Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:Not viable on Windows 10 (Score 1) 228

What they're trying to say is that there are situations where this will not work, where Windows will not ask you for the password, but just fail instead, thus concluding that for some things your account MUST have admin rights.

Oh you mean how apt-get will fail if I forget to run through sudo? Is that a Linux problem

Comment Re:Not viable on Windows 10 (Score 4, Insightful) 228

They can't make it work. Windows core architecture is fundamentally broken and insecure. See MS's documentation about security tokens and permissions. You can only unmask permissions since 2008R2. This means that your process starts with max permissions and is masked to reduce it. Totally unlike the authentication/authorization and security elevation process in pretty much every other system out there.

No, your process starts with a *masked* token. The security subsystem creates *two* tokens when you log in: One with all of your privileges and one where "admin" privileges has been masked out. Switching from the masked token to the unmasked token is called *elevation*.

The desktop process (explorer.exe) and any process that you launch will *by default* use the non-elevated token. This means that by default none of your user processes have admin privileges, even if you logged in using a admin account. It is understandable that someone only familiar with the Linux/Unix model does not get this at first, because Linux/Unix do not have *tokens*. The *nix model can only describe the permissions of a process through an "effective user" - i.e, a reference to an account. No token.

On Windows, each process has a security token which by default is inherited from the parent process, but may differ. This is not possible on *nix where you need to refer to some user id to describe the privileges indirectly.

An executable's manifest may indicate that the it needs certain admin privileges when executed. In that case, Windows will look up to see if your *unmasked* token fits the required privileges. If it does, Windows will prompt you for consent to use the elevated token. If you approve, the new process is launched with the elevated token that was created and stored when you logged in.

Comment Re:Duh? (Score 1) 228

Windows still runs the GUI as part of the kernel?

No. The GUI runs under the logged-in users non-elevated account, i.e. even if you log in as an administrator, the administrator privileges are stripped from the user token that is used for the desktop (GUI) process. (the explorer.exe process).

On the driver level, graphics drivers are split in two: A (hopefully) smaller kernel part as well as a user-mode part. This split is for reliability and security. By keeping the kernel mode small, the developer can limit the attack surface and maximize reliability. A memory corruption bug in the user-mode part can at the most cause the specific application to fail.

Comment Re:Someone has been visited by an MS rep (Score 1) 557

No, it was a deal.

MS: Oh, Munich, we're considering moving our HQ to Munich.

Munich: Oh, that's great!

MS: But of course it would look a bit, eh, silly no? Munich running Linux with our HQ there.

Munich: Don't worry, we'll fix that!.

It would have to me more like:

MS: Oh, Munich, we're considering moving our HQ to Munich.

Munich: Oh, that's great, but your HQ is already in Munich?

MS: Oh? ok, then we'll consider not moving our HQ *away* from Munich.

Munich: Oh no, please don't do that! We'll do anything to keep you here!

MS: About that: It does look silly Munich running Linux with our HQ here

Munich: Don't worry, we'll fix that!.

Hint: Microsoft was already in Munich. They simply moved from the outskirts to a new building.

Or maybe the HQ location did not actually play into this.

Comment Re:Someone has been visited by an MS rep (Score 1) 557

Note also that the study supporting the move back to WIndows was carried out by Accenture (some of us know them better by their old name, Andersen Consulting). Accenture was Microsoft's Alliance Partner of the Year in 2016, so I'm sure that they have a neutral, objective reason for recommending Microsoft software.

Yes, well, Accenture is also a Red Hat strategic partner, as well as partner of Google, Salesforce etc. Studies like these are not carried out by the same branch that specializes in a partner technology.

An alternative to conspiracy theories could be that the employees of Munich actually want to switch to another system with less problems with standard software and drivers. Maybe they want to be able to use fingerprint readers, ID/chip card printers etc. Or maybe maintaining your own distro (Limux) was not such a good idea.

Comment Re:Queue the headphone jack comments (Score 1) 131

Again, I am not an Apple Fanboi - but when they were APPLE COMPUTER (as you put it) they didn't have anything to take over when the Apple II got long in the tooth. Then they didn't have anything to take over when the iMac got long in the tooth. Then they didn't have anything to take over when the iPod got long in the tooth. Now it's the iPhone.

What does Microsoft have when Windows & Office are "long in the tooth"? What does Google have when search / ad revenue is long in the tooth? What does Exxon have when petrochemicals are long in the tooth? All these companies, including Apple, are diversifying their revenue as best they see (Microsoft with Azure, Apple with services, like iTunes, Appstores, etc. Google with ideas that never pan out. That kind of thing).

Why are people always predicting the imminent doom of Apple? For like 30 years, Apple has been "going to fail any day now". Frankly, Apple (and Microsoft and Google and many others) have so much money that even if the iPhone suddenly stopped selling because someone else makes "the next new thing" - Apple can just buy that thing out or buy a team to replicate it.

Comment Re:Queue the headphone jack comments (Score 3, Interesting) 131

Then again, Cook is no Steve Jobs. Steve Jobs brought "Gorilla Glass" to the masses. Tim Cook tried and failed with "Sapphire Glass". Steve Jobs was the iMac, iPad, iPhone, iPod - Cook was iWatch and iBuds - and dwindling sales of computers, iPads, and loss of market share for iPhones.

I'm not an Apple fanboi (feel free to read my years of posts, many of which are not Apple friendly) but if you look at the numbers, Mac sales went up not down. I'm also fairly sure Apple couldn't give a shit about the market share of iPhone considering they make like 100% of the profits, with what marketshare they have.

I don't really feel inspired by Cook, either - but to say he's failing at making Apple a profitable company is just your own Reality Distortion Field. Apple is the most profitable company on earth and it has been pretty much since Cook starting running it. It's making more money than ever. He's doing exactly what he's supposed to be doing - making a shit tonne of money. That might not be cool for people who really love tech - but he's tasked with making Wall Street and investors happy, not geeks.

Comment Re:Word 2013 rated garbage (Score 2) 202

Oh that's disappointing. I was really hoping to use Real Office(tm) on my Mac, not that pathetic port version Microsoft still ships for Macs - and yes I am being serious, not sarcastic. Some of the Excel features I really need are missing and the simply fact of not having favourites folders in Outlook is beyond irritating. Parallels is slow as hell.

Comment Re:Firefox is back! And windows exploit more $$$? (Score 1) 56

Windows kernel exploits are worth more because they're worth more on the open market (because that's where the corporate data is and corporations pay ransoms). pwn2own has to compete with the black market, after all.

Wrong. All of these prizes are far below what a zero-day exploit is worth on the black market. This contest is not a way to overbid the black market; rather it is a way for white-hats to showcase their skills and bring attention to vulnerabilities.

The prizes a set to reflect the expected difficulty; the hardest target - the ones that involves the most work - pays most. Virtual machine escapes are considered really hard because of the very limited attack surface.

Windows 10 is considerably harder to crack than Linux and OS/X. The latter 2 still have *far* to many services running as root and still exposes a lot of SUID root executables. Windows 10 has also adopted many of the EMET anti-exploit techniques. You'd have to harden Linux with grsecurity to achieve the same level.

Comment Re:Firefox is back! And windows exploit more $$$? (Score 1) 56

Possibly - but there's likely a similar set of drivers. a) Microsoft is paying for the bounties. b) Again, criminals know if they can break Edge, they will get a sizeable number home users now and more in the future and c) (some) corporations are more likely to use Edge than Chrome, especially as more move to Windows 10.

Comment Re:Firefox is back! And windows exploit more $$$? (Score 1) 56

Windows kernel exploits are worth more because they're worth more on the open market (because that's where the corporate data is and corporations pay ransoms). pwn2own has to compete with the black market, after all. If you discover have a Windows exploit - you can sell it for a lot of money if you sell it exclusively. Not so much an OSX and even less a Linux desktop exploit. So market forces dictate that, if you want people to actually turn up to pwn2own and show you their exploits, you need to make it attractive, not just to pure whitehats but to greyhats, too. If they can get $50,000 or something from "some guy in Russia" you can't very well offer $5,000 and hope they tell you out of the goodness of their hearts.

Slashdot Top Deals

/* Halley */ (Halley's comment.)

Working...