Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Keep an eye out for Unlocked Phones (Score 2) 109

Updates for iPhones come direct from Apple. There's no gating by carrier, because Apple had the clout to tell the carriers to shove it when it came to customizing it with their particular crapware.

It's called a "cloud", not a "clout".
Use a spellchecker, dude!


When you speak of someone having clout, it usually means that they communicate a sense of power or influence, particularly in the political sense. "You’ll wanna talk to that big guy over there if you want me to let you in. He’s got clout."

Use a dictionary, dude!

Comment Re: No, because it FUCKING FAKE NEWS AGAIN (Score 5, Informative) 445

Clinton and Pence both hired a law firm to determine which emails would be considered private and which emails would be subject to the records keeping act. It was not illegal for neither Pence nor Clinton to use a private (non-gov) account, as long as they submitted all "official business" emails for record-keeping. Both did.

There is no material difference between using an AOL account or using a private server. Indeed, one could argue that using a private server you can at least account for who have had access to the emails. In the AOL case, there is no way of knowing. A private account - on AOL or a private server - cannot be used for classified material.

In the Clinton case it *was* determined that she had sent
- some emails where the contents was retroactively classified. This is not criminal, as Clinton the material *was not* classified at the time.
- A total of 3 emails which contained classified information at the time. However, the "classfied" markings were non-standard which could explain why Clinton did not notice them.

It was not illegal to set up at private server. Clinton was clearly aware that she should not use it for classified material; otherwise you would see a lot of classified material with standard markings on the server. Which there was not.

Maybe she should have realized that there was a risk that she may accidentally send classified material. IMO the greater risk was that state dept. employees would send classified material *to* her account. Was it reckless? Possibly. Criminal? No.

If Pence has sent classified material from his AOL account, it is equally illegal, regardless of whether the account was "official". If he did not instruct aides to avoid sending classified material *to* his account, it would be equally reckless.

Fun fact: Pence was hacked. Clintons email server was not.

Comment Re:Not viable on Windows 10 (Score 1) 238

What they're trying to say is that there are situations where this will not work, where Windows will not ask you for the password, but just fail instead, thus concluding that for some things your account MUST have admin rights.

Oh you mean how apt-get will fail if I forget to run through sudo? Is that a Linux problem

Comment Re:Not viable on Windows 10 (Score 4, Insightful) 238

They can't make it work. Windows core architecture is fundamentally broken and insecure. See MS's documentation about security tokens and permissions. You can only unmask permissions since 2008R2. This means that your process starts with max permissions and is masked to reduce it. Totally unlike the authentication/authorization and security elevation process in pretty much every other system out there.

No, your process starts with a *masked* token. The security subsystem creates *two* tokens when you log in: One with all of your privileges and one where "admin" privileges has been masked out. Switching from the masked token to the unmasked token is called *elevation*.

The desktop process (explorer.exe) and any process that you launch will *by default* use the non-elevated token. This means that by default none of your user processes have admin privileges, even if you logged in using a admin account. It is understandable that someone only familiar with the Linux/Unix model does not get this at first, because Linux/Unix do not have *tokens*. The *nix model can only describe the permissions of a process through an "effective user" - i.e, a reference to an account. No token.

On Windows, each process has a security token which by default is inherited from the parent process, but may differ. This is not possible on *nix where you need to refer to some user id to describe the privileges indirectly.

An executable's manifest may indicate that the it needs certain admin privileges when executed. In that case, Windows will look up to see if your *unmasked* token fits the required privileges. If it does, Windows will prompt you for consent to use the elevated token. If you approve, the new process is launched with the elevated token that was created and stored when you logged in.

Comment Re:Duh? (Score 1) 238

Windows still runs the GUI as part of the kernel?

No. The GUI runs under the logged-in users non-elevated account, i.e. even if you log in as an administrator, the administrator privileges are stripped from the user token that is used for the desktop (GUI) process. (the explorer.exe process).

On the driver level, graphics drivers are split in two: A (hopefully) smaller kernel part as well as a user-mode part. This split is for reliability and security. By keeping the kernel mode small, the developer can limit the attack surface and maximize reliability. A memory corruption bug in the user-mode part can at the most cause the specific application to fail.

Comment Re:Someone has been visited by an MS rep (Score 1) 557

No, it was a deal.

MS: Oh, Munich, we're considering moving our HQ to Munich.

Munich: Oh, that's great!

MS: But of course it would look a bit, eh, silly no? Munich running Linux with our HQ there.

Munich: Don't worry, we'll fix that!.

It would have to me more like:

MS: Oh, Munich, we're considering moving our HQ to Munich.

Munich: Oh, that's great, but your HQ is already in Munich?

MS: Oh? ok, then we'll consider not moving our HQ *away* from Munich.

Munich: Oh no, please don't do that! We'll do anything to keep you here!

MS: About that: It does look silly Munich running Linux with our HQ here

Munich: Don't worry, we'll fix that!.

Hint: Microsoft was already in Munich. They simply moved from the outskirts to a new building.

Or maybe the HQ location did not actually play into this.

Comment Re:Someone has been visited by an MS rep (Score 1) 557

Note also that the study supporting the move back to WIndows was carried out by Accenture (some of us know them better by their old name, Andersen Consulting). Accenture was Microsoft's Alliance Partner of the Year in 2016, so I'm sure that they have a neutral, objective reason for recommending Microsoft software.

Yes, well, Accenture is also a Red Hat strategic partner, as well as partner of Google, Salesforce etc. Studies like these are not carried out by the same branch that specializes in a partner technology.

An alternative to conspiracy theories could be that the employees of Munich actually want to switch to another system with less problems with standard software and drivers. Maybe they want to be able to use fingerprint readers, ID/chip card printers etc. Or maybe maintaining your own distro (Limux) was not such a good idea.

Comment Re:Firefox is back! And windows exploit more $$$? (Score 1) 56

Windows kernel exploits are worth more because they're worth more on the open market (because that's where the corporate data is and corporations pay ransoms). pwn2own has to compete with the black market, after all.

Wrong. All of these prizes are far below what a zero-day exploit is worth on the black market. This contest is not a way to overbid the black market; rather it is a way for white-hats to showcase their skills and bring attention to vulnerabilities.

The prizes a set to reflect the expected difficulty; the hardest target - the ones that involves the most work - pays most. Virtual machine escapes are considered really hard because of the very limited attack surface.

Windows 10 is considerably harder to crack than Linux and OS/X. The latter 2 still have *far* to many services running as root and still exposes a lot of SUID root executables. Windows 10 has also adopted many of the EMET anti-exploit techniques. You'd have to harden Linux with grsecurity to achieve the same level.

Comment Re:How is this news? Cygwin has been around since (Score 2) 170

Ok - I fail to see how this is news. Cygwin has provided Gnu tools in windows forever. Cygwin-X has provided X11 in Windows forever.

SFL and Cygwin have drastically different performance profiles.

SFL is syscall translation in kernel space running on pico processes; Cygwin is syscall emulation in userspace running Windows processes and Windows threads.

Windows is built around an object oriented philosophy (handles) where, for instance, access rights are established upon handle creation. Handles covers many more types of resources in Windows compared to e.g. file descriptors or inodes in Linux. But the key difference is in lifetime. Under Linux access rights are checked on each access. Under Windows you request access rights on handle creation, a jump table is established with an entry for each operation - some of them pointing to "access denied" - and hence Windows does *not need* to check rights on each access. Now, if you want to emulate Linux inodes/fds, you would need to create/dispose the handle on each access, or design some system with cache/sweep. Either way you are going to sacrifice some performance. And this is just one example.

SFL uses pico processes which do not own Windows handles the way Windows processes do. It is Linux like processes running on top of pico processes. I believe the real work for MS has been in the areas where those processes touch the same interfaces (such as file system) which must allow for the Linux way of accessing resources.

Comment Re:How does it work? (Score 2) 170

So it's Line as in "Line is not an emulator"?

Yeah, pretty much. The NT kernel was designed from the start to support multiple subsystems (think OS/2, POSIX, Windows). Hence, there's an abstraction layer that lay dormant but came in handy for something like this.

SFL builds upon something called "pico processes" - which is derived from the initial idea of multiple subsystems. A pico process is a process that is stripped for everything OS specific. It can be used to build "Linux-like" processes on top instead of Windows processes. But it seems that it really is just realizing the original design idea.

Cygwin was pure userspace, as in the syscalls were implemented as userland services. SFL is implemented as kernel-level syscalls from processes/threads that are not Windows processes/threads.

Comment Re:Better summary (Score 1) 133

Anything that connects to the display (and keyboard and mouse or other SHARED input/output device by implication) needs to be trusted.

That's true in Windows and Linux and Unix and IBM mainframes and on and on.


Guess they'll have to reinvent User Interface Privilege Isolation. Don't hold your breath, though.

Comment Re:How about something more useful? (Score 1) 156

When the kernel enters the BSOD/crash routine, nothing is guaranteed to be safe. The stuff that was pre-allocated and set aside? Not safe.

Incorrect. Any memory that has been marked as read-only can absolutely be considered safe. Indeed, the STOP condition may have been caused by some process or the kernel attempting to write such memory. So if the OS marks its core memory (code, jump tables etc) as readonly after loading, those jumptables and that code can absolute be assumed to be safe.

How does a CPU "know" where the QR code routines are at? By a jump table full of pointers to locations in RAM

No, initialized pointer to jump table sitting in readonly memory pages.

I have seen computers crash so hard that they could not even spit out their error message and the result of trying was to do some nasty things with the floppy disk controller.

Obviously that can happen. If the graphics card misbehaves, attempts to use the screen could fail miserably. Likewise with disk controllers.

That not the point, though. The point is what *extra* assumptions generating QR codes makes about what components are still safe to use. If QR code generation makes further assumptions, then yes, it could be a problem. But as it stands, the STOP handling code already uses the screen (error message) and disk (dump to pagefile). If coded correctly (engineered for failure) it makes no further assumptions and thus does not increase any risk.

It's like you and GP totally ignore the most basic principles of OS design and common engineering principles. No, I have not seen MS's code and cannot claim that they make no further assumptions about heap, device drivers etc. But cannot the the reverse either. I *assume* that they are more competent than you and GP, however, and make good use of read-only memory.

Slashdot Top Deals

Real Programmers think better when playing Adventure or Rogue.