Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Release it. This is old hat. (Score 2, Interesting) 600

I'm sorry, but running userland "daemons" is child's play. This has been around for EONs. Please don't think you have something new here.

You problem here is that, you idea will only affect the *USER* environment, not the machine. Anything you run or install into the user environment will be bound by the standard user accounts everyone should be running as, without privileges (such as root/super user)

This separate the privileges from the user and the system quite well and delineates it.

Lets compare Windows and *NIX (in general):

Windows, I can send you and e-mail and you standard user just looks at my e-mail and via ActiveX can leverage a 10 year old exploit to install a service as a *SYSTEM ACCOUNT*. This means my process then has full access to the system... Possibly being able to wipe out the machine period, or use it for a launching pad to send out e-mails to other accounts on the system or other account in any address book or just grab your passwords (probably being abcd1234 or password or or what have you (Think Sarah Palin's Yahoo account... wooo really good password there)) for your Bank account. Its very much *THAT* simple, no stupidity involved.

Now, if for some reason ActiveX is disabled, I can just tell you how important the Microsoft update is and it needs to be run... and how you *MUST* forward it to your friends so they can be safe... Sheeple are gullible and will never be safe from this stupidity.

Now speaking of stupidity, its really the only way Linux/*NIX/*BSDs will be compromised... even then most likely only the *user's* data will be flogged. Not the whole system. Now, let us just say *I* download and run your program/update/shell/python script/perl script/etc... Sure it downloads and installs the BOINC daemon and runs in the background... to be honest who cares. Any program you run or have running to capture data from the user will only affect the *USER* not the whole system. Separation of privileges is pure and simple why the *NIX systems will not seriously fall prey to these kinds of things. And to be honest, unless you install a persistent AT job for the BOINC daemon to start or at the very least a cronjob that runs every minute... a reboot will kill your pitiful attempt.

Comment Its not the HARDWARE COST. (Score 1) 863

$2K is the cost of deployment, helpdesk calls, user confusion, lost proficiency, annoyance factor and other various sundry of items.

$2K IMO is a low ball, especially since many companies are going to be coming from WinXP or Earlier (many still use Win2K and Win9X).

This means about 10+ hours (not at employee pay rates, but fully realized Employee cost rates) per machine/employee, plus the re-training syndrome due to "change".

So, remember you FANBOIs (including Fan boys and Fan girls), just because its the newest version of Windows, doesn't mean its easy. Its not for 80% of the embedded workforce using the machines. Change a menu or how its presented, or change a location or add new entry that replaces another (with same functionality but different name) or a different look of the interface... and the helpdesk lights up. I've seen it happen when we change to an updated widget that displays the EXACT SAME INFO in the same dialog, but now that it uses your "system color theme" rather than our color scheme... users get confused, they don't need/want change. They do the same job day in day out.

You'll have complaining at the drinking fountain or browsing while in queue... (lost time and productivity not withstanding)

Think a bit more broadly and you'll see the whole picture.

Role Playing (Games)

Submission + - Unusual physics engine game ported to Linux (blogspot.com)

christian.einfeldt writes: "Halloween has come early for Linux-loving gamers in the form of the scary Penumbra game trilogy, which has just recently been ported natively to GNU-Linux by the manufacturer, Frictional Games. The Penumbra games, named Overture, Black Plague, and Requiem, respectively, are first person survival horror and physics puzzle games which challenge the player to survive in a mine in Greenland which has been taken over by a monstrous infection/demon/cthulhu-esque thing. The graphics, sounds, and plot are all admirable in a scary sort of way. The protagonist is an ordinary human with no particular powers at all, who fumbles around in the dark mine fighting zombified dogs or fleeing from infected humans. But the game is remarkable for its physics engine — rather than just bump and acquire, the player must use the mouse to physically turn knobs and open doors; and the player can grab and throw pretty much anything in the environment. The physics engine drives objects to fly and fall exactly as one would expect. The porting of a game with such a deft physics engine natively to Linux might be one of the most noteworthy events for GNU-Linux gamers since the 'World of Goo' Linux port."

New AES Attack Documented 236

avxo writes "Bruce Schneier covers a new cryptanalytic related-key attack on AES that is better than brute force with a complexity of 2^119. According to an e-mail by the authors: 'We also expect that a careful analysis may reduce the complexities. As a preliminary result, we think that the complexity of the attack on AES-256 can be lowered from 2^119 to about 2^110.5 data and time. We believe that these results may shed a new light on the design of the key-schedules of block ciphers, but they pose no immediate threat for the real world applications that use AES.'"

L0phtCrack (v6) Rises Again 120

FyreWyr writes "L0phtCrack — now 12 years old — used to be a security 'tool of choice' for black hats, pen-testers, and security auditors alike — that is, until it was sold by L0pht to @stake, then Symantec, to be released and subsequently dropped as LC 5. As an IT security consultant, I used this tool to regularly expose vulnerabilities or recover data when there were few other options available. Eventually, I let it go as tech evolved away. Now, after being returned to its original developers, version 6 was released this week with fresh features: support for 64-bit multiprocessors, (current) Unix and Windows operating systems, and a number of other features, including enhanced handling of NTLM password hashes and support for rainbow tables. Interested parties, especially consultants, will find this shiny new version sports a hefty price tag. It raises doubts in my mind whether it can effectively compete with open source alternatives that go by similar names, but as I found earlier versions so useful, its re-emergence seems worth the mention."

Slashdot Top Deals

Promising costs nothing, it's the delivering that kills you.