Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:This is the year (Score 1) 89

This isn't good, but it doesn't seem to be a big deal either.

This isn't a big deal for the vast majority of Linux use-cases. Where something like this becomes a problem is kisok-like machines and certain "secure" environments.

For example, a certain US state's lottery machines, which run Linux. The machine has a list of USB device ID's it will accept, it's on a VPN, locked case, locked BIOS. All-in-all, pretty secure against tampering. However, the USB protection only goes so far because it's possible to craft a USB device which sends a fake ID.

That said, even if someone could plug a keyboard into such a machine very little can be done because of the BIOS and bootloader password protection. However, a bug like this would suddenly be a potentially huge problem.

I'm tired of people making bugs like this sound like earth shattering problems. At the same time there are a minority of situations where this type of thing is potentially a big issue. That said, we can't ignore stuff like this.

Comment Re:Flash isn't so bad, really (Score 1) 220

To my knowledge, there is no actual evidence to show that browsers are significantly better on security. The major ones all fix critical vulnerabilities regularly, it just doesn't get as widely publicised. (Don't believe me? Go check the changelogs for recent releases of your browser of choice.) Moreover, if browsers do start to offer all the same functionality as Flash but natively, they'll also increase their attack surface accordingly. Of course if you compare a browser against the same browser with a plugin then the second combination has a larger attack surface, but right now that is an apples-to-oranges comparison.

If we want to talk about attack surface Flash is a bit of an issue. Individual browsers these days have issues more often than Flash, as you've pointed out. However, the install base of Flash is greater than that of any individual browser. Therefore, a problem with Flash is a big fucking deal, as it effects many more people than say, a problem in Firefox. Adobe should handle the EOL of Flash more responsibly, by either presenting a framework for transition or open sourcing Flash so somebody else can do it. As it stands, Adobe is the only entity able to fix a bug found in Flash and all tools for converting Flash content to modern standards (AFIAK) are based on a black-box understanding of how Flash works.

Comment Re:It's not about terrorism (Score 1) 264

Last year (?) a teenager was able to get over the perimeter fence and get on a plane. Later, they announced that they did not have the money to properly secure the fence. Depite this, exactly zero planes have been subject to terrorist attacks in the USA.

There was also this incident in May, where a 27 year old stole a plane and was talked down by air traffic control. If the security we have in place can't stop random incidents like the kid you mention or this guy in Vegas, what is it supposed to stop? I don't think it really has anything to do with terrorism, let alone the greater good.

Comment Re:Correct (Score 5, Interesting) 267

The boss's plan of allowing users to override the web page filter is absolutely the CORRECT plan. You have a rare boss who understands that the most important thing is that workers be able to work without interference from know-it-alls. Please get with the program!

This plan is a good one. To curb your concerns you could follow this plan:

  1. 1) Allow users to login to unblock sites on an as-needed basis. Keep the process simple so workflow isn't encumbered.
  2. 2) Keep a log of every time a user logs in to request access. Possibly keep a log of what sites users are visiting with this access, but do not log the traffic. Just the sites.
  3. 3) Pair this log with your issue tracking system and possibly employee performance reviews.

If an employee's support tickets seem to be linked to the sites they are requesting, the employee can be approached and possible restrictions can be put in place if the problem isn't solved with a conversation. The same goes for browsing habits that might be linked to downturns in performance.

This way, you are allowing your employees/users their freedom to browse/work, and only restricting the people who keep presenting problems.

Comment Re:Rather Than in more out (Score 1) 484

I think future trend will be a shift from more flexible universal operating systems to more modular, take every out that is not necessary for this particular appliance operating system, this to simplify security and even application level features become modules added into the operating system, so one quick boot to full functionality. So a much more modular operating system.

A little OT, but I think modifying Gentoo with a new build system to do the above would be a fun project.

Comment Re:Yes. (Score 1) 517

Actually having experience. Oh and the fact that I just set up a new windows 7 VM and from the fresh install on the DVD and how it ran, compared to after applying all updates it lost all of it's speed.

Nothing installed but windows updates. on the exact same hardware. Absolute solid proof to me.

I've seen this before. I do a fair bit of computer repair on the side, and just recently someone brought me a Windows 7 Home Premium install that was acting this way. I cleaned the computer of malware and junk programs, but it was still using 50%+ memory when idle. It turned out that the windows update service itself was causing the problem. The biggest ram hog was svchost running makecab.exe repeatedly, eating up nearly 1GB of memory all by itself.

It turned out the issue was actually a corrupted .NET Framework 3.5.1 which was screwing up the installation of updates. Repairing it resolved the problem. Perhaps check your update history and see if you have any failed updates, especially relating to .NET 3.5.1. If you do, try going into Programs and Features, disabling .NET 3.5.1 under Windows Features, rebooting, and then re-enabling it.

Comment Re:Bad idea (Score 1) 671

"allegedly" violating it - he has not been convicted yet, and the presumption of innocence should prevail. We don't know if a jury would find sufficient cause, given the circumstances and the illegal acts that were being covered up, to find sufficient justification.

Kind of like "yes, I went through the red light, but I was carrying someone who had been shot and was bleeding profusely to the hospital as quickly as I could."

There's a problem here which Snowden has also voiced: In a "trial" of this nature justification isn't allowed as a defense. This is talked about in Citizen Four.

Comment Re:Buy some suntain lotion (Score 2) 230

Actually, this isn't too far from the truth. I've heard of a few cases where simply changing the URL has brought up documents that should be private and the person who reported it was brought up on charges for "hacking". Unfortunately, the public does not understand the difference between simply poking around and trying to mess up someone's system for nefarious reasons. Perhaps someone here on /. will remember the particular cases involved but as sad as it sounds, you are on a shaky legal foundation.

I thought of one particular case as soon as I read the summary:
Aernheimer was charged under the CFAA for exposing a similar problem with AT&T's website.

Comment Re: About right (Score 1) 246

Boy, 10, dies after his brother accidentally shoots him in the head with a BB gun at close range: http://www.gloucestershireecho... BB gun accident takes life of a 20-year old boy:

You can surely find a lot more googling a little. I also recommend taking a look at Google image-search. The thing is, if you shoot someone in the head with a BB-gun there actually is quite a risk of bodily harm (torn eyes etc.) and loss of life. They're unlikely to kill you if you fire them somewhere other than the head, but they certainly are dangerous items and they can still cause damage to internal organs, depending where the shot lands and its angle. I have a BB-gun that's capable of easily piercing an aluminum can and I certainly wouldn't want to be on the wrong end of the barrel.

Just about anything can be used in some way to kill a person. That doesn't make everything a deadly weapon. I think "deadly weapon" ought to be redefined as something that it's actually practical to use to kill a person. Otherwise, we may as well criminalize butter knives, lawn darts, paintball guns, and sling shots.

Comment Re:About right (Score 1) 246

6 months probation is about right for what he did anyway. I can't believe they're clogging prisons with petty criminals like this then turning violent criminals out because of over crowding. A BB gun as a deadly weapon? They're turning the legal system into a farce with that kind of bullshit.

Totally agree. I've seen it first hand. I got a year of prison for stealing a bicycle (while intoxicated). It was a felony because it was inside an open garage, which apparently makes it Breaking and Entering. I know what I did was wrong and I'm embarrassed about having done it. What's more embarrassing is when I tell people about it they don't believe me until I show them the court papers.

Comment Re:America, land of the free... (Score 1) 720

There is virtually no place in the US where someone who is homeless and jobless cannot get enough assistance from city/state/private agency to change their situation.

That may be true now, I have no current experience. 20+ years ago it was definitely NOT true. I suffered greatly being homeless. Hell, I suffered greatly even having a fucking job working 6 days a week being paid $3.35 an hour. Housing was, and is, not cheap. Sharing doesn't do any good if the people you share with refuse to ever pay their fair share.

Fuck it. At that point, crimes of theft are not such a big deal. Everyone needs to eat.

I was in a boat like this, and that's where the prior misdemeanor convictions come from. I was the lead software engineer at a promising startup. I turned to drugs to help me put in the hours. The company eventually tanked, and I was left with a bad habit and no income. I ended up homeless and stealing. I started a blog where I interviewed other homeless people and used the ad revenue to pay for a storage unit to live in.

Comment Re:America, land of the free... (Score 1) 720

This is what actually happened:
I was intoxicated (not that it should matter, but I don't think I'd have done this if I hadn't been). I was about 6 miles from home without a car or a phone and I saw somebody leave their house via their garage. While the door was open I saw some bicycles in there. After they left I went to the side door of the garage, went inside, and stole one of their bikes. I think the neighbor saw me and called the police. I was arrested about 20 minutes later and charged with Burglary (because it was an attached garage), and I accepted a plea deal for Breaking and Entering.

Slashdot Top Deals

It is difficult to soar with the eagles when you work with turkeys.