Forgot your password?
Close
typodupeerror

Comment Re:Nobody admits it: supply chain attacks are EASY (Score 1) 31

Of course, I've always said that if you have untrusted users you are fucked. LPEs are a dime a dozen and can break anything, even VMware tenant separation.

The problem is, you're going to be opening connections outward, and you might be compromised that way. Say, through your browser. As long as LPE remains possible then that opens the door to owning your whole system, to say nothing of the damage they can do to your data even without one.

Comment Re:Nobody admits it: supply chain attacks are EASY (Score 1) 31

There's another way to mitigate this, and it's ideologically difficult for a lot of Open Source people to accept...

The big problem is not ideological.

but you'll have to diverge from the tried and true path. AI makes this much easier: instead of using $popular_thing_everyone_uses, you use something else - either COTS or roll-your-own. Yes, it might be bugs, and yes, they might be security bugs, but unless they're painfully obvious issues where you didn't do your due diligence, it's going to be a more obscure target which will require more targeted attacks.

Humans are vulnerable to making the same kinds of errors, and security is hard, so you're going to either be highly likely to make predictable errors that are going to be easy to find or you're going to need to pull in some libraries to handle security.

No, this doesn't solve anything and it's 100% "security through obscurity".

IOW it's not a useful suggestion, especially now that there are exciting new tools for finding vulnerabilities rapidly.

Comment Re:Another point for Firefox and against Google (Score 1) 52

I gave up on NoScript a long time ago. Too difficult to use. Too many broken sites.

I have to use Chromium to access a few sites which are important, like for paying certain bills. Those sites don't work in Firefox with or without noscript; even when I enable all scripts, they still don't work. Anything not critically important which doesn't work when I enable all the scripts I'm willing to enable, I just don't go to, and I'm better off.

Comment Re:Right (Score 2) 52

Yet Microsoft Word requires a maximum of tens of megabytes of RAM per document. And arguably Word is more powerful.

Word can't even draw text while scrolling at speeds above a crawl because its rendering engine is such pathetic trash, so very much no. It also can't keep its UI drawing reliably if left running for a few days, even after windows are forced to refresh some elements won't draw until every window is closed (since they all run under one executable like it's the fucking 1980s because Microsoft doesn't trust their inter-process clipboard functionality to work correctly) and so on. Every part of office is hot garbage, and Word is absolutely not an exception.

Comment Re:Strange crossovers (Score 1) 116

Removing server features from workstations was a step ahead of the pack.

Into a hole.

It's an upgrade

It isn't.

Apple has all the money, they can afford to do both things and it's weird they haven't. Having a meaningful management system is a huge part of selling computers, to corporate and educational users. Back before all computers were on an IP network, when they didn't have security beyond antivirus, you could get away with not offering management.

Those who have demands closer to the old day workstation solutions are better served by other OS'es, but we're a blip on the consumer axis, not a norm.

Apple has a solid alternative to Windows for business use, if only they offered a full suite. They could be digging into that market. That's what NeXTStep really was supposed to be, a Macintosh-ish system for business use. Their prices were even more hallucinatory than Apple's at the time, which prevented any real adoption more than any lack of software, especially since they had very good compatibility with other environments (including, for example, a Netware client.) It's quite confusing what made them think they could get those kinds of dollars for a 68k when the PC was just getting fast. We can't ask Jobs now, though.

Comment Re:Vizio is throwing away a great opportunity (Score 1) 62

Imagine if Vizio were to become the first pro-consumer TV.

The MPA member movie studios would probably withdraw their respective streaming services from Vizio's platform on grounds that a user-modifiable free operating system fails to satisfy the "compliance and robustness" rules of whatever digital restrictions management protocol they use.

Comment I doubt most home users have heard of HTPC (Score 2) 62

Seriously who bothers with the crapware built into a tv anyway? Just use it as a dumb screen and attach other devices to it.

First, the user needs to know that "a cheap little computer" exists and can be connected to a TV. Walmart and Best Buy haven't been doing a good job of marketing these to the public. Second, the user needs the spare time to learn to administer yet another computer. Third, the user needs to be satisfied with some services limiting streams to 480p because a desktop computer running Linux and Firefox has a low "integrity level" in Widevine.

Comment Re:Where's the surprise? (Score 0) 116

I am in favor of Microsoft releasing Linux distributions, donating code for Linux distributions and for the Linux kernel, supporting Linux on their cloud infrastructure, et cetera. I am not in favor of anything which involves Redhat even peripherally as long as they (IBM, really) continue to mount an attack on the GPL by continuously violating the clause about additional restrictions not being allowed, hiding behind the corrupt US court system, and exploiting the fact that approximately no one can afford to sue IBM.

To return to my point, I remain unsurprised.

Slashdot Top Deals

Polymer physicists are into chains.

Close