You really have to wonder what's going on behind the scenes in some of the database-backed apps that we interact with daily. There are plenty of PHP monkeys that concat SQL to parameters. But there are plenty of others that have just never thought about locking. Or have it wrong. There are subtle concurrency bugs all over the place - the database usually handles it well enough that many developers just never catch on.
Not to mention that with RDP, you can start a session locally and reconnect remotely. Anyone local will see a lock screen. If you start a remote session and unlock locally, your remote session is right there. You can't do this with X or VNC.
I live in Texas. I've never been comfortable driving, and wouldn't trust myself behind the wheel - thankfully, I never have the need to, thanks to friends and family, etc. But I have a drivers license! Who doesn't? It's assumed that you'll have a license and a license#. When I was 16, I got a license just to have it. I'd need it for purposes of a 'de-facto national id card' anyway. In Texas, there's this interesting 'parent taught' program by which a teen can learn to drive with his or her parents, instead of taking drivers ed in school or some other approved program. Completion of the program required some number of behind the wheel hours and a number of hours of classroom "green means go" hours. Under this program, I got a learners permit in under a week (for the classroom hours theoretically completed) and a license in something like 6 months. It was purely on the honor system. Even better, when graduating to a 'real' license, I didn't even need to take a driving test. There was a checkbox for the parent to waive the test. That's good, because I couldn't have passed one. I certainly couldn't now.
Had I waited a few years, I probably would have never obtained a license. The driving test would be mandatory at 18. Ah, rules.
There's actually a nearly identical 'id card' you can get, with identical paperwork up front, just no driving test. But why? I could just get a drivers license at minor inconvenience. Just in case, or something.
So here I am today, licensed to drive. Every year my insurance rates (were I to ever need to purchase it) tick down - older and wiser apparently, despite never driving. Licenses here just double as a small tax and a national ID. No wonder so few can actually drive.
Tab processes must have some way to access global data and state. A shared memory approach is quite likely. So now, instead of a tab crash directly bringing down others, you just hope that nothing scary happens to the shared memory area. You also hope that your "crash" isn't some other failure like a deadlock - suddenly everything else hangs trying to get the mutex for the global bits? What if a plugin gets exploited in just one tab? Then the exploit code can use its unsandboxed state to fuck you over just like normal? Maybe they'll use some kind of messaging passing instead. Blazing fast I'm sure.
What do we gain here? Less crashing due to shoddy code? A huge chunk of such flaws end up being exploitable. We get more overhead and marginal security/stability benefit as a band-aid for not using a language that is at least a bit provable.
Forty years ago? Sure. We could get a rocket up, in little time at all. And though we'll certainly never forget that first time - we were ready to go again just a few short years later.
But face the facts, people. The country isn't a spry 193 anymore. Let's just have hope that NASA is trying its best, Although its worrisome that the launch date doesn't seem very firm, just keep in mind - nothing would be worse than a premature launch.
It's a little sad that you managed to interpret it that way. I'll chalk it up to some level of localized prejudice - a unique flavor, in fact. I still haven't figured it out after several searches.
Giving an unknown piece of software admin rights is stupid. We can't fix that.
Giving an unknown piece of software user rights is still REALLY GODDAMN DANGEROUS for no legitimate reason. Modern operating systems still don't sandbox processes - we sandbox users. Instead of coming up with something _new_, we take concepts originally from giant, multiuser, sysadmin-controlled machines and put them on your mom's laptop.
All of the major operating systems in use to day adopt the unix-y model of multiple users, isolated from one another. Who cares if a user program does something stupid and nukes a document? That's their problem, the other users are fine. Well, at some point we decided that personal computers needed Real Operating Systems(tm) too, so memory protection and multiple user support is to be expected. A vanilla OSX, Linux, or Windows install has several user accounts, a number of which are for various background services. Hey nifty idea - if you give a process like Apache its own user account, it's a bit more isolated! That's kind of nice. But Firefox has _my_ privileges. Pidgin has my privs. Hell, that windows app I'm running in Wine has my privs. A process is the user running it, huh...that doesn't make sense on the desktop.
Grandma should be able to run Conficker.exe and punch every monkey that she sees. The fact that a process can access my personal files (without going through a privileged file chooser) or intercept keystrokes, or just about anything else.
Processes aren't their users. We need to protect users from processes as much as users from each other.
It's a fucking sad state of affairs. Is our solution really to keep using virus scanners and bitch online about stupid non-expert users clicking things or plugging in a network cable? Are we going to keep hiding behind some cop-out biology analogy of an 'immune system' instead of fixing a fundamentally broken security model?
Seriously - what the fuck is wrong with you people?
People getting attacked on the street for wearing the wrong cap? Dying by a team that has nothing to do with you, save for being the closest? I'm sure I'll catch you all in another thread pontificating about the evils of that "us versus them" mentality so pervasive today - but only in those lesser monkey-folk. Oh, those wretched tribal instincts. Quaint even! And what are you, then, but a mass of liquored hypocrites.
I see the same shit with street gangs -- at least they thrash about in some kind of actual competition, not a vicarious chest-pounding.
Hardy has been very solid for me - but I heard it was quite bad at release. It really does deserve the LTS label at this point.
Intrepid is STILL awful. I'm trying out Jaunty now, but I'm not impressed yet. Session restore seems to be almost sort of working sometimes now - that was one of the things that bugged me most about Intrepid (though the blame belonged with GNOME upstream). They're still playing games with the UI when it doesn't make sense to do so (the shutdown/quit/whatever buttons vanished from the System menu - you have to use the fast user switch applet on the far right. Gnome-panel was patched, to detect the FUSA applet specifically, and hide the quit options from the system menu. Seriously - what the fuck guys?) and a fair number of packages are stupidly broken/buggy - VLC won't embed video in the main window. It shows an external one - some issue with the Qt4 interface.
I've also considered jumping to Debian. If not, I'm sticking to Hardy until the next LTS release is solid. For new installs as well as my desktop, and quite possibly on other people's machines as well.
I propose that an excerpt from/dev/random must be appended to every post.
Perhaps our efforts can divert a substantial amount of government time and resources towards cracking the evul Anonymous cipher. You know, so they have less time to get actual work done. Slashdot is quite good at that in the general case, but in this case, these are jobs that nobody should be doing.
I wonder if this could count towards my community service...
Your friends at MediaSentry have detected numerous illegal downloads of your post from around the world! We have logged several hundred IP addresses accessing your content via the popular post-sharing site "Slashdot." We at MediaSentry take copyright infringement very seriously and would like to see every man, woman, child, and printer responsible brought to justice.
We accept all major credit cards and most souls (sorry, major deities only).
Wow...that's amazingly bad design. So, a vista laptop hibernating in some kind of hibernate-y place such as a laptop bag can decide to turn on. For updates. I wonder how far it will get before, fans going full tilt, it shuts off due to a scary thermal reading.
Slashdot Mirror
You really have to wonder what's going on behind the scenes in some of the database-backed apps that we interact with daily. There are plenty of PHP monkeys that concat SQL to parameters. But there are plenty of others that have just never thought about locking. Or have it wrong. There are subtle concurrency bugs all over the place - the database usually handles it well enough that many developers just never catch on.
Not to mention that with RDP, you can start a session locally and reconnect remotely. Anyone local will see a lock screen. If you start a remote session and unlock locally, your remote session is right there. You can't do this with X or VNC.
Native USians have no idea how their news and movies (those that made it to other countries) portray their own country to the world.
Accurately.
It's exceptionally bad here, to be sure.
I live in Texas. I've never been comfortable driving, and wouldn't trust myself behind the wheel - thankfully, I never have the need to, thanks to friends and family, etc. But I have a drivers license! Who doesn't? It's assumed that you'll have a license and a license#.
When I was 16, I got a license just to have it. I'd need it for purposes of a 'de-facto national id card' anyway. In Texas, there's this interesting 'parent taught' program by which a teen can learn to drive with his or her parents, instead of taking drivers ed in school or some other approved program. Completion of the program required some number of behind the wheel hours and a number of hours of classroom "green means go" hours. Under this program, I got a learners permit in under a week (for the classroom hours theoretically completed) and a license in something like 6 months. It was purely on the honor system. Even better, when graduating to a 'real' license, I didn't even need to take a driving test. There was a checkbox for the parent to waive the test. That's good, because I couldn't have passed one. I certainly couldn't now.
Had I waited a few years, I probably would have never obtained a license. The driving test would be mandatory at 18. Ah, rules.
There's actually a nearly identical 'id card' you can get, with identical paperwork up front, just no driving test. But why? I could just get a drivers license at minor inconvenience. Just in case, or something.
So here I am today, licensed to drive. Every year my insurance rates (were I to ever need to purchase it) tick down - older and wiser apparently, despite never driving. Licenses here just double as a small tax and a national ID. No wonder so few can actually drive.
Anything related to the UI sucks hard. App internals are fine. Wny didn't they adopt Qt for widgets? WHY?
It's a very strange trend to me.
Tab processes must have some way to access global data and state. A shared memory approach is quite likely. So now, instead of a tab crash directly bringing down others, you just hope that nothing scary happens to the shared memory area. You also hope that your "crash" isn't some other failure like a deadlock - suddenly everything else hangs trying to get the mutex for the global bits? What if a plugin gets exploited in just one tab? Then the exploit code can use its unsandboxed state to fuck you over just like normal?
Maybe they'll use some kind of messaging passing instead. Blazing fast I'm sure.
What do we gain here? Less crashing due to shoddy code? A huge chunk of such flaws end up being exploitable. We get more overhead and marginal security/stability benefit as a band-aid for not using a language that is at least a bit provable.
Here, take these pills.
I'll come visit in a few weeks
Look, guys. Got to face this sometime.
America just isn't as young as it used to be.
Forty years ago? Sure. We could get a rocket up, in little time at all. And though we'll certainly never forget that first time - we were ready to go again just a few short years later.
But face the facts, people. The country isn't a spry 193 anymore. Let's just have hope that NASA is trying its best, Although its worrisome that the launch date doesn't seem very firm, just keep in mind - nothing would be worse than a premature launch.
We don't intend to disappoint.
Why the fuck is this on Slashdot?
The fact that buffer overflows are even still possible is rather silly.
It's even sillier that a user's processes are allowed to run rampant with his or her privileges.
You can't. But then again, you can't really trust the pre-flashed chip as it came from the scary third world country either.
If you're feeling frisky, you can reflash in the hope that you've exceeded the sophistication of anything in the wild.
It's a little sad that you managed to interpret it that way. I'll chalk it up to some level of localized prejudice - a unique flavor, in fact. I still haven't figured it out after several searches.
Giving an unknown piece of software admin rights is stupid. We can't fix that.
Giving an unknown piece of software user rights is still REALLY GODDAMN DANGEROUS for no legitimate reason. Modern operating systems still don't sandbox processes - we sandbox users. Instead of coming up with something _new_, we take concepts originally from giant, multiuser, sysadmin-controlled machines and put them on your mom's laptop.
All of the major operating systems in use to day adopt the unix-y model of multiple users, isolated from one another. Who cares if a user program does something stupid and nukes a document? That's their problem, the other users are fine. Well, at some point we decided that personal computers needed Real Operating Systems(tm) too, so memory protection and multiple user support is to be expected. A vanilla OSX, Linux, or Windows install has several user accounts, a number of which are for various background services. Hey nifty idea - if you give a process like Apache its own user account, it's a bit more isolated! That's kind of nice. But Firefox has _my_ privileges. Pidgin has my privs. Hell, that windows app I'm running in Wine has my privs. A process is the user running it, huh...that doesn't make sense on the desktop.
Grandma should be able to run Conficker.exe and punch every monkey that she sees. The fact that a process can access my personal files (without going through a privileged file chooser) or intercept keystrokes, or just about anything else.
Processes aren't their users. We need to protect users from processes as much as users from each other.
It's a fucking sad state of affairs. Is our solution really to keep using virus scanners and bitch online about stupid non-expert users clicking things or plugging in a network cable? Are we going to keep hiding behind some cop-out biology analogy of an 'immune system' instead of fixing a fundamentally broken security model?
Seriously - what the fuck is wrong with you people?
People getting attacked on the street for wearing the wrong cap? Dying by a team that has nothing to do with you, save for being the closest? I'm sure I'll catch you all in another thread pontificating about the evils of that "us versus them" mentality so pervasive today - but only in those lesser monkey-folk. Oh, those wretched tribal instincts. Quaint even! And what are you, then, but a mass of liquored hypocrites.
I see the same shit with street gangs -- at least they thrash about in some kind of actual competition, not a vicarious chest-pounding.
No. Boot from read-only media, flash bios, format, reinstall.
Expendable
Are you crazy? Do you know hard it is to get the all those pimp gibs to wash out of my jeans?
Kids these days.
Hardy has been very solid for me - but I heard it was quite bad at release. It really does deserve the LTS label at this point.
Intrepid is STILL awful. I'm trying out Jaunty now, but I'm not impressed yet. Session restore seems to be almost sort of working sometimes now - that was one of the things that bugged me most about Intrepid (though the blame belonged with GNOME upstream). They're still playing games with the UI when it doesn't make sense to do so (the shutdown/quit/whatever buttons vanished from the System menu - you have to use the fast user switch applet on the far right. Gnome-panel was patched, to detect the FUSA applet specifically, and hide the quit options from the system menu. Seriously - what the fuck guys?) and a fair number of packages are stupidly broken/buggy - VLC won't embed video in the main window. It shows an external one - some issue with the Qt4 interface.
I've also considered jumping to Debian.
If not, I'm sticking to Hardy until the next LTS release is solid. For new installs as well as my desktop, and quite possibly on other people's machines as well.
I propose that an excerpt from /dev/random must be appended to every post.
Perhaps our efforts can divert a substantial amount of government time and resources towards cracking the evul Anonymous cipher. You know, so they have less time to get actual work done. Slashdot is quite good at that in the general case, but in this case, these are jobs that nobody should be doing.
I wonder if this could count towards my community service...
I shall now reflect on the possibility of a caffeine intake that is arbitrarily close to zero
Trust is usually a four letter word to me, but my speling kinda sucks
On the plus side, it means everyone on Slashdot gets a discount by spoofing a cheaper user agent.
Morgan Greywolf,
Your friends at MediaSentry have detected numerous illegal downloads of your post from around the world! We have logged several hundred IP addresses accessing your content via the popular post-sharing site "Slashdot." We at MediaSentry take copyright infringement very seriously and would like to see every man, woman, child, and printer responsible brought to justice.
We accept all major credit cards and most souls (sorry, major deities only).
Wow...that's amazingly bad design. So, a vista laptop hibernating in some kind of hibernate-y place such as a laptop bag can decide to turn on. For updates. I wonder how far it will get before, fans going full tilt, it shuts off due to a scary thermal reading.
Idiots.