Follow Slashdot stories on Twitter


Forgot your password?

Comment: Re:Competition is good (Score 1) 188

by phantomfive (#48936567) Attached to: Microsoft To Invest In Rogue Android Startup Cyanogen

Phones are getting a bit more memory, somewhat faster CPUs, a bit better screens, and improved cameras but you would expect all of these things. In terms of new and interesting features, it seems like we're in a mature market where we've all decided upon what it means for a device to be a smartphone.

That's a problem phone makers are facing. Amazon's new fire phone, supposed to be revolutionary, is just some parallax graphics (and a bit of rotation magic).

When new ideas fail, you do what Apple did: re-skin it.

Comment: Re:Old news and still needs pwned access (Score 1) 82

by phantomfive (#48933549) Attached to: Georgia Institute of Technology Researchers Bridge the Airgap

Secondly almost the first thing said in the video is that they had to install a driver on the target to force it to emit signals they could pull out of the noise.

At that point it's no longer 'bridging the air-gap' (which typically means exploiting across the air gap), it's communicating between two friendly entities through the air.
Which we've been doing for literally hundreds of millions of years.

Comment: Re:not the point (Score 1) 367

by phantomfive (#48932061) Attached to: Why Screen Lockers On X11 Cannot Be Secure

And you are dishonest.

You're a jerk, and I hate you. Woohoo, insults, I can do them too.

If you had Windows in 1993, and you pushed ctrl-alt-delete and it brought up your login screen, then you were not normal, and the OS was not an OS many people had. THAT is the truth.

As an aside, in 1993, more people were running Unix than Windows NT.

User Journal

Journal: SystemD: The Beginning 6

Journal by phantomfive


To do a proper code review, you need to understand the purpose of the code, what all the stakeholders want. From my own perspective, init scripts work fine, but since Unix companies keep trying to create new init systems, they must have different needs than I do.

Comment: Re:Open source code is open for everyone (Score 1) 209

by phantomfive (#48929483) Attached to: Serious Network Function Vulnerability Found In Glibc

Most are language-independent.... no surprise to see CWE-89 (SQL injection) and CWE-78 (command line injection) in there, as well as the slough of crypto/authN/authZ-related stuff. But where are the language-dependent bugs coming from? If you drill down on the code examples for CWE-120, -131, -134, and -676, you'll see C and C++ are a re-occurring theme.

Good then we're agreed, buffer overflows are not the most common security vuln.

All we need now is for you to realize that, if someone thinks the language means they don't need to worry about security, then their code will be much more vulnerable, even if they write in Java. Once you realize that, then we will be completely agreed.

Comment: Re:not the point (Score 1) 367

by phantomfive (#48929459) Attached to: Why Screen Lockers On X11 Cannot Be Secure
If you're talking about the x11 stipple functions, then they're not a reason to replace X11 either, just ignore them until no one uses them, then remove them. If people are using them, then there's a reason to not remove them.

Being old is not a reason to replace software. Being new does not make software better.

Although, if you'd like to tell me how the computing landscape has moved on significantly, I'm sure I'd be entertained to hear it.

Comment: Re:Funny thing about this... (Score 1) 29

by phantomfive (#48929141) Attached to: Book Review: Designing and Building a Security Operations Center

Now this book comes out explaining that a SOC is basically just a bunch of smart (expensive) people intelligently mining data?

The hard part is finding the capable (expensive) people, even if you are willing to pay a lot. Programmers and IT guys are not hard to find in America, but capable ones are.

Say "twenty-three-skiddoo" to logout.