Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Project Zero Exploits 'Unexploitable' Glibc Bug

NotInHere Re:"Unexploitable" sudo bug pre-1.6.3p6 (97 comments)

I've read a bit through the threads and think that the reason it took so long was because they decided to remove a feature to fix the problem:

I believe the current plan is to completely remove the transliteration
module support, as it hasn't worked for 10+ years.

The git commit message states the same. There were really some problems in that function: https://sourceware.org/ml/libc...

2 days ago
top

Project Zero Exploits 'Unexploitable' Glibc Bug

NotInHere Re:Summary is completely exagerated (97 comments)

I chose the word scepticism, and still I think it is. I agree that the word "unexploitable" was a bit exaggerated, but that was added by unknown lamer.

Florian Weimer said:

My assessment is "not exploitable" because it's a NUL byte written into malloc metadata. But Tavis disagrees. He is usually right. And that's why I'm not really sure.

Its however true that he corrects himself the same day a bit later:

>> if not maybe the one byte overflow is still exploitable.
>
> Hmm. How likely is that? It overflows in to malloc metadata, and the
> glibc malloc hardening should catch that these days.

Not necessarily on 32-bit architectures, so I agree with Tavis now, and
we need a CVE.

2 days ago
top

Seagate Ships First 8 Terabyte Hard Drive

NotInHere Re:ugh (314 comments)

You can still raid several larger drives. The advantage: you can have full mirroring, and large storage space. I welcome the technological advancement, but still I've only occupied 50% of my 1.5 TB HDD, and I must note that I've copies of the kernel source, and mozilla-central.

2 days ago
top

Exomoon Detection Technique Could Greatly Expand Potential Habitable Systems

NotInHere Re:We need faster-than-light travel (65 comments)

We don't know which of them is the closest one, or has an atmosphere that can be terraformed easily. Even if we had FTL travel or at least > .1c capable ships, we probably wanted to choose the most suitable candidate before investing trillions of dollars.

2 days ago
top

Exomoon Detection Technique Could Greatly Expand Potential Habitable Systems

NotInHere We need telescopes (65 comments)

We need telescopes, on and around earth. lots of them. Kepler has only scanned a small region of the sky.

2 days ago
top

Choose Your Side On the Linux Divide

NotInHere Re:Display server (806 comments)

X.org people themselfes admit wayland is better. X.org consists of lots of bloated stuff from the 1980s, where all modern support (OpenGL, you name it) is patched in through "extensions". Network transparency in X is also a big problem, there is the choice between using 1980s APIs and shuffling pixels around. X is broken. Do you see any disadvantages of wayland?

3 days ago
top

If Java Wasn't Cool 10 Years Ago, What About Now?

NotInHere Re:Nope (507 comments)

All browser plugins are unmitigated disasters.

4 days ago
top

Virtual Machine Brings X86 Linux Apps To ARMv7 Devices

NotInHere Re:Why? (61 comments)

... and Linux didn't regard binary compatibility (I actually like that), so that you always need to have the source around?

about a week ago
top

Linus Torvalds: 'I Still Want the Desktop'

NotInHere Re:Linux could own the desktop... (725 comments)

OK, you convinced me, they didn't waste them in that particular release. But still I'm against too frequent redesigns: they make the life of those harder, who aren't too comfortable with computers and don't use it by understanding the labels, but by memorizing "clickpaths": lower left corner of the screen, third entry, second entry, in the window the icon with the computer screen, and so on.
Unfortunately these people are the majority.

about a week ago
top

Linus Torvalds: 'I Still Want the Desktop'

NotInHere Re:Linux could own the desktop... (725 comments)

OK, that's a point where KDE 4.0 got better, but still no multitouch gestures. I've tried to scroll or pitch on my KDE 4.13 netbook, and it didn't work, while it is advertised that my touchscreen supports up to 10 distinct points.

about a week ago
top

Study: Seals Infected Early Americans With Tuberculosis

NotInHere Re:Africa man... (74 comments)

You have forgotten the worst illness of all. Homo Sapiens. Its a parasite when it lives in its home, and tries not to destroy it. Its an illness when it lives without even caring for anything except for itself, not even recognizing the long term disadvantage it can endure by heavily damaging its host. Lets hope the illness becomes a parasite, and don't kill itself by phenomena called "third world war".

about a week ago
top

Linus Torvalds: 'I Still Want the Desktop'

NotInHere Re:Linux could own the desktop... (725 comments)

True, its too hard for most new open source software to become accepted by debian. I like it rather this way than the microsoft app store way: full of scamware. That doesn't mean I like it the way it is right now. I agree think that desktop linux is only something for geeks and the only-mail-and-internet grandma. Still I use kubuntu.

KDE shouldn't waste their resources to redesign with every release, but they should rather work on exposing more system features through the GUI, and make it more stable. The average user shouldn't need to use the console.

about a week ago
top

Software Combines Thousands of Online Images Into One That Represents Them All

NotInHere Re:First post (66 comments)

In soviet russia, joke averages you!

about two weeks ago
top

Plan Would Give Government Virtual Veto Over Internet Governance

NotInHere What power does the ICANN have (63 comments)

root DNS, nothing else? There alternative DNS systems, and even when IANA blocks a TLD, the TLD operators can purchase a second-level domain from a unfrequented TLD like nauru, and run their service as a "second-level TLD".

Oh, I tremble from the might of ICANN, it can assign PORT NUMBERS!!!

about two weeks ago
top

ICANN Offers Fix For Domain Name Collisions

NotInHere Re:Wrong solution to non-problem (101 comments)

Why doesn't ICANN just reserve such TLDs like .local or .lan for internal use in LANs? Then they can have mail.local, and whatever they want. I have .lan as a TLD in my private network at home, and I don't have a global dns hostname, and I don't want to use .test.

about two weeks ago
top

Project Aims To Build a Fully Open SoC and Dev Board

NotInHere Re:linux (47 comments)

Yes it does, but it needs three minutes to boot to shell, at least in firefox.

about two weeks ago
top

Web Trolls Winning As Incivility Increases

NotInHere TFS isn't precise (457 comments)

TFA didn't target the random goatse cluttering up comment systems, but they've targeted real evil trolls harming people, obviously a reaction to Zelda William's quitting to twitter.

For me, its funny when a companies naming competition gets trolled, but targeted campaigns against innocent people are truly too much even for me.

about two weeks ago

Submissions

top

Firefox 33 gets Cisco's OpenH264

NotInHere NotInHere writes  |  about a month ago

NotInHere (3654617) writes "As promised, version 33 of the Firefox browser will fetch the OpenH264 module from Cisco, which enables Firefox to decode and encode H.264 video, for both the <video> tag and WebRTC, which has a codec war on this matter. The module won't be a traditional NPAPI plugin, but a so-called Gecko Media Plugin (GMP), Mozilla's answer to the disliked Pepper API. Firefox had no cross-platform support for H.264 before."
Link to Original Source
top

India forged Google SSL certificates

NotInHere NotInHere writes  |  about a month and a half ago

NotInHere (3654617) writes "As Google writes on its Online Security Blog, the National Informatics Centre of India (NIC) used its intermediate CA certificate issued by Indian CCA, to issue several unauthorized certificates for Google domains, allowing to do Man in the middle attacks. Possible impact however is limited, as, according to Google, the root certificates for the CA were only installed on Windows, which Firefox doesn't use, and for the Chrom{e,ium} browser, the CA for important Google domains is pinned to the Google CA.
According to its website, the NIC CA has suspended certificate issuance, and according to Google, its root certificates were revoked by Indian CCA."
top

Are the hard-to-exploit bugs in LZO compression algorithm a hype?

NotInHere NotInHere writes  |  about 2 months ago

NotInHere (3654617) writes "In 1996, Markus F. X. J. Oberhumer wrote an implementation of the Lempel–Ziv compression, which is used in various places like the linux kernel, libav, openVPN, or the Curiosity rover. As security researchers have found out, the code contained integer overflow and buffer overrun vulnerabilities, in the part of the code that was responsible to process not compressed parts of the data. Those vulnerabilities are however very hard to exploit, and their scope is dependent on the actual implementation.
According to Oberhumer, the problem only affects 32 bit systems. "I personally do not know about any client program that actually is affected", Oberhumer sais, calling the news about the possible security issue a media hype."
top

Mozilla launches student coding program "Winter of Security"

NotInHere NotInHere writes  |  about 3 months ago

NotInHere (3654617) writes "Mozilla has introduced a new program, called MWoS or "Mozilla Winter of Security", to involve university students into security projects. The attending students will write code for a Mozilla security tool during (northern hemisphere) winter. Unlike GSoC, attending it involves no monetary payment, but the student's universities are expected to activlely cooperate and to give the students a credit for their work. From TFA:

MWoS is a win for all. Students get a chance to work on real-world security projects, under the guidance of an experienced security engineer. Professors get to implement cutting-edge security projects into their programs. Mozilla and the community get better security tools, which that we would not have the resources to build or improve ourselves."

Link to Original Source

Journals

NotInHere has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>