Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment No, it's the Operating System, silly! (Score 1) 148

Analogy time: Imagine homes with no Circuit Breakers. Any short circuit anywhere could burn down a house. Lawyers and lawmakers arrive on the scene and declare that everything you want to plug in needs to be short proof. Every product has to be certified not to burn down houses, no matter what failure happens. The designers of even a simple lamp can end up being charged with murder, and as a result nobody really wants to use electricity.

We have circuit breakers, which limit the amount of current to be supplied to an appliance. If you have a special big appliance, like an air conditioner, you have to use a special circuit to supply it with power. Circuit breakers serve to limit the side effects that are possible when you use electricity.

There is no analogous circuit breaker in our widely used operating systems. When you run an application as a user, ALL of your authority is given to the program, and you have to just hope that it does the right thing. There are systems which do place limits on the side effects of a program when you run them, and they are even user friendly and fairly easy to understand.

It's up to us to start to use operating systems that have the ability to limit the side-effects of programs. One example is the Genode project. There is also the perennially late GNU Hurd

Comment Eliminate Ambient Authority in the Human Body? (Score 1) 259

Ambient Authority is the root cause of most of the woes of modern computing. Your OS of choice doesn't know how to even ask "which files should this program have access to, for this instance", and just gives programs free run to do as they please... until this is fixed, we're going to have virii.

Cancer on the other hand is a situation where a cell already has resources it's supposed to have, but doesn't get rate limited in the use of them, allow it to grow, divide, and multiply.

Two fundamentally different problems.

Comment The targets aren't fixed points. (Score 4, Insightful) 191

The problem with predicting where to go to stop crimes is that many of the crimes in Chicago are gang related, instead of property related. Houses to be robbed don't move, but rival gang members can be found anywhere. Predictive algorithms assume fixed targets.

If there was a real crackdown on Gangs, crime would decrease for a while, but I think that too many bribes are preventing that from happening. It would be far better to legalize drugs, defunding the gangs.

Of course, as a privileged white male from the suburbs, I could be wrong.

Comment Eliminate Ambient Authority (Score 1) 55

If we eliminate ambient authority, it would go a long way towards fixing this whole mess. Having operating systems which blindly trust applications to do the right thing is just stupid. This was figured out back in the early 1970s, but nobody seems to have learned the lesson.

Capability Based Security is a way to never trusting applications, in a user friendly way... just raising awareness of it is a good first start.

Comment Paper, SideKick... etc (Score 1) 286

For non-computer situations, good old mechanical pencil and paper, with a good supply of fresh lead and erasers.
For the MS-DOS days, good old SideKick by Borland
For later MS-DOS days, Edwin (the macros were very helpful)
For Windows, Notepad++
For Lots of notes, WikidPad
For quick notes on a windows machine I don't own.... Notepad
For notes on a linux machine - gedit / WikiPad
For notes on RSTS/E - VTedit, or Teco

Submission + - SPAM: Britain Votes To Leave The European Union

cold fjord writes: In a national referendum of enormous consequence the people of the United Kingdom of Great Britain and Northern Ireland have voted to leave the European Union by a margin of 51.8% to 48.2% with 95% of the votes counted in a record turnout of 72.2% of the electorate. The consequences of the U.K. leaving the E.U. will unfold over a period of years and Europeans are left wondering if Britain will be the only country to leave the E.U., or only the first. With this decision comes reports that Sinn Fein in Northern Ireland and the SNP in Scotland will be calling for dissolving their union with the United Kingdom. The future of the current Prime Minister, David Cameron, is uncertain. The British Pound has taken a beating. But Britain is now moving into a very different future from the one it appeared to have just yesterday, able to make choices independent from Brussels.
Link to Original Source

Submission + - The future that doesn't have to be (nymag.com)

ka9dgx writes: New York Magazine has a ripping yarn about how NYC could be completely shut down by cybper-attacks, based on well researched links....

The thing that continues to drive me crazy about this is that while all this stuff is possible, becoming probable over time, it doesn't have to be this way. No amount of "cybersecurity" in the world can fix the actual root cause... our Operating Systems are stupid... they require you to trust any program you run, and don't offer any tools to limit the scope of what a program can do.

Imagine the power grid with no circuit breakers what so ever... this is what Windows, MacOS, Linux etc all do, as well as all the embedded Internet of Things devices we're buying by the millions. They blindly trust every line of code you tell them to run, or that they auto-run when you insert a USB stick, etc.

Operating Systems exist (but are not mainstream), like Genode (which I still don't have running on my laptop... any year now....grrrr), which offer a way do securely run things, the key to this magic non-stupid OS?.... it simply asks which files you want to let a program use, and never blindly trusts anything. The thing doesn't have to be any less user friendly either... Word could just use the file you chose, instead of asking you and doing it itself.

I figure about 10 more years until this type of OS goes mainstream... I keep mentioning it every chance I get... a low level PR campaign to fix cybersecurity for once and for all.

Comment Re:Is it too late? Have we lost the battle? (Score 2) 133

Doug, there are many non-technical networks in the world which are very complex, have threats against them, yet manage to persist in spite of those threats. For example, consider the world of banking prior to computing. Every branch was subject to attack, but at worst, the financial losses in any theft were limited to those on hand in the vault. There was no way to leverage an activity in one branch against the whole of the banking system.

However, in modern operating systems, there is no practical way to segregate activity of any program to a limited sphere of influence... any line of code can be used as a lever to attack the whole system. There are operating systems which require the user to specify which files and/or folders a process is allowed to use, in a user friendly way.... they are by no means common, nor mainstream... but they do exist, one such example is the Genode project.

This ability to actively and positively limit the scope of changes of any line of code means that complexity doesn't have to equate to insecurity, at least from my perspective. The power grid functions with millions of end points, but circuit breakers keep errant toasters from taking down the grid. The same can be done with computing, and it doesn't have to be user hostile.

The war is not lost, but we have to stop building our fortifications out of crates of C4 before we can turn things around.

Slashdot Top Deals

Elegance and truth are inversely related. -- Becker's Razor