Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Part of a botnet != ultimate attack target (Score 1) 158

For one thing, patches are ineffective against a bandwidth consumption attack.

Then updates don't matter and shouldn't be forced.

I was unclear. Against a bandwidth consumption attack, patches to the machine that is the ultimate target of the attack are ineffective, but patches to the machine that would form part of the botnet are effective.

I'm told a lot of these attacks target Internet-exposed devices other than PCs, such as modem-routers and older smartphones.

Then that has nothing to do with Windows updates and they shouldn't be forced.

They have much to do with Windows updates if a botnet is used to "target Internet-exposed devices other than PCs", and the machines that would form part of the botnet run Windows.

How do you think new vulnerabilities come about?

New vulnerabilities tend to be introduced with new functionality, not with patches focused solely on security.

The user is the only person who should get a say in what happens on their computer.

By that reasoning, the user should be held responsible and liable for all use of the user's computer as a botnet agent. If someone adds your unpatched computer to his botnet, and someone uses your computer to DDoS someone, you should go to jail for recklessly participating in said DDoS.

Comment Bandwidth consumption; no root; nonexistent patch (Score 1) 158

Are those other people unpatched too?

For one thing, patches are ineffective against a bandwidth consumption attack. For another, I'm told a lot of these attacks target Internet-exposed devices other than PCs, such as modem-routers and older smartphones. An ISP subscriber might not have authority to make and apply updates to the modem-router that the subscriber is leasing from the ISP, and the ISP might have neglected to do so. Or an update might not exist at all.

what happens when the attacker takes advantage of a vulnerability that is introduced by an update?

Is this nearly as common as an update removing a vulnerability?

Comment Would you prefer an interpreted crypto library? (Score 3, Insightful) 188

And how is that different than simply #including a crypto library, which has the added bonus that you can pick any number of crypto libraries.

I can see three ways to proceed:

A built-in crypto library
This runs at full speed and is available by default to the shared hosting customer.
An add-on crypto library compiled to native code and distributed as a PHP extension
This runs at full speed but requires the shared hosting customer to convince the hosting provider to install it.
An add-on crypto library written in pure PHP
This is available by default to the shared hosting customer but can run unacceptably slowly due to interpreter overhead.

Comment Defamation of title (Score 1) 102

If I made my livelihood on selling sheet music for my own songs, a handful of incorrect takedown notices that bumped me off Google would be devastating to my business

Likewise for a handful of incorrect notices of claimed infringement sent to your ISP. You can sue the bastards for defamation of title unless the claim is that your own song is substantially similar to one of their own.

Comment Which FOSS paint program has adjustment layers? (Score 1) 158

Start now by using the same Free and Open Source Software on Windows as you will be using under Linux (to the extent that it is available on Windows).

And often it isn't.

Case in point: What free paint program for Windows or X11/Linux has a feature comparable to "adjustment layers" in Photoshop? An adjustment layer is a copy of the layers below it with some filter automatically run on it, which updates automatically whenever a layer below it changes. I couldn't find any way to make an adjustment layer in GIMP 2.8.16, which ships with Xubuntu 16.04 LTS.

Comment There is no "correctly" for W10 active hours (Score 1) 158

So you don't set your reboot settings correctly

It appears that for some, there is no "correctly". I've read stories of Windows 10 refusing to accept "active hours" that cross midnight local time or that span more than twelve hours, such as the sixteen hours from morning to bedtime when a home PC might be used by at least one member of the household.

Comment Re:vote with your wallet (Score 1) 158

Dell has some limited options, but they are nice systems -- the xps 13 and the precision line are available with linux.

And there's a few dedicated linux laptop guys out there; system76, for example.

Anything smaller than 12 inches that's warranted to run GNU/Linux? Last time I checked System76, their smallest was 14 inches.

Once you've accepted that you have to order it in, its easy to buy linux.

If you "order it in", and you find that the laptop's screen or keyboard doesn't agree with you, what are your options?

Comment Re:They also need to prevent unattended reboots (Score 1) 158

Rebooting a PC won't lose a damn thing, unless you're too ignorant to save your work. Ever heard of a hard drive?

Ever heard of regulations banning its use?

Sometimes people call an insurance agency to inquire about insurance, but they don't have all their necessary paperwork at the moment. So the agent keeps the incomplete information in an open Windows Notepad document. The agent is prohibited from saving this document, or from using an editor that automatically saves documents (such as Don Ho's Notepad++), because writing personally identifiable information (PII or "dox") to nonvolatile storage invokes regulatory compliance requirements that the agency is ill equipped to handle. Nor can the agent discard the information because prospective clients expect the agent to be able to pick up where he left off on a later day. Hence the use of an open, unsaved Notepad document to circumvent the regulation.

Source: unixisc

Slashdot Top Deals