Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

+ - Serious Network Function Vulnerability Found In Glibc 1

Submitted by Anonymous Coward
An anonymous reader writes "A very serious security problem has been found and patched in the GNU C Library (Glibc). A heap-based buffer overflow was found in __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to make an application call to either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the program. The vulnerability is easy to trigger as gethostbyname() can be called remotely for applications that do any kind of DNS resolving within the code. Qualys, who discovered the vulnerability (nicknamed "Ghost") during a code audit, wrote a mailing list entry with more details, including in-depth analysis and exploit vectors."

+ - Koch Brothers Budget $889 Million for 2016 Election

Submitted by HughPickens.com
HughPickens.com (3830033) writes "Nicholas Confessore reports at the NYT that the Koch Brothers and their political network plan to spend close to $900 million in the 2016 election, an unparalleled effort by coordinated outside groups to shape a presidential election that is already on track to be the most expensive in history. The group’s budget reflects the rising ambition and expanded reach of the Koch operation, which has sought to distinguish itself from other outside groups by emphasizing the role of donors over consultants and political operatives. Hundreds of conservative donors recruited by the Kochs gathered over the weekend for three days of issue seminars, strategy sessions and mingling with rising elected officials. These donors represent the largest concentration of political money outside the party establishment, one that has achieved enormous power in Republican circles in recent years. “It’s no wonder the candidates show up when the Koch brothers call,” says David Axelrod, a former senior adviser to Mr. Obama. “That’s exponentially more money than any party organization will spend. In many ways, they have superseded the party.”

Espousing a political worldview that protects free speech and individual and property rights with equal protection for everyone under the law Koch says: “It is up to us. Making this vision a reality will require more than a financial commitment. It requires making it a central part of our lives.” Told of the $889 million goal, Mark McKinnon, a veteran GOP operative who has worked to rally Republican support to reduce the role of money in politics, quipped: “For that kind of money, you could buy yourself a president. Oh, right. That’s the point.”"

Comment: Porting (Score 3, Insightful) 241

by gmuslera (#48854873) Attached to: Could Tizen Be the Next Android?

If they want to have a chance, they must not have just bundled with a few new phones. It should have good enough ports for other samsung devices (even done officially by samsung) and open enough devices from other major manufacturers. They need to build a critical mass of actual users and a community behind it. And need to be very open. If they want (or must do, if done by another company) may keep some key part (i.e. optional android compatibility app/libraries) as what they sell or license of it and is not fully open source, but the rest should be.

Meego/Maemo failed mostly because it was available mostly on one particular device from one particular manufacturer. They could learn the lesson this time.

Comment: Missing (Score 4, Interesting) 245

by gmuslera (#48801089) Attached to: PHP vs. Node.js: the Battle For Developer Mind Share

PHP is far more available in cheap hosting solutions. The apps are simpler to deploy (simply put them along your static html files in a web server that supports its extension), and simple apps are simpler in php. The ecosystem around was not touched in the review, Compose vs npm, joyent vs the community behind php, the future of both platforms.

In the other hand, PHP is (or at least, used to be recently enough) a fractal of bad design

Comment: What happens if i cut this red wire? (Score 1) 319

by gmuslera (#48769917) Attached to: How Close Are We To Engineering the Climate?

Scientists that had their lives dedicated to the study of climate and consequences still getting surprised by some of the newly discovered consequences of global warming. Tinkering with a very complex system that you don't understand could have even worse or more urgent consequences than the original problem you were trying to solve. And if you make big mistakes there you not only lose the future of mankind, but also all the past.

Whats wrong with solving it in the plain, simple, ordered and pretty studied solution of diminishing our influence in the change?

Comment: Re:ROI (Score 1) 287

by gmuslera (#48744167) Attached to: Should We Be Content With Our Paltry Space Program?
Not sure whats new will come, what new technologies will be enabled, what new discoveries will be made, whatever that comes from this that will be integral part of our future lives. But we know the past, the ROI of what already invested is still coming. That is the math that should be used, including the big part of it that impacted defense. How would be the world without any of it?

Comment: ROI (Score 3, Insightful) 287

by gmuslera (#48744127) Attached to: Should We Be Content With Our Paltry Space Program?

Maybe they should be aware of how much they got back from the investment. Just going to orbit, not landing elsewhere, the impact on everyone's life is all around, from weather/climate prediction to GPSs on phones. And maybe some activities that would have even more impact on our everyday life (zero-g manufacturing/alloys made from captured asteroids?) need more funds to be able to be done. And if well things in the space could give obvious returns, reaching other planets could get us unexpected yet (or only suspected) benefits.

Landing elsewhere and planting a flag is nice as a symbol, but things that have economic return may sustain a complex space program a bit better.

Of course, there are things that may end having infinite ROI, if by standing there we could avoid the end of mankind (detecting threats and avoiding them, or at least having a backup copy elsewhere). Delaying it till is too late will be much more expensive than doing it now.

The shortest distance between two points is under construction. -- Noelie Alito

Working...