Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Remote exploit (Score 5, Informative) 66

TL;DR: because of this bypass ASLR cannot prevent local privilege escalation. but ASLR can still prevent remote access.

The point of ASLR is that it's not easy to determine where the functions are located in memory.

So, if there's an exploit where you can force code to jump at some specific point in memory, you cannot use this exploit to call the function you want because you don't know where they are.

(e.g.: stack smash. Overrun some temporary buffer that is stored on the stack buffer, up to the point where you can overload the return address. So once a function finished, it's doesn't jump back to the caller [it doesn't return] it jumps instead to the address you've overwritten [it jumps to the next function you want to abuse as part of you exploit] )

2 possible situations:

- You've already managed to get (user-level) shell acces (or at least run any payload of your choosing). You want to escalate privileges up to root. You know of a bug in some kernel piece of code that you can try to exploit. ASLR would prevent you from doing it because you don't know where the piece of code is exactly in kernel memory space. So you run the bypass proposed by the researcher and you obtain a list of where is what.
Now you can run your exploit, and gain root.

- You're outside the machine. You want to get remote access. You know a bug in some code (be it kernel or userspace) that could be exploited. But you need to jump into specific function whose precise location in memory you don't know because of ASLR.

So ASLR won't block local privilege escalation anymore (because when you have local access you could defeat ASLR's randomisations)
But ASLR will still block remote access (without local access, you can't get a map of all ASLR-ised functions you need to inject in your remote exploit).

Comment Mass data (Score 5, Informative) 153

All modern NAND flash memory does "quasi-RAID".

That depends 100% on the sort of controllers & memory layouts that are involved.

Do you have specific information that Apple does this? I don't.

Given that:
- nearly all modern smartphone/tablets/etc. do no go the extra headache to implement some weird custom solution for their mass storage.
- instead they all go for simple, standard, cheap of the shelf technology.
- [ BTW: eMMC (embed MMC - i.e.: an SD Card, without the plastic package, but directly available over an MMC bus) seems to be the most frequent solution ]
- Most of the flash anywhere, including thousands of SD Cards on the market right now, follow the exact same tendency: bigger model have more chips and can spread their write/erases among more chips ("quasi-RAID") giving better performance. That's why the "Class 10 UHS III" SDXC cards are only available on the bigger models, smaller models are slower. Same difference between microSDXC and regular SDXC cards (bigger cards can pack more chips and you have a greater choice of faster cards. At the micro level, it's only 128GB and above capacity that usually come with "Class 10 UHS III").
- Even more gory details if you care to read the benchmarked read/write speeds of each card. (again, more chips - found in larger package or bigger capacity - manage higher write/erase speeds).

Given all the above, there's high expectation that iPhones are following the trend..
But hey instead of speculating and calling each other names, let's check actual real heardware :
iFixit, Chipworks, SK Hynix Datasheet

What a surprise~ iPhone are exactly everyone else~ and source cheap of the shelf parts instead of re-inventing the wheel~~ Who would have though this~~~

iFixit's 32Gb iPhone use H23QEG8VG2ACS - a stack of 4 chips, with 256Gibits total (or 32GiB if used alone like in this phone).
Chipworks's 128GB iPhone use - a stack of 8 chips, with 1024Gibits total (or 128GiB when used in alone configuration)

So without even taking into account anything else, 32GB iPhone can only spread their writes among half of the chips available to a 128GB iPhone.
So they already start with a 50% malus at the hardware level.

That said, 128GB should only be 4 times faster than 32GB, so if these figures are correct then the 32GB units are also using lower spec memory.

Nope. At all. Like you said it entirely depends on the flash configuration. 128 isn't necessarily 4x more chips than 32.
Some constructor would go for 8x more chips of half the capacity.
In Apple case, they went for 2x more chips at 2x more capacity (more expensive but faster, enabling them to have bigger marging on the smaller/slower 32GB).

Which again goes back to the point of what I have posted... and this article.

Which goes back to the answer which you were given:
- YES, nearly every last constructor of flash is doing "quasi-RAID", i.e.: stacking/bonding more chips in the same package and spreading the write/erase among that.

That single fact can account for a huge part of the difference between models.

Then the thing is designed by Apple.
They run iOS on it. i.e.: the same "Darwin" core ( Mach microkernel + BSD monolithic kernel + BSD user space) as Mac OS X, only with a different interface.
They probably *still* use the same asinine file system as always HFS+
And that one is completely inadequate for flash.

It's a classical "inplace" writing file system.
This dramatically increase the "write amplification" typical with random-writes flash media. (each time you need to change some data, you would need to erase and re-write a whole block).
This probably *also* accounts for the dramatic performance difference in writing files.

Whereas the best with flash media would be to use a log-structured or copy-on-write filesystem. (Both approaches never over-writes previously written data)
Like :

- UDF (the number 1 most popular format on flash media that geek reformat for cross-platform)
- F2FS (designed by Samsung, and probably deployed on lots of android smartphones)
- JFFS (used on countless embed linux: like routers, e-readers, etc.)
- BTRFS (e.g.: Jolla uses it for their Linux phones)
- ZFS (...which Apple *STIL* isn't using)
and countless other (NILFS, LOGFS, JFFS2, etc.)

most of them are available on Linux, a few are available on Mac OS X.
But you can bet that iPhone are using none.

Comment Go back in time (Score 1) 348

you miss the point. The Tsara is WAY TOO BIG. If you throw it and it fails, then you are in deep trouble.

Then go back in time, and explain to the military that they don't need a huge powerful launch platform, but multiple smaller one.

Then maybe by now, the most normal way to do exploration outside the LEO would be to assemble the translunar/martian/whatever vessel in space, instead of throwing it from earth...

More seriously : you missed the point of the whole nuclear deterrent / MAD (mutual assured destruction).
The point isn't strategic targeting using nuclear head and precise tactical strikes.
The point is, once you press the big red button, basically the whole planet is toasted. Because at that moment, every one is going to press their respective button in retaliation.
And therefore (went the logic behind MAD) nobody will dare to be the first to press their button.

Comment Re:Where's my new MacPro Tower? (Score 1) 114

Buy a few million of them a year. The old pros didn't sell very well, they were often seen as too big and too noisy. They didn't mesh with Apple's brand image. The trash can sold well for many months.

Apple seems to be killing the desktop pros off the killed their server line. Apple liked a narrow product line. To get diversification you need volume sales. The numbers aren't there. The numbers certainly aren't there for a physically large machine.

Comment Re:No, it's not time. (Score 1) 183

You just use the scroll-wheel. The scroll bar is always a last resort. I prefer the scroll-wheel myself, but if the system doesn't have a mouse -- that is, one only has the trackpad, then either two-finger scrolling (Apple style) or one-finger-right-side-of-pad scrolling is a pretty good substitute.


Comment Primary problem is the touchpad hardware (Score 1) 183

The real problem is the touchpad hardware. The touchpad device itself may not be able to accurately track three or four fingers, and there isn't a thing the operating system can do to fix it. I've noticed this on chromebooks, in particular when I ported the touchpad driver for the Acer C720. The hardware gets very confused if you put more than two fingers down on the pad horizontally (or you cross them horizontally while you slide your fingers around).

It basically makes using more than two fingers very unreliable. My presumption is that a lot of laptops out there with these pads probably have the same hardware limitations.


Comment Food chain. (Score 1) 156

On the other hand, the meat we eat has had to be fed quite a lot of time until the animal reached a good enough size and got slaughtered.
Thar's why more grains per kilogram of meat-food, than the equivalent grain-based dinner for the same human.

So not eating meat does decrease the amount of such harvesting accident for mice and and snakes (simply by needing less grain to feed the human, rather than needing more grain to feed the animal, until you have enough of the animal to feed said human).

(I personally happen not to eat a lot of grain (bread, pasta, and other carbohydrate food) anyway... so I can be proud to cause a little bit less combine-induced cruelty to mice and snake... at least toward them...)

Comment Fake soy meat (Score 1) 156

This is not fake soy meat or whatever.

That's something I've never understood.
Tofu shaped like meat. It only taste like shit.

It's as if its only purpose is to be shaped like a sausage, so you don't feel outcast when you're on a diet but get invited to a BBQ, you still have a sausage-shaped object to put on the fire like everyone else.

To me this would sound just as mush stupid, if some butchers started to make redmeat shaped in the form of a red peperrni, so on the day you crave meat but were invited to a BBQ at some tree-hugin hippie vegans, you don't feel outcast and have a veggie-shaped object to put on the fire.

Stupid. Fake. Meat.

Even more so when the human culture DOES HAVE some very nice traditionnal cuisine which is tasty but is also meat-free.
(in India and in the middle east you can find quite a lot ot veggie dishes which actually taste good. Unlike the tofu sausages).

Comment Base use (Score 1) 266

There's a difference of design and purpose of these object.

Lawn darts are basically like scissors.

Lawn darts have a pointy bit, that might get dangerous when use unsupervised.
But they have a use: they are toys, designed for play. Most of people will use it to play, most people will be successful at playing without getting hurt.

(Just like scissors have a sharp edge that could get people hurt. But scissors are extremely useful tools, so they won't get banned)

A kid with a bazooka doesn't serve any purpose. A bazooka is a weapon designed to bring destruction and/or death.
Though some extremely creative (or deranged kid) might be succesful at designing a fun game around one, that's not their typical use.
(Same also why some people, specially people living in the safer parts of the world like me, don't really see the point of needing to own guns).

That's why you're likely to find very few people complaining about the ban on giving their kids bazookas, whereas you'll constantly see people complaining when some random toy they've used to play with when they were kids is suddenly considered too much dangerous and gets banned (like Kinder Suprise chocolate eggs).

Comment ...and OIl !! (Score 1) 348

Fine. Whatever. Let's militarize Mars. We can install a fuckin particle cannon on it. Now you have your reason to go.

Oh, and we could persuade the politician that there's also a lot of oil to annex... sorry... to bring democracy to on Mars !
That's also going to boost the space program.

Comment Synergy (Score 1) 72

What I like about it is the intuitive user interface, and what seems to be the way that applications are interacting with each other, so it seems like one system and not a bunch of independent applications, or apps as some people prefer to call them.


That's also the thing I liked with Palm/HP webOS (another OS like Meamo/Meego/Mer Core/Sailfish OS which is a Computer shrunken down successfully to pocket size, rather than some Phone middleware bloated trying to make it look "Smart").

There, the concept was called "synergy".
One one side you had a bunch of providers : you sign your Google account, and that provides contacts, e-mails, calendars, XMPP chat, Youtube video.
On the other side you had a bunch of consumer : generic e-mail application that concentrate all mail comming from all contacts (be it Google, some corporate MS-Exchange stuff, or generic IMAP), generic contacts (that automatically agregate all your address books from Google, Facebook and LinkedIn), etc.)

(For Android people:
think a little bit how some app can add a "Share with..." contextual menu on file/media/image browsers. Except the *whole* system is like this, not only the sharing/uploading function, but anything that could be provided by an account: calendars, contacts, etc.)

Compared to Maemo/Meego/MerCore/etc. webOS went even a little bit further :

- synergy was able to automatically collapse info.
if you have the same person on your SIM card's phone book, on Google, on Facebook and on LinkedIn, it is automatically detected (based on names/e-mails/Etc. similarities) and unified as a single "contact".
In Sailfish OS, that's still a manual operation (you need to "Link account..." from the pulley menu).

- Starting from webOS 2.x application could also provide "search" or "fast action" called "Just Type...".
(It's basically a descendant inherited by the universal search function on older Palm OS )
  If you start to type on the hardware keyboard while no application is in focus, the system will start making auto-suggestions based on your typing
(a little bit like google's automatic suggestions, bug using above-mentionned "Just type..." plugins)
Contacts would suggest people matching your search keyword,
Notes would suggest make a new note.
if you typed a number you would be suggested to call it, if it matched a phone format, and/or if it matched a time format, calendar would propose to make a new appointment, Wikipedia and Google would suggest a search on their respective websites, etc.

That's a wonderful feature I liked a lot in webOS (and liked its Palm OS ancestror), and I miss it a lot currently.
(I've tried Google's assistant, but it is catastrophic in comparison).

And the most useful for me: all the above Linux OS (webOS, and the M*** family) have multi-processing done right.
Their card metaphore is nice (webOS deck-of-cards is even better at "tabs" and other "two-levels" problems)
Switching, starting and closing apps is only a slide or a fling away.
(Which is to be expected, as both have ancestry in desktop multi-processing, successfully shrunken down to pocket-size)

I find iOS (my friend has an iPhone) and Andoird (cheap ~100$ tablet) much more cumbersome.

Other things I find cool :
both webOS and Salfish are extremely gesture oriented.
Coming from PalmOS to webOS straigh without ever having any smartphone in between, I didn't understand what was so much the fuss about. It's only after having been exposed to Android (and iOS) I understood how much the other are cumbersome, and how navigating inside and between apps is intuitive and simple in webOS and Sailfish (everything is always litteraly 1 fling or slide away).
The most extreme difference I've seen is pickup a call between Android and Sailfish.
Android (both phone and apps like WhatsApp) seem to have a fixation about asking you to drag around on-screen icons. You to "catch" the "pick-up" green thingy, and drag it to the opposite site of the screen. You need to aim twice (picking up the thingy with your finger, and then aiming for the target zone). THEY MANAGED TO FUCK UP FITTS LAW *TWICE* IN ONE OF THE MOST COMMON USAGE OF A *PHONE* !!! DAMN!!!!!
Meanwhile on Sailfish ? They use their "pulley menu" concept. You just drag the screen up or down (no need to aim, just drag to make the "pick-up" or "hang-up" menu item appear). It's as close as the special "screen edge/under the mouse" conner case of Fitt's law as you can get on a mouse-less touchscreen. (Specially with the UI light cues, it is so intuitive)

Last webOS only fun stuff: tabs.
There webOS cheats a bit. The whole interface is a giant web app written in HTML and Javascript (and optional binary plugins or servers).
So basically any open "card" is a web view. Be it a website or a local application.

Handling tabs meaningfully is a non-trivial task.

On the desktop, it's more easy: you have a lot of screen estate, and you can afford putting both an application bar (KDE/GNOME/Windows taskbar, and OS X's dock) and a tab bar (tabs in firefox, in your editor, your terminal, etc.).
(You can even afford having a 3rd level: with screen showing a list of windows inside one of your terminal tabs).
On an embed device like a smartphone, with a much smaller screen, it's more complicated.
Most OSes (Android, iOS, and Sailfish) go for 2 different concept. You switch between apps and the OS metaphore is used to switch between them. And then it's the app's job to handle its sub-content (tabs).
So you end-up with that view of a vertical stack of mini-windows that you get on Safari mobile, or a grid of preview like on Firefox Mobile, or a preview thereof.

On webOS ? Well there's no tab. They'll just open a new tab. But because they have all this "deck of card" metaphor, new tabs/new sub-windows, are opened as card that are grouped together like in hands.
So when you zoom out, you see some lonely cards (e.g.: your message apps), and you see the "e-mail" stack/hand (main e-mail window with grouped inbox, hold together with other cards of each opened e-mail, and a browser card viewing a link that you're click in one message), then browser stack (a bunch of card representing a bunch of tabs), etc.
This way you can have an overview of both levels (applications and tabs/windows) when in overview/Switching mode. But this way you can also leverage all the "card shuffling" to let the user arrange them how they needs (group-ungroup cards i.e.: the equivalent of detaching/reattaching tabs, even if they don't belong to the same app) and you can use the fast/gesture switching between apps or between tabs.

And last sailfishOS terribly useful trick:
card know when they don't have full screen view (called "cover" mode) and can change their output.
- i.e.: the e-mail application won't show just a thumbnail of the full windows (like on Windows or on Android), but will show some useful info like the number of message waiting (like the "active tiles" in Windows's menu, or the various widget that you can put on the desktop in Android).

After all the above iOS and Android both seem awefully clumsy.

Comment Mainstream ? Nope. 3rd party ? Why not (Score 1) 72

You won't see any mainstream phone featuring a physical keyboard.
They aren't very popular among the average sheeple.

But you could go with after market.

Android supports a physical keyboard out-of-the-box without any extra driver.
Maybe some asian manufacturer are making tiny backcovers with sliding keyboards and mini USB-OTG cables ?

Some phones like Jolla 1 or Fairphone 2 expose extra channels on pogo pins, are designed to have a modular backcover, and have the whole thing documented for 3rd party to be able to design accessories.
(e.g.: there's a guy called Dirk Van Lesum that made a DIY sliding keyboard kit designed for Jolla's I2C pins on the back cover).

That's probably the route you'll need to go in the future.
Find phones where after-market keyboard by 3rd party are available.

Slashdot Top Deals

Lavish spending can be disastrous. Don't buy any lavishes for a while.