Why would anyone use this when they can get free browsers that are as good as, or better, without the adware?
I can give you one good reason: resource usage. Opera uses considerably less memory and CPU than firefox. I still tend to use firefox on any machine that can handle it but i am incredibly thankful to have Opera on some of my slower boxes; it really makes a huge difference.
They aren't... However, I have noticed that my Linux/UNIX systems (and their applications) tend to be a whole hell of a lot more stable than most of Microsoft's production software. Even so, I generally stay away from alpha/beta versions of most open source software too. For anything important, that is.
"but the attacker would also have a significantly easier time effectively hiding his or her presence on the system. You might not even know that your account was compromised."
I don't see how this is true. When was the last time you checked your.bashrc?
You must not be aware of the basic function of most rootkits. The point is that with super-user access the attacker has the ability to replace _any part of the system_ with specially crafted versions the component that will hide their presence. This means that you can't trust the output from ANYTHING. They can easily replace things like 'who' and 'ps' so that their logins and processes don't even show up. Not to mention the ability to load kernel modules and basically do anything to the system. I'm sorry but your shell's rc script has nothing to do with this.
I never said getting root access was easy. To get root on my desktop machine you'd need physical access to it. To get root on my server, you'd need my unencrypted private key.
You didn't? Hmmm... I could have sworn... Oh yeah! You did!
It's just to easy to get root access on a machine once you have non-root access.
On a well designed system with good defaults it really isn't as easy as you might think. Certainly not impossible, or too challenging for someone who really knows what they are doing, but most attackers are script kiddies that just run stuff written by someone else.
Their language products have been pretty decent of late.
Perhaps. I'm willing to give you that... but a SQL server? Yikes. I think I'll hold off for the final release... and then a round or two of patches, just to be safe;-)
Given Microsoft's current track record I would be a little hesitant to deploy any of this in a production environment. I mean... who are they trying to kid here?
If an attacker gets access to my personal files you can bet I'm going to reinstall my entire system anyway. So what's the difference?
The difference is that not only are you prevented from taking steps to protect your data (storing it in protected DBs or under different, secured users) but the attacker would also have a significantly easier time effectively hiding his or her presence on the system. You might not even know that your account was compromised. This can be a very big deal.
The point is that allowing them such easy root access just opens up a incredible number of possibilities for the attacker. They can do anything.
But what are you protecting? A bunch of static libraries that can be easily replaced anyway. Again, it's the data that matters, and that's not owned by root anyway.
That really depends on what you use your computer for and how you set it up.
gnore the idea of multiple users, ignore the idea of protecting you from you mistakes, in short, design a craptastic product, and maybe his ideas don't sound totally stupid... if you're willing to ignore real life for a moment, and design a completely different system from the one that will work...
Oh his system will work alright. It will just bless the world with another security nightmare like what we have with Windows.
"rm -Rf / as nonroot will make you give a sigh of relief."
That sounds like a workaround to make up for a design flaw in the command-line interface to me.
How is this a design flaw? If you ask me, it is the command-line's greatest strength. You tell it to do something and it does it. If you wanted to be safe and have it confirm your request before it does each and every action you shouldn't specify the 'force' option. This is a GOOD THING!
I dont think the slashdot crowd really gets it, This guy is talking about SINGLE USER SYSTEMS for single users if thier local account is comprimised the entire system is basically comprimised.
This is where you're wrong. Even with only a single user at least the attacker only has access to your personal files and is unable to trash the entire system.
I really dont think he is advocating giving all users of a multi-user system root access.....
No one said he was. It still isn't a good idea for a variety of reasons. Some of which I listed above, including protecting your system from a poorly written piece of software itself as well as protecting the system from the user making mistakes and damaging important system files.
There's a reason that the majority of systems have had some sort of priveleged account system. It IS more secure.
You've got to be kidding me. Is this just a big troll or is this guy actually that ignorant? Who the hell has he been talking to anyway? The reasons for doing day-to-day things as a non super user is one of the most basic security concepts ever. Even my parents understand this. The reason you don't run everything as root is to avoid COMPROMISING THE ENTIRE MACHINE if some random application has a vulnerability. You don't want each and every little program you run to potentially allow someone to gain full access to everything on your computer. Not to mention protecting the computer from the application itself. I don't want some poorly written piece of software accidentally deleting important system files or some other user's data. And how about protecting the system from the user themselves? How many people here have accidentally rm'd a bunch of important system files (or all of / for that matter) on accident? I know I have and I consider myself a very careful person when it comes to such things.
C'mon... How fucking retarded can you be?
He does _almost_ make a good argument for his case though...
Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.
That statement does have some merit but it definitely isn't always true and even then, I would much rather compromise only my data than have someone gain access to the entire system. If they only get my data, that's all they get. If they gain access to the entire system there is no limit to what they can do... What if they want to setup a very well hidden rootkit and snoop around on my box (watching traffic, capture credit cards, etc. etc.) for as long as possible? Not to mention multi-user systems... A compromised super user gives them full access to EVERYONE's stuff.
And of course, after he says something nearly sensible he goes on to completely shoot himself in the foot by making another completely ridiculous challenge...
So, people always say "it's less secure", but I defy anyone to point out a single instance, and people all go "Well, I, erm, it's theoretical!". There's no one area I think you can point out - In this instance, a machine that's run with the root user could be compromised, in this instance one couldn't be compromised.
What world does this guy live in? Is he completely surrounded by idiots? Remind me never to go anywhere near Linspire.
15 years? Try 1500... We've had cars for over 100 years now and we still haven't found a way to keep people from driving drunk and teanagers from racing in public. We probably never will. Now, Starbucks at 10,000 feet... well... there's something that wouldn't surprise me. They've already run out of space on the ground. I know of a place where you can sit in one Starbucks and look out the window across the street at guess what... Another Starbucks!
I've been through 4 CD drives in the last 2 years and this is only counting my personal hardware. 3 of these drives were burners, one of them a Plextor SCSI drive. From what I hear this seems to be quite common and the burners are especially likely to go bad. At least prices have gone down so much now that they are pretty much disposable. Hell, it practically costs more to buy a spindle of blank DVDs than it does to buy the DVD burner itself. Reminds me of the situation with printers and ink.
Social contract or not it is really my choice whether or not I want something displayed on my screen. If the revenue generated from ads on a particular website is suffering to the point of not being profitable then perhaps it is time to look at new ways of making money. You can't try to enforce some form of draconian control over everyone's computers. This is my machine and I will decide what is downloaded, displayed, and run on it.
So who decides what consitutes a valid candidate? Can I "run for office" simply to bag the cash and party on everyone else's dime for 6 months?
Obviously there would have to be a way to prevent people from just pocketing the cash for such a system to work. My suggestion probably would never work in practice but we need to do something and I'm just trying to get people thinking of ways to prevent the rampant corporatism that is sweeping the country.
"Vote FatRatBastard. I promise a PBR in every hand and slow, painful death for anyone's whose/. id is 115903."
Wow. My ideas threaten you that much? Maybe there IS something to them!;-)
They do. I see plenty of material from the fringe parties during campaigns, perhaps in excess of the proportion of support for them. The problem is less than "we can't be heard" than it is that these fringe parties try to appeal to 3% of Americans instead of 73% of Americans.
You do? That's odd... All I ever seem to hear about through the mainstream media are the democrats and the republicans. If you want to know about the other parties you have to actually put forth a fair amount of effort to seek out the information yourself. And the other parties certainly don't get to participate in the main presidential debates. Also, despite the lack of coverage there are a lot of people who do prefer to vote for a non republicrat but fear to do so because they know that their candidate just doesn't stand a chance. So they do the whole vote for the lesser of two evils thing. Both of my parents did this in the last election and so did a lot of people I know.
What, then? Laws to force people to join parties they do not like? Laws to force people to pay through taxes for parties they do not like, but the government likes?
I don't know... Obviously we need a system where you aren't forced to join any particular party but we need to do something to level the playing field a bit. You really only have two choices for president currently, regardless of how many other candidates there are. How can you argue that such a situation isn't totally screwed?
And who decides what a "better party" is? We already have plenty of other parties but do any of them actually stand a chance in hell of winning? Not last time I checked. That was my point about changing how candidates get their funding. I admit it probably wouldn't ever work but we certainly need to do _something_ to change the current situation. Having other parties doesn't do a whole lot of good if they don't have any way of getting their message out to the public.
Again, that would benefit the rich. How would you or I go up against an Edwards, Bush, Kerry for a Senate/House seat? They have millions in personal money to spend us into the ground.
Sorry, I did not explain what I meant adequately... My intention was that each candidate by given an equal amount of money for their campaign and be restricted to only using this money for their campaign needs. They would not be allowed to use either their personal money or money contributed by private 3rd parties. This would eliminate any difference between the candidates based on their personal financial situation. I'm not sure how this would be regulated but if it is possible then we might actually be able to even the odds a bit.
Why? So only the Perot's who are already super rich can run?
I guess what I was suggesting would include the person running themselves. Basically what I meant was that they shouldn't be able to use ANY money except what was given to them for their campaign with each candidate being given the same amount.
Only if these taxes were voluntary. Why should a Green be forced to give money to the Buchanan campaign and vice-versa? That violates basic political rights. Let each person choose.
How many of the existing taxes are voluntary? I agree that they should be but that just isn't the case currently. I certainly don't approve of my money being used to build bombs. Do you?
"Oh, and they should all get equal time on any sort of public debate."
That should be left entirely up to the organization holding the debate.
Well then we need a government appointed organization to hold _fair_ debates where each candidate gets a chance to participate. This two party BS is ridiculous and insulting.
You are absolutely right. Limits on how much money can be contributed to a person's campaign is something we desperately need. Personally, I don't think ANY money should be able to be given to politicians. Every candidate running for a particular office should be allotted an equal amount of money that would be gathered from the public, most likely via taxes. This is something that I actually wouldn't mind paying taxes for. At least then we might get a somewhat fair election. Oh, and they should all get equal time on any sort of public debate.
They are evil and they do want to take away your rights;-)
To be serious though... It doesn't entirely surprise me that this bill came from a Republican. Is it not true that most Republicans are actually against regulation by the government? They prefer that the government did not meddle in their business or personal affairs. This is one area that I tend to agree with them.
This is bad because the only people who will be able to run for office will be the very, very rich or those who are funded by corporations and groups. In effect, unless you are Ross Perot or funded by companies (the right) or unions (the left), you will not have the money to run.
Isn't this already the case? I mean... I know anyone can run for public office but how many people actually make it into important positions without funding from the usual places.
The short summary given in the article makes this out to be a very good thing. I understand how preventing the FEC from regulating the internet is a good thing but what's this about the internet not being considered public communication? It seems to me that the internet covers both public and private communication. Webpages without access control are certainly public, are they not? Also... what exactly does it mean for something to be considered public communication? I'm not terribly familiar with the specific laws involved but I assume this is saying that public communication must be regulated in order to protect the public at large. Definitely not something we want.
I can understand your complaint, but it is more likely that you have not used quality Java apps
I'm afraid this is not the case at all. EVERY java app I've used runs painfully slow and uses a ridiculous amount of resources for what it does. I don't care how badly something was written it should not perform this badly. There's a lot of software out there that is poorly written and none of it comes anywhere near the shabby performance that I see with ALL java apps.
Slashdot Mirror
Why would anyone use this when they can get free browsers that are as good as, or better, without the adware?
I can give you one good reason: resource usage. Opera uses considerably less memory and CPU than firefox. I still tend to use firefox on any machine that can handle it but i am incredibly thankful to have Opera on some of my slower boxes; it really makes a huge difference.
They aren't... However, I have noticed that my Linux/UNIX systems (and their applications) tend to be a whole hell of a lot more stable than most of Microsoft's production software. Even so, I generally stay away from alpha/beta versions of most open source software too. For anything important, that is.
"but the attacker would also have a significantly easier time effectively hiding his or her presence on the system. You might not even know that your account was compromised."
.bashrc?
I don't see how this is true. When was the last time you checked your
You must not be aware of the basic function of most rootkits. The point is that with super-user access the attacker has the ability to replace _any part of the system_ with specially crafted versions the component that will hide their presence. This means that you can't trust the output from ANYTHING. They can easily replace things like 'who' and 'ps' so that their logins and processes don't even show up. Not to mention the ability to load kernel modules and basically do anything to the system. I'm sorry but your shell's rc script has nothing to do with this.
I never said getting root access was easy. To get root on my desktop machine you'd need physical access to it. To get root on my server, you'd need my unencrypted private key.
You didn't? Hmmm... I could have sworn... Oh yeah! You did!
It's just to easy to get root access on a machine once you have non-root access.
On a well designed system with good defaults it really isn't as easy as you might think. Certainly not impossible, or too challenging for someone who really knows what they are doing, but most attackers are script kiddies that just run stuff written by someone else.
Their language products have been pretty decent of late.
;-)
Perhaps. I'm willing to give you that... but a SQL server? Yikes. I think I'll hold off for the final release... and then a round or two of patches, just to be safe
At least Google's beta stuff actually *works*
You can't even say that about Microsoft's production software let alone beta software.
Given Microsoft's current track record I would be a little hesitant to deploy any of this in a production environment. I mean... who are they trying to kid here?
If an attacker gets access to my personal files you can bet I'm going to reinstall my entire system anyway. So what's the difference?
The difference is that not only are you prevented from taking steps to protect your data (storing it in protected DBs or under different, secured users) but the attacker would also have a significantly easier time effectively hiding his or her presence on the system. You might not even know that your account was compromised. This can be a very big deal.
The point is that allowing them such easy root access just opens up a incredible number of possibilities for the attacker. They can do anything.
But what are you protecting? A bunch of static libraries that can be easily replaced anyway. Again, it's the data that matters, and that's not owned by root anyway.
That really depends on what you use your computer for and how you set it up.
gnore the idea of multiple users, ignore the idea of protecting you from you mistakes, in short, design a craptastic product, and maybe his ideas don't sound totally stupid... if you're willing to ignore real life for a moment, and design a completely different system from the one that will work...
Oh his system will work alright. It will just bless the world with another security nightmare like what we have with Windows.
"rm -Rf / as nonroot will make you give a sigh of relief."
That sounds like a workaround to make up for a design flaw in the command-line interface to me.
How is this a design flaw? If you ask me, it is the command-line's greatest strength. You tell it to do something and it does it. If you wanted to be safe and have it confirm your request before it does each and every action you shouldn't specify the 'force' option. This is a GOOD THING!
I dont think the slashdot crowd really gets it, This guy is talking about SINGLE USER SYSTEMS for single users if thier local account is comprimised the entire system is basically comprimised.
This is where you're wrong. Even with only a single user at least the attacker only has access to your personal files and is unable to trash the entire system.
I really dont think he is advocating giving all users of a multi-user system root access.....
No one said he was. It still isn't a good idea for a variety of reasons. Some of which I listed above, including protecting your system from a poorly written piece of software itself as well as protecting the system from the user making mistakes and damaging important system files.
There's a reason that the majority of systems have had some sort of priveleged account system. It IS more secure.
Microsoft and AOL go after the same target audience as well.
Indeed. And look what a wonderful world they have given us.
You've got to be kidding me. Is this just a big troll or is this guy actually that ignorant? Who the hell has he been talking to anyway? The reasons for doing day-to-day things as a non super user is one of the most basic security concepts ever. Even my parents understand this. The reason you don't run everything as root is to avoid COMPROMISING THE ENTIRE MACHINE if some random application has a vulnerability. You don't want each and every little program you run to potentially allow someone to gain full access to everything on your computer. Not to mention protecting the computer from the application itself. I don't want some poorly written piece of software accidentally deleting important system files or some other user's data. And how about protecting the system from the user themselves? How many people here have accidentally rm'd a bunch of important system files (or all of / for that matter) on accident? I know I have and I consider myself a very careful person when it comes to such things.
C'mon... How fucking retarded can you be?
He does _almost_ make a good argument for his case though...
Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.
That statement does have some merit but it definitely isn't always true and even then, I would much rather compromise only my data than have someone gain access to the entire system. If they only get my data, that's all they get. If they gain access to the entire system there is no limit to what they can do... What if they want to setup a very well hidden rootkit and snoop around on my box (watching traffic, capture credit cards, etc. etc.) for as long as possible? Not to mention multi-user systems... A compromised super user gives them full access to EVERYONE's stuff.
And of course, after he says something nearly sensible he goes on to completely shoot himself in the foot by making another completely ridiculous challenge...
So, people always say "it's less secure", but I defy anyone to point out a single instance, and people all go "Well, I, erm, it's theoretical!". There's no one area I think you can point out - In this instance, a machine that's run with the root user could be compromised, in this instance one couldn't be compromised.
What world does this guy live in? Is he completely surrounded by idiots? Remind me never to go anywhere near Linspire.
15 years? Try 1500... We've had cars for over 100 years now and we still haven't found a way to keep people from driving drunk and teanagers from racing in public. We probably never will. Now, Starbucks at 10,000 feet... well... there's something that wouldn't surprise me. They've already run out of space on the ground. I know of a place where you can sit in one Starbucks and look out the window across the street at guess what... Another Starbucks!
I've been through 4 CD drives in the last 2 years and this is only counting my personal hardware. 3 of these drives were burners, one of them a Plextor SCSI drive. From what I hear this seems to be quite common and the burners are especially likely to go bad. At least prices have gone down so much now that they are pretty much disposable. Hell, it practically costs more to buy a spindle of blank DVDs than it does to buy the DVD burner itself. Reminds me of the situation with printers and ink.
Social contract or not it is really my choice whether or not I want something displayed on my screen. If the revenue generated from ads on a particular website is suffering to the point of not being profitable then perhaps it is time to look at new ways of making money. You can't try to enforce some form of draconian control over everyone's computers. This is my machine and I will decide what is downloaded, displayed, and run on it.
So who decides what consitutes a valid candidate? Can I "run for office" simply to bag the cash and party on everyone else's dime for 6 months?
/. id is 115903."
;-)
Obviously there would have to be a way to prevent people from just pocketing the cash for such a system to work. My suggestion probably would never work in practice but we need to do something and I'm just trying to get people thinking of ways to prevent the rampant corporatism that is sweeping the country.
"Vote FatRatBastard. I promise a PBR in every hand and slow, painful death for anyone's whose
Wow. My ideas threaten you that much? Maybe there IS something to them!
They do. I see plenty of material from the fringe parties during campaigns, perhaps in excess of the proportion of support for them. The problem is less than "we can't be heard" than it is that these fringe parties try to appeal to 3% of Americans instead of 73% of Americans.
You do? That's odd... All I ever seem to hear about through the mainstream media are the democrats and the republicans. If you want to know about the other parties you have to actually put forth a fair amount of effort to seek out the information yourself. And the other parties certainly don't get to participate in the main presidential debates. Also, despite the lack of coverage there are a lot of people who do prefer to vote for a non republicrat but fear to do so because they know that their candidate just doesn't stand a chance. So they do the whole vote for the lesser of two evils thing. Both of my parents did this in the last election and so did a lot of people I know.
What, then? Laws to force people to join parties they do not like? Laws to force people to pay through taxes for parties they do not like, but the government likes?
I don't know... Obviously we need a system where you aren't forced to join any particular party but we need to do something to level the playing field a bit. You really only have two choices for president currently, regardless of how many other candidates there are. How can you argue that such a situation isn't totally screwed?
"This two party BS is ridiculous and insulting."
Then form a better party.
And who decides what a "better party" is? We already have plenty of other parties but do any of them actually stand a chance in hell of winning? Not last time I checked. That was my point about changing how candidates get their funding. I admit it probably wouldn't ever work but we certainly need to do _something_ to change the current situation. Having other parties doesn't do a whole lot of good if they don't have any way of getting their message out to the public.
Again, that would benefit the rich. How would you or I go up against an Edwards, Bush, Kerry for a Senate/House seat? They have millions in personal money to spend us into the ground.
Sorry, I did not explain what I meant adequately... My intention was that each candidate by given an equal amount of money for their campaign and be restricted to only using this money for their campaign needs. They would not be allowed to use either their personal money or money contributed by private 3rd parties. This would eliminate any difference between the candidates based on their personal financial situation. I'm not sure how this would be regulated but if it is possible then we might actually be able to even the odds a bit.
Why? So only the Perot's who are already super rich can run?
I guess what I was suggesting would include the person running themselves. Basically what I meant was that they shouldn't be able to use ANY money except what was given to them for their campaign with each candidate being given the same amount.
Only if these taxes were voluntary. Why should a Green be forced to give money to the Buchanan campaign and vice-versa? That violates basic political rights. Let each person choose.
How many of the existing taxes are voluntary? I agree that they should be but that just isn't the case currently. I certainly don't approve of my money being used to build bombs. Do you?
"Oh, and they should all get equal time on any sort of public debate."
That should be left entirely up to the organization holding the debate.
Well then we need a government appointed organization to hold _fair_ debates where each candidate gets a chance to participate. This two party BS is ridiculous and insulting.
You are absolutely right. Limits on how much money can be contributed to a person's campaign is something we desperately need. Personally, I don't think ANY money should be able to be given to politicians. Every candidate running for a particular office should be allotted an equal amount of money that would be gathered from the public, most likely via taxes. This is something that I actually wouldn't mind paying taxes for. At least then we might get a somewhat fair election. Oh, and they should all get equal time on any sort of public debate.
They are evil and they do want to take away your rights ;-)
To be serious though... It doesn't entirely surprise me that this bill came from a Republican. Is it not true that most Republicans are actually against regulation by the government? They prefer that the government did not meddle in their business or personal affairs. This is one area that I tend to agree with them.
This is bad because the only people who will be able to run for office will be the very, very rich or those who are funded by corporations and groups. In effect, unless you are Ross Perot or funded by companies (the right) or unions (the left), you will not have the money to run.
Isn't this already the case? I mean... I know anyone can run for public office but how many people actually make it into important positions without funding from the usual places.
The short summary given in the article makes this out to be a very good thing. I understand how preventing the FEC from regulating the internet is a good thing but what's this about the internet not being considered public communication? It seems to me that the internet covers both public and private communication. Webpages without access control are certainly public, are they not? Also... what exactly does it mean for something to be considered public communication? I'm not terribly familiar with the specific laws involved but I assume this is saying that public communication must be regulated in order to protect the public at large. Definitely not something we want.
I can understand your complaint, but it is more likely that you have not used quality Java apps
I'm afraid this is not the case at all. EVERY java app I've used runs painfully slow and uses a ridiculous amount of resources for what it does. I don't care how badly something was written it should not perform this badly. There's a lot of software out there that is poorly written and none of it comes anywhere near the shabby performance that I see with ALL java apps.