You really have to wonder what's going on behind the scenes in some of the database-backed apps that we interact with daily. There are plenty of PHP monkeys that concat SQL to parameters. But there are plenty of others that have just never thought about locking. Or have it wrong. There are subtle concurrency bugs all over the place - the database usually handles it well enough that many developers just never catch on.
Not to mention that with RDP, you can start a session locally and reconnect remotely. Anyone local will see a lock screen. If you start a remote session and unlock locally, your remote session is right there. You can't do this with X or VNC.
Native USians have no idea how their news and movies (those that made it to other countries) portray their own country to the world.
It's exceptionally bad here, to be sure.
I live in Texas. I've never been comfortable driving, and wouldn't trust myself behind the wheel - thankfully, I never have the need to, thanks to friends and family, etc. But I have a drivers license! Who doesn't? It's assumed that you'll have a license and a license#.
When I was 16, I got a license just to have it. I'd need it for purposes of a 'de-facto national id card' anyway. In Texas, there's this interesting 'parent taught' program by which a teen can learn to drive with his or her parents, instead of taking drivers ed in school or some other approved program. Completion of the program required some number of behind the wheel hours and a number of hours of classroom "green means go" hours. Under this program, I got a learners permit in under a week (for the classroom hours theoretically completed) and a license in something like 6 months. It was purely on the honor system. Even better, when graduating to a 'real' license, I didn't even need to take a driving test. There was a checkbox for the parent to waive the test. That's good, because I couldn't have passed one. I certainly couldn't now.
Had I waited a few years, I probably would have never obtained a license. The driving test would be mandatory at 18. Ah, rules.
There's actually a nearly identical 'id card' you can get, with identical paperwork up front, just no driving test. But why? I could just get a drivers license at minor inconvenience. Just in case, or something.
So here I am today, licensed to drive. Every year my insurance rates (were I to ever need to purchase it) tick down - older and wiser apparently, despite never driving. Licenses here just double as a small tax and a national ID. No wonder so few can actually drive.
Anything related to the UI sucks hard. App internals are fine. Wny didn't they adopt Qt for widgets? WHY?
It's a very strange trend to me.
Tab processes must have some way to access global data and state. A shared memory approach is quite likely. So now, instead of a tab crash directly bringing down others, you just hope that nothing scary happens to the shared memory area. You also hope that your "crash" isn't some other failure like a deadlock - suddenly everything else hangs trying to get the mutex for the global bits? What if a plugin gets exploited in just one tab? Then the exploit code can use its unsandboxed state to fuck you over just like normal?
Maybe they'll use some kind of messaging passing instead. Blazing fast I'm sure.
What do we gain here? Less crashing due to shoddy code? A huge chunk of such flaws end up being exploitable. We get more overhead and marginal security/stability benefit as a band-aid for not using a language that is at least a bit provable.
Here, take these pills.
I'll come visit in a few weeks
Look, guys. Got to face this sometime.
America just isn't as young as it used to be.
Forty years ago? Sure. We could get a rocket up, in little time at all. And though we'll certainly never forget that first time - we were ready to go again just a few short years later.
But face the facts, people. The country isn't a spry 193 anymore. Let's just have hope that NASA is trying its best, Although its worrisome that the launch date doesn't seem very firm, just keep in mind - nothing would be worse than a premature launch.
We don't intend to disappoint.
Why the fuck is this on Slashdot?
The fact that buffer overflows are even still possible is rather silly.
It's even sillier that a user's processes are allowed to run rampant with his or her privileges.
You can't. But then again, you can't really trust the pre-flashed chip as it came from the scary third world country either.
If you're feeling frisky, you can reflash in the hope that you've exceeded the sophistication of anything in the wild.
It's a little sad that you managed to interpret it that way. I'll chalk it up to some level of localized prejudice - a unique flavor, in fact. I still haven't figured it out after several searches.
Giving an unknown piece of software admin rights is stupid. We can't fix that.
Giving an unknown piece of software user rights is still REALLY GODDAMN DANGEROUS for no legitimate reason. Modern operating systems still don't sandbox processes - we sandbox users. Instead of coming up with something _new_, we take concepts originally from giant, multiuser, sysadmin-controlled machines and put them on your mom's laptop.
All of the major operating systems in use to day adopt the unix-y model of multiple users, isolated from one another. Who cares if a user program does something stupid and nukes a document? That's their problem, the other users are fine. Well, at some point we decided that personal computers needed Real Operating Systems(tm) too, so memory protection and multiple user support is to be expected. A vanilla OSX, Linux, or Windows install has several user accounts, a number of which are for various background services. Hey nifty idea - if you give a process like Apache its own user account, it's a bit more isolated! That's kind of nice. But Firefox has _my_ privileges. Pidgin has my privs. Hell, that windows app I'm running in Wine has my privs. A process is the user running it, huh...that doesn't make sense on the desktop.
Grandma should be able to run Conficker.exe and punch every monkey that she sees. The fact that a process can access my personal files (without going through a privileged file chooser) or intercept keystrokes, or just about anything else.
Processes aren't their users. We need to protect users from processes as much as users from each other.
It's a fucking sad state of affairs. Is our solution really to keep using virus scanners and bitch online about stupid non-expert users clicking things or plugging in a network cable? Are we going to keep hiding behind some cop-out biology analogy of an 'immune system' instead of fixing a fundamentally broken security model?