Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re: Obvious response of technology firms (Score 1) 230

Publish a readonly chain of all firmware builds that you have ever produced. Equivalent to a adding the firmware blob of every release version to a git commit history. Encourage other people to monitor that log.

Then have the current firmware verify that its own hash, and the hash of the new firmware is in the commit history for the release log.

Comment Re:What is modularity, exactly? (Score 1) 94

There are two things I'd add to your description.

Firstly this is an attempt to split the core java libraries into pieces so you will be able to use only the pieces you need. eg; $ apt-get install java-headless. Due to the existing definitions of packages and classes, this could not be simply done by splitting the existing classes along package boundaries, a new abstraction was required.

Second, with Java's existing access controls of public, private, protected and default. There are quite a few occasions when the language forces you to make an implementation detail of your code public, which you would rather leave inaccessible to 3rd parties. Modules essentially demotes "public", and adds a new explicit "really public".

Comment Re:Requires poorly-designed software, basically (Score 1) 126

From the original writeup (https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt);

Based on our research, we recommend that the affected operating systems:

- Increase the size of the stack guard-page to at least 1MB, and allow system administrators to easily modify this value (for example, grsecurity/PaX introduced /proc/sys/vm/heap_stack_gap in 2010). This first, short-term solution is cheap, but it can be defeated by a very large stack-based buffer.

- Recompile all userland code (ld.so, libraries, binaries) with GCC's "-fstack-check" option, which prevents the stack-pointer from moving into another memory region without accessing the stack guard-page (it writes one word to every 4KB page allocated on the stack). This second, long-term solution is expensive, but it cannot be defeated (even if the stack guard-page is only 4KB, one page) -- unless a vulnerability is discovered in the implementation of the stack guard-page or the "-fstack-check" option.

That was one of the recommendations. Finding large stack allocations, in setuid binaries, that don't write to the allocated memory is hard.

Comment Re:$36 billion doesn't sound like enough... (Score 1) 149

Everyone loves to blame NBN problems on the copper. While I agree that building fiber to the node is stupid, that's not the biggest problem with the NBN. The pricing model of the NBN means that only huge ISP's can compete on price, by massively oversubscribing. To compete you need a very large number of customers in each geographic area, so you can reduce your CVC charge per person. CVC? Well there are 3 costs associated with leasing a line from the NBN. First is the customer end, with difference price tiers per connection speed. Perfectly understandable. Second is a per-port cost in a central location for the cable into the ISP equipment, about $200 a month per Gbps ethernet port. Again, nothing wrong with that, seems perfectly reasonable. The third cost is the Connectivity Virtual Circuit (CVC), and it's outright extortionate. $14.50 per month (or thereabouts) for each Mbps the ISP wants to light up. So if you want to use a 100Mbps connection 24/7, it will cost your ISP $1450 a month to provide it.

We're supposed to be building a great big fiber network to cover the country, with enough capacity to meet our needs for the next 100 years. So, WTF are we treating *bandwidth* as a scarce, expensive resource?

My other gripe with telecommunications in Australia is about the way telstra gouge everyone who wants to communicate with their customers. But that's another story...

Comment Re:But is Wayland better? (Score 1) 227

When an application is drawing stuff, there's plenty of cases where you have to wait for round trips from the application to the XServer too. Plus the application, X and window manager can all manipulate the same properties of a window, so there are plenty of cases where you can't be certain what will actually happen.

I prefer to think of wayland returning to the unix philosophy of doing one thing and doing it well. It takes over the job of rendering multiple windows on a single desktop, and forwarding mouse and keyboard events to applications. Everything else is out of scope. Is Wayland doing that job well? Maybe, but I'm not an expert.

If you want to display an application that talks X11, or connect to another server via RDP or VNC, do that with another program. If you want to innovate in this space, go ahead. Build a GTK or Qt remoting protocol or something. Having a clean separation between network protocol and display compositing should help the ecosystem in the long run. I will say that the X11 wayland client isn't that good, I've seen plenty of weird bugs when using old applications.

The big challenge to adoption is the conversion of existing applications. Even if you are using a high level toolkit, there are bound to be a few X11 library calls hanging around.

Comment Re:Fucking interns (Score 2) 169


We have modified this tool to remove capacity more slowly and added safeguards to prevent capacity from being removed when it will take any subsystem below its minimum required capacity level

Yeah, they have apparently made this screw up much harder to repeat.

Slashdot Top Deals

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol