Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.


Forgot your password?

Comment: Re:Old news and still needs pwned access (Score 1) 69

by phantomfive (#48933549) Attached to: Georgia Institute of Technology Researchers Bridge the Airgap

Secondly almost the first thing said in the video is that they had to install a driver on the target to force it to emit signals they could pull out of the noise.

At that point it's no longer 'bridging the air-gap' (which typically means exploiting across the air gap), it's communicating between two friendly entities through the air.
Which we've been doing for literally hundreds of millions of years.

Comment: Re:not the point (Score 1) 351

by phantomfive (#48932061) Attached to: Why Screen Lockers On X11 Cannot Be Secure

And you are dishonest.

You're a jerk, and I hate you. Woohoo, insults, I can do them too.

If you had Windows in 1993, and you pushed ctrl-alt-delete and it brought up your login screen, then you were not normal, and the OS was not an OS many people had. THAT is the truth.

As an aside, in 1993, more people were running Unix than Windows NT.

User Journal

Journal: SystemD: The Beginning 6

Journal by phantomfive


To do a proper code review, you need to understand the purpose of the code, what all the stakeholders want. From my own perspective, init scripts work fine, but since Unix companies keep trying to create new init systems, they must have different needs than I do.

Comment: Re:Open source code is open for everyone (Score 1) 209

by phantomfive (#48929483) Attached to: Serious Network Function Vulnerability Found In Glibc

Most are language-independent.... no surprise to see CWE-89 (SQL injection) and CWE-78 (command line injection) in there, as well as the slough of crypto/authN/authZ-related stuff. But where are the language-dependent bugs coming from? If you drill down on the code examples for CWE-120, -131, -134, and -676, you'll see C and C++ are a re-occurring theme.

Good then we're agreed, buffer overflows are not the most common security vuln.

All we need now is for you to realize that, if someone thinks the language means they don't need to worry about security, then their code will be much more vulnerable, even if they write in Java. Once you realize that, then we will be completely agreed.

Comment: Re:not the point (Score 1) 351

by phantomfive (#48929459) Attached to: Why Screen Lockers On X11 Cannot Be Secure
If you're talking about the x11 stipple functions, then they're not a reason to replace X11 either, just ignore them until no one uses them, then remove them. If people are using them, then there's a reason to not remove them.

Being old is not a reason to replace software. Being new does not make software better.

Although, if you'd like to tell me how the computing landscape has moved on significantly, I'm sure I'd be entertained to hear it.

Comment: Re:Funny thing about this... (Score 1) 29

by phantomfive (#48929141) Attached to: Book Review: Designing and Building a Security Operations Center

Now this book comes out explaining that a SOC is basically just a bunch of smart (expensive) people intelligently mining data?

The hard part is finding the capable (expensive) people, even if you are willing to pay a lot. Programmers and IT guys are not hard to find in America, but capable ones are.

Comment: Re:No Kidding (Score 1) 216

by phantomfive (#48928917) Attached to: Anonymous No More: Your Coding Style Can Give You Away

As the thread suggests, one advantage to different coding styles is that you can generally tell who wrote what and, if there seems to be a bug, you can track them down and tell them to fix it in that ugly mess. In our office, we have the rule that if you go around changing code style, you now own that code and are responsible for it. About the only issue we've run into is that people's styles evolve over time. So the guy right out of school may have a certain style that changes as he is exposed to more styles.

git/cvs/svn/mercurial blame can tell you who wrote whatever code. Please tell me you are using some kind of source repository.......

Comment: Re:Well I guess it's a good thing... (Score 3, Interesting) 188

by phantomfive (#48928781) Attached to: Adobe's Latest Zero-Day Exploit Repurposed, Targeting Adult Websites
Yeah, once again, compare the dross on the internet to the good things. Slashdot, Wikipedia, a bunch of corporate websites you can visit to learn about their company, restaurant websites, Linkedin seems to be a decent place to look for a job, ebay, amazon, some news websites. Slashdot and some news websites would die without advertising, but I would be willing to subscribe to those.

Now look at all the negative stuff. Buzzfeed,, all those websites that spew crap in order to attract your eyeballs. Out of all of that, are there any websites that would die without advertising, which you would also not be willing to subscribe to?

The only one I can think of is Facebook, and if that one died, it would only encourage a distributed model, where everyone essentially ran their own RSS feed for their friends to look at (or something similar).

So let the advertising die, I say, the internet will be a better place for it.

Comment: Re:Well I guess it's a good thing... (Score 4, Insightful) 188

by phantomfive (#48928469) Attached to: Adobe's Latest Zero-Day Exploit Repurposed, Targeting Adult Websites

At this point do we just expect everything to be 100% free? Or do we think money fairies give companies the capital to pay for bandwidth and processing power?

I used to agree with you, but at this point, it's too dangerous to not block ads. You never know when one of them will be malware, and it's not a risk I want to take.

Last time this conversation came up, someone suggested that the internet was better before advertising. I think there's some truth to that.

"Free markets select for winning solutions." -- Eric S. Raymond