->

Submitted by eldavojohn
eldavojohn (898314) writes "A turnover in the Greek government resulted from recent snap elections placing SYRIZA (Coalition of the Radical Left) in power — just shy of an outright majority by two seats. Atheist and youngest Prime Minister in Greek history since 1865 Alexis Tsipras has been appointed the new prime minister and begun taking immediate drastic steps against the recent austerity laws put in place by prior administrations. One such step has been to appoint Valve's economist Yanis Varoufakis to position of Finance Minister of Greece. For the past three years Varoufakis has been working at Steam to analyze and improve the Steam Market but now has the opportunity to improve one of the most troubled economies in the world."
Link to Original Source

Comment: Rumor: Fox Is Planning an X-Files Revival (Score 1) 446

by eldavojohn (#48904215) Attached to: Best 1990s Sci-fi show?
In the news recently are rumors that Carter, Anderson and Duchovny will reunite for new X-Files episodes. Fox has sorta confirmed this.

I own all the DVDs, a couple years ago I rewatched them. I may come off as a rabid fan at times but the background music was atrociously horrid. Also the story arc plot became overly convoluted and impossible to explain at times. That said, one of the most convoluted characters (Krycek) was my favorite. Aside from several minor valid criticisms like that, I really think it's a great platform for modern storytelling.

I do have to ask myself, at times, if there is some level of insane conspiracy theory today that we owe at least in part to those people watching X-Files when younger. I have to admit that the 9/11 inside job truthers movement claims could have been ripped from the pages of an X-Files script.

My biggest concern, of course, is whether or not it could still be fresh. With recent high quality additions to television canon, we'd have to be prepared for Chris Carter coming back at us with a 90's angle when episodes like Home really aren't as shocking anymore. The bar has been raised (thankfully).

Right now, The X-Files is going to occupy a contextual place in television history like The Twilight Zone. A revival could very well tarnish that. On the other hand, I've never felt like I really received closure on the whole story arc ...

Comment: Re:What an idiot (Score 1) 180

According to a referenced article on the link above, he got a lot of help from a Comp Sci friend, in setting up the site - but the guy doing it wasn't fully involved - just giving bits of code and advice. So it's conceivable he knew enough and had enough help to get the site running - but didn't think through all the elements of what he was doing, properly.

It seems he told his GF, who later broke up with him and told her friends... one of whom posted on his Facebook page: "I’m sure the authorities would be interested in your drug-running site".

Comment: Re:not great, but probably not very important eith (Score 1) 105

by benjymouse (#48786493) Attached to: Sloppy File Permissions Make Red Star OS Vulnerable

Some alternatives sound nice but fail horrificly when the come in contact with people, especially the ones that let any people within a group grant access to others with zero oversight.

An access control system where everyone (with access?) can grant access to others sounds bad. However, I don't think that's the only alternative to me-us-everyone rwx. In fact, I don't know that such a system that exists at all. You usually needs to be the owner of a resource (or in the "owners" group) to grant privileges in a DAC system. Some systems also allows owners to grant specific rights on the security attributes to non-owners - i.e. the right to grant access.

Within a short period of time with such a "everyone can grant or deny access" scheme you end up with almost everything wide open

How about a system where only owners or designated security administrators can grant/deny access? The issue here was that a developer *wanted* access to a file from a non-owner and non-group member account. Lacking finer grained ACLs, that leaves only "everyone".

It sounds like you believe that discretionary access control (DAC) is the alternative to Unix filesystem permissions. It's not. Unix filesystem permissions is itself a DAC system, albeit a very limited one. DAC only means that the owner of a resource (or a designated security administrator of a resource) can grant access to others. Because the creator of a file is often considered the owner, creators can often grant access to whom they choose.

However, if a user has been granted "read" access to a resource he can usually not grant it to someone else, unless he is the owner. Do you know of a system where, by default, you can grant the same permissions that you have been granted?

Comment: Re:not great, but probably not very important eith (Score 2, Informative) 105

by benjymouse (#48786099) Attached to: Sloppy File Permissions Make Red Star OS Vulnerable

This kind of exploit, a local privilege escalation exploit, used to be very significant, but is significant in a declining number of cases, as old-style Unix multiuser systems are a smaller and smaller proportion of systems.

An attacker who has exploited a Firefox vulnerability (there are still many found and patched each month) is running as a *local user* on your machine. Trying to explain these types of vulnerabilities away is disingenuous, if not downright complacent.

Unix/Linuxs permission system is 70-era bit-saving stupid. There is no other way to put it.

While this is clearly a mistake by someone packaging the distro, they were certainly not helped by a system where you cannot adequately express permissions. ACLs are available, but they are still kludges and they fell like a bolt-on with many tools still not recognizing them.

When a developer meets the limit of what can be expressed with a single-group me-us-everybody, he will often look for the path of least resistance. Unfortunately that is often relaxing permissions along the coarse-grained me-us-everyone, often ending up with everyone as in this case.

+ - Seismological Society of America Claims Fracking Reactivated Ohio Fault-> 1

Submitted by eldavojohn
eldavojohn (898314) writes "There have been suspicions that fracking has caused minor earthquakes in Ohio but last year seismic data recorded by the Earthscope Transportable Array was analyzed by the Seismological Society of America using template matching and has resulted in a new publication and press release making the statement that Hilcorp Energy's fracking in Poland Township in March of 2014 "did not create a new fault, rather it activated one that we didn’t know about prior to the seismic activity." The earthquakes occurred in the Precambrian basement and lead the researchers to posit that further unknown faults may be activated by fracking. The press release ends with urging for "close cooperation among government, industry and the scientific community as hydraulic fracturing operations expand in areas where there’s the potential for unknown pre-existing faults.""
Link to Original Source

Comment: Early Soviet Computing? (Score 4, Interesting) 80

by eldavojohn (#48738403) Attached to: Interviews: Ask Alexander Stepanov and Daniel E. Rose a Question
Alexander Stepanov, I have never had a chance to ask someone as qualified as you about this topic. I grew up on the opposite side of the Iron Curtain and have constantly wondered if (surely there must have been) alternative computing solutions developed in the USSR prior to Elbrus and SPARC. So my question is whether or not you know of any hardware or instruction set alternatives that died on the vine or were never mass fabricated in Soviet times? I don't expect to you to reveal some super advanced or future predicting instruction set but it has always disturbed me that these things aren't documented somewhere -- as you likely know failures can provide more fruit than successes. Failing that, could you offer us any tails of early computing that only seem to run in Russian circles?

If you can suggest references (preferably in English) I would be most appreciative. I know of only one book and it seems to be a singular point of view.

Comment: Re:CryptoWall (Score 1) 463

by benjymouse (#48733661) Attached to: Writer: How My Mom Got Hacked

Incremental is the worst system for restoring. Needing the last full and *all* backups since the last full. Differential is better in that you need the last full and *one* differential. What I think you really mean is versioned backups (not over-written). You can restore from Tuesday's backup (whether full, differential, or incremental is irrelevant), and Tuesday's won't be wiped when Wednesday's is written.

Windows Image backup does *reverse* incremental: An image of the disk is stored as a vhd (virtual hard drive) along with reverse increments so that previous versions can be created. You can attach the vhd and use the "previous versions" feature to go back in time.

Portables (Apple)

Putting a MacBook Pro In the Oven To Fix It 304

Posted by Soulskill
from the tales-from-the-IT-kitchen dept.
An anonymous reader writes: A post at iFixit explains how one user with a failing MacBook Pro fixed it by baking it in the oven. The device had overheating issues for months, reaching temperatures over 100 C. When it finally died, some research suggested the extreme heat caused the logic board to flex and break the solder connections. The solution was to simply reflow the solder, but that's hard to do with a MBP. "Instead, I cracked open the back of my laptop, disconnected all eleven connectors and three heat sinks from the logic board, and turned the oven up to 340 F. I put my $900 part on a cookie sheet and baked it for seven nerve-wracking minutes. After it cooled, I reapplied thermal paste, put it all back together, and cheered when it booted. It ran great for the next eight months." The laptop failed again, and another brief vacation into the oven got it running once more.

Comment: Re:How to mitigate similar UDP port DDOS attack (Score 1) 49

by Gumbercules!! (#48679449) Attached to: Rackspace Restored After DDOS Takes Out DNS
I don't see how throttling works in a UDP reflection attack, from the perspective of the intended target? Sure you can throttle the number of requests per minute you answer from your DNS server - but if someone is requesting DNS packets from you, you're not likely the target (so it works for you, the DNS server owner but doesn't help the attack victim, in short, unless every DNS server does it - and there's a hell of a lot of IPs in the open resolver project).

What's far more likely is that they'd be using one of the multitudes of locations that allows spoofed IP addresses, and then requesting a 50x amplified DNS dump from you back to a spoofed address - and that address it the real target. Plus they'd be hitting up 100 other DNS servers at the same time.

Collectively, that spoofed IP address can be made to cop a 100gbps attack with virtually no effort and then those poor bastards basically can't do a thing about it. They can throttle or firewall anything they like but unless their router and pipe can handle 100gbps - and chances are it can't - they're screwed.

Comment: Re:How to mitigate similar UDP port DDOS attack (Score 1) 49

by Gumbercules!! (#48674513) Attached to: Rackspace Restored After DDOS Takes Out DNS
People generally use UDP because it doesn't require a handshake and the amplification attacks are generally UDP (time server or DNS server amplification attacks can go as high as 200x - i.e. you can send 1mb outbound and get 200mb back; so with address spoofing, it's easy to overwhelm someone with such an attack).

What can you do about it to protect yourself? Stuff all, I am afraid. At the end of the day, if you cop a 100gbps attack on a 100mbps pipe, it's game over, no matter what you try to pull. All you can do is beg for help upstream, where someone can handle that traffic.

If you're talking about websites, I guess CloudFlare would help - and it's basically free (and no, I don't work for them or have any association with them) but that pretty much only works for websites, I think - not other services.

Comment: Meanwhile, in Western Australia (Score 1) 110

by Gumbercules!! (#48672193) Attached to: US Internet Offers 10Gbps Fiber In Minneapolis
...we just write out the individual bits on a post it note, throw it out the window and let the wind blow it to the nearest exchange, where trained koalas use 1800's era telegraph equipment to re-encode the traffic onto the Internet, for us. Because that's faster than the best Internet most of us will ever see.

The unfacts, did we have them, are too imprecisely few to warrant our certitude.