Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment Re:Wait a mintue (Score 1) 272

No, but that's not really the point (actually, all of the others have added additional security features, but they all had sandboxing last year). The point is that Firefox does not implement the core mechanisms for security that the others all had last year (and, mostly, the year before and the year before that too). This makes is uninteresting as a target.

Comment Re:Wait a mintue (Score 1) 272

This is a reliability measure, not a security measure. The process that plugins run with is not sandboxed and runs with ambient authority. It can read every file in the user's home directory and can open arbitrary network connections. If Flash crashes, then it won't crash Firefox (which is a good thing), but if Flash is compromised then it's exactly the same as if Firefox were compromised. In contrast, if Flash is compromised in Safari or Chrome, the attacker has access to a process running with very restricted privileges and an IPC channel to the browser. To do anything useful, the attacker must use the IPC channel to compromise the sandboxed renderer process, then do the same thing again (though likely with a different vulnerability) to compromise the main browser process (the one that runs with ambient authority). You need, at a minimum, three exploits: one in Flash and two in the browser, to get from a malicious Flash app to a user-level compromise in Chrome or Safari. With Firefox, you need just the first one to do the same amount of damage.

Comment Re:What? (Score 1) 272

Now look at the entitlements for that process. It runs without any sandboxing. A crash in the plugin won't crash the browser, but a compromise of that plugin will give enough privileges to attach a debugger to the main process (on OS X the system will prompt for this, because it looks suspicious, but it can still open arbitrary network connections and read every file in your home directory). Reliability and security often have similar mechanisms, but don't confuse one for the other.

Comment Re:Less than zero is a valid timestamp (Score 1) 160

Just adding that the platform-dependent units used by mach_absolute_time are tiny. Nanoseconds on some systems, based on the processor or motherboard clock speed on others. GCD use 64 bit nanoseconds, NSDate uses double precision seconds since some reference date which is _not_ 1970; I think 2001 or something like that. Very easy to use with microsecond resolution for the next +/- 200 years.

Comment Re:Bullshit headline, it doesn't work. (Score 1) 160

Its also bullshit on iOS 9.2.1.

That's the clever thing about the story; nobody will be willing to check it.

On the other hand, it has been reported that the problem isn't setting the time to Midnight Jan 1st 1970. The problem is setting that time for example in the USA, because in the USA you set the time to some hours _earlier_ in UTC. And these reports say that the problem fixes itself when the time goes into positive time UTC (in Los Angeles you might have to wait nine hours). And _I_ am not going to check if this is true.

Comment Re:Oh, baloney (Score 1) 571

Or some idiot drives into a lake or down a jogging trail because he or she is just TOO STUPID to understand that they're not driving on a road anymore.

I once was told by my SatNav to drive into a lake. There is a lake, an island in the lake with a major tourist attraction, a ferry, and the road goes straight to the like so you can drive onto the ferry (and you need to have some good reason to do so because car traffic is normally not allowed on that island).

I actually drove past the car park 150m away from the lake before I spotted the end of the road. In the dark you could easily drive into the lake without being a complete idiot (a bit stupid and careless, but not a complete idiot).

Comment Re:Someone, please make my dream come true (Score 1) 571

For YEARS, I've hoped for GPS software that had three features:

4. Find a petrol station along my way with the smallest possible detour. TomTom finds the nearest, but that might be two miles away which means four miles detour. But 20 miles further there might be one just along the way.

5. Find the "cheapest" route, taking into account wear on the car, fuel, and my time.

Comment Re:Wait a mintue (Score 4, Informative) 272

The former. All modern browsers except Firefox have decomposed their browser into multiple processes, so that a compromise from one site will only gain control over an unprivileged (i.e. isolated from other stuff the user cares about) process. They also run plugins in separate processes and have fairly narrow communication paths between them. Firefox is still a massive monolithic process, including all add-ons, plugins, and so on.

This basically means that you just need one arbitrary code execution vulnerability in Firefox and it's game over. In contrast, if you have the same in Chrome, Edge, or Safari, then it's just the first step - you now have an environment where you can run arbitrary exploit code, but you can't make (most) system calls and you have to find another exploit to escape from the sandbox. Typical Chrome compromises are the result of chaining half a dozen vulnerabilities together.

Comment Re:This is a big bitchslap to Mozilla (Score 4, Interesting) 272

It also scales based on processor resources. They hit serious TLB scalability issues at around 17 processes (varies a bit between CPUs, in some systems - particularly mobile - you'll hit RAM limits sooner), so if you have more tabs open than this, you will start having multiple independent sites share the same renderer process.

Comment Re:tom (Score 1) 119

Typically not to end users though. Microsoft sold the BASIC that computer vendors (including Apple) burned into ROM. Microsoft QuickBASIC for DOS contained a compiler that could produce stand-alone .exe or .com binaries, though the free QBASIC that they bundled with DOS 5 and later was a cut-down version that only included the interpreter.

Comment Re:Turing Evolved (Score 2) 213

Robots don't feel those emotions, and have committed no massacres on that scale. I trust robots more than I trust humans.

Do you trust a gun? Do you trust a bomb? Of course not, because the concept is meaningless: neither will cause harm without instructions from a human. Both can magnify the amount of harm that a human can do. Autonomous weapons, of which landmines are the simplest possible case, expand both the quantity that a person can do harm and the time over which they can do it.

During the cold war, there were at least two incidents where humans refused to follow legitimate orders to launch nuclear weapons - in either case, the likely outcome of following the orders would have been the deaths of many millions. The worst atrocities of the second world war were caused by people 'just following orders'. And you think that it's a good idea to remove the part of the chain of command capable of disobeying orders.

Slashdot Top Deals

Writing software is more fun than working.