Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:You're welcome (Score 4, Informative) 129 129

Some folks were asking how this works, so here goes:

newgrp is a UNIX utility that executes a shell with a new group ID (UNIX specification page: http://pubs.opengroup.org/onli...). This requires root permission since it can change the group ID to one outside the current shell's group list (e.g. to any group in the uid's group list). Therefore, newgrp is a setuid root application which launches a shell.

DYLD_PRINT_TO_FILE is a dyld (OS X dynamic linker) environment variable that tells dyld where to print debugging information. Ordinarily, dyld supports a large number of debugging options to facilitate debugging shared libraries and to allow neat tricks like DYLD_INSERT_LIBRARIES (equivalent to LD_PRELOAD on Linux). When dyld sees this environment variable, it opens a new file descriptor connected to the specified file. Since fds 0,1,2 are already connected to stdin, stdout and stderr, the file is opened as fd 3.

Notably, since newgrp starts as root, the file is opened using root's permissions, even though newgrp later drops privileges to spawn the shell.

Because DYLD_ environment variables can modify a program's behaviour in unexpected ways, they are usually deleted or sanitized prior to running setuid programs (because otherwise an unprivileged attacker could cause a setuid program to misbehave, exactly as in this exploit). Apple clearly forgot to sanitize the new DYLD_PRINT_TO_FILE when shipping Yosemite, opening this particular flaw up.

Finally, the (outer) echo command tells the subshell spawned by newgrp to execute the (inner) echo command, which outputs the string "$(whoami) ALL=(ALL) NOPASSWD:ALL" into fd 3, which (due to the DYLD_PRINT_TO_FILE variable) is /etc/sudoers. This line tells sudo that *any* account is allowed sudo access, and that no password is required to use sudo.

The subshell then exits (no more commands to run), and the final command "sudo -s" executes. Since sudo no longer requires a password, and all accounts can use sudo, "sudo -s" just immediately opens a root shell without prompting.

Comment Re:This guy hasn't done his research. (Score 2) 648 648

Efficiency needs to count programmer time, too. From watching first-year programmers in University struggle with C, to watching seasoned programmers struggle with C, I can assure you that Python wins on programmer efficiency. I've used C longer than I've used Python (~16 years for C, ~13 years for Python), so I am definitely comfortable with both, but I now use Python for virtually all general-purpose programming.

Even when CPU cycles count, I will usually prototype in Python to get all the algorithmic details right before porting to C. Often I won't even port the whole program; a number of my recent projects have had C routines called from Python front-end code (so that the front-end can handle stuff like HTTP requests, text parsing, response formatting and the like).

Finally, libraries like NumPy and Sage are taking Python beyond mere scripting and into the realm of serious scientific programming. It is now possible to write and use complex computer vision algorithms, mathematical algorithms, and heavy-duty number crunching (like MATLAB) in Python, meaning that a good amount of scientific computing is starting to be done with Python instead of more traditional languages like Perl, MATLAB or Java.

Comment Re:instant disqualification (Score 1) 648 648

Your vbnc was last updated in 2010, and targets Visual Basic .NET 8, which was released with Visual Studio 2005. The VBNC compiler has not had any significant updates since 2011.

Visual Basic .NET is now on version 12. vbnc is horribly behind, and it does not appear to be actively supported. If your instructor were to use any newer language features, such as lambdas, iterators or asynchronous programming, you would not be able to use VBNC to compile that code and would probably have to resort to using Windows somehow.

On the flipside, Python now comes standard with most Linux distributions, and is standard with Mac OS X. It's very simple to install on Windows and even comes with a bare-bones IDE for editing code. In every respect, it is easier to get started using Python than to start using VB .NET, especially on non-Windows platforms.

Comment This guy hasn't done his research. (Score 5, Insightful) 648 648

I understand the popularity at the moment of the Python, however this language is also based on the C language. When it comes to more complex constructs Python cannot do them and I would be forced to rely on C.

It's pretty obvious that this guy hasn't done his research. This is a very ignorant statement about both Python and C in general.

I'd love to see *any* "complex construct" that C can do, that Python cannot do in a general computer science/algorithm sense.

Comment Metal (Score 3, Interesting) 411 411

One of the updates that folks seem to have overlooked is Metal, Apple's upcoming replacement for OpenGL.

While I think Apple is likely to continue supporting OpenGL for the foreseeable future, it's somewhat worrying that they've decided to just build a brand-new graphics library. It represents a refocusing of their optimization efforts, certainly, so in the future I would expect devs to have to use Metal in order to obtain decent graphics performance. This in turn will make development even harder, especially for cross-platform shops which expect OpenGL to work reasonably well in all environments...

Comment Re:Falling through cases is quite useful at times (Score 1) 411 411

Defaults should be sane, and optimized for the common case. Fall-through-by-default is not the common case, it's the exceptional case. Because C chose fall-through-by-default, programmers are penalized for the much more common case of no-fall-through by having to type "break;" at the end of every frickin' case statement.

Because of this, common C practice is to annotate intentional fall-through statements with a comment, like so:

switch(expr) {
    case superset:
/* superset code ...*/
    case base:
/* base code ...*/

So, guess what Swift does? That's right, an explicit fallthrough keyword, which you can apply to get the uncommon (but, as you noted, occasionally useful) fallthrough behaviour. This is both wonderfully self-documenting, and eliminates the need for break in the common case. Switch statements in Swift are shorter and safer as a result. (Also, their use of Lisp/Scheme/...-esque matching semantics for switch is a nice touch, as are the genericized Enums...but that's a story for later).

Comment Re:Not all C libraries release the GIL (Score 1) 196 196

Any C library can touch Python objects any time it likes, by nature of being linked to the Python C-API. However, you can only safely access Python objects while holding the GIL. CPython libraries are entered into with the GIL held (otherwise you couldn't even interact with the arguments given to the function), and they may decide to release the GIL some time later (and promise not to touch the Python API while the GIL is not held).

*Many* CPython release the GIL during operations that may be long-running, so you get the illusion that basically any long-running C operation releases the GIL.

PIL not releasing the GIL should be construed a bug in this case.


Submission + - CMU Researcher Creates an Acoustic QR Code->

Hesh writes: "Robert Xiao at CMU has created an acoustic equivalent of a QR code, by patterning notches into materials like plastic, glass, and stone. They are lower resolution, but could be much smaller and overall less invasive. " You can find out more details here: http://hackaday.com/2012/10/11/acoustic-barcodes-deliver-data-with-a-fingernail-and-microphone/ and see a video of it in action here: http://www.youtube.com/watch?v=NB_UoJGd5-E
Link to Original Source

Submission + - SNL skewers reviewers/tech journalists in iPhone 5 skit->

alphadogg writes: Saturday Night Live this weekend skewered tech journalists’ for their whining about iPhone 5 shortcomings, with a skit featuring a trio of Chinese factory workers answering their critics and besting them. The skit, featuring guest star Christina Applegate as host of the Tech Talk show, examines the Apple iPhone 5’s “plethora of glitches and design flaws” with a panel of tech journalists from Cnet, Gizmodo and Wired. The host then brings on three “peasant workers” from the Chinese factory where the iPhone 5 was built in an effort to put the journalists’ complaints into broader perspective. Hilarity ensues....
Link to Original Source

Submission + - The China Question->

CowboyRobot writes: "Last week the U.S. Congress recommended that Chinese firms Huawei and ZTE should be barred from the U.S. in the name of domestic cyber security. The proposed threat is that Chinese-made hardware may contain "Manchurian candidate" spyware that could allow the People's Liberation Army to get access to sensitive networks in the U.S., Europe, and elsewhere. Politicians will debate the effect on trade that this threat could cause, but what can network managers do about it? But what does that mean for everyone else? Remember that malware "can be seeded in infrastructure such as switches, servers and routers before they're ever turned over to a customer. Also, you should not have blind faith in your vendor, who may be if not malicious, at least ignorant of security issues. And remember that suspicion and vigilance are not the same thing, nor exclusive of each other."
Link to Original Source

Comment Re:Python is pretty decent, I only have two concer (Score 2) 65 65

If you're feeling *particularly* devious, you can use a little-known Python feature called "for-else" (also "while-else") which allows you to tag "else" clauses onto for loops. Such a clause executes only if the loop runs to completion 'naturally' (i.e. if no break or exception happens within the loop block).

As a relatively obscure language feature, using it might make your code harder to read. It can help make a multilevel break (chained "else: continue; break" snippets at the end of loops), and reduces the number of flag tests and sentinels you need to do (e.g. a linear search, wherein the "else" case simply contains the if-not-found logic).

There are other alternatives to multi-level break: exceptions can break out of any number of loops until they reach an appropriate handler block, and function returns can always break out of any loop up to the top of the function.

As for switch/case: In C, they were basically a thin wrapper around jump tables for most switches (e.g. enums, small integers, duff's device, etc.). Python's preferred alternatives are key-value dictionaries (hashtables) or if/elif cascades. The former is very easy to setup and manipulate in Python (e.g. {1: 'spam', 2: 'eggs', 3: 'ham'}), unlike in C or C++. The latter is far more flexible than switch/case (e.g. being able to test ranges of values with "A <= x <= B" queries, test for multiple values with "x in (A, B, C)", or do arbitrary tests like "x.isspace()"), while avoiding the complexity of an entirely new language construct.

Finally, goto exists in Python as a third-party module. Go ahead, try it: it really works!

Comment Re:Reminds me of an old RPS contest... (Score 1) 225 225

This implementation is not infeasible even when the players run in separate processes. I can observe your rand() state through the moves you make, and provided the remainder of the argument is the same (seeded with system time at the start of the match, simple RNG processing to derive a move), I can simply play randomly for the first 30 rounds (3^30 > 2^32) and observe your state. If I can come up with a set of RNG parameters (time-based seed, rand algorithm, sequence offset, processing strategy) that outputs your move sequence, then I can still beat your bot with a slightly worse win record. It takes 30 times more computational power, so about 180000 possibilities, but it's still tractable.

Comment Re:Reminds me of an old RPS contest... (Score 1) 225 225

Suck is relative. I was implying they sucked according to GP's definition, which was that a "good" algorithm would require lots of data & computation time to beat. I would agree that they don't suck for their intended purpose (simple, fast, reasonably random, repeatable numbers). However, rand() does get (mis)used in a lot of contexts (especially security-conscious ones, or applications vulnerable to algorithmic complexity attacks) where it should not be used.

I should mention, though, that even in cases where it "shouldn't" matter, a weak rand() enables attacks on systems that should otherwise behave randomly. For example, many games (as you mention) use very simple implementations of rand(); such simple implementations also allow particularly hard-core gamers to abuse the system and earn much higher rewards (stat boosts, attack rolls, random encounters, etc.) than they ought to. Heck, there's an entire subcommunity of Pokémon game players dedicated to beating the game (and/or outperforming their peers) through methodical, systematic RNG abuse.

Comment Re:Reminds me of an old RPS contest... (Score 2) 225 225

0) I have source code for my bot, the tourney announcement, and the tourney results. If you are really curious, ping me at my email address.

1) I never said you were *playing* a random opponent. Against an *arbitrary* opponent your optimal strategy is to play randomly. Any other strategy that you play can be exploited to your loss. In this way, random really is the game-theoretic optimal strategy. It's not just a buzzword.

2) Of course. I'm exploiting an implementation detail. This is a classic side-channel attack on an otherwise secure system.

3) Yes. I looked up the source code for libc implementations online. It's easy: google ' rand.c'. Examples: http://fxr.watson.org/fxr/source/stdlib/rand.c?v=FREEBSD-LIBC, http://fossies.org/dox/glibc-2.15/random_8c_source.html. I also got Microsoft's rand() implementation for their MSVC runtime because the source code for that comes with Visual Studio. Yes, I was using Windows. Contest submissions had to be in C or C++, and most programmers would rather use rand() (portable, simple, easy) than implement their own random() function or use the less-portable /dev/[u]random.

4) Contest programs ran in the same process, so your rand() state was shared. srand was forbidden, but we were given the tournament engine source code and so we knew when srand() was called and with what arguments (time(NULL)). To be specific: I pulled a single rand() value, then ran all my implementations of rand() with different seeds in the neighbourhood of time(NULL), and ran them for a variable number of iterations (up to 20, I think) to guess the sequence offset. The processing strategy was simply observing what values they were adding to the rand() value before taking it mod 3. The input is about 20 seconds * 5 libcs * 20 sequence offsets * 3 "processing strategies" = 6000 possibilities. Four dimensions, but they can all be constrained to small values.

Thus spake the master programmer: "Time for you to leave." -- Geoffrey James, "The Tao of Programming"