Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Eliminate Ambient Authority in the Human Body? (Score 1) 258

Ambient Authority is the root cause of most of the woes of modern computing. Your OS of choice doesn't know how to even ask "which files should this program have access to, for this instance", and just gives programs free run to do as they please... until this is fixed, we're going to have virii.

Cancer on the other hand is a situation where a cell already has resources it's supposed to have, but doesn't get rate limited in the use of them, allow it to grow, divide, and multiply.

Two fundamentally different problems.

Comment The targets aren't fixed points. (Score 4, Insightful) 191

The problem with predicting where to go to stop crimes is that many of the crimes in Chicago are gang related, instead of property related. Houses to be robbed don't move, but rival gang members can be found anywhere. Predictive algorithms assume fixed targets.

If there was a real crackdown on Gangs, crime would decrease for a while, but I think that too many bribes are preventing that from happening. It would be far better to legalize drugs, defunding the gangs.

Of course, as a privileged white male from the suburbs, I could be wrong.

Comment Eliminate Ambient Authority (Score 1) 55

If we eliminate ambient authority, it would go a long way towards fixing this whole mess. Having operating systems which blindly trust applications to do the right thing is just stupid. This was figured out back in the early 1970s, but nobody seems to have learned the lesson.

Capability Based Security is a way to never trusting applications, in a user friendly way... just raising awareness of it is a good first start.

Comment Paper, SideKick... etc (Score 1) 286

For non-computer situations, good old mechanical pencil and paper, with a good supply of fresh lead and erasers.
For the MS-DOS days, good old SideKick by Borland
For later MS-DOS days, Edwin (the macros were very helpful)
For Windows, Notepad++
For Lots of notes, WikidPad
For quick notes on a windows machine I don't own.... Notepad
For notes on a linux machine - gedit / WikiPad
For notes on RSTS/E - VTedit, or Teco

Submission + - SPAM: Britain Votes To Leave The European Union

cold fjord writes: In a national referendum of enormous consequence the people of the United Kingdom of Great Britain and Northern Ireland have voted to leave the European Union by a margin of 51.8% to 48.2% with 95% of the votes counted in a record turnout of 72.2% of the electorate. The consequences of the U.K. leaving the E.U. will unfold over a period of years and Europeans are left wondering if Britain will be the only country to leave the E.U., or only the first. With this decision comes reports that Sinn Fein in Northern Ireland and the SNP in Scotland will be calling for dissolving their union with the United Kingdom. The future of the current Prime Minister, David Cameron, is uncertain. The British Pound has taken a beating. But Britain is now moving into a very different future from the one it appeared to have just yesterday, able to make choices independent from Brussels.
Link to Original Source

Submission + - The future that doesn't have to be (nymag.com)

ka9dgx writes: New York Magazine has a ripping yarn about how NYC could be completely shut down by cybper-attacks, based on well researched links....

The thing that continues to drive me crazy about this is that while all this stuff is possible, becoming probable over time, it doesn't have to be this way. No amount of "cybersecurity" in the world can fix the actual root cause... our Operating Systems are stupid... they require you to trust any program you run, and don't offer any tools to limit the scope of what a program can do.

Imagine the power grid with no circuit breakers what so ever... this is what Windows, MacOS, Linux etc all do, as well as all the embedded Internet of Things devices we're buying by the millions. They blindly trust every line of code you tell them to run, or that they auto-run when you insert a USB stick, etc.

Operating Systems exist (but are not mainstream), like Genode (which I still don't have running on my laptop... any year now....grrrr), which offer a way do securely run things, the key to this magic non-stupid OS?.... it simply asks which files you want to let a program use, and never blindly trusts anything. The thing doesn't have to be any less user friendly either... Word could just use the file you chose, instead of asking you and doing it itself.

I figure about 10 more years until this type of OS goes mainstream... I keep mentioning it every chance I get... a low level PR campaign to fix cybersecurity for once and for all.

Comment Re:Is it too late? Have we lost the battle? (Score 2) 133

Doug, there are many non-technical networks in the world which are very complex, have threats against them, yet manage to persist in spite of those threats. For example, consider the world of banking prior to computing. Every branch was subject to attack, but at worst, the financial losses in any theft were limited to those on hand in the vault. There was no way to leverage an activity in one branch against the whole of the banking system.

However, in modern operating systems, there is no practical way to segregate activity of any program to a limited sphere of influence... any line of code can be used as a lever to attack the whole system. There are operating systems which require the user to specify which files and/or folders a process is allowed to use, in a user friendly way.... they are by no means common, nor mainstream... but they do exist, one such example is the Genode project.

This ability to actively and positively limit the scope of changes of any line of code means that complexity doesn't have to equate to insecurity, at least from my perspective. The power grid functions with millions of end points, but circuit breakers keep errant toasters from taking down the grid. The same can be done with computing, and it doesn't have to be user hostile.

The war is not lost, but we have to stop building our fortifications out of crates of C4 before we can turn things around.

Comment Cassandra statement #n+1 (Score 1) 33

Hi, I'm a modern day Cassandra... I've been shouting for years about a solution that can actually fix computer security, and render all this "cyberwar" crap obsolete...

Even the Wikipedia page is a mess, but you'll find the solution buried in it... it's called the Principle of least Privilege, and I figure it's 10 more years of hell before people catch on and actually start to fix things.

It is entirely possible to give users a modern GUI interface which transparently and intuitively allows them to decide which resources a program should be allowed to access, which doesn't add any cognitive load, and results in a system which can't be hacked, given a reasonably careful user. Also, by reasonably careful, I mean someone like your parents - someone who understands how cash and credit cards and social engineering work, and hasn't been scammed out of real money. You don't have to be the NSA to secure your PC, but you do have to have an OS that doesn't trust everything. (Good luck finding one!)

Slashdot Top Deals

Heisengberg might have been here.

Working...