Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment Re:How can that be? (Score 2) 550

I don't believe so. They use SecureBoot, with the bootloader locked to Microsoft's signing key. Unless you find a vulnerability in the bootloader then it can't boot anything that Microsoft didn't sign. You might, however, be able to find a vulnerability in the Windows RT kernel that you can exploit to inject a chain boot mechanism into the running kernel and boot Android that way, but it would require a vulnerability that allowed arbitrary code execution in kernel mode.

Comment Re:Signed integer overflow (Score 2) 151

From TFA, it sounds like the error was corrected very quickly, so it's not impossible to assume that only one person:
  • Had a negative balance
  • Was checking PayPal.com in the half hour window when the buggy software update was live (assuming that it's rolled out over everything, and they don't do phased updates for the front end like most big web companies)
  • Took a screenshot of the massive negative balance
  • Reported it to a journalist who had a sufficiently slow news day to write the story.

Comment Re:Don't tell the tax man! (Score 1) 151

92 quadrillion is about 2,000 times as much money as exists on paper at the moment (i.e. including money that is really assets, but accounted for in US dollars). Suddenly receiving that much would cause hyperinflation, so you might be happy with the amount you'd have left over after tax, but you'd probably have difficulty spending it as very few people would be willing to accept US dollars in payment. $92 billion would be a much nicer amount to receive and pay 99.999% tax on. You'd be left with about a million after tax, and it would still have about the same value as a million today.

Comment Re:How can that be? (Score 5, Informative) 550

I played a bit with a Surface (we have a good relationship with MSR, so lots of people with them are floating around the place) and it seems like a pretty nice device. The problem is not that it's bad, it's that it doesn't really have any compelling advantages. There are several things it seemed to do a bit more cleanly than iOS or Android, but nothing that it did a lot better, and if you want to write code for it you're limited to quite a restrictive environment (which probably doesn't matter to non-geeks, but it will have a knock-on effect on the availability of software).

Comment Re:Print to PDF (Score 3, Informative) 238

Stripping JavaScript isn't enough. For example, a number of 'PDF' exploits have actually been due to vulnerabilities in libpng: if your PDF contains a PNG image (a lot do), then it may have a metadata payload that triggers a bug in libpng that allows arbitrary code execution. The same can happen for embedded fonts and for embedded JPEG images.

Comment Re:Print to PDF (Score 1) 238

You need to run it through a PDF parser, and therefore potentially trigger bugs. There's nothing stopping you from doing this from a sandboxed process, so exploit code would be contained. You'd also want to make sure that it went through a simpler intermediate format that another sandboxed process could check. On the other hand, if you can do decent sandboxing, why not solve the problem properly and just sandbox the PDF reader so it can't access anything except the PDF that's passed into it?

Comment Re:Foxit Reader? (Score 1) 238

Why not? Open the PDF locally, and if there's an exploit in the parsing code then it will infect your machine. Upload it to Google, and if there's an exploit in the parsing code then it will infect one of their machines. Of course, doing this with any PDF that had commercially sensitive information in it would be stupid...

Comment Re:Oh Yeah Be Afraid of The Fed (Score 2) 92

Everyone has the power to create debt. Money is just readily transferable debt, which is the entire point of it: I do some work now for someone, and they don't produce anything that I need right now, then they give me some tokens representing the debt. I can use these tokens to exchange for some useful product or service from someone else who doesn't directly want anything that I produce.

Saying that money is backed by debt is a nice libertarian talking point, but it doesn't actually convey any information. Money exists so that you can balance unequal trades with a promise that they will be equalised in the future, and any promise of future balance is debt.

Comment Re:Confusing luck with talent (Score 4, Interesting) 91

There's an old stock market scam. You open 100 accounts. You invest randomly. After a week, roughly half will be turning a profit. You close the ones that aren't, and do another round of random investing. Again, roughly half make a loss, half a profit. After a few rounds of this, you have lost quite a lot of money, but you have one account that looks really stellar - huge returns on investment. You then open this up to investment, with the disclaimer that past performance does not guarantee future results, and wait for the money to roll in (you can then invest this in your own companies, or just take it and run away).

Much the same applies with CEOs. You take a few thousand business graduates each year and put them in management positions. They all make random decisions. Then you cherry pick the handful that have made decisions that turned out well. Then you say 'Superstar CEO, please pay enormous salary'.

Comment Re:Garbage Collection is not O(GC)=0 (Score 1) 106

The counter argument to this is simple: Memory allocations accounts for 99% of all scarce resource allocation in a typical program (and all of the resources that they're actually likely to exhaust: when was the last time you saw a program that had so many file descriptors open at once that it was hard to keep track of them and they came anywhere close to the system limit? It happens, but in very unusual code). Saying 'well, I have to do it for 1%, I may as well do it for the other 99%' is really not a very compelling argument.

Slashdot Top Deals

If the code and the comments disagree, then both are probably wrong. -- Norm Schryer

Working...