SoylentNews is people
SoylentNews
At the 2015 Kernel Summit, Kees Cook said, he talked mostly about the things that the community could be doing to improve the security of the kernel. In 2016, instead, he was there to talk about what had actually been done. Kernel hardening, he reminded the group, is not about access control or fixing bugs. Instead, it is about the kernel protecting itself, eliminating classes of exploits, and reducing its attack surface. There is still a lot to be done in this area, but the picture is better than it was one year ago.
One area of progress is in the integration of GCC plugins into the build system. The plugins in the kernel now are mostly examples, but there will be more interesting ones coming in the future. Plugins are currently supported for the x86, arm, and arm64 architectures; he would like to see that list grow, but he needs help from the architecture maintainers to validate the changes. Plugins are also not yet used for routine kernel compile testing, since it is hard to get the relevant sites to install the needed dependencies.
Linus asked how much plugins would slow the kernel build process; linux-next maintainer Stephen Rothwell also expressed interest in that question, noting that "some of us do compiles all day." Kees responded that there hadn't been a lot of benchmarking done, but that the cost was "not negligible." It is, though, an important part of protecting the kernel.
(Score: 2) by jasassin on Saturday November 12 2016, @07:32AM
It's not spyware if you are logging your own machines, and the people logged into them are informed of the the logging.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 0, Disagree) by Anonymous Coward on Saturday November 12 2016, @08:24AM
Yeah dude, that's the same bullshit rationalization I told myself back in high school when I installed InvisibleOasis on the teacher's Mac Classic and key logged all his passwords. My high school didn't even have internet when I went there. That's how long I've been doing this shit, bitch. I'm old enough to know better. All key loggers are spyware. There are no exceptions.
(Score: 0) by Anonymous Coward on Saturday November 12 2016, @08:37AM
Well fuck me, I didn't believe it, but "Space Rogue's Whacked Mac Archives" is still online. I expected that sexless loser would have been long dead by now.
(Score: 1, Offtopic) by jasassin on Saturday November 12 2016, @08:51AM
Keywords there being teacher's Mac.
Get back to me when you use man pages (with no prior C knowledge) to code (in about 30 minutes) a fake login for vt100 dumb terminals on an AIX system (and it works flawlessly).
Yay! You installed a program on a Mac, I wrote a program in C to fake a login screen and steal the login/password... and I'm the bitch?
We have a word for people like you: chomper
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 0) by Anonymous Coward on Saturday November 12 2016, @09:13AM
You had man pages? When I was single digits years old I was coding login prompts in Applesoft Basic with nothing but a book from the public library for the urban poor.
(Score: 2) by jasassin on Saturday November 12 2016, @09:24AM
I give up.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 2) by Gaaark on Saturday November 12 2016, @06:04PM
Yeah, but the AC gives up, going uphill both ways in a snow storm while dragging his dead daddy by the penis!
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 1, Offtopic) by art guerrilla on Saturday November 12 2016, @12:38PM
um, i believe the correct terminology now is 'person pages'...
get with the times, knuckle-draggers...
(Score: 2) by maxwell demon on Saturday November 12 2016, @08:45AM
If the users have no choice but to accept it, then it's still spying. The only way it is not spying is if the users themselves decide to allow you to collect that information, and can at any time revert that decision without negative consequences to themselves.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by jasassin on Saturday November 12 2016, @09:06AM
Max what we have here is a failure to communicate. I'm talking about running my own Linux machine, letting users log into it via ssh (telnet who gives a shit) with a prompt that says everything is logged. A user by definition is somone who is using, and if they don't want anymore data collected they stop using.
I am not seeing any problems with this.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 0) by Anonymous Coward on Saturday November 12 2016, @09:21AM
Richard Matthew Stallman disapproves of your methods. Repent now, sinner!
(Score: 0) by Anonymous Coward on Saturday November 12 2016, @09:51AM
I am not aware of any packages that perform full user audit-trail logging. This [ekransystem.com] looks like it should give you names of players in this market (I've never used any of these products).