Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment: Re:I blame Microsoft (Score 1) 84

by Kjella (#48631881) Attached to: Critical Git Security Vulnerability Announced

Yes. There is only one possible name for addressing a file. For a case-aware, but case insensitive, you get up to 2^n variants for a name n letters long. And you _can_ have the same name with different capitalization in a directory as result of errors.

Funny, since Linux does everything it can to break a canonical name model with symlinks. In fact, you could mimic a case-insensitive system with 2^n symlinks like /foo/bar/COnFiG -> /foo/bar/config. And the captialization is the cause of errors in mixed environments:

1) Create file on Windows called "Foobar.txt".
2) Copy it to your Linux machine.
3) Rename it to "FooBar.txt"
4) Do lots of work on the text
5) Copy it to your Linux machine
6) Copy the Linux directory back to Windows.

There's now a 50-50 chance that your work just got overwritten by old crap from step 2). Of course you might argue that Windows is the problem here since it wouldn't happen on two Linux systems, but then it wouldn't happen on two Windows systems either. They just don't play nice with each other.

Comment: Re:Case insensitive file systems were a bug (Score 1) 84

by sjames (#48631873) Attached to: Critical Git Security Vulnerability Announced

Because some characters have special significance to the shell. That includes * and ?. In the bad old days of dos, you could enter an arbitrary character code by holding Alt while entering the 3 digits on the keypad. Character 255 looked exactly like a space but was not equivalent. Imagine the confusion one could cause that way.

Comment: Re:Unrelated to Github (Score 1) 84

by Kjella (#48631807) Attached to: Critical Git Security Vulnerability Announced

Tag: NOTABUG and WONTFIX. Case aware filesystems so you can have normal names and not like AUTOEXEC.BAT and CONFIG.SYS from the DOS days is great, case sensitive file systems are a really bad idea. Is there any kind of sane situation where you'd like to have two files "Config" and "config" actually coexist that isn't just begging to be confused/abused/exploited? For a marginal performance optimization all POSIX systems have shitty usability. Why am I not surprised? I guess for a server it just doesn't matter, but for the desktop you should file this as a bug against Linux, not Windows and OS X.

Comment: cowardice (Score 5, Informative) 98

by Iamthecheese (#48631527) Attached to: FBI Confirms Open Investigation Into Gamergate
This isn't even the use of weasel words. The FBI is investigating *opponents* of GamerGate for lying about threats and third party trolls for making other threats while the summery claims the investigation is about threats made by proponents. I really, really hope whoever made the threats and whoever lied about them is caught. I hope this because I know damn well GamerGate did not make these threats.

The entire case against GamerGate is built of press pushing talking points off of empty claims made by professional victims. That's the start and end of the "threats and harassment" side of the story. Meanwhile a consumer movement against, ironically, corruption in the press is being libeled to suit political agendas.
Crime

FBI Confirms Open Investigation Into Gamergate 98

Posted by samzenpus
from the looking-into-it dept.
v3rgEz writes In a terse form letter responding to a FOIA request, the FBI has confirmed it has an open investigation into Gamergate, the loose but controversial coalition of gamers calling for ethics in gaming journalism — even as some members have harassed and sent death threats to female gaming developers and critics.

Comment: Re:"Still a youngster" is an invalid option. (Score 1) 98

by arth1 (#48631141) Attached to: At 40, a person is ...

A woman that hits menopause and doesn't have children is a dead end from an evolutionary perspective. What potential there was for propagating her genes is gone.
Men have a much larger window, and can produce offspring at any age from the first pre-teen ejaculation until death.

Back to the poll, it means that there isn't a single good answer for what 40 means. If you're a childless woman who feels the imperative drive to reproduce, it might mean you're way past middle age and really need to hurry. But if you're a free man, you might still have a good part of your reproductive years ahead of you.
And if you have children, regardless of gender, whether it's middle aged or old might depend on how old those children are.
There is no good answer, but I think overall, chances are that a woman will feel older at 40 than a man does. And even more so at 50.

Comment: Re:Sly (Score 1) 350

by arth1 (#48631101) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

Sorry, no, won't work. See, in order to get a valid SSL cert installed, it has to match the FQDN, or you still get warnings. Which means the embedded device suddenly needs writable storage and routines for uploading said cert, which is a much bigger security risk than someone setting up a man-in-the-middle attack inside your home between you and your DVR.

There are thousands of different web-enabed devices on networks, accessible through unencrypted methods. Because most of them they don't need it. I don't need a certificate on my printer any more than I need auto-locking doors everywhere in my house.
It's only adding overhead, and not giving any tangible benefits.

SSL isn't a silver bullet. It's mostly theater, giving the unwashed masses a feeling of security. It's not implemented in a secure way, but relies on distributed trust - a system that doesn't work.
You have to be horribly ignorant to trust that none of the CAs in your browser's or OS' key store have been compromised, or handed out to someone. Do you verify that the certificate for "secure" sites you visit actually are from the signing authority the web site is expected to use? No? Then how can you possibly trust it?

It's worse than nothing in that it makes you feel warm and cozy and safe, and lulls you into a false sense of security, much like AV software does.

Security is a state of mind. Not a technical piece of shit you can force on everything and say "look, it's secure now!"

Comment: Re:Grinch is not a flaw - has no CVE!!! (Score 1) 89

by sjames (#48630913) Attached to: Grinch Vulnerability Could Put a Hole In Your Linux Stocking

Sure, but the potential to mis-configure a subsystem that has big red asterisks around it anyway such that a trusted user might exceed authority is a far cry from a security vulnerability that might put a hole in my Christmas stocking. Other things to avoid include making /bin/bash suid root, chmod -R o+rwx /, etc etc.

Comment: Maybe they could re-shoot it, varying the script - (Score 0) 187

by timothy (#48630287) Attached to: "Team America" Gets Post-Hack Yanking At Alamo Drafthouse, Too

- so that it's set in Cuba instead.

(I am not kidding. In fact, call it THE INTERVIEW II: HAVANA GILA MONSTER" and make frequent in-joke references to the previous one, even though -- especially because! -- nearly no one has seen it.)

But this time, assassinate Castro, instead.

 

10.0 times 0.1 is hardly ever 1.0.

Working...