Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:if there is real competition is space .... (Score 3, Insightful) 84

It's not so simple: the initial investment is huge, and the returns are slow. It takes a visionary (like Musk), with a bottomless well of cash (like Tesla Motors) to enter the playfield. There are safer investments with higher and faster returns if one has that kind of money, and wants to multiply it. Without the "vision" it's simply not going to happen - corporations prefer easy, immediate profits over multi-decade investments, and the asian ones are more conservative that way than the western ones.

For this to happen, it takes a special kind of person in a leadership position. This *might* happen, but I don't see any candidate currently.

Comment Re: Computer? (Score 1) 326

They have a turing-complete CPU. They have memory and storage. They have input and output devices.

That pretty much sets them as general purpose computers.

Oh, that's not their intended purpose - not what they are marketed at. Overcoming the lockdown may take some work. But you CAN run arbitrary computation on them, even with the lockdown.

Even on IPad, where they paid close attention to disable general computing to a degree where Commodore 64 emulator was banned because it runs Commodore BASIC, you can still load a page that contains:

<textarea id=x></textarea> <input type="button" onclick="eval(document.getElementById('x').value)"/>

and type away your general computation in Javascript.

Note, by the same virtue, a Postscript printer is also a general purpose computer. But yeah, using the right Postscript, people were playing chess against Postscript printer/scanner devices - the printer would print the chessboard with the pieces, the player would draw the move with an arrow, then scan it in, the printer would recognize the move, calculate a response and print it out. So, yeah, that's general purpose computers for you.

Comment Re: Computer? (Score 1) 326

Oh, you just didn't hear about them.

There haven't been many *LOUD* wide-scale attacks on these devices.

Their malware tends to stay under the radar and do its thing without drawing attention. It's quite ubiquitous though.

There are apps that run bitcoin mining on your Android phone.

There are apps that cheat on ad revenue, loading ads en masse (and not displaying them, or you'd long uninstall them).

There are quite a few spyware apps.

Due to the lockdown, traditional "viral" spread is limited. In most cases, "trojan horse" technique is employed. Legal, useful apps in the app store, that have a second, clandestine function. Since getting rid of the malware is pretty easy, and malware that can't make its way into some official store will never reach broader victim base, they just stay under the radar, doing their thing without alerting the users to their presence and without being *overly* harmful.

Comment Re:yet more poor design. (Score 1) 113

You MUST be monitoring the sandbox to tell if it's been corrupted by malicious code. Otherwise the whole scheme crashes and burns, as the attacker hijacks the sandbox and infects the clean uplink. And that can take a very short time, so "periodic re-creation of sandbox" is not a solution. Tight monitoring a'la running in a debugger is the way.

Of course in case the sandbox is corrupted, it would need to be re-created, but that *hopefully* wouldn't be too frequent.

Comment Re:yet more poor design. (Score 1) 113

Not always viable, but that point is a very weak point anyway. The host's kernel *can* pass all traffic transparently to VM and never be at risk. It just needs to be done, no challenge here.The challenge is assuring the sandboxed environment isn't hijacked - the same way currently the root's environment is being hijacked. While the hijack would be unable to escape the sanbox by itself (or at least only with great difficulty), it can infect the "clean" uplink, and infect the host with other malware (albeit on receiving user's rights, not root.)

Currently, this is unavoidable, as the moment the malware has admin rights (moreover, KERNEL rights!) it can disable any control mechanisms and operate freely. With the VM, the host could supervise the sandbox and prevent infection of host in case the sandbox kernel is compromised. This is important, this is the real danger, and this is difficult.

Comment Re:yet more poor design. (Score 1) 113

Yes, unless the attacker is prepared for this. They won't attempt jailbreak if they are not aware they are on VM (plus it IS difficult), and with the right setup the kernel will pass data to VM pretty much transparently - IF the traffic is directed at the VM. Not quite the case if the traffic is directed at the host, and the kernel squeezes it into VM regardless (though still possible to do safely).

Plus the only thing that goes back to host from the VM is display, and well-encapsulated I/O to be passed through without peeking in. Not the entire inbound network traffic, and all the data from disk. If the sandboxed filter is compromised, and can infect the stream, the host can be compromised.

In case a mainstream antivirus implements this, the attacker will know this and may attack the sandboxed environment, never even trying to jailbreak, then just infect the pass-through data and use that to infect the host, instead of acting on it directly.

Imagine you have a hardware firewall, and your computer plugged into it. Now the attacker takes control over the firewall's system... how secure is the computer now?

Comment Re:yet more poor design. (Score 1) 113

Setting up a sandbox is a one-time deal on startup. Giving the process a preferential treatment in the scheduler is viable approach; another is to bypass the whole heavyweight system of accounts and authentication and carve your own sandbox from scratch, a separate, minimal subsystem of lowered privileges, a'la VM.

Comment Re:yet more poor design. (Score 4, Informative) 113

The 'real kernel' still needs to pass it down into the VM from physical media for processing. And the VM would need to be supervised by the host, not just launched and forgotten - the sandboxing won't help much if the virus hijacks the sandbox, and makes it pass everything through as 'clean' regardless of the content - the host needs to constantly monitor integrity of the checking process.

There are 'jailbreak' attacks that allow escaping VM sandbox and infecting the host, but they are difficult and rare.

Comment Re:yet more poor design. (Score 5, Insightful) 113

They need to hijack all network and file operations, so they do need hooks in the kernel. But these should be minimal, passing the data down to a sandbox without even peeking inside. The fact data that is *expected to be malicious* is allowed to interact directly with kernel level code is definitely FUBAR.

Comment Re:Small black holes, right? (Score 1) 220

To be precise, it's size would be zero. It's a singularity, no actual size.

The diameter given when describing size of a black hole is the diameter of event horizon created by the black hole. It's still just "empty space", but that's a point-of-no-return, and whatever's inside, will not escape (minus Hawking Radiation, but that's nitpicking) and that's an important characteristic that describes a limit beyond which everything is "as good as inside the black hole", the 3km from the center not doing a squat of a difference when the outside world is concerned.

Slashdot Top Deals

Time is an illusion perpetrated by the manufacturers of space.

Working...