Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Remote exploit (Score 5, Informative) 71

TL;DR: because of this bypass ASLR cannot prevent local privilege escalation. but ASLR can still prevent remote access.

The point of ASLR is that it's not easy to determine where the functions are located in memory.

So, if there's an exploit where you can force code to jump at some specific point in memory, you cannot use this exploit to call the function you want because you don't know where they are.

(e.g.: stack smash. Overrun some temporary buffer that is stored on the stack buffer, up to the point where you can overload the return address. So once a function finished, it's doesn't jump back to the caller [it doesn't return] it jumps instead to the address you've overwritten [it jumps to the next function you want to abuse as part of you exploit] )

2 possible situations:

- You've already managed to get (user-level) shell acces (or at least run any payload of your choosing). You want to escalate privileges up to root. You know of a bug in some kernel piece of code that you can try to exploit. ASLR would prevent you from doing it because you don't know where the piece of code is exactly in kernel memory space. So you run the bypass proposed by the researcher and you obtain a list of where is what.
Now you can run your exploit, and gain root.

- You're outside the machine. You want to get remote access. You know a bug in some code (be it kernel or userspace) that could be exploited. But you need to jump into specific function whose precise location in memory you don't know because of ASLR.

So ASLR won't block local privilege escalation anymore (because when you have local access you could defeat ASLR's randomisations)
But ASLR will still block remote access (without local access, you can't get a map of all ASLR-ised functions you need to inject in your remote exploit).

Comment Mass data (Score 5, Informative) 155

All modern NAND flash memory does "quasi-RAID".

That depends 100% on the sort of controllers & memory layouts that are involved.

Do you have specific information that Apple does this? I don't.

Given that:
- nearly all modern smartphone/tablets/etc. do no go the extra headache to implement some weird custom solution for their mass storage.
- instead they all go for simple, standard, cheap of the shelf technology.
- [ BTW: eMMC (embed MMC - i.e.: an SD Card, without the plastic package, but directly available over an MMC bus) seems to be the most frequent solution ]
- Most of the flash anywhere, including thousands of SD Cards on the market right now, follow the exact same tendency: bigger model have more chips and can spread their write/erases among more chips ("quasi-RAID") giving better performance. That's why the "Class 10 UHS III" SDXC cards are only available on the bigger models, smaller models are slower. Same difference between microSDXC and regular SDXC cards (bigger cards can pack more chips and you have a greater choice of faster cards. At the micro level, it's only 128GB and above capacity that usually come with "Class 10 UHS III").
- Even more gory details if you care to read the benchmarked read/write speeds of each card. (again, more chips - found in larger package or bigger capacity - manage higher write/erase speeds).

Given all the above, there's high expectation that iPhones are following the trend..
But hey instead of speculating and calling each other names, let's check actual real heardware :
iFixit, Chipworks, SK Hynix Datasheet

What a surprise~ iPhone are exactly everyone else~ and source cheap of the shelf parts instead of re-inventing the wheel~~ Who would have though this~~~

iFixit's 32Gb iPhone use H23QEG8VG2ACS - a stack of 4 chips, with 256Gibits total (or 32GiB if used alone like in this phone).
Chipworks's 128GB iPhone use - a stack of 8 chips, with 1024Gibits total (or 128GiB when used in alone configuration)

So without even taking into account anything else, 32GB iPhone can only spread their writes among half of the chips available to a 128GB iPhone.
So they already start with a 50% malus at the hardware level.

That said, 128GB should only be 4 times faster than 32GB, so if these figures are correct then the 32GB units are also using lower spec memory.

Nope. At all. Like you said it entirely depends on the flash configuration. 128 isn't necessarily 4x more chips than 32.
Some constructor would go for 8x more chips of half the capacity.
In Apple case, they went for 2x more chips at 2x more capacity (more expensive but faster, enabling them to have bigger marging on the smaller/slower 32GB).

Which again goes back to the point of what I have posted... and this article.

Which goes back to the answer which you were given:
- YES, nearly every last constructor of flash is doing "quasi-RAID", i.e.: stacking/bonding more chips in the same package and spreading the write/erase among that.

That single fact can account for a huge part of the difference between models.

Then the thing is designed by Apple.
They run iOS on it. i.e.: the same "Darwin" core ( Mach microkernel + BSD monolithic kernel + BSD user space) as Mac OS X, only with a different interface.
They probably *still* use the same asinine file system as always HFS+
And that one is completely inadequate for flash.

It's a classical "inplace" writing file system.
This dramatically increase the "write amplification" typical with random-writes flash media. (each time you need to change some data, you would need to erase and re-write a whole block).
This probably *also* accounts for the dramatic performance difference in writing files.

Whereas the best with flash media would be to use a log-structured or copy-on-write filesystem. (Both approaches never over-writes previously written data)
Like :

- UDF (the number 1 most popular format on flash media that geek reformat for cross-platform)
- F2FS (designed by Samsung, and probably deployed on lots of android smartphones)
- JFFS (used on countless embed linux: like routers, e-readers, etc.)
- BTRFS (e.g.: Jolla uses it for their Linux phones)
- ZFS (...which Apple *STIL* isn't using)
and countless other (NILFS, LOGFS, JFFS2, etc.)

most of them are available on Linux, a few are available on Mac OS X.
But you can bet that iPhone are using none.

Comment Go back in time (Score 1) 348

you miss the point. The Tsara is WAY TOO BIG. If you throw it and it fails, then you are in deep trouble.

Then go back in time, and explain to the military that they don't need a huge powerful launch platform, but multiple smaller one.

Then maybe by now, the most normal way to do exploration outside the LEO would be to assemble the translunar/martian/whatever vessel in space, instead of throwing it from earth...

More seriously : you missed the point of the whole nuclear deterrent / MAD (mutual assured destruction).
The point isn't strategic targeting using nuclear head and precise tactical strikes.
The point is, once you press the big red button, basically the whole planet is toasted. Because at that moment, every one is going to press their respective button in retaliation.
And therefore (went the logic behind MAD) nobody will dare to be the first to press their button.

Comment Food chain. (Score 1) 156

On the other hand, the meat we eat has had to be fed quite a lot of time until the animal reached a good enough size and got slaughtered.
Thar's why more grains per kilogram of meat-food, than the equivalent grain-based dinner for the same human.

So not eating meat does decrease the amount of such harvesting accident for mice and and snakes (simply by needing less grain to feed the human, rather than needing more grain to feed the animal, until you have enough of the animal to feed said human).

(I personally happen not to eat a lot of grain (bread, pasta, and other carbohydrate food) anyway... so I can be proud to cause a little bit less combine-induced cruelty to mice and snake... at least toward them...)

Comment Fake soy meat (Score 1) 156

This is not fake soy meat or whatever.

That's something I've never understood.
Tofu shaped like meat. It only taste like shit.

It's as if its only purpose is to be shaped like a sausage, so you don't feel outcast when you're on a diet but get invited to a BBQ, you still have a sausage-shaped object to put on the fire like everyone else.

To me this would sound just as mush stupid, if some butchers started to make redmeat shaped in the form of a red peperrni, so on the day you crave meat but were invited to a BBQ at some tree-hugin hippie vegans, you don't feel outcast and have a veggie-shaped object to put on the fire.

Stupid. Fake. Meat.

Even more so when the human culture DOES HAVE some very nice traditionnal cuisine which is tasty but is also meat-free.
(in India and in the middle east you can find quite a lot ot veggie dishes which actually taste good. Unlike the tofu sausages).

Comment Base use (Score 1) 266

There's a difference of design and purpose of these object.

Lawn darts are basically like scissors.

Lawn darts have a pointy bit, that might get dangerous when use unsupervised.
But they have a use: they are toys, designed for play. Most of people will use it to play, most people will be successful at playing without getting hurt.

(Just like scissors have a sharp edge that could get people hurt. But scissors are extremely useful tools, so they won't get banned)

A kid with a bazooka doesn't serve any purpose. A bazooka is a weapon designed to bring destruction and/or death.
Though some extremely creative (or deranged kid) might be succesful at designing a fun game around one, that's not their typical use.
(Same also why some people, specially people living in the safer parts of the world like me, don't really see the point of needing to own guns).

That's why you're likely to find very few people complaining about the ban on giving their kids bazookas, whereas you'll constantly see people complaining when some random toy they've used to play with when they were kids is suddenly considered too much dangerous and gets banned (like Kinder Suprise chocolate eggs).

Comment ...and OIl !! (Score 1) 348

Fine. Whatever. Let's militarize Mars. We can install a fuckin particle cannon on it. Now you have your reason to go.

Oh, and we could persuade the politician that there's also a lot of oil to annex... sorry... to bring democracy to on Mars !
That's also going to boost the space program.

Comment Synergy (Score 1) 73

What I like about it is the intuitive user interface, and what seems to be the way that applications are interacting with each other, so it seems like one system and not a bunch of independent applications, or apps as some people prefer to call them.


That's also the thing I liked with Palm/HP webOS (another OS like Meamo/Meego/Mer Core/Sailfish OS which is a Computer shrunken down successfully to pocket size, rather than some Phone middleware bloated trying to make it look "Smart").

There, the concept was called "synergy".
One one side you had a bunch of providers : you sign your Google account, and that provides contacts, e-mails, calendars, XMPP chat, Youtube video.
On the other side you had a bunch of consumer : generic e-mail application that concentrate all mail comming from all contacts (be it Google, some corporate MS-Exchange stuff, or generic IMAP), generic contacts (that automatically agregate all your address books from Google, Facebook and LinkedIn), etc.)

(For Android people:
think a little bit how some app can add a "Share with..." contextual menu on file/media/image browsers. Except the *whole* system is like this, not only the sharing/uploading function, but anything that could be provided by an account: calendars, contacts, etc.)

Compared to Maemo/Meego/MerCore/etc. webOS went even a little bit further :

- synergy was able to automatically collapse info.
if you have the same person on your SIM card's phone book, on Google, on Facebook and on LinkedIn, it is automatically detected (based on names/e-mails/Etc. similarities) and unified as a single "contact".
In Sailfish OS, that's still a manual operation (you need to "Link account..." from the pulley menu).

- Starting from webOS 2.x application could also provide "search" or "fast action" called "Just Type...".
(It's basically a descendant inherited by the universal search function on older Palm OS )
  If you start to type on the hardware keyboard while no application is in focus, the system will start making auto-suggestions based on your typing
(a little bit like google's automatic suggestions, bug using above-mentionned "Just type..." plugins)
Contacts would suggest people matching your search keyword,
Notes would suggest make a new note.
if you typed a number you would be suggested to call it, if it matched a phone format, and/or if it matched a time format, calendar would propose to make a new appointment, Wikipedia and Google would suggest a search on their respective websites, etc.

That's a wonderful feature I liked a lot in webOS (and liked its Palm OS ancestror), and I miss it a lot currently.
(I've tried Google's assistant, but it is catastrophic in comparison).

And the most useful for me: all the above Linux OS (webOS, and the M*** family) have multi-processing done right.
Their card metaphore is nice (webOS deck-of-cards is even better at "tabs" and other "two-levels" problems)
Switching, starting and closing apps is only a slide or a fling away.
(Which is to be expected, as both have ancestry in desktop multi-processing, successfully shrunken down to pocket-size)

I find iOS (my friend has an iPhone) and Andoird (cheap ~100$ tablet) much more cumbersome.

Other things I find cool :
both webOS and Salfish are extremely gesture oriented.
Coming from PalmOS to webOS straigh without ever having any smartphone in between, I didn't understand what was so much the fuss about. It's only after having been exposed to Android (and iOS) I understood how much the other are cumbersome, and how navigating inside and between apps is intuitive and simple in webOS and Sailfish (everything is always litteraly 1 fling or slide away).
The most extreme difference I've seen is pickup a call between Android and Sailfish.
Android (both phone and apps like WhatsApp) seem to have a fixation about asking you to drag around on-screen icons. You to "catch" the "pick-up" green thingy, and drag it to the opposite site of the screen. You need to aim twice (picking up the thingy with your finger, and then aiming for the target zone). THEY MANAGED TO FUCK UP FITTS LAW *TWICE* IN ONE OF THE MOST COMMON USAGE OF A *PHONE* !!! DAMN!!!!!
Meanwhile on Sailfish ? They use their "pulley menu" concept. You just drag the screen up or down (no need to aim, just drag to make the "pick-up" or "hang-up" menu item appear). It's as close as the special "screen edge/under the mouse" conner case of Fitt's law as you can get on a mouse-less touchscreen. (Specially with the UI light cues, it is so intuitive)

Last webOS only fun stuff: tabs.
There webOS cheats a bit. The whole interface is a giant web app written in HTML and Javascript (and optional binary plugins or servers).
So basically any open "card" is a web view. Be it a website or a local application.

Handling tabs meaningfully is a non-trivial task.

On the desktop, it's more easy: you have a lot of screen estate, and you can afford putting both an application bar (KDE/GNOME/Windows taskbar, and OS X's dock) and a tab bar (tabs in firefox, in your editor, your terminal, etc.).
(You can even afford having a 3rd level: with screen showing a list of windows inside one of your terminal tabs).
On an embed device like a smartphone, with a much smaller screen, it's more complicated.
Most OSes (Android, iOS, and Sailfish) go for 2 different concept. You switch between apps and the OS metaphore is used to switch between them. And then it's the app's job to handle its sub-content (tabs).
So you end-up with that view of a vertical stack of mini-windows that you get on Safari mobile, or a grid of preview like on Firefox Mobile, or a preview thereof.

On webOS ? Well there's no tab. They'll just open a new tab. But because they have all this "deck of card" metaphor, new tabs/new sub-windows, are opened as card that are grouped together like in hands.
So when you zoom out, you see some lonely cards (e.g.: your message apps), and you see the "e-mail" stack/hand (main e-mail window with grouped inbox, hold together with other cards of each opened e-mail, and a browser card viewing a link that you're click in one message), then browser stack (a bunch of card representing a bunch of tabs), etc.
This way you can have an overview of both levels (applications and tabs/windows) when in overview/Switching mode. But this way you can also leverage all the "card shuffling" to let the user arrange them how they needs (group-ungroup cards i.e.: the equivalent of detaching/reattaching tabs, even if they don't belong to the same app) and you can use the fast/gesture switching between apps or between tabs.

And last sailfishOS terribly useful trick:
card know when they don't have full screen view (called "cover" mode) and can change their output.
- i.e.: the e-mail application won't show just a thumbnail of the full windows (like on Windows or on Android), but will show some useful info like the number of message waiting (like the "active tiles" in Windows's menu, or the various widget that you can put on the desktop in Android).

After all the above iOS and Android both seem awefully clumsy.

Comment Mainstream ? Nope. 3rd party ? Why not (Score 1) 73

You won't see any mainstream phone featuring a physical keyboard.
They aren't very popular among the average sheeple.

But you could go with after market.

Android supports a physical keyboard out-of-the-box without any extra driver.
Maybe some asian manufacturer are making tiny backcovers with sliding keyboards and mini USB-OTG cables ?

Some phones like Jolla 1 or Fairphone 2 expose extra channels on pogo pins, are designed to have a modular backcover, and have the whole thing documented for 3rd party to be able to design accessories.
(e.g.: there's a guy called Dirk Van Lesum that made a DIY sliding keyboard kit designed for Jolla's I2C pins on the back cover).

That's probably the route you'll need to go in the future.
Find phones where after-market keyboard by 3rd party are available.

Comment Not skunk works anymore (Score 1) 73

Nokia bet its manufacturing and marketing on Symbian, and the GNU/Linux line was basically a skunk works project.

Luckily for us they aren't skunk work anymore nowadays.
After Nokia closed it's Linux R&D department, the same people went on and created Jolla, and have had some success with a nice OS called Sailfish OS (built on the "Mer" core, direct successor of the Maemo/Meego projects)

Nokia could try betting on them for once.
The OS is nice (Qt based), has Android App compatibility (so there's a proven app ecosystem which will be accessible to the users).

Comment Mer core (Score 1) 73

The sad part is that those Nokia devices may well be the origin for what is plaguing the Linux world these days.

The development of these Nokia devices, is what has given us over time Maemo, Meego, and nowadays the Mer core.
On which you have nice usefull OS built like Sailfish OS (by Jolla - the same people who used to work at Nokia's Linux R&F)
or Tizen (the thing that Samsung would like to bring as an alternative to Android).
It has seen the creation of oFono, a very practical DBus-driven telephony middleware, which is used by the above Mer-core based OSes, but also by Ubuntu touch.

Okay, it's not Android, but it has still seen more developpement and real-world usage than other projects (like (FSO) which I haven't seen much deployed beyond OpenMoko).

So I wouldn't call Nokia a failure on Linux land.

Comment Exists today. (Score 3, Informative) 73

This. Bringing back Nokia's GNU/Linux tablets and phones from the noughties (with modern hardware, of course) would be a good start.

Exists right now.
Said GNU/Linux R&D team that was responsible for N900, got sacked by Nokia and went on to create "Jolla".
The company responsible for Sailfish OS : an very nice looking full GNU/Linux smartphone OS, based around the "Mer" core - what is currently become of the Maemo/Meego platform of N900 - with a nice polished Qt interface, and at least 2 different solutions to run Android Apps - so it has access to a proven ecosystem.

Imagine a phone with a real QWERTY keyboard that actually fits in your pocket, unlike today's thin and wide slabs

...and thought not featured as a base feature on the Jolla 1 phone, there were some 3rd party hobbyist sliding keyboards designed to work around the "Other Half" concept of Jolla (the back cover is supposed to be modular, well documented, and exports a few interesting things on pogo-pins, enabling 3rd party to create such things as this keyboard).

Nokia should stop fumbling around and simply get an arrangement with them.
(The paid for the development of most of what has ended up in Sailfish OS any way,
and Jolla, though they have a super cool OS, are struggling producing good hardware).

Comment Use GNU/Linux ! (Score 2) 73

one day they ditch Android and replace with a new Symbian OS

Common, Nokia had thrown money to their R&D department.
They have thrown money at developping their Maemo/Meego platform.
They have thrown money at building the N700/N800/N900/N9 series of Linux PDAs/Phones.
They have basically paid all the things that became Jolla after the Linux R&D at Nokia got Sacked.
(Hence the joke - name).
In short they have already financed some sort of "new Symbian OS", i.e.: they have already financed a cool new OS.

Jolla has built Sailfish OS, a very nice full-blown GNU/Linux platform (that has support for Android Apps, through at least 2 different solutions).
But Jolla isn't that stellar with hardware (see tablet fiasco).

Why the heck won't Nokia reach out Jolla and find possible uses for Sailfish OS ?
They've basically paid for building it,
it will help them to distinguish themselves from an over-saturated Android market (just like Samsung is trying with Tizen, build on the exact same "Mer" core),
it will help them break the Andoird/iOS binary situation,
and unlike Microsoft's failed attemps, it can also leverage an existing App eco system (Android) so it doesn't feel like the poor App-less parent (like Palm/HP WebOS was, or like Windows is trending now) but has access to a proven successful ecosystem of Apps *right now".

Comment No purpose ? What ? (Score 1) 348

We used that stunt to distribute wealth to private contractors to build gadgets for a symbolic purpose.

These gadgets weren't symbolic at all.
And I'm not speaking about "space technology has trickled into society" (Microwave, Velcro, whatever...)

I am speaking about very practical stuff some politicians had in mind :

- To send people to the moon, you need to be able to lift into low earth orbit everything they need to reach the moon : the astronauts themselves, their capsule, enough fuel to accelerate the capsule for the trip, and then decelerate when arriving, lander, fuel for the lander, fuel for the return trip, supplies, air, etc...
The whole trans-lunar package weights roughly about a hundred tons.
That's why the NASA needed to build the Saturn V rocket (and the Soviet attempted to build the N1-L3): to have something able to lift ~100 tons into low earth orbit.
It would have NOT been possible with previous generation of launcher technology (or you would have needed a couple of launches that you assemble in orbit. The kind of approach currently considered for Mars).

- The Tsar-Bomba, the biggest nuke ever, in its theoretical full 100 Mt configuration (not the "puny" 50 Mt that the USSR used for tests, to avoid too much nuclear fallout), would probably have weighted in the 50-100 tons range.

Do the maths.

Creating the Saturn V for the NASA (and attempting to create the N1-L3 for USSR) was not only done for the purpose of sending people to the moon.

Sending people to the moon is a very obvious demo telling the world : "We can send people to the moon. We have the technology to lift ~100tons into orbit. So we can lift a translift vehicle that will bring these astronauts to the moon. (And so we can also lift to LEO 100-tons worth of nukes, enough to completely obliterate a whole enemy country)".
The whole space race was for show and awe to the masses, but was thinly veiled menace between the defence programs throwing money at it. (A way to tell "with this new bigger rocket I could also be hurling even more nuke to you"). For the defence sector, lunar launcher weren't gadgets, they were very practical vehicle in a pissing contest/nuclear deterrent race.

It also explains why back then no nation bothered anywhere more than probes on Mars. Nobody developed anything bigger than Saturn V, and that could only launch very small payloads to Mars before getting hit by the Tsiolkovski rocket equation (or before considering in-orbit assembly like the current trend).
Given the lack of military application of possible solutions (even bigger rockets with bigger payloads, or in-orbit assembly), that's one reason less to get funding.

I am not saying that the single reason behind anything that happened during the space programs was due to the defence sector.
I am simply saying that potential military application was among the arguments that has pushed some technology faster forward than others and has contributed to prioritizing some aspect of the space program.
(Of course: economics and other have also played very important roles in practice).

And thus to fall back to the subject:
- space program wasn't a prestige only useless gadget.
- space program wasn't only a cash-cow for private subcontractors.
- it was also a program with very practical application for the defence sector (which helped fuel cash into it)

(And that's a small part of the reasons why it is a little bit less easy nowadays to re-start space programs :
- Military aren't interested in more space-toys - Drone and autonomous weapons are the new hot topic, No army desperately needs a 300+ tons package in orbit.
- Telecoms are the one interested in the current program (cheaper per-launch platforms means possibility to assemble in-orbit an interplanetary vessels like current Mars proposals... but also means cheaper way to put satellites in orbit).
- But those tend to has a smaller expendable budget to throw at the space programme).

Slashdot Top Deals

The Shuttle is now going five times the sound of speed. -- Dan Rather, first landing of Columbia