Forgot your password?
Close
typodupeerror

Comment Re:So, how does that cause privilege escalation? (Score 3, Informative) 34

At least on my systems you need to be root do to anything with nf_tables. Is this some distro specific permission stupidity?

Maybe. There's a feature called user namespaces in Linux that effectively allows an unprivileged user to act as if they were a privileged user within a specific environment. (Basically, containerization.) Within such a namespace, a non-privileged user could conceptually access nf_tables as if they were a privileged user. In theory this would only allow them to add additional filters within the namespace, but the vulnerability here can provide direct access to kernel memory.

Some distros add additional layers of security to prevent flaws like that, blocking access to nf_tables even within a namespace, but the vulnerability links to ways around those. (Link to the Wayback Machine from the source vulnerability disclosure.)

It's possible your distro may be secure - or it may not be. It depends on what features are enabled.

Comment Re:That's creepy (Score 2) 40

by _xeno_ (#66183080) Attached to: Apple Announces Siri AI, Next Generation of Apple Intelligence

Only the sender and recipient have they keys to decrypt the messages on device; Apple does not.

Which is great, when they're in transit. But once they're on-device, they're decrypted, and then Apple has access to them.

We know this, because there have been court cases where iCloud-subpeonaed iMessage messages were presented as evidence.

Just because the transit is secure, doesn't mean the endpoints are.

Submission + - Microsoft Deliberately Bricking All Office for Mac 2019/2021 Installations (osnews.com) 2

Submitted by joshuark
joshuark writes: MacOS users who opted to buy a copy of Microsoft Office for macOS back in 2019 or 2021, eschewing the Office 365 subscription, so you could keep on using Office 2019/2021 forever if you wanted to. Just like in the old days.

Consumer Rights Wiki reports:

"Microsoft Office 2019 and 2021 for Mac view-only conversion (2026) is a scheduled remote degradation of perpetually-licensed Microsoft Office software for macOS and iOS, set for July 13, 2026 when a license-validation certificate used by the Office apps expires.[1] After Office 2019 for Mac reached end of support in October 2023, Microsoft assured customers their installed apps would "continue to function."[2] The July 13, 2026 conversion instead drops the apps into a Microsoft-defined "reduced functionality mode," in which files can be opened and viewed but not edited or saved.[1][3] By May 30, 2026, the original 2023 end-of-support page had been re-dated and rewritten on Microsoft's site; the "continue to function" clause was removed.[4][2]" https://consumerrights.wiki/w/...

Microsoft’s advice to the users they’re stealing from is to keep using the applications as mere viewers, switch to the free Office 365 web applications, pay for a 365 subscription, or buy a brand new regular copy of Office 2024. None of these make any sense, and clearly, all of this should be illegal, but it’s not because the software industry is a clown show.

Submission + - New Lawsuit Against Amazon: 'Subscribe and Save' Program Actually Costs You More (msn.com)

Submitted by destinyland
destinyland writes: A married couple claims in a new lawsuit that Amazon duped them — and leagues of other U.S. customers — into signing up for its popular "Subscribe & Save" program under the guise that they'd save money on automatically recurring purchases... In some cases, the lawsuit claims that customers were paying more for the exact same items through the Subscribe & Save program than they would be if they bought the items from other sellers on the site. That was true even when the up to 15% discount that the subscription program offers was calculated into the final purchase price, according to the suit. The Seattle law firm that filed the May 15 lawsuit says that Amazon’s business practices amount to “deceptive,” “misleading” and “bait and switch tactics.” The firm is seeking class-action status in U.S. District Court for western Washington, a move that could potentially draw tens of millions of Amazon customers from across the U.S. into the litigation...

[The suit says the plaintiffs' first order of espresso coffee grounds was $16.60.] When their order auto-renewed a few months later, the price had gone up to $17.04. A few months later, it rose to $21.25. Then in October 2024, the price increased to $28.69 — about $12 more than the Hermans had paid at the beginning of their subscription, according to the lawsuit. [The discount can be as little as 5% or up to 15%, Amazon told Oregon Live in a statement, noting customers do receive an email showing "applicable savings" before the orders ship. But...] The suit says Amazon gave the Hermans little notice to cancel the order or to shop around because it notified them of the latest price increase in an email at 8:54 p.m. — the same night it processed their order and charged them.

The suit says if the Hermans had been given the time to shop around for a better price, they would have found that another Amazon seller was charging $25.90 — or $2.79 less — for the identical item. Amazon’s “Subscribe & Save Terms & Conditions” page tells customers that it “may change the price for a Subscribe & Save subscription at any time for any reason....”

The analytical group Consumer Intelligence Research Partners says about 25% of U.S. Amazon customers are enrolled in the Subscribe & Save program.

Comment Re:Weaponization of lockouts (Score 1) 66

DVRs were the starting point. The namesake for what you're talking about, tivoization, is Tivo, the DVR that existed way back when TV was still analog and being displayed on CRTs.

It's why the GPLv3 was made: to add clauses to forbid tivoization. Instead, a lot of the open source community moved in the opposite direction, moving to licenses that allowed companies even more freedom to lock up their code.

At some point people have to learn and fight back.

Good luck. This is not a new fight by any means. You could argue that the FSF has been fighting it for almost half a century. People by and large do not care.

Comment Re:Win the battle, lose the war (Score 3, Insightful) 66

More likely they'll separate the OS and the TV code so they can ship the open source OS along with their closed source software

I'd be amazed if this wasn't already the case. We've already been through this with Tivo, it was one of the reasons behind the creation of the GPLv3. Tivo based their DVRs on Linux, and provided downloads of the Linux code. But their DVRs used hardware DRM to ensure that only code signed by Tivo would run, making it so that even with the open source code, you couldn't run changes on the hardware.

From what I can tell, Vizio is doing the same thing, but isn't providing downloads to the kernel code they're using. It's possible that there's some proprietary hardware drivers that they don't want to release code to, but Nvidia has already show how to work around that.

I expect the end result to be like Tivo: a bunch of archives of the open source software used in the TV, but none of the code required to make it useful and no signing key necessary to allow any changes to run on the TV itself.

Comment Re:Federal Bribery and Taxpayer Abuse. (Score 1) 101

by _xeno_ (#66151895) Attached to: FBI Wants to Buy Nationwide Access to License Plate Readers

Every republican that acts like it's bad, probably voted for it. Every democract that speaks out against it probably voted for it.

You can't count on voting records to mean anything, thanks to the "designated villains:" the politicians whose job it is to tank a law that a party wants to be on record as having voted for, but don't want to pass. We're watching this happen right now with votes on the Iran war. Democrats don't want them to pass. What they want is to be on the record as being against it and want Republicans to be on the record as supporting it, even though there is no chance they'll do anything to stop it if they get the power to do so.

Both sides play games like this, with the end result being that only laws that have the support of large donors having any real chance of passing. Who votes for and who votes against is always carefully calculated to let vulnerable politicians give the appearance of supporting things constituents support, while never needing to support those things in actual fact.

Slashdot Top Deals

If it has syntax, it isn't user friendly.

Close