Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment: Re:Remove politics from the survey (Score 1) 198

If you are ACTUALLY interested in scientific literacy, then ask questions on which no major political faction has any stake.

I disagree: if you're willing to spew political talking points than pay attention to actual science, then that is a pretty good measure of being scientifically illiterate because that's more or less ignoring science because you don't like the conclusions it comes to.

Just because someone is politically and culturally invested in the idea that the earth is 6000 years old, doesn't make them any more scientifically literate than if they they were simply a nutcase.

Comment: Re:Gender and sex (Score 1) 198

I did reference Steve Pinker

Specifically, you told me he has written several books. Saying, I have a point but you're going to have to read several books to figure out what the point is never mind the arguments for and against is not really very solid. I mean sure, you might have a point and you might be right, but I'm not going to do several weeks of reading just to find out.

and that there are no inherent differences between men and womens brains is the corner stone of post modern feminism.

The differences between male and female brains seems to be a subject of intense debate, whichpretty much means that the differences are subtle. There is undeniably more variation across humans as a whole than between genders on average. Secondly where on earth do you get your definitions of feminism from?
 

Comment: Re:Gender and sex (Score 1) 198

Well you've done nothing except make a wild, axe-grindy claim that "feminists" are responsible for something. You haven't even elucidated what you're even blaming them for or why you think they're to blame.

So, while that lack of stuff doesn't make you wrong, it does make you lack credibility.

Comment: Re:Lack of corruption (Score 1) 406

The bombast is strong with this one!

Or in England, where party that received the most support is kept out of power by a similar coalition.

How on earth does that make no sense? The coalition combined got much more support than Labour. Therefore it makes much more sense for them to share power than to hand it all to Labour.

It has the highest rate of worker productivity, the economy is growing, it has the largest manufacturing economy in the world by a large margin,

It also has higher rates of poverty and longer working hours, with fewer holidays than anywhere in the EU. Is that good? Is it worth the tradeoff. As for largest, well it helps being a large country. China has a very large industry sector, comparable to the US. Germany has a smaller one, about 1/3 of the size but then again it's about 1/4 of the size in overall GDP and population, too.

top colleges are basically all US,

Because Oxford and Cambridge don't exist? Actually if you look at the top university rankings woirldwide it's nearly an even split these days between the US and the UK. And the UK is much, much smaller (about 1/6 of the size in most economic measures).

Nobel prize winners are more US than elsewhere,

https://en.wikipedia.org/wiki/...

Yep looks like the US has most, but not by any factor out of proportion to the size of the country. 353 winners according to wikipedia. That compares to 115 for the UK (remember about 1/5 of the size), 26 for Switzerland (1/37 of the population), 30 for Sweden (1/30 of the population), 13 for Norway (1/60 of the population), 19 for the Netherlands (1/18 of the population --- this is about the same proportion), 12 for Israel (1/18 of the population), Germany (102, about 1/4 of the population), France 67 (1/5 of the population --- this is about the same proportion) and etc. I've got bored working through the list backwards from the US.

End point: yes the US has more but it's also much larger. Weighted by population, it's up there with the best developed countries, but is quite a bit below the top of the heap. Even if you discount the very small ones as statistical errors, you still have the big hitters like the UK, Germany and France which have respectively better and comparable numbers of prizewinners per capita.

and the US has won the world series for like 20 years in a row

That's becauese everyone else (to a first order approximation) is busy playing football. That's soccer to you guys.

The lack of government subsidizing of ethernet to some bumfuck exurb is just a sign that the US doesn't treat broadband as an inherent right of being a citizen, and personally I would agree.

I'm a Brit (you might have guessed). I actually like the US and would move there if I had the chance, but mate, you need to pull your head out of your arse. If you go and live in almost any other civilised country you will realise that everyone else has telecoms figured out much, MUCH better. Basically, it's faster, cheaper, more readily available and less abusive in almost any other country.

Some countries are just crap at things. What's more this is often a result of mass blindness on the part of the population who refuse to acknowledge that things are better elsewhere. In the UK we're like that about property purchasing (all fucked up 6 ways to Sunday here) and, rather entertainingly, mixer taps. Seems you Americans are like that about telecoms.

Comment: Re:If it's accessing your X server, it's elevated (Score 1) 367

by serviscope_minor (#48930363) Attached to: Why Screen Lockers On X11 Cannot Be Secure

First bear in mind the attacker has local code execution. If they can put up a fake screengrabber, it's just a logout/reboot away from running a trojaned compositor (if you use Wayland), a trojaned screenlocker (if you use X) and on either system without even a reboot, a trojaned browser, terminal, ssh program and so on and so forth. So to say this is a serious flaw with X is hyperbole.

The next case is that you also claim Wayland is secure. Therefore X11 running on Wayland is secure. Therefore in that case X11 is being run in a secure manner. I claim that if that is the case, then X11 could very easily be secured, because it's eassy to see it in operation nowrunning in a way that the additional insecuritu doesn't break things.

I'm not really sure how creating yet another way for a "designated program" to monitor input events is supposed to address the problem that any X11 client can monitor keyboard events on any window in the absence of a grab, unless you intend to rewrite all existing software to grab the keyboard on receiving input focus, and force all the desktop environments to implement support for the extension and move their global keybindings into a specially designated client. At that point you might was well switch to a system designed for secure I/O from day oneâ"like Wayland.

OK, I'm lightly lost so I'm going to swing back to the original point.

First there's the one about server grabs which prevent other windows from opening. Well, you could easily have a protocol extension that allows only one connected client to bring up windows anyway. The continuation of the grab could either be faked to the grabber, or killed outright (the latter feature---killing grabs---was removed from Xorg by the wayland people because they decided we didn't need it!). Let's say it's first come, first serve, so that the first client to request this feature is the only one to get it. Or the screenlocker could get that command. This requires the WM and screenlocker to be run on boot before a trojan, but as I pointed out, if the system is that deeply trojanned anyway, then this is all pointless.

That requires some rewriting to whichever screenlockers you want to add the feature to, hardly a major undertaking since there's about 3 in common use and a few, more obscure, ones.

The other problem---a designated screen lock key combo. Well, if the screen locker has a passive grab on ctrl-alt-delete, then the fake screenlocker can't grab that, so that already works.


It's easy to implement the insecure X11 model on top of a secure system. The reverse is much more difficult.

Why? Why not have exactly the same security model? You haven't explained, only asserted, that your chosen security feature couldn't be easily available under X.

In fact when it comes to locking things down, there are things like the X security protocol, which blocks untrusted programs from executing various protocol commands. This already exists and could (I haven't checked if it does) easily block things like receiving events from a window on another connection, reparenting or redirecting a window on another connection, diddling with the global keymap and so on.

Anyway if there's unsanboxed local code execution, you're basically screwed on any system.

Comment: Re:Screen locker == physical access == ... (Score 1) 367

by serviscope_minor (#48930269) Attached to: Why Screen Lockers On X11 Cannot Be Secure

You're not going to get any of my data that way, which is what is actually important.

I'm not sure I follow. Surely if I had unlocked access to your phone, I could simply read whatever data was on there? Also, can you install free apps without an additional password? If so what stops me installing a keyboard app trojan?

Honest question: I don't own an iPhone. If it stops those kind of attacks it would be great to know how.

Comment: Re:If it's accessing your X server, it's elevated (Score 1) 367

by serviscope_minor (#48928481) Attached to: Why Screen Lockers On X11 Cannot Be Secure

What exactly would you propose to add? This isn't a matter of implementing new functionality, but rather removing fundamental misfeatures. Any change to address this issue is going to end up breaking existing applications which depend on the original input behavior.

Oh how about a new protocol extension that allows one designated program to receive all keyboard inputs regardless of any other grabs. The X11 server can keep on pretending that the other grabbers still have such a grab.

Look: X11 works on Windows even though windows can apparently REALLY gab the keyboard. X11 will we are told work on Wayland too despite the fact that wayland can apparently REALLY grab they keyboard. Do you really think it couldn't be extended to do that itself?

Comment: Re:physical access (Score 1) 367

by serviscope_minor (#48926013) Attached to: Why Screen Lockers On X11 Cannot Be Secure

Which could be a good argument for replacing X. It is rather old technology, perhaps it is time to update it to something newer, rather than clinging to it and claiming it is all one needs.

Or how about adding a protocol extension to deal with this security problem as has been done a number of times in the past for authentication. I don't understand why X11 seems to get special treatment here.

Program has security flaw. Response "has it been patched yet"

X11 has security flaw: we can't possibly patch it we must discard everything and start again.

There's certainly some things wrong with X11, but this is one which could be solved easily. It could, for example, be done by having a "kill all grabs" command which is available to the window manager.

Comment: Uh. (Score 1) 367

by serviscope_minor (#48925945) Attached to: Why Screen Lockers On X11 Cannot Be Secure

Uh.

Why can't I have my screen locker have a passive grab on Ctrl+Alt+Delete or shift+altgr+control+` or whatever, using XGrabKey. That way if someone else installs a screenlock faker then I'll know because it won't respond to the magic key presses.

The thing is on Windows it never worked as well as it ought to. The reason is that if the screen said something like:

"pls entar u r passwordz to login"
[ password box ]
[OK]

"pls wate wile redirecting to http://scamsite.ru/yourbank"

"Pls entar u r bank passwrd thx"

an appalingly large number of people would have dilligently followed those steps. the ctrl+alt+delete thing was fine but required more knowledge than 99.9% of users had.

Oh and the active grab thing: if you ever hear a wayland dev tout that as a problem, please kick them in the nuts because it XFree86 USED to have a feature for killing grabs from a keystroke, until the fuckers who went on to develop Wayland decided we didn't really need it because "it would only be needed if a program is buggy". Well, no fucking shit hotshot.

Comment: Re:Screen locker == physical access == ... (Score 1) 367

by serviscope_minor (#48925823) Attached to: Why Screen Lockers On X11 Cannot Be Secure

Why is this considered acceptable? Get physical access to my iPhone (for example - Android is probably the same?), good luck getting in.

Huh? This exploit only works if someone has already had access to your unlocked computer long enough to load and run malicious code. It's not like oyu can plonk down someone at a computer wit ha locked screen and have them hack in by being clever.

And if I had access to your unlocked iPhone, could I not root it or whatever the iPhone cracking is called and install a fake screenlocker too? Or hell, install a custom keyboard app which looks like the normal one but saves all passwords and sends them to the cloud. I might not even need to root it to do that.

Comment: Re:not the point (Score 1) 367

by serviscope_minor (#48925775) Attached to: Why Screen Lockers On X11 Cannot Be Secure

Well, yes.

However, that only works if the attacker already has arbitrary local code execution. If they can do that then they can trojan every single program, by diddling with the PATH environment variable and/or pissing with LD_PRELOAD.

Basically yes, it's a hole but one that only kicks in if you're fucked 6 ways to Sunday already.

Or if you've done xhost+ and disabled your firewall. But that hasn't been the default in years.

Comment: Re:Wow so negative here (Score 3, Insightful) 207

by serviscope_minor (#48922747) Attached to: Latest Windows 10 Preview Build Brings Slew of Enhancements

What happened?

I'm guessing that people got fed up with churn and started to realise that change for its own sake is annoying. Getting irritated at having to get used to a new system AGAIN that does things worse in many cases is not unreasonable. Being fed up with churn is not the same as fearing change.

Personally, I like to see "change" actually make things better, because if it doesn't then why bother with the change? And if it makes things worse, then WTF?

A lot is just uninspiring and meh. Going from flat to bevelled to bulbousd and back to flat (hello Athena!) user interface elements is just a huge meh. I mean sure, now they're coloured and antialiased and with nice fonts and whetever, but I really can't feel myself getting excited about "flat" design. Actually, personally I think it's a bit of a usability regression becase it's harder to explain to people which the active user interface elements are.

Change where it's an improvement I like. I like large, high res screens. I like running a modern kernel with all the new power saving features and better, newer filesystems and so on and so forth. I tend to run recentl builds of tools I like like vim and mplayer because the changes make them better than the old version. I keep promising myself I'll finally switch from Xterm to Terminology, but I can't get some of the features to work properly at the moment.

All those things, all those changes have made stuff better. On the other hand, I still run FVWM2. I've tried more modern things, but they all seem to make things worse in interesting ways. I've still adopted some changes, however which make it more modern.

I think there are quite a few people here with similar opinions to me. Another example: the reason that tablet stuff coming to laptops is bad is because a lot of the UI stuff is designed around single, non cooperating, full screen apps. I don't want that, not because I fear change, it's because I changed AWAY from it in the 90s and I have no desire to go back to the bad old days. I remember what it was like all too well (and my phone just keeps on reminding me). What I fear is being dragged back to something I know from experience is inferior.

Comment: Re: just put a motor on the elevator itself (Score 1) 243

by serviscope_minor (#48921961) Attached to: Engineers Develop 'Ultrarope' For World's Highest Elevator

Nope: there still needs to be a sliding contact between the wheel and a fixed cable somewhere.

Anyway, sliding contacts work just fine. See, e.g. trains with 3rd rail, 4th rail, pantograph and mixed mode trains and trolley busses and even some whacky covered contact trams.

The latter are particularly interesting. Some cities want an electric tram installed but don't want to have overhead cables or exposed foot level contacts. So, there are studs in the ground and they only switch on after the tram has made contact. The old systems were unreliable, but with modern arc-free power semiconductors, they work well and no arcing.

Today's scientific question is: What in the world is electricity? And where does it go after it leaves the toaster? -- Dave Barry, "What is Electricity?"

Working...