Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment: Re:Mandatory xkcd (Score 1) 229

by psmears (#49491969) Attached to: GNU Hurd 0.6 Released

How does any of this address parent's question ? How can he "do something as simple as changing my DNS servers" ?

The same way as before systemd came on the scene (unless your distro has changed things at the same time - and network settings are something distros do seem to like to move around from release to release - but systemd doesn't, as far as I'm aware, touch the DNS settings at all!)

Comment: Re:A Language With No Rules... (Score 1) 667

by psmears (#49267415) Attached to: Why There Is No Such Thing as 'Proper English'

but for example the american A in words like "cat" and "path" is historic, unlike the British pronunciations which match the a in "father"

You make some interesting points, but you clearly have some very strange ideas about British pronunciation :) For example, the vowel in "cat" (in "standard" British English - what, for example, most announcers would use on the BBC) is nothing like the vowel in "father". And many British accents are rhotic, too!

Comment: Re:A Language With No Rules... (Score 1) 667

by psmears (#49267181) Attached to: Why There Is No Such Thing as 'Proper English'

"So being lazy and using improper English is impolite to the extreme."

Motes and beams, people! If you're going to moan about "improper" English, it's best not to make lots of errors yourself: - you started your sentence with "So". The word you ought to have used was "Thus". - you missed out the comma that should have followed the "So" - the expression is "in the extreme", not "to the extreme" - even had you used "in the extreme", it would still have made for an awkward and inelegant sentence, compared to the obvious alternate of "... is extremely impolite."

Do you have a credible source for any of these so-called rules? In particular:

Comment: Re:Not ready for primetime (Score 1) 765

by psmears (#49235363) Attached to: Ubuntu To Officially Switch To systemd Next Monday

This because it is Linux or the GNU toolchains that has issues with multiple lib versions (the major source of "dependency hell"), it is the package managers.

Actually the package managers can handle it just fine (well, I know RPM can, and I *think* dpkg/apt can too); usually the problem is that the libraries are packaged in a way that doesn't support this. If two versions of a package share no files (e.g. if you provide "libxyz.so.1.0.0" in one package, and "libxyz.so.1.1.0" in another version of the same package, RPM can handle having both versions of the package installed with no problems at all. This is used, for example, to support having multiple kernel versions installed on RedHat-type systems. What becomes a problem is if you have (say) binaries in the same package, with the same name in each version, but different contents: naturally RPM will report a conflict if you try to install both.

Comment: Re:You didn't upgrade systemd. (Score 2) 117

by psmears (#49042441) Attached to: Live Patching Now Available For Linux

You didn't upgrade systemd. You upgraded the systemd package. You won't actually start using the new version of systemd until you do a reboot.

No, that's completely wrong. The new version will run if the package upgrade script tells the daemon to re-exec itself. Which (at least in the case of RHEL7), it does.

Comment: Re:GOTO is a crutch for bad programmers (Score 1) 677

by psmears (#49040019) Attached to: Empirical Study On How C Devs Use Goto In Practice Says "Not Harmful"

What would you propose as a better alternative to this idiom in a language that lacks exceptions:

I propose this; namely using variables to keep track of the state of resources, and then cleaning up based on the values of those variables. In my experience this is much less error-prone than the "goto" equivalent - for example, reordering the code is much less likely to break the cleanup.

Comment: Re:If it's accessing your X server, it's elevated (Score 1) 375

by psmears (#48946133) Attached to: Why Screen Lockers On X11 Cannot Be Secure

Adding a registry entry to remap keys is pretty trivial, too.

You need to be an administrator to do that. That makes it pretty non-trivial.

It would, except that users having Admin access is much more common on Windows systems. (Being an Administrator on Windows does not (in theory, at least) have the complete "game over" privileges that "root" traditionally does on Unix-based systems, so there are still further privilege levels to be escalated to.)

is running a different OS which doesn't treat Ctrl+Alt+Del in a special way

Now your suggesting what exactly? That the attacker is going to throw in a linux live CD, boot it, run his 'fake login screen' that looks like the usual windows screen?

Ok... yes I guess that is a theoretically possible attack; although you'd probably get caught as soon as the user isn't actually able to log-in and IT gets called in...

Why would IT get called in? After the user's entered their password, you just display a simulated BSOD and then reboot into the genuine OS; no user will be remotely suprised ;-)

Comment: Re:If it's accessing your X server, it's elevated (Score 1) 375

by psmears (#48942211) Attached to: Why Screen Lockers On X11 Cannot Be Secure

Deliberately conflating, but not confused.

It's hard to tell the difference from here ;-)

I can trivially run a program to throw up a screen that looks like the login screen on a PC at work. TRIVIALLY.

Adding a registry entry to remap keys is pretty trivial, too... as, for that matter, is running a different OS which doesn't treat Ctrl+Alt+Del in a special way! Thus any extra security provided is minimal. Which is fine - as you say, security doesn't have to be perfect in order to be useful - but in my view overselling the effectiveness of a measure is counterproductive.

Nobody here is arguing ctrl-alt-delete is some magical super thing,

Alas that is exactly what Microsoft claimed for years (possibly still claim?)...

Comment: Re:If it's accessing your X server, it's elevated (Score 1) 375

by psmears (#48938521) Attached to: Why Screen Lockers On X11 Cannot Be Secure

You aren't going to be tampering with or installing of ANY of that from user land.

I think you're confusing the user vs administrator distinction with the userland-vs-kernel-mode distinction... but never mind...

And if you have root... you can just install a keylogger be done with it. Why bother with dorky fake lock screens?

What I'm saying is that the "Ctrl+Alt+Del protects your password" claim is overblown; the suggestions you give only amplify that, as they are even more ways to circumvent it...

Comment: Re:If it's accessing your X server, it's elevated (Score 1) 375

by psmears (#48928179) Attached to: Why Screen Lockers On X11 Cannot Be Secure

You're tricking yourself into security theater. You can't intercept an actual ctrl-alt-del, but you can read the ctrl and alt keys, and just unlock your fake lock a couple seconds later.

This. Or the fact that there are registry entries that allow remapping of any key to any other, including (as far as I remember) the Ctrl, Alt and Del keys. The "security" of Ctrl+Alt+Del has always been over-hyped :-)

"A great many people think they are thinking when they are merely rearranging their prejudices." -- William James

Working...