Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment true (Score 1) 485

MY 2012 MBP still works perfectly and with the recent SSD drive install will go another 2 years just fine. I bought it brand new when work bought me a piece of garbage $900 consumer laptop. and then 2 years later bought me a $800 crap laptop to replace the previous one that the screen failed on, and then finally a $650 piece of crap lenovo that prompty had all kinds of issues and the hinge cracked on in 30 days.... all the time the macbook was used the same amount every day, even dropped a few times.

the macbook pro cost $2000 and outlasted 3 Garbage windows laptops from Dell, Toshiba and then Lenovo. My current job is not ran by retards and bought me a $3000 dell precision 7510 it's built well and has decent parts in it like my macbook (no marvell garbage) it has been FLAWLESS for far longer than any windows laptop I have had previous except for when I used to use Panasonic Toughbooks.

It's not the OS, its the hardware being build decently. It's why I utterly ignore the idiots that claim that macbooks are overpriced and they can get a $600 laptop that will do the same thing. No you cant.

Moral of the story.... pay for the hardware up front, or pay for it over and over again. That last lenovo went through 5 keyboards as letters keys would stop working and have to be struck hard. not a problem for those that dont use them for work... but whne you are programming at $125 an hour havignthe fucking O key stop working will make life hell.

Now my current laptop actually runs a hypervisor as the OS and then runs a windows VM... if I have a problem I simply reboot and launch a working VM image. downtime is less than 60 seconds. Oh and we only use windows 7, windows 10 is completely banned corperate wide until further notice.

Comment Re:DDOS will continue until we decide to stop them (Score 1) 260

(1) The owner of a device attached to the Internet must make a reasonable effort to maintain it. Specifically, they must install security updates in a timely fashion. In addition, they must disconnect the device if they are unable to maintain it. No device or piece of software lasts forever. You don't get to keep using a PC with Windows XP, or a 10 year old router with dozens of known security holes -- you need to throw them away. Failure to do so will make the owner liable for damages if their device is used in a DDOS attack.

Useless. New devices are at nearly as much risk as old devices; that it's new should not in any way make you feel secure. You'll also be fighting legitimate businesses with legitimate use cases for, say, Windows '95. Specifically, that their legacy software and drivers have never been upgraded by the people who wrote them, and don't work on newer versions of Windows.

(2) Network operators shall be required to ensure that packets originating on their network have a valid source address (e.g. use filters at all ingress points). Failure to do so will make them liable for damages related to the DDOS attack.

(3) Network operators shall be required to provide rapid technical assistance to trace DDOS traffic that is passing through their network, so that it can be traced back to it's source. Failure to do so will make them liable for damages related to the DDOS attack.

Also useless. The modern day DDoS isn't necessarily about flooding a site with spoofed packets from a small number of high-bandwidth machines. It's about sending a tiny number of legit packets from an enormous number of compromised hosts. No outbound packet filter is going to be able to discern the good from the bad (and since the host is already compromised in the first place, there's no help there either).

There are exceptions, of course; for example, many IoT devices should be nuked from orbit, as they have no legitimate reason to EVER talk to most web sites.

I do agree that people should be held accountable for having insecure crap on the Internet and allowing it to participate in attacks. Detection and enforcement, however, is much more difficult than one would think.

Comment Weird... (Score 5, Insightful) 66

If someone offered me 24 billion for anything, even my hypothetical super-successful company that I built with my own blood, sweat, tears and sacrifice of a firstborn son, I would take it in a heartbeat. Same puzzlement over the Snapchat guys declining what I think was an overly generous offer for that company. Then again, I've never built such a company so I have no idea of what it means to give up control of it. Still... With 24 billion in your pocket you can pretty much do what you want, start your own new company, hell, start a space agency even...

Comment Re:The eternal balance question... (Score 4, Insightful) 260

The dynamics of this issue have changed considerably.

Five years or so ago, going offline was a Big Deal. Nowadays, people (both users and CxO's) don't seem to care as much; outages are transient, and accepted as a part of the cost of doing business. It's kinda sad for those of us who build high availability systems, but at the same time it's probably a lot more realistic for the budgets of most businesses.

Part of it, IMO, is that the Internet has been around long enough now (in a commercial sense) that the users are finally more prone to saying "my Internet is down" than "my Twitter is down".

Perception is everything.

Comment Re: Advertising/Commercials Killed TV (Score 1) 198

Tell that to Netflix.

And to my $70/mo "basic cable" bill (of which only about $20 is 'taxes and fees' -- wtf?!).

I don't mind paying for what I use; that's fine. What I do mind is that the content providers are so entrenched that they can charge far more than their content is actually worth. I also object to both paying for cable, and being saddled with a ridiculous number of commercials, some of which actually play over the program I'm trying to watch!

Enough is enough. I'm moving in a couple of months; I'm going to put a TV antenna up in my attic. Cheaper, better quality, and carries the four to six hours a week of TV that I actually watch.

Comment Re:So why hasn't the video creator counterclaimed? (Score 1) 216

No company would have risked investment without it.

Revisionist history if I've ever seen it. By the time the DMCA turned up on the scene, companies were already heavily invested. The DMCA did nothing to foster that. As written, it merely serves to provide content owners more power over anyone they claim is abusing their copyright.

Note that "claim" is not the same as "can prove"; and that is where the DMCA falls down IMO. The burden of proof should be on the claimant, not the target who can be so simply and expediently silenced simply because someone doesn't like what they have to say.

As this issue has very clearly shown.

Comment Remote exploit (Score 5, Informative) 71

TL;DR: because of this bypass ASLR cannot prevent local privilege escalation. but ASLR can still prevent remote access.

The point of ASLR is that it's not easy to determine where the functions are located in memory.

So, if there's an exploit where you can force code to jump at some specific point in memory, you cannot use this exploit to call the function you want because you don't know where they are.

(e.g.: stack smash. Overrun some temporary buffer that is stored on the stack buffer, up to the point where you can overload the return address. So once a function finished, it's doesn't jump back to the caller [it doesn't return] it jumps instead to the address you've overwritten [it jumps to the next function you want to abuse as part of you exploit] )

2 possible situations:

- You've already managed to get (user-level) shell acces (or at least run any payload of your choosing). You want to escalate privileges up to root. You know of a bug in some kernel piece of code that you can try to exploit. ASLR would prevent you from doing it because you don't know where the piece of code is exactly in kernel memory space. So you run the bypass proposed by the researcher and you obtain a list of where is what.
Now you can run your exploit, and gain root.

- You're outside the machine. You want to get remote access. You know a bug in some code (be it kernel or userspace) that could be exploited. But you need to jump into specific function whose precise location in memory you don't know because of ASLR.

So ASLR won't block local privilege escalation anymore (because when you have local access you could defeat ASLR's randomisations)
But ASLR will still block remote access (without local access, you can't get a map of all ASLR-ised functions you need to inject in your remote exploit).

Comment Re:Kinda makes you wonder... (Score -1) 71

If you think it's there to protect the computer and OS you are horribly uneducated about it.

It's there to protect the precious software IP from dirty evil YOU. so you cant disable DRM and make a copy.

That is the only reason this crap exists in modern processors. Intel is King of DRM and they are trying to keep it that way.

Slashdot Top Deals

"Conversion, fastidious Goddess, loves blood better than brick, and feasts most subtly on the human will." -- Virginia Woolf, "Mrs. Dalloway"