Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:Fake News (Score 1) 276

Considering the engines provided a max of around 22,000 pounds of thrust and the plane weighed around 30,000 pounds empty, the brick strapped to a rocket analogy is inaccurate. The aerodynamics work, if there is a rapid enough input to deal with the rapid changes in airflow. The same has been the case since at least the F-14; the F-117 was just an extreme case. Modern fighters are even less statically stable than the Nighthawk was. It's what gives them their maneuverability.

Comment Re:But.. (Score 1) 178

The incremental cost is probably minimal, especially compared to the cost of existing bottle redesigns, as are the potential lost sales. I've seen various attempts to market bottles in forms that are supposed to get more of the product out (only the 409 bottles that feed from the bottom via a molded tube seem to fully work), and that can absolutely be a sales pitch. I hate trying to get the last of the mayo out of the jar because I end up having to dirty a spatula to get at the remnants. I'd happily get something that would allow me to pour out the last bits instead, and I suspect many others will, too.

Comment Re:Okay - that was quick. (Score 2) 895

that explains picking a Judge with only ten years of experience to the Supreme Court instead of the most experienced one that could be found.

Chief Justice John Roberts had five years of experience as a judge before being nominated for Associate Justice to replace retiring Justice O'Connor and then being nominated to replace Chief Justice Rehnquist when he died. While I don't agree with everything he says, he's done a good job of steering the court overall.

Going after the most experienced usually means going after the oldest, which has some potentially significant downsides not just in terms of time on the Supreme Court but also often least understanding of current issues. Going after the most qualified does not mean the most experienced.

Comment Re:I did a complete 180 on AV software (Score 1) 231

SEH has been present in some form since at least XP. It's old tech, with numerous bypasses. Windows 10's big improvement is Control Flow Guard.

Getting around ASLR is relatively easy if any library loads that does not use ASLR, and this is unfortunately very common.

Comment Re:I did a complete 180 on AV software (Score 1) 231

Win32 even had account personation services

Account impersonation is still there, even in 64-bit Windows. It's required for how Windows works. If you want to see it, set up a VM, run Metasploit against it (use smb_login) and get a meterpreter shell, load incognito, and list and impersonate tokens to your heart's content.

Vista god bless it made UAC, privilege speration, scrambled ram addresses with aslr, buffer overflow protected buffers in c/c++, and psuedo local admin accountants which instead used a token to run something.

UAC has numerous bypasses, privilege separation has existed since at least NT4 (maybe 3.51), ASLR only applies to the heap and only when the library or executable is compiled to do so (or is forced by EMET, which can crash some applications), buffer overflow protections can be bypassed using SEH or ROP gadgets, and as I mentioned above, tokens are still around. Another note on ASLR: it only takes one library in the entire chain of libraries called to not use ASLR to make it ineffective. Also, ASLR on 32-bit Windows is weak, having only 128 possible addresses without factoring in predictability that is inherent in the system, and if the process crashes and restarts relatively gracefully, it's not hard to hit a valid address. ASLR on 64-bit Windows is much more difficult to bypass.

Comment Re:In the U.S., why isn't this obsolete by now? (Score 1) 129

Failure to register a foreign birth with the State Department risks the citizenship not being recognized if it's not done before the child's 18th birthday. Depending on the citizenship laws of the nation of birth and the parents, this places a risk of the child becoming stateless upon his or her 18th birthday.

Comment Re:Encryption (Score 1) 319

It doesn't really matter. I'd do that with any job.

But for the current job, it means when I'm on vacation, out at dinner, or just don't want to be bothered by work, I can silence or turn off the work phone and not be bothered by customers, who have fallback contacts if I'm not available. At previous jobs, MDM was required for any phone connecting to the corporate network, and there is no way that I'm giving control of my phone over to someone at corporate, especially since I had no trust that I would have a job from day to day. (Not concerning my performance, but random cuts happened for little apparent reason because the company couldn't hit its stated profit goals, targeting some very good people.) I really didn't want my personal phone wiped either intentionally or accidentally by corporate, not to mention the possibility of reading it.

Comment Re:Encryption (Score 4, Interesting) 319

I do not, nor have I ever, used my personal cell phone for work purposes. Key work people may have the number for emergency purposes, but it's made clear that me providing that number is a serious point of trust, and that it should never be used except for the most dire circumstances. My work cell not answering doesn't count. Clients are to *never* get that number.

About a year ago, I took a job where they don't provide a phone. I chose instead to purchase a separate line that is used entirely for business. Only a few personal contacts have the number (parents and wife, basically). If I ever leave the company, the line gets disabled (phone was purchased off contract) so I don't have to field calls from clients. Even if I choose to use the phone with a new employer, it will get a different number. The cost of the phone and extra line comes off taxes each year.

When traveling internationally, the phone gets backed up, wiped, and reinitialized with a separate ID that has no links to the old except for necessary work contacts. Something similar happens to the notebook. After returning home, what little new data is present is backed up, then the pre-trip backups are restored.

All devices are fully encrypted, so reinitialization gets a fully clean start.

Slashdot Top Deals

This is an unauthorized cybernetic announcement.

Working...