Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment file handles aren't chrooted (Score 1) 166

There are several ways. Some use the fact that file handles aren't chrooted. You can, for example, call fchdir() with handle inside the chroot, then chdir(..) several times. If the wrapper changed the working directory of the process before chroot, the escape code needs to fchdir to a directory other than the chroot root, so it'll mkdir first.

There IS some level of inconvenience to escaping chroot, so there is a degree of security against an unsophisticated attack. I guess it could be compared to locking a window - that'll make the window less convenient to open, but simply throwing a rock at it will do the trick.

Comment I just did it, 2 ways. Click Drive. Drive == docs (Score 1) 68

Have you tried that recently? I just did it on my wife's Chromebook two different ways. It's slightly EASIER than with a regular computer. I didn't try a third way that should also work.

The file picker dialog has two main folders, called Drive and Downloads. Google Docs has been merged with Google Drive, so tat icon labeled Drive is her Google Docs. I just tried that and it works. One could also do what you'd do on a regular computer - download from Drive and upload via the browser.

If she had Dropbox installed, that would also appear as a folder I think. But really the extremely easy way is to click "Upload" then choose "Drive".

Comment chroot is for cross-compiling, not security (Score 1) 166

It's trivial to step out of chroot. Chroot was not designed for security. It's very similar to cd and getting out basically consists of making a symlink and doing cd. Chroot is for cross-compiling, installing grub, etc. - changing the DEFAULT. value of / that your session uses.

AMD's virtualization is much more appropriate for security, as it's designed to make it such that a guest can't even KNOW whether it's a guest or not, much less escape and access the host system.

Comment Big names involved- RISC creator, rPi leaders (Score 3, Insightful) 47

For those who didn't read TFS, the project is led by people with a track record of getting things done. One team member helped design, and named, the RISC architecture. Others are leaders of the Raspberry Pi project. That suggests these people know how to do this sort of thing successfully.

Comment surprisingly useful. Never booted to Linux (Score 1, Insightful) 68

I was surprised how useful Chrome OS is. My wife wanted a small laptop that would boot quickly, so I bought a Chromebook and installed Ubuntu. I left Chrome OS as a dual boot option. It's been several months and she hasn't had any reason to boot Linux yet. Chrome OS does everything she wants to do, and the instant boot is extremely convenient. She had Linux on her desktop, so it's not unfamiliar to her, it's just unnecessary.

Comment Re:Simpler way: virtualization + snapshot (Score 1) 166

> I suppose one could set up a set of RAM disks mapped to the appropriate paths if there is enough memory available in the VM, but those would only exist for the current session and would get wiped out each time the VM was shut down.

Yep, that's generally how you do it. As the title of my post suggests, you can also use on-disk snapshots for that, so again any altered files are reset on reboot. Reboot can take only seconds because many of the OS disk blocks are cached in host RAM. Live CDs have those paths all worked out and you can customize from that basis. Even simpler, you CAN just run a live CD directly. CD-R is physically read-only after it has been burned, so you can be certain that no malware or hackers have modified your system.

Comment expecting performance from IE? (Score 2, Insightful) 47

Are you expecting high performance from Microsoft IE, in their JScript engine?

One of the reasons Chrome EXISTS is to provide a high performance platform for Google Docs, Gmail and similar large JavaScript applications. These are the applications that intend to replace Microsoft' s cash cow, Office. It would be better for MS to stop shipping IE at all than for them to provide an excellent platform in which to run Google Docs.

Comment I thought they were evil for avoiding fiber upgrad (Score 4, Insightful) 93

I learned on Slashdot that Verizon is evil for not investing billions in upgrading their network to fiber. Now you tell me they've already upgraded half of their customers to fiber. Since they ARE upgrading their network to fiber, that's now evil. I'm confused.
I'm sure Verizon is evil of course, but are they evil for upgrading to fiber or for not upgrading to fiber?

Comment Simpler way: virtualization + snapshot (Score 2) 166

You COULD modify the hardware etc., or just fire up Virtualbox, KVM, or qemu full screen for your web browsing and such. Set the virtualized image read-only, except when installing new software on it.

Beneath the virtual machine can either be a dedicated hypervisor or an very small Linux installation which has only a tiny attack surface.

Comment Not wrong, or stupid, or insecure, just run Flash (Score 1) 166

TFS says:
> many otherwise well-informed people think they have to do something wrong, or stupid, or insecure to get hacked—like clicking on the wrong attachments, or browsing malicious websites...many of these commonly held beliefs are not necessarily true. ... [Adobe Flash can be exploited by an ISP].

Hmm, so you don't have to do something stupid or insecure, just run Flash and Java. :)

Flash is mostly used for ads and malware, neither of which I want, so I don't run Flash in my default browsers. For many years, there has been precisely one site for which I ever had any interest in having Flash installed, that was Youtube. Not anymore. Youtube no longer requires Flash. https://www.youtube.com/html5

Comment Legislate that pi is 4 (Score 2, Insightful) 97

> legally binding climate policy in the United States, requiring that California's greenhouse gas emissions return to 1990 levels by the year 2020.

The passed a law declaring what the total greenhouse gas emissions will be? Is that like the Indiana bill declaring that pi is 4? If they can just pass a law and that'll make it so, why don't they pass a law that in 2020 California's unemployment rate will be as low as Texas, as opposed to more than 50% higher? Passing a law changes the facts, right?

Comment Classes are for employees. Entrepreneurs motivated (Score 3, Interesting) 81

> The future of mass instruction ... because it's the new high school diploma? Sure.
> The future of tomorrow's entrepreneurs and inventors? Nope.

I'd say the exact opposite. I've started a few businesses, and sold a couple, working for myself full-time for many years, so I suppose I qualify as an entrepreneur. Two of those companies are based on things I "invented", or at least "innovated", so I suppose I qualify as "entrepreneurs and inventors". I'd take online learning over sitting in a class room any day. In fact, I've gone back to school, and my classes are 100% online.

I'd think that people who wish come in, to sit at a desk and have their employer tell them what to do are the same people who want to come in, sit at a desk, and have their instructor tell them what to do. Many people like an arrangement where if they show up 40 hours a week and make a reasonable effort, their paycheck is pretty well guaranteed. Wouldn't they also like an arrangement where if they show up to class and make a reasonable effort, their degree is pretty well guaranteed? Online learning tends to be the opposite - it requires self-discipline, it requires deciding for yourself how much you need to study each topic. Much like being an entrepreneur.

Also, the "entrepreneurs and inventors" I know primarily want to learn a skill they need, as opposed to getting a piece of paper. They (I, certainly) prefer to be able to log in, learn what I need to learn, and move on to the next thing. Sitting in class after class can be maddening for an entrepreneur. For those who prefer being employed, the piece of paper, the degree, is the primary goal, so sitting in class to get the degree is fine. They can sit in class now so they can sit in their office later.

  * Being employed or being an entrepreneur is personal preference, I don't mean to imply that either is "better" than the other.
      If you're young and single, doing your own thing can be fun and exciting. If you have three kids, a steady paycheck and good insurance is the more responsible option.

Slashdot Top Deals

"There is no distinctly American criminal class except Congress." -- Mark Twain

Working...