Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Different level (Score 3, Insightful) 94

I suggest you read up on what sudo is capable off. You can easily setup sudo via its configuration file (/etc/sudoers) that will allow users that require elevated privileges (eg. Database and Web Administrators) to do their work without needing root access.

The parent poster was referring to a different approach to security.

with sudo, you set up a list of commands that a database or web admin can run.
you limit user access by restricting which commands the user can run. But said commands will be run with root privileges.
In case of a bug in the command, you could use it for privileges escalations (*you* were only restricted to run this command. but *this command* runs as root and could do anything).

what the parent refers to is more closely related to the various "CAP_*" capabilities used in the linux kernel.
i.e.: even if you run a command as root, that command would never, even in the case of a bug, reconfigure the network interface, because the corresponding CAP_{blah} capability isn't enabled.
By carefully crafting a very precise set of capabilities that you hand out to administrative programs, you make sure that they only do what they are supposed to do, even if an attacker manage to find a way to force a program running as root to do arbitrary actions.

(It's a bit similar like how some smartphone apps come with a whitelist of API calls that you need to validate before installing : "can access your contacts list", "can access your webcam", etc. Even if the weather app get hacked, it can never be used to spy on you, because it's not whitelisted to access your mic and your cam... Well except that nowadays every single last app seems to be obliged to ask access for nearly anything (Hey, now your Weather app can automatically recognise the city you're travelling into simply by flashing the QR code of your travel ticket ! Needs cam privileges !).
Under Linux the same granularity exists, except that this done at the kernel API level, instead of the Java user libraries like on Android)

In the past few years Windows has been implementing similar restrictions. That's what the poster was referring to.

On Linux, the facility to apply this king of control exist in the kernel too (the various capabilities). But there aren't many software using them. I only know of SELinux and AppArmor. And they are not used system-wide, but only to put specific software into cages (those software for which they have rulesets).

I think this is dues to the fact that the basic user/group access rights of Unix can provide already quite some security if you take the time to organise enough granularity in your groups and memberships, instead of making everything restricted to root-only and needing thus to be root for nearly any action.

(Because of the Unix philosophy, lots of things are represented in unix as files. Therefore, lots of the actions controlled by capability can be mapped to file accesses (e.g.: to device files in /dev/ ). Putting correct group access on files can acheive the same results.
e.g.: a virtual machine might need USB passthrough. One way would be to grant the corresponding capability to it.
The way VirtualBox does it, is that it runs as "vbox" goup, and there's a script that hands out USB devices nodes with that as group access)

In practice, distributions such as Debian have been using tons of specific groups to control access to specific resources precisely, years before SELinux was a thing.

Comment IPv6 benefits (Score 1) 52

What are the reasons for an ISP to do IPv6?

There are tons of advantage of IPv6 over IPv4.
One of them being a vast supply of addresses (128bits vs. the overcrowded 32bits of IPv4).
It's auto-configured (you just plug a device into a network and it automatically gets IPv6 working. Routers directly hand out prefixes, no need to organise stuff through DHCP. In IPv6 DHCPv6 is only used to hand out configuration options)
Every device gets a single address that is routable anywhere on the internet. (No need of NATs, masquarading, and private address ranges).

People still can go to Google with IPv4, so no reason there.

...for now. As IPv4 address space gets depleted you'll soon reach the point where some machine are only IPv6 addressable, and thus some servers can only be accessed over IPv6.

They would need to invest and that is never a nice thing to do.
They need to replace a lot of hardware or at least reconfigure it and that will cost money.

Nope. The whole point of technologies like 6rd is that you deploy IPv6 as a tunnel over the IPv4 infrastructure that you already have.
No new hardware needed (beside the tunnel server), specially not needing to replace the thousands of expensive routers scattered accross the city that you cover with your services.

As a business I would also be against it.
I hope I am wrong and somebody can tell me a lot of advantages that would make them money, save them money or a combination of both.

That the problem with IPv6. There isn't a simply clear immediate money benefit. The benefit isn't ultra-short term.
The benefits are instead long-term : IPv4 is an old technology that is slowly reaching its limits (e.g.: number of available addresses) and that requires more and more layers to circumvent (e.g.: NAT to get around addresses limitation. e.g.: using relay servers on the cloud instead of devices talking p2p with each other, etc.)
From a technological point of view, we are running straight against a wall. But ISPs are complaining that they are not going make tons of money immediately by switching to IPv6 so they stay on course headed for the wall collision.

Comment End effect : No (or at least less) cloud (Score 1) 52

One very direct effect of all of the above :

You won't be required to use cloud service for every single small thing you need to talk to.
(security cameras, weather station, talking toy, etc.),
instead you can trivially access any gizmo directly over the web simply by opening it in your router/firewall.

IPv4 remote access : you need to sign up an account at their service. You gizmo and the app on your smartphone are constantly talking to this server.
This makes a big central failure point : the company server can get hacked, leading to thousands of account information leaking (see HaveIBeenPwnd for your weekly example), or if the device is insecure that's a single point from which to attack all devices. Also if the company goes belly up and the server is shut down, your gizmo becomes an expensive brick.
And these kind of server still costs a little bit of money, so either you're going to need to pay for the service. Or you're going to get ads-bombed as shit.

IPv6 remote access : you need to open a port (or a whole device) in *your* router. Your smartphone app is directly talking to your gizmo without any 3rd party getting involved.
There's no big server with a treasure trove of personal data to leak. If attackers want to hack an insecure gizmo, they need to find them one by one on the web.
Even if the company fails, you can still use your app to talk to the device, you don't rely on a 3rd party server.
There are no server costs to cover.

(Previously, similar things would have required fiddling with NAT, port forwarding and other such remapping to get done on IPv4. Trivial for most /.ers, but not necessarily with random users).

Comment Where is the countersuit? (Score 1) 381

I would expect that RottenTomatoes has also *increased* the viewing of many movies as well. I know that I have often gone there and looked at the highest rated movies when looking for something to add to my Netflix DVD queue. I like looking at the critics vs reviewers rating as well. Many a good movie (to me) has been panned by critics. Likewise, many critically acclaimed movies don't always get good reviews.

It's just information though, the choice of what to watch is still mine.

And I knew Batman vs Superman was poorly rated.... and I still added it to my queue. I didn't make it through it though, shut it off after about 1/4 of the way in. Just terrible.

Comment Re:For the Republican readers (Score 1) 394

The proof is the fact that the information exists.

https://www.bostonglobe.com/ne...

There you go, there is the proof despite what the surveillance acts say about limiting the gathering of information about Americans, the Obama people ran around making sure it was in as many places as possible! They may have had good reasons, but the law is still the law!
   

Comment Re:No, it's the hour in the middle you can skip (Score 4, Insightful) 381

Did not watch myself. No need the concept is stupid on its face. Either super wild liberties would have to be taken with cannon, at which point its not the same story any more an using the existing character names and treating their elements as a grab bag is just lazy writing or Batman was going to have to use some device based on Kryptonite to be competitive with the S. Super boring and super predictable just like all DC's shitty Justice League stuff.

It all gets a pass because Batman comics were inventive and cool, Superman comics told a story the public needed to hear at a certain time and will always be loved.

Puting the two together though is just silly. Superman is for all intents and purposes a god. While not wholly omnipotent, he is so far above man that he can freely toss our greatest war machines around like children's toys and even slow the spin of earth altering time. Batman simply isn't in his league. Additionally Superman's original character was almost Christ like in his unfailing sense of justice and strength of character regarding doing the right thing. The Superman of the early comics would never have agreed to even associate with the Bat, so okay we have some conflict but we know who should prevail; Batman is going to have to come around to the S in terms of how they resolve any external conflict.

There just isn't any story there. The only reason those comics get read and the only reason that movie got watched all is the audience is hopelessly uncritical. They love the characters so much they will watch or read anything with them no matter how strained the story surrounding them is. Personally I love both Batman and Superman to much to allow these dumb mashups to ruin them both for me.

Comment Re:British "free speech" norms (Score 1) 71

I read that and immediately said "Bullshit!" and I was right. He was arrested for abusive behaviour and assault, not for quoting the Bible.

RTFA:

Did you RTFA?

At Kilmarnock Sheriff Court last month, Sheriff Alistair Watson ruled there was no case to answer and acquitted Mr Larmour of threatening or abusive behaviour, aggravated by prejudice relating to sexual orientation. The sheriff also found him not guilty of a second charge of assault aggravated by prejudice relating to sexual orientation.

He was arrested for threatening and abusive behaviour and assault. He may have been accused of those crimes because he was quoting the bible (the story does not even attempt to present the complainant's story), but he was actually arrested because he was accused of assault.

it is absolutely not OK for you to lie about it.

The sad thing is you seem to think that what the defendant claims happened is what actually happened, even when the facts are right there contradicting his story. So try reading and understanding the entire article next time, before you start spreading bullshit around. You duped yourself into believing a Fake News story here, and you have no one to blame but yourself for exposing the fact you are an easily manipulated fool.

Comment in other countries (Score 1) 252

So basically all the money the government has collected as fines and penalties is distributed evenly to all taxpayers. That money was collected as compensation for crimes against society, and this way it gets distributed back to society.

That's exactly how it works in other countries (e.g.: Switzerland).
Fines don't go to the department (e.g.: to the police)
Fines go to the public spending budget, so the country has more money to do things (in addition to the tax money), or more practically, gets less indebted to do the same things...

Comment IPv6 tunneling (Score 4, Informative) 52

i will admittedly say i have no idea what sixxs is

SixXS was a free IPv6 tunneling service, so that people with only IPv4 provider can still get access to IPv6 addresses through a 3rd party.
(But more reliably than 6in4 which is dependent on the dynamic IPv4 address, and relies on volunteer servers reached though anycast).

The idea was to break the chicken-and-egg problem faced by IPv6 migration :
- content provider don't care about moving to IPv6 because nobody is using it and most people are still on IPv4
- and ISP not spending the effort to provide IPv6 to their clients, because there's no IPv6 content to justify the move.

SixXS provided a 3rd party with a very reliable way to get onto IPv6, so at least the "there are no users" excuse isn't valid anymore.

Now fast forward a decade and a half later and nowadays a lot of content providers *ARE* on IPv6 (e.g.: Google, most universities, etc.), but there are still ISP not providing IPv6 on their network (e.g.: using something like 6rd, which basically works like 6in4 but relies on official servers with fixed address that is owned and operated by the ISP),
Instead of that ISPs let the users go use SixXS, for the users who want IPv6. So rely on a free 3rd party service, instead of putting the efforts themselves to enable IPv6 for their own users as they should be doing.

So SixXS is shutting down to force ISPs to setup and listen to their users and provide IPv6, instead of deferring it to SixXS.

its sad to see them go since it was a free service, providing a service for people without means.

The thing is, SixXS was providing a service that should in theory be provided by the ISPs themselves, but some are too lazy to implement IPv6 even after almost 2 decades.

(and it's not for people without means. Technically, it's for people who have the means to pay an ISP for a connection, but said ISP is damn shit lazy and doesn't care to provide something more modern than last century's IPv4)

Comment chip on your shoulder (Score 5, Insightful) 250

Given Europe's attitude towards hate speech and how they enforce "right to be forgotten", I'm surprised that they haven't already erected a GFW at this point

...said the main living in the glorious country where the simple apparition of a nipple is considered a major mediatic catastrophe, where breast feeding is a public offense, and where anything remotely sexual is sure to traumatise the next few generations of youth. (and where nude bodies are probably terrorism-level material).

To each country and culture its own taboos.
For Germany, it might be hate speech, for France it might be "right to be forgotten", and for the USA it's anything which isn't missionary position with the sole purpose to procreate.

Beware of the nude-nipple-terrorists, America !

Comment Re:then go somewhere else (Score 1) 469

At the end of the day these companies facilitate the connection between a producer and consume and then take a cut ( albeit a large one ) for the connection. I just don't see how these companies owe more than the contract specifies.

They don't or at least I agree with you I can't think of a reason they owe more. Our elected leaders figure in though because my larger point is there are structural issues in our economy. An economy that their polices shape which create a level of desperation among a sufficiently substantial part of the work force that people will supply labor to the 'gig economy' companies at 'real' rates that in seem well below what people would have accepted in recent history.

Low relative compensation for labor is creating greater wealth separation between the capital owner class and laboring classes. I don't know anyone who really thinks that is positive trend. Even the most ardent anarcho-capitalists would probably characterize that as a simply fact without placing a value judgement on it. I for one don't think an expanding wealth gap is good for society writ large. I don't think the answer is socialism either. I think the more government you just trade community for bureaucracy. Bureaucracy does not scale in the end, and it does not for a full and fulfilling life make, its absolutist nature (these are rules and you're going to follow them) tend to be anti-freedom and progressively more so as it expands into other areas of life. I would like to see us persue a populist communiterian solution but that does imply some government.

It implies capital controls - you can't send big piles of money abroad, but you can spend freely domestically. You can't hire foreign labor and if you want to import good that have a large foreign laybor component well there are going to have to be tariffs, tariffs high enough that you will decide to make things domestically instead. In other words the tariffs are not designed to increase tax revenues for government re-distribution, they are designed to restrict trade by being high enough few would choose the pay them, but still allow goods and services into the country that cannot be sourced locally at least not in the short term.

It requires tight restrictions on immigration, because communities will need to absorb and integrate new members. A solution like a large immigration tax would probably be in order. Want to stay in the US more than few weeks $50K! Want to be on the citizenship/green card tack $80K!

Slashdot Top Deals

Uncertain fortune is thoroughly mastered by the equity of the calculation. - Blaise Pascal

Working...