Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment Re:Who? (Score 1) 686

A successful privilege escalation on the guest gets the attacker several things: 1) all data on the guest and 2) all the communication capabilities of the guest and 3) all the memory and computing power on the guest. Hence it gets the attacker everything he wants. Attacking the hypervisor is a way to get even more or these things, and by a different route. In extreme cases, it may not even need a privilege escalation first.

The hypervisor does not and cannot replace kernel security and hence its mere presence makes things worse.

Really, what do you think attackers are after?

Comment Re:Survey bias (Score 1) 97

That is nonsense here and rather obviously so. (The lies of the nuclear-apologists are really staggering and so is their stupidity...)

The ultrasound makes you find it earlier, you know when there is a better chance to treat it. It does not make you find more at all. Cancer has a way it making itself known at some point and it has an extremely low spontaneous remission rate (i.e. it almost never vanishes by itself).

Comment Re: Good (Score 1) 75

It cannot inspect ssl/tls traffic unless you add certificate authorities, which may be impossible without root. Yes, the local VPN can inspect plain text traffic, intercept DNS resolution, and block outgoing connections- that's the point. Open source solutions are ideal for this case.

Comment Re:Good (Score 2) 75

Silly they use an external VPN. On Android, local loopback VPNs like Mobiwol work great. All the apps's traffic goes through the VPN, which is local, so you can allow/deny on the fly (can filter foreground vs background too). Mobiwol could easily add some DNS-based blacklists (aka hosts file) and do add blocking plus firewall.

One would have to really trust an external VPN provider to ship all your traffic through. Which if you run your own VPN service or do trust one, it's safer than sending all your plain-text data through random wifi or cell carriers.

Comment Re: ZFS is nice... (Score 1) 269

But it's combined by the user at runtime, not by canocal. The GPL allows an end users to do this.

This is a way that people kid themselves about the GPL. If the user were really porting ZFS on their own, combining the work and never distributing it, that would work. But the user isn't combining it. The Ubuntu developer is creating instructions which explicitly load the driver into the kernel. These instructions are either a link script that references the kernel, or a pre-linked dynamic module. Creating those instructions and distributing them to the user is tantamount to performing the act on the user's system, under your control rather than the user's.

To show this with an analogy, suppose you placed a bomb in the user's system which would go off when they loaded the ZFS module. But Judge, you might say, I am innocent because the victim is actually the person who set off the bomb. All I did was distribute a harmless unexploded bomb.

So, it's clear that you can perform actions that have effects later in time and at a different place that are your action rather than the user's. That is what building a dynamic module or linking scripts does.

There is also the problem that the pieces, Linux and ZFS, are probably distributed together. There is specific language in the GPL to catch that.

A lot of people don't realize what they get charged with when they violate the GPL (or any license). They don't get charged with violating the license terms. They are charged with copyright infringement, and their defense is that they have a license. So, the defense has to prove that they were in conformance with every license term.

This is another situation where I would have a pretty easy time making the programmer look bad when they are deposed.

Comment Re:Cultural? (Score 1) 469

In a gasoline engine, how much fuel do you feed to the air? When do you trigger the spark plugs, at what advance? In a diesel, when do you inject the fuel, and how much? Etc...

Yeah, but it's the mechanical engineers job to optimise those parameters. He then tells the software engineer he needs the oxygen level adjusted within 5ms of sensing a change in the throttle. If software engineer stares at him and says "how the fuck I am supposed to meet that deadline on the lame arse 100Mhz 16 bit CPU the electrical engineers gave me when the brake guys are telling me I need to react to wheel slip within 100us otherwise I could kill somebody?". The mechanical engineer will then shrug his shoulders and say "I don't know, that's not my area, but if you don't do it we won't meet emissions standards".

The only way to fix this PR mess was to own up, take it on this chin, and move on. That way they might have a hope of selling the "I was a bad boy but I've learnt my lesson so you can be sure I'll never do it again" line. Blaming the most remote limb, hacking it off, and saying to the world "there I've fixed the problem" sounds awfully like psychopaths are running the show. If that is true we know as soon as a backs are turned, they will do it again.


Volkswagen Boss Blames Software Engineers For Scandal ( 469

hattig writes: Today VW's Michael Horn is testifying to Congress and has blamed the recent scandal on engineers saying: "It's the decision of a couple of software engineers, not the board members." However, 530,000 cars in the U.S. will need to be recalled for significant engine modifications, not a software fix. Only 80,000 Passats are eligible for the software fix. There is no word on the effects these modifications will have on the cars' performance, fuel consumption, etc. The BBC reports: "The issue of defeat devices at VW has been a historic problem, points out a Congress panel member questioning VW US chief Michael Horn. In 1974, VW had a run-in with US authorities regarding the use of defeat devices in 1974, and in December 2014 it recalled cars to address nox emissions."

"The pyramid is opening!" "Which one?" "The one with the ever-widening hole in it!" -- The Firesign Theatre