Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment: Re:If it's accessing your X server, it's elevated (Score 1) 349

by RightwingNutjob (#48926125) Attached to: Why Screen Lockers On X11 Cannot Be Secure
Here's the problem: if you care about security to the point where screen locks are serious business, you've gotten yourself into a contradictory set of requirements: both trusted and untrusted users have physical access to and execution priveleges on a terminal. If you really suspect that your users are untrustworthy enough to steal credentials in this way, the answer is to not have a screenlock at all but to push the security barrier further into the system. The terminal is dumb and has no security model, but to access and/or interact with your proprietary information, the user types credentials into your own custom coded application or web form through a browser and it logs him out after N minutes and requires reentry of the credentials. He's not allowed to run any code on your system, and all the directories, executables and shell scripts that are run in the course of interactring with the terminal are marked 755 or 744 as appropriate so that he can't modify them, and the tmp dir resides in a ramdisk that gets wiped between sessions. Then it doesn't matter if everything is permitted over the X11 protocol, because there is no way to spoof anything from that untrusted terminal. Physical security goes a long way in obviating risks from software vulnerabilities, where practical. And if the data being guarded is sufficiently important, it will be made to be perceived as practical.

Comment: Re:I think the thing being missed here (Score 1) 300

by RightwingNutjob (#48742139) Attached to: Why We're Not Going To See Sub-orbital Airliners
Depends on who I am. If two days of my time wasted on travel costs more than the price difference, I'd definitely pay. If it's less, but not too much less, I'd pay. If its work that only I can do and it needs to be done sooner rather than later, there's no good way to put a dollar amount on it, but I'd probably pay. If it's just for me and not my company and I can afford to blow an extra 10k to treat myself, I might pay. And it depends on the savings. If 7hrs to Europe gets cut down to 1 hr and 15 hours to Asia gets cut down to 1 hr 30 minutes, people would pay even when it's a financial looser, because even if you don't charge/make 500/hr, you might still hate flying enough to eat the cost difference anyway.

Comment: Re: 2% is nothing (Score 1) 121

by RightwingNutjob (#48569989) Attached to: NASA Gets 2% Boost To Science Budget
The other part of the problem is that the air force acquisitions is run by accountants and scientists, not engineers or combat pilots. And one of the things that you don't learn as a scientist or an accountant, or even as a combat pilot, is the hidden cost and complexity of doing two things with one aircraft by "fixing it with software," as opposed to the upfront cost building two types of aircraft. It's a serious problem, and it leads to bad acquisitions decisions, not just for planes. That said, having new F-35s that can do more of some things isn't necessarily a bad thing.

Comment: Thoughtstuff is a nonlinear space (Score 2) 205

by RightwingNutjob (#48552619) Attached to: The Failed Economics of Our Software Commons
Software is thought-stuff as Brooks famously put it, and it lives in a multidimensional nonlinear space. Just because two programmers are implementing the same thing sitting next door to each other doesn't always mean they're mucking in the darkness, looking for a great software sage to show them how to write reusable code. Maybe one of them is coding for speed, the other for memory footprint, and the third for prettyness. You can't have one set of libraries do all three for you without effectively implementing it three times and giving them each the option. Just because software looks close, doesn't always mean there's a short path to get it to where you need it.

"Free markets select for winning solutions." -- Eric S. Raymond

Working...