Slashdot Mirror

← Back to Stories (view on slashdot.org)

Saying 'No' to an Executable Internet

Posted by CmdrTaco on from the something-to-read dept.

Dylan Knight Rogers writes "Applications are constantly being ported for usage on the Internet - either for a viable escape from expensive software, or because it's often helpful to have an app that you can access from anywhere. Operating systems that run from the Web will be a different story."

14 of 306 comments (clear)

  1. errrr.... by scenestar · · Score: 4, Interesting

    Wasn't UNIX designed to run off a main frame with network terminals connected to it?

    --
    perpetually dwelling in the -1 pits
    1. Re:errrr.... by Zeinfeld · · Score: 2, Interesting
      Windows is the whipping boy of choice, and has demonstrated over and over that it's not secure. As nearly as I can tell, the "B2" rating you speak of doesn't validate security *at all*; it validates 'processes' and a 'model' designated by the military to be 'necessary for base security'.

      You are quite right in pointing out that B2 is not very relevant to today's security needs. But the fact remains that Windows NT was designed from the outset to meet a measurable security criteria that UNIX was not designed to meet.

      Fifteen years ago we used to say exactly the same thing about UNIX. UNIX machines were always being broken into. Part of that was bad security design like the SETUID bit and the world readable password file. But the main reason for the frequency of attack was exposure to a much more risky threat environment. Very few VMS machines were on networks that were anywhere near as large.

      The real security catastrophe came when millions of machines running operating systems designed for standalone use only were connected to the Internet. Windows 95 provides pretty decent security for the environment it was designed to be used in. The problem is that it is now used in a very different environment.

      UNIX has done better because it has had longer exposure to the relevant risk environment. UNIX has been adapted to meet the type of security concerns that affect Internet servers. That does not mean that it meets the security needs of Internet users. So far I don't think any of the O/S out there meet that need.

      , I'm still looking, but I think that SELinux might meet B2 if someone paid for it to be analyzed.

      Thats a bit like saying that Woody Allen might become Pope if he became a Catholic. Nobody has ever got their system certified without having to make a lot of changes to close loopholes. A major security shortcomming of UNIX is that the original designers were never required to produce proper end user documentation or security document. There is no document called the system security guide as required by orange book. Not having to produce that book meant that the designers never had to think about all the security issues of the system as a whole.

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
  2. The Point? by generic-man · · Score: 4, Interesting

    I read through that article and it just sounds like one pretentious blogger's disdain for Microsoft. Let's run through all the things that got this fast-tracked to Slashdot:

    • Early mention of Steve Ballmer throwing a chair as a microcosm of Microsoft's supposed corporate culture
    • Rampant grammer* and spelling errors overshadowed by a blind sense of faith in the Linux community. Example: "The Linux community will publish every vulnerability, regardless of it's criticality, but the chances that a hacker will even choose to expliot those vulnerabilities is very low, (unnecessary comma) since most of them are of low criticality and it would be stupid to do so, anyways." So people don't attack Linux because "it would be stupid to do so." Thank you.
    • The actual "Executable Internet" isn't mentioned until the second-to-last paragraph: "The only reason a version of Windows that runs from the Internet would even exist would be because there is competition. Microsoft simply does not have enough fists to punch every opponent; resulting in a poorly designed operating platform and ignorant users who don't know the difference between WEP and WPA and those who are also accustomed to having Viagara advertisements greet them every time they boot their computers." Seems like this man is more upset that the hoi polloi use Linux than that Microsoft doesn't care about security.

    This is pure Linux-user elitism, the sort of smug "Our Opponent Just Doesn't Get It; We Do; and We're Smarter Than You" attitude that loses political battles and makes the arguer only look like a pretentious fool in the eyes of the skeptic.

    I dislike Microsoft as much as the next Slashdot user but this article is awful: it simply slams Microsoft as the Big Corporate Machine with quotes like "Microsoft does not publish all their security vulnerabilities because other executive stockholders, whom are also ignorant would become worried and eventually begin to question the platform's security." If I wanted to hear ramblings about the willfully ignorant I'd listen to a David Cross album.

    * Intentional typo used to point out how correcting grammar on Slashdot usually leads to a spelling error, or vice versa
    --
    For more information, click here.
  3. suspicious Cache files too? by FudRucker · · Score: 2, Interesting

    i have seen some shell scripts in my SeaMonkey's Cache directory, i am not sure what they did so i made a shell script to delete the cache files automatically...

    it may be nothing but on the otherhand it may be an Evil shell script, next time i find one i will examine it closer...

    --
    Politics is Treachery, Religion is Brainwashing
  4. Re:It won't necessarily ruin security. by guet · · Score: 2, Interesting

    Congratulations - your content-free post, peppered with ersatz macho bluster and spelling errors, has been rated even higher. Does this prove your theory that crap gets rated highly?

    The original point the poster made warrants discussion - he actually attempted to address the question, unlike yourself; you seem to be obsessed with the Slashdot moderation system, frankly, who cares if his post gets rated high or not?

    The design of such a system is important, and the people who brought you net send possibly aren't the ones you want to trust in creating a global network. Good design is important, and admitting that is the first step towards producing secure networks. Yes of course this is common sense if you've thought about the subject, but unfortunately most people haven't. Shame the original article is such a one-sided rant with very little factual information, because it could be an interesting discussion.

    PS
    I don't think anyone advocating BSD can be accused of getting 'sheep' to follow them - most of the people reading this page are using Windows to do so.

  5. Questions for the blogger... by Rob_Warwick · · Score: 2, Interesting
    I notice that the blogger is reading this thread, so I was wondering if he'd answer a question.

    Being the author of the original piece and the guy who submitted the summary, I'd expect him to have a fairly good grasp on how to summarize it. However the summary reads as if a Web based OS would be a bad thing, yet he states in the blog post:

    A web based operating system would be really neat, and Jason Kottke wrote about it a while ago.

    So do you think it's a good idea or a bad idea?

    Also, why is the Slashdot summary focussed on the idea of a web based OS when you only mention the term once, and refer to a 'Web Windows' one time?

  6. Re:It won't necessarily ruin security. by Cal+Paterson · · Score: 2, Interesting

    I've seen you use this example over and over again: OpenBSD is secure, Windows is not. Do you ever offer any insight at all?

    Everyone knows this. You are just repeating facts that you probably don't entirely understand. It's not just because they audit code, there's far more to it than that. Checking for errors doesn't help is the system is poor by design! OpenBSD have made a number of design choices as they have created their OS (some of which have been made by the projects they have forked from); for example, they have everything organised in a logical and orderly way.

    Many GNU/Linux distributions do not have this (including the one I use, in fact). Generally, this is less common on the GNU sections (with the exclusion of Gnome, which breaks every rule in the book) and is very common on sections written by others. Some distributions have tried to work at this, with varying degrees of success (Debian has a very standardised set of interfaces).

    On some areas, there are sections that actually specific to the kernel that do not fit with Unix in general (eg; why the hell is it "hda1"? I would make more sense to use numbers, and to start from 0; like grub now does - hd(0,0)).

    Overall, GNU/Linux is my prefered OS for workstation computers, for other reasons, but as an OS, BSD is currently far more advanced than we are. We should listen to what many of the BSD projects are saying: Linux is broken, and in some areas, very badly.

  7. Re:uh by the+argonaut · · Score: 2, Interesting

    Are you simply on the bandwagon with what everybody else is saying about my post?

    Well, I can't comment much on the content of your article itself as all I get is a 404 when I click on the link. Aside from that, much of the outrage over your "opinion piece" seems to be because this looks like nothing more than whoring for publicity for your little blog. The high UID and lack of any comments in your history prior to today doesn't help either. In addition, anytime somebody validly criticizes you, you get unnecessarily defensive and start beating your chest (it really isn't unreasonable to expect an article to be spell and grammar checked before being published for the world to see. And the previous poster was correct, you do not type at 89 wpm if you can't do so accurately). So grow a thicker skin, learn to accept valid criticism, and by all means take an grammar refresher course (judging from your comments, you could use one), it will only help your future career.

    --
    fuck you.
  8. The problem with all of this by The+FooMiester · · Score: 2, Interesting

    If it's not open for users to install their own programs, then everyone here will complain that it's a proprietary interface trusted computing bla bla bla.

    If it is open for users to install their own programs, then everyone here will complain that it's a huge security risk and will lead to the death of the internet bla bla bla.

    --
    The previous has been a secret message to my comrades.
  9. Re:Wow! A post to your own blog! by Anonymous Coward · · Score: 2, Interesting

    They sure did... his blog is gone with the wind...

  10. rm -rf /../* by gomel · · Score: 4, Interesting

    rm -rf /../*

    what's above root dir? Does anbybody know?

    --
    Fight Frist Psoting!
    Browse Slashdot with 'Newest First'!
  11. Re:Dumb Idea? by BobPaul · · Score: 2, Interesting

    What about having the network augment the user's computer? I mean, there are a lot of idle CPUs out there, right? What if your apps were designed to run on your own system just fine, but could tap into free CPU time as needed, SETI@home-style?

    As my assembly language instructor once said, "The time difference between loading something out of the local cache and access the computer's RAM is like the difference between taking a paper off the top of your desk and looking at it, and finding a paper in a filling cabinent, and then looking at it. Accessing the hard disk is like calling your friend in the Philippians and asking him to mail something to you."
    Now, if the HardDrive, which is in your comptuer, is like recieving post from the Philippians, accessing something off a network share must be collecting something from the moon.

    The only applications that would benifit from your suggestion are things like encoding video or scanning an audio feed for signs of intelligent life: things that would take hours to complete and don't need to be finished asap. Most tasks on your computer (scanning currently accessed files for viruses, rendering a PDF on screen, playing a video game or dvd, rendering HTML on a webpage) really need to be executed on the local machine. The only exception would be if only the keyboard and display were remote, like when using VNC or Windows Remote Desktop, but even then you aren't combining the processors potential, more just wasting the one at the viewing end.

    It's not a bad idea, just not very practical unfortunately.

  12. Re:Yawn, we've been doing this for 15+ years by killjoe · · Score: 2, Interesting

    Whatever happened to plan9 anyway. I guess it went the way of LISP and Smalltak to the "truly innovative and superior technology nobody uses" bin.

    This industry is a hoot.

    --
    evil is as evil does
  13. Re:Yawn, we've been doing this for 15+ years by hab136 · · Score: 2, Interesting

    >o how does this work out where every post I make as "anonymous coward" gets a 0 score and yet even the most basic comment (usefull or not) from any registered user gets at least a score of 2? Do all you registered /. users just use your points to vote for your own posts or what?!? ;)

    ACs post at 0. Registered users post at 1. Users with high karma post at 2. The comment is then moderated higher or lower.

    "Worse is better" refers to http://www.jwz.org/doc/worse-is-better.html