Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Replacing CMD (Score 1) 116

Furthermore, you overestimate how difficult it is to obtain a valid certificate. All I need to do is own a domain.

This is true of TLS but not of code signing. There's no counterpart to Let's Encrypt ($0 for 90 days) or ($15 for three years), as far as I've been made aware. And a TLS certificate works across all major platforms, unlike an Authenticode certificate that works only for Windows, not for macOS or anything else. Apple is the only CA on macOS, and it charges $99 per year for a certificate that passes Gatekeeper.

I have a feeling I missed something important.

Comment Re:That's why script execution is off by default (Score 1) 116

It's a little bit like TLS certificates for internal applications -- many admins I know will do the absolute minimum required to stop the browser from showing a certificate error, then run away screaming.

The difference being that with TLS, browsers treat a domain-validated certificate as sufficient, but there's no counterpart to DV certificates in code signing.

Comment Re:Replacing CMD (Score 2) 116

What would a signature possibly mean to me as a user if I don't know you?

All code signing certificates issued by CAs trusted by popular operating systems are at least organizationally validated. This means two things: 1. the executable wasn't modified since it left the publisher's build farm, and 2. you know whom to sue if there are problems (especially in jurisdictions that don't allow a blanket disclaimer of all liability).

With or without a signature, my choice is still: either I run this script I need to my job, or I don't and I can't do my job (or it gets much, much harder).

I think the idea is that when faced with an unsigned script and a competitor's signed script, users will choose the signed script because of the guarantees of an OV certificate.

Comment 3rd party apps lack privilege to re-mark pages (Score 1) 84

That only means you have to mark the pages containing the code you just generated read-only once you're done.

Several operating systems in wide use, such as Apple iOS and the operating systems of modern video game consoles, offer no way for third-party applications to switch a page from read-write to read-execute. When a page is allocated for data, the OS clears it first, and it stays non-executable until deallocated. Only the OS's executable loader* has the privilege to allocate pages for code, and once the loader loads a module, verifies its digital signature, and flips its pages from read-write to read-execute, the pages stay non-writable until deallocated.

* Or, in the case of Apple iOS, the WebKit JavaScript virtual machine.

Comment General purpose? (Score 1) 84

There is a computer in your microwave oven.

Do these "most commonly owned computers" that you mention offer general-purpose functionality when connected to an external monitor and paired to a Bluetooth keyboard, including the ability to take one tool's output and use it as another tool's input without needing each tool to be specifically aware of the other tools?

Slashdot Top Deals

Science may someday discover what faith has always known.