Domain: leeholmes.com
Stories and comments across the archive that link to leeholmes.com.
Comments · 21
-
Re:Who wrote the introduction?
And so can all the malware, spyware, crippleware, middleware, trojans, worms, viruses, and anyone with even a mild desire to make life difficult for people around them. I bet it'll be even easier to hide shadow processes on the system from the unwary user thus increasing Microsoft's ability to sell the world's desktop out to corporate marketing departments. Imagine banner ads, not in your browser, but legally (via click through EULAs) on your desktop. There's nothing you'll be able to do about it.
this is super duper inflammatory flamebait. you're not just trying to start a fire, you're already on fire.
Registry + ActiveX + a functional shell (finally) + .NET == cataclysmic user-base catastrophe waiting to happen
Windows admins are screwed. Get out of IT now if you're still sane, get out even if you're long past sane. Life will become hell very soon.
try this on for size: http://www.leeholmes.com/blog/DemonstrationOfMonad sSecurityFeatures.aspx -
direct download
This download offers you the benefits of registering with Microsoft. Click the Continue button near the top of this page to register.
no thanks, I would rather just download it.
http://download.microsoft.com/download/7/4/6/746ec 8ff-c4eb-41f3-884e-981bf39997b7/monad_b2_50215_x86 .zip
taken from
http://www.leeholmes.com/blog/CommentView,guid,8b2 6fea1-723d-4bd6-93c1-19d681af9276.aspx
(which also has the 64 bit version) -
It's a security best practice
It's a security best practice in a multi-user system, so I'm not sure what your point is. It was in Unix long before it was in Windows, but that doesn't change anything. The flow goes both ways.
That said, Monad does offer many things that make it incredibly unique as a shell. You can try it for yourself, or simply read commentary from people who have. There are a lot of unix geeks (myself included) that really think it is a lot of fun. I have a lot of Monad examples on my blog, should you be interested.
-
Re:Short on DetailsYou would think from the way it was presented that "these virus writers found a way to gain administrative rights using Monad" but you'd be wrong. All they are, are some shell scripts. You still need to get the user to run them, they run with the same privilege the user has, etc.
Read Lee's post or my post for more opinion.
- adam
-
Monad does support code signing
Actually, code signing does partially solve this problem, so that's one of the avenues we've taken. See my post about it (although I feel like a whore for posting it again.)
That said, once you have a code signing infrastructure to save you from untrusted script publishers, your signing keys become the attack point. Malicious code can create another malicious script, and then sign it with your keys. To prevent that threat, always password protect your signing keys. When you do so, Windows brings up a dialog asking for your permission before it signs the file in question.
-
Re:Short on Details
You got it right when you said "it might as well be a batch script." These are just Monad scripts running on the system, just like batch files, perl scripts, Cygwin bash scripts, Ruby scripts, etc.
There is nothing intrinsic in Monad that enables these attacks, aside from it being a new language. In fact, Monad implements several features that help mitigate the dangers of traditional script viruses, as I outline here.
-
Comments from a Monad developer
The fact that MSH is used as the execution vehicle is really a side-note, as it does not exploit any vulnerabilities in Monad. The guidance on shell script viruses is the same as the guidance on all viruses and malware: protect yourself against the point of entry, and limit the amount of damage that the malicious code can do.
That's not to belittle the dangers of script viruses, though.
I wrote a blog entry about it here, in relation to Monad.
-
YubNub from the commandline with MSHI wrote a little blog entry on searching YubNub via the command-line in MSH:
## search-yubnub.msh
## Search yubnub from your Monad shell
## For help, use "search-yubnub ge"
## Load the System.Web assembly
[void] [Reflection.Assembly]::LoadWithPartialName("System .Web")
$url = "http://www.yubnub.org/parser/parse?command={0}" -f [System.Web.HttpUtility]::UrlEncode($args)
[Diagn ostics.Process]::Start($url) -
Re:It's not social
Yes, there have been apps that have done this forever. But they've all been standalone, and don't travel with you between machines. I wrote a post about interfacting with YubNub via Monad here: http://www.leeholmes.com/blog/MSHAndYubNubACommun
i tyCommandline.aspx -
Re: Use your browser :)
I wrote this SVG editor in SVG back when I wanted to learn a bit more about it. It's not fully complete, but does allow you do to some interesting things: SVG Editor in SVG.
-
Re:.Net micro-benchmarking tool
I wrote a C# performance comparison tool to help me in this respect. When you're trying to optimize a hot-spot in your program, you can click on the "ILDasm Result" tab to see how
.Net compiles it down to its Microsoft Intermediate Language (MSIL) representation.I've also got the book, "Inside Microsoft
.Net IL Assembler" that's very helpful. For whatever reason, you can get it for like $2 + shipping used from Amazon. -
Re:That was my first goal
You're right-on there. I wrote an introduction to programming (w/ Javascript as the language) and thought about the IDE / language problem as well. I ended up writing a "Javascript Testbed" for people to use as their "IDE." Although I would have loved to use Java as the starting language, my main prerequisite was a _zero_ barrier to entry.
-
Re:That was my first goal
You're right-on there. I wrote an introduction to programming (w/ Javascript as the language) and thought about the IDE / language problem as well. I ended up writing a "Javascript Testbed" for people to use as their "IDE." Although I would have loved to use Java as the starting language, my main prerequisite was a _zero_ barrier to entry.
-
Re:Browser IDE: Web Form
I wrote an introduction to programming (w/ Javascript as the language) and thought about the IDE problem as well. I ended up writing a "Javascript Testbed" for people to use as their "IDE."
Not the best, but my main focus was _zero_ barrier to entry.
-
Re:Browser IDE: Web Form
I wrote an introduction to programming (w/ Javascript as the language) and thought about the IDE problem as well. I ended up writing a "Javascript Testbed" for people to use as their "IDE."
Not the best, but my main focus was _zero_ barrier to entry.
-
Re:Barrier to entry is still too high
Sure it's free, but it's not installed.
Think about the first experience you had with programming. For most people, the barrier to entry was very, very low. I.e.: They turned on their computer, and saw a GWBASIC prompt blinking at them. They were at a friend's house who had everything set up already.
I learned Basic that way. I then learned C when my Dad's friend left it on our computer after showing it to me.
It's a factor I spent quite a bit of time thinking about when I wrote my own introduction to computer programming. I really wanted to use Java as my introductory language, but that still requires an install (and command-line interaction.)
-
Create Anaglyphs from 2D photos in Photoshop
I went on a kick awhile back on how to make Anaglyphs from 2D photos in Photoshop. If you're mildly handy with the computer, you should have no problem
:) -
Re:Torrents -- Halo Jump
I think this should do it: Halo Jump (High Res) Torrent
-
Re:OT: Microsoft DVD standard?
They like to leave them in their RSS feed, though!
But at least they save us the trouble of having to realize it's a dupe
:) -
Try my online version
You might also enjoy my browser-based searchpad (click on "Search Pad.") It's like all of those windows programs, but it's browser-based. That means it works on any holy OS
:) -
Seti@Home overview
For those interested in a not-hardcore-but-still-technical look into Seti@Home, I wrote an overview of it awhile back.
Disregard the misdated quotes that "the world's fastest computer runs at 2 teraflops," and it's still a good read
:)