Follow Slashdot stories on Twitter


Forgot your password?

Comment: Re:Grinch is not a flaw - has no CVE!!! (Score 5, Informative) 116

by jandrese (#48628921) Attached to: Grinch Vulnerability Could Put a Hole In Your Linux Stocking
About 3/4 of the way down the "article" they explained the vulnerability:

To control administrative access, Linux keeps a list of all the registered users on a machine, in a group typically known as “wheel,” who can be granted full root access (usually through the Unix sudo command).

A knowing attacker could get full root access by modifying the wheel group, either directly or by manipulating an adjoining program such as the Polkit graphical interface for setting user permissions, Alert Logic said.

This is patently stupid. Yes, if you give a badguy administrative access, bad things can happen--even if you use a fancy GUI to give the bad guy administrative access. The only thing that is even slightly newsworthy here is that maybe a novice admin won't understand the purpose of the wheel group and could be tricked into giving permissions, but there are a lot of ways you can trick a dumb admin, there's no need to single this one out.

Comment: Re:So stream it... (Score 5, Interesting) 580

by jandrese (#48621733) Attached to: Top Five Theaters Won't Show "The Interview" Sony Cancels Release
Sony should say screw you to North Korea and release the entire movie for free on the internet. Make sure everybody has a chance to see it. Of course they won't because they still have to monetize it somehow, but it would be something to say "we're not going to give in".

Comment: Re:Backups are not secure (Score 1) 173

by jandrese (#48619981) Attached to: Backblaze's 6 TB Hard Drive Face-Off
This is really not a good approach to using public key crypto. The private key shouldn't be on the servers, it should be on the client. I know it's a pain to handle per-file backups and especially deltas when everything is encrypted, but that's the tradeoff for proper security. In fact there's really no need for expensive public key crypto here at all. Just have the client use a cheapish symmetric key (AES256 perhaps) and send only encrypted data to the servers. There's no need at all for the servers to ever have the data in the clear.

Comment: Re:It's just some dipshit with weapons and no hope (Score 1) 876

by jandrese (#48600597) Attached to: Apparent Islamic Terrorism Strikes Sydney
From what information the police have released since then, it looks like you're right on the mark. The guy is a violent nutjob that also happens to be an Iranian Muslem; and he has lived in Australia for almost 20 years now. I doubt he has much connection with Islamic State beyond their chat boards.

Comment: Re:Cosmic Rays (Score 1) 56

by jandrese (#48598519) Attached to: Raspberry Pi In Space
It's really the same mechanism. In one case the high energy rays impart enough energy to charge or drain a gate, and in another high energy rays impart enough energy to break a DNA bond. The parent was talking about being continually hit with enough high energy rays to instantly crash a normal computer, which is well above the amount you need to kill a person.

Comment: Not sure if my problem is related (Score 4, Interesting) 229

by jandrese (#48595859) Attached to: Forbes Blasts Latests Windows 7 Patch as Malware
After the patch my box started complaining endlessly that it was not genuine windows, but when I went to activate Windows page it said I was already activated and just told me all of the great benefits of having genuine Windows and that I should install MS Defender.

It non-activated dialog box wanted me to install some application to double activate it or something? I've had a tough time figuring out exactly what's up with it. The links all point to genuine websites, so it doesn't appear to be malware, but I'll be damned if it's not acting like malware.

Comment: Re:And the #1 option is... (Score 1) 62

by jandrese (#48584109) Attached to: 3D Printer Owner's Network Puts Together Buyer's Guide
The big reason for the huge price drops in the past couple of years is a whole bunch of the patents expiring. At this point the primary limitations to making them cheaper are technical, not legal. This means we shouldn't expect to see the same magnitude of price reduction going forward that we've seen in the recent past. The only area where I expect to see significant movement is on the filament, which still strikes me as overpriced for what it is. It's only a matter of time till some factory in China is spitting that stuff out by the ton and undercutting everybody.

You're already carrying the sphere!