Please create an account to participate in the Slashdot moderation system


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Only as safe as the sandbox (Score 1) 167

Rust does not aim to provide you a sandbox to run untrusted code. Its goal is to provide type safety. It means that code written in Rust is as safe as written in Python or in another high-level language, but it runs as fast as if it were written C++.

Obviously, it could be bugs in the Rust compiler or an unsafe library that you use, but the attack surface is much smaller in this way. Take a look at programs written in high-level languages, you do not hear about buffer overflow and other low-level attacks against them very often, though they also rely on some unsafe code and may have implementation bugs.

Most attacks against applications written in high-level languages focus on the application logic. For example, attackers may try to force the application to overwrite some configuration file, which enables them a remote access, or create an executable file, which can be then run remotely, etc.

So for most practical purposes, Rust eliminates certain classes of attacks. This does not mean that applications written in Rust are truly safe, but they are likely to be much safer than written in C/C++.

Comment Re:Not saying I disagree with Torvalds (Score 1) 576

Apparently, you have never managed any software project for many years. Because if you did, you would realize that people are different, and some far more sensitive to criticism than others. Also a lot depends on the overall culture in your organization. So without any specific context, all those generalizations about what "a wise manager" is supposed to do is UTTER nonsense.

Now if we speak about the Linux kernel, the fact is the success of the Linux kernel is largely due to Linus ability to keep many talented people involved, and he works with same people for many years. So whatever words he chooses to express himself, it does not seem to affect his working relationship with those people. Also I do not remember that he has ever criticized newbies, who are still learning, or anyone like that. Practically, all his harsh words were directed at his lieutenants, who were entrusted to keep the source code to a certain standard, but failed to do so.

Finally, I will never trust you (or anyone else) just because you are willing to work on some stuff. I can trust you only if I know that you can deliver the result that meets certain requirements. I had a developer who tried to be nice and willing to work on almost anything, but his code was nearly always crappy, so giving him nearly any task (aside the most trivial stuff) was completely useless. So we had to part with him. So the question is not what you are willing to do, but what you can deliver in practical terms.

Comment Re:Not saying I disagree with Torvalds (Score 1) 576

Professional and effective managers always reprimand in private, and praise in public. DON'T work for someone who doesn't follow that rule, life is too short.

First of all, Linus does not do any hiring and does not pay anyone's salaries. So anyone is free to choose whether to work with him or not. Many top developers started to work with him because it's fun, and only later they were able to find a job related to the kernel development.

Second, I do not see anything wrong with public reprimand if the person is clearly wrong, because it is a matter of honesty and trust. This can be a problem only if the person cannot respond to the criticism, because he is afraid to lose his job or something like that. Clearly this is not the case with Linux development. I have never seen Linus harshly criticizing anyone who would be afraid to respond.

The only thing that I do not like is that he uses profanities a bit too much, but if it helps to keep crybabies away then it is not too high price to pay...

Comment Re:They're bums, why keep them around (Score 1) 743

No one forced the Greece government to take so much debt. In fact, the Greece government tried to hide how much debt it accumulated until it became impossible to hide.

Now the problem is not just a huge debt that Greece accumulated, but low productivity, aging population, prevailing corruption on all levels. I think investors could agree to some compromises if Greece had any real strategy to repay a substantial part of the debt. The current "balanced" budget comes at enormous social cost, and that is simply unsustainable in the long run. There have not been any real economical reforms that would make Greece more competitive in the world market. So it looks like Greece just wants the old debt to be forgotten, so it can start borrowing again...

Comment New fuel (Score 1) 445

It appears that the accident is linked to the use of new fuel and related modification to the engine. Unfortunately, no amount ground testing can guarantee safety in the air. This is true for jet-engines as well. However, a jet-engine failure rarely leads to a deadly outcome for the testing crew. In most cases, the pilot can land the plane safely even with a severely damaged engine. Failure of a rocket-engine leads to a large uncontained explosion with little chance for the crew to survive. In the age of drones, we should not use human beings during such tests.

Comment Re:Hmmm (Score 1) 230

Any sysadmin who is thinking about it, would put a web server and all it's components in a chroot jail and force it to run in user space and set up to refuse interactive logins for this user.. That way any "escalations" of privilege won't get you much more than the web server. It's easy, quick and effective.

If an attacker find a way to escalate privileges to "root" within the chroot jail, he can take over the whole system. So, a chroot jail does not help much except by limiting the surface of the attack to escalate privilege. For example, you can eliminate all suid programs within the jail environment. However, such manual installation can be difficult to maintain as automatic updates may not work. So, the chroot jail is not any better than properly configured AppArmour or SELinux, which also allows significantly to restrict what the web user can access.

Usually a more secure and simpler solution is to use OpenVZ (or another paravirtualization) to isolate the virtual machine that run the web server.

Linux is BY DEFAULT more secure than Windows, mainly by design.

I am not sure I can fully agree with you here. A lot depends on application installed, the system configuration, and how the system is used, and other things that have nothing to do with design. The only thing where Linux clearly wins is when you want to harden security accordingly to your needs. Linux is far more transparent, so it is easy to configure it properly, while Windows does a lot of things behind your back and some of them may unintentenly can compromise security.

Comment Re:Gcc 4.9.0 very new (Score 2) 739

Why would anyone use a new gcc release three months old for critical components?

The bug was introduced in gcc 4.5.0 (which was released in April 2010), so it took 4 years with active use of gcc before kernel developers could pintpoint the cause of some strange kernel crashes.

So how long are we supposed to wait before using a new GCC release?

Comment Re:one question (Score 1) 256

From what I've read cultists also seriously kludged their deployment resulting in a good bit of the gas ending up in the ventilation shafts rather than in the subway tunnels.

Though deployment of Sarin was far from perfect, the gas was released mostly inside of trains, so I am not sure why ventilation shafts playing any important role in that. In any case, despite a huge number of people who were exposed to the sarin, only very few of them died, because of impurity.

There was another attacked conducted by Aum Shinrikyo just 9 months prior to the attack on the Tokyo subway. In that attack sarin was released in one neighbourhood on unsuspected people late in the vening, which caused seven deaths (plus one more victim, who suffered severe brain damage, died 14 years later). So, this is a scale that a well orgganized terrorirst group can achieve.

The death toll in the Ghouta attacks in Syria clearly indicates that military-grade gas and delivery systems were used. I think there will be more evidences when the UN report will be released.

Comment Re:one question (Score 1) 256

Heck some cults have done it in the past, and used them, I just can't for the life of me remember their name(s) at the moment.

I guess you mean Aum Shinrikyo. They released sarin in five coordinated attacks on the Tokyo subway at the peak of the rush hour. As result, 13 people died and about 50 people were severly injured. The death toll was not as high as one might expect because of impurity, which caused its quick degradation.

To kill over 1400 people over a large area of open air requires completely different expertise in chemical weaponry and much larger amount of the nerve gas.

Comment different degrees of understanding (Score 1) 330

I think most programmers know English well enough to comprehend technical messages in English. Some of them who used to having English UI may prefer English to their native language as it makes easier to search for the solution. Still some other programmers may strongly prefer to have the UI in their native language, as it makes the UI of the program more consistent with the rest of applications that they are running.

In fact, being able to use the UI in English is not same as being comfortable with English when it comes to reading. For example, many programmers in Russia find rather challenging to read any large documentation in English. For that reason alone, they switch to the UI in Russian as it makes all documentation to appear in Russian if it is available. Now if you switch between two or more programs using the UI in different languages, it can be slightly annoying, but usually it is not a dealbreaker.

So when you start a new tool, I do not think it makes sense to spend much time thinking about localization. If your tool gets really popular among developers then you will have more time to think about the issue. If it is an open source project, you are likely to be offered a helping hand by someone who has more experience in localization than you.

Comment Re:Pay the penalty where it is cheap. (Score 1) 330

Google Translate usually works better translating from Russian into English than in the opposite direction, because English has more ambiguity. People use common sense when they read, so they do not notice any problem in most cases, but any automatic translation tool has neither common sense nor understanding of the context in which the phrase was used.

Comment many reasons (Score 2) 84

There are many reasons why malware is so rampant in poor countries.

1. If majority of population cannot afford buying software legally, even those who can afford do not buy it, because they see no reason to pay relatively huge money for something that almost everyone gets for free. Piracy creates increases the risk not only because some pirated software may include malware, but automatic update is often disabled to prevent the pirated version being detected by the vendor.

2. Old computers often mean that they cannot run new software, which means a lot of software in use is no longer supported by the vendor, and there is no security updates for it (even if it was bought legally).

3. Sharing a PC among many people is very common. This dramatically increases a chance of some virus being introduced, because it feels like no one responsible. If something bad happened, anyone can claim it is someone else's fault. Thus anyone feels free to do whatever damn thing comes to his or her mind.

4. There is no police to fight cyber crime, so cyber criminals can do whatever they want with virtual immunity. In fact, common attitude is to blame victims (they should not have installed some pirated software, they should not have visited such sites, etc).

5. Most people do not use their computer to store or transmit any private sensible information (such as credit card numbers), so as long as malware does not interfere with their work, they are reluctant to take any action to remove it. Usually they do not have any antivirus software except perhaps a demo, which can only scan but does not remove malware. So they have to pay some money a local "guru" to clean up their computer, but only to find the computer infected again in less than a week later (probably, due to some unpatched software, infected an USB stick, or some other reason).

6. Very low computer literacy means that people have less understanding about how computers work and how to use them safely. So they may download and install programs that make some completely unrealistic promises (such as making your computer or Internet connection twice faster). In general, they have no clue about the source from which they download software.

Slashdot Top Deals

It is better to live rich than to die rich. -- Samuel Johnson