Ubuntu tends to have the latest and greatest packages up front. For example, 8.04 was released with a Firefox 3.0 release candidate. The trick is that they don't upgrade packages arbitrarily--they'll upgrade or backport for security fixes, but not for the newest version. You'll have to wait for the next major release if you want that.
It's a nice compromise between bleeding-edge and stability. I'm sure that the process is only made more difficult by upstream developers mixing bugfixes with new features.
No, that one process gets a temporary elevation, not the user. It's not a security hole.
It depends upon how sudo is configured and many other factors. Even in the configuration to which you're referring, child processes can be elevated without a password within the time limit. I believe that parent processes can use the elevated privileges, too.
Except that this was the sneaky Desktop Buddy, just waiting for a distraction.
I think that's a level of intelligence and sophistication that we're unlikely to see in the near future. Certainly not on a wide scale. The other is far easier to accomplish.
So while Vista's version is more secure, it's not by much, and the convenience of ubuntu's way (plus that it's not needed all the time) makes it an overall win to ubuntu, in my opinion.
I think it's an overall win for Ubuntu because the user doesn't get so fed up with alerts that they disable the whole thing. I think that Microsoft might be able to win (on the user notification/authorization front) with the appropriate tweaks. For example, the same process is likely to require multiple authorizations--so why not use a timer for that, but require reauthorization if a new process needs privileges? You'll still have attacks when IPC is used with common processes to manage tasks, but it's a start. You could also profile applications, find common sequences of privilege escalation requirements, and code to allow them through with one authorization if they're executed in the same order within a small period of time. There are all sorts of things Microsoft could do to loosen the restrictions (so as not to become a burden on the user) while maintaining security.
Awesome, so all malware needs to do is stay resident as the user's process until it detects that the user has elevated privileges. Then BLAMMO, sudo rootme.
I'm not defending Vista, I'm just pointing out that it's not necessarily a good thing that the OS gives you this window. It's useful for interactive tasks, but not so great for processes that want to surreptitiously perform administrative actions--and let's face it, that's the larger problem.
Just as an example, say I download and run an executable. It's a fun little Desktop Buddy or something. It does its thing for a while. Later on, while I'm browsing, Desktop Buddy tries to perform an administrative action. Am I going to let it through? Maybe, but probably not, particularly if I don't connect the UAC dialog with anything I was actively doing.
Now, let's say I go download a different program..say a browser widget of some kind. While downloading the widget, a UAC prompt pops up saying that the widget wants access to perform an administrative action. Of course I click through--it's just another annoying Windows prompt asking if I'm sure that I want to install this program.
The great benefit to UAC is not in stopping the user from doing something. It's in stopping processes from doing something when the user isn't looking or expecting it. Adding a timer for unlimited administrative action completely negates this benefit, so we might as well do without UAC altogether.
Semantics. Almost every single game for the PC (and I dare say every shooter) in the past 8 years has used the mouse/keyboard for controls. And relatively few console games (even shooters) support that scheme. The poster wasn't bitching about the consoles not supporting mouse/keyboard; the stated preference is perfectly inline with the PC/Games vs. Console/Games control mechanisms.
Yeah, in the US, you can pretty much say what you want, as long as you do it in a place where no one can hear you.
The reason that restrictions on speech correlate very well with authoritarian rule is because authoritarians don't want dissenters to be heard. It weakens their rule over the people, and threatens their power.
Free Speech Zones are public places where people are allowed to exercise their first amendment rights[1]--that is, the right to free speech. These zones tend to be away from the attendees, speakers, and mass media covering the event to be protested. This means that the protest is effectively pointless. Maybe you get a feeling that you're doing something by protesting, but by forcing you to protest where no one can see you, you're certainly not getting your message across.
So it's great and all that I can say pretty much whatever I want in the US. Seriously. I think it's awesome. But what I don't think is awesome is that political speech is effectively censored--that's the kind of speech which is linked to dissent, and which authoritarians want to quash.
[1] The government "allowing" you to exercise your rights should be a giant-old red flag.
It is only at the point that I no longer have a choice and that my rights are threatened that I need the federal government to step in and protect my rights.
Actually, I think we need a netizen's bill of rights. I'd like to see Constitutional rights to privacy.
The sooner they turn the servers off, the better. The public needs to learn that DRM means that they don't own copies of the media, despite what marketing would have them think.
We agree that you don't surrender US Constitutional rights. But you may end up surrendering your laptop. It hasn't happened to me in my international travels, but it could.
Unreasonable seizure. If you are forced to surrender your laptop, then you've been forced to surrender your US Constitutional rights.
That's a bit direct (or harsh) but fairly accurate.
MySQL is useful for small- to medium-sized projects. It's easier to admin than most other database systems, and you get to balance speed and referential integrity by choosing which back-end to use. It's got the SQL syntax that so many are familiar with. The problem is that if you go for referential integrity, you lost most of the speed that MySQL is known for. You get speed closer to PostgreSQL, and the latter is more cleanly designed and has a better support structure for a relational database.
Really, though, SQLite is often a perfectly adequate replacement for MySQL. So when I'm working on something, I tend to choose between SQLite and PostgreSQL. It's just really rare that MySQL is the best fit for the overall design.
I agree that that functionality would make things a bit better. Of course, certs need to be revoked. They expire. There are all sorts of reasons why a site might use one cert today and another one tomorrow, and then you'll have people crawling out of the woodwork crying about how unfair Firefox treats changed certs.
The real truth is that trust on an anonymous network is hard. We use certificate authorities for precisely this reason. We trust them to be uninterested third parties, because we assume that their reputations are important enough to keep from breaking that trust. You'll never get the same level of trust from a self-signed certificate without some form of out-of-band validation.
The thinking behind the current browser behavior is that the while self-signed certs provide encryption, they do absolutely nothing to try to verify that the remote host is who they claim to be. Providing a lock symbol (which, over the years, security professionals have tried to train users to trust) when there is nothing even resembling validation does a disservice to the user. There is no need to make such a fuss over plain HTTP because users have been trained not to send credentials over plain HTTP. There's usually a popup that warns you about transmitting sensitive information in plaintext, anyway--and it's been like that for years.
I'm really torn on the issue. Most of the time, I think that the perception of security where there is none is worse than a blatantly obvious lack of security.
That's actually a problem with OpenSSL and mod_ssl. Check out mod_gnutls and gnutls for an approach where name-based virtual hosts can each have their own certificate that validates in most current browsers (Safari, Opera, Firefox, IE7).
If you do some digging, you can find power requirements of most components. Usually you'll need to go to the manufacturer, rather than a reseller. Intel has theirs listed on their data sheets, for example. I found this mostly because I was looking for thermal data on devices, to build a machine which was going to go into a room without good climate control.
Simple passwords? Heh. There are rainbow tables for common SSIDs plus all passphrases up to 12 characters. That means that your password of "n-#$-sdkj3[[" (which most people would not consider weak or simple) is cracked just as easily as your passphrase "rodentsoup11"
The coffee shop down the street from where I work uses WPA to protect its wireless so that only customers can access it. I wonder if they'll mind plugging in this second access point so I can use my DSi.
I skipped out on the DS Lite because I had a perfectly good DS. I saw no reason to "upgrade" as the differences between the two were almost wholly in case design. Compare to the GBA and GBA SP, where they added a backlight (honestly, who thought it was a good idea not to have a backlight?)
The DSi at least has new features, so it may be worth it to upgrade for some. I hope that they don't release cartridges exclusively for the DSi, though--that way, madness lies.
You know, for people who are so unwilling to let us edit or delete our own posts, they sure are willing to make corrections to their stories without noting that there even was one.
From the Slashdot FAQ:
Will you delete my comment?
No. We believe that discussions in Slashdot are like discussions in real life- you can't change what you say, you only can attempt to clarify by saying more. In other words, you can't delete a comment that you've posted, you only can post a reply to yourself and attempt to clarify what you've said.
In short, you should think twice before you click that 'Submit' button because once you click it, we aren't going to let you Undo it.
A few of the problems with the Internet stem from the fact that we trust computers. We trust that they'll do what we tell them, when in fact, they may not be receiving instructions only from us. We trust that they are who they say they are, when spoofing is fairly simple.
The rest of the problems with the Internet have to do with the fact that people are naturally trusting of others. I trust that someone sending me mail isn't going to do something bad. I trust that you're not trying to scam me. The human condition is something that is quite difficult to address technologically.
Slashdot Mirror
Ubuntu tends to have the latest and greatest packages up front. For example, 8.04 was released with a Firefox 3.0 release candidate. The trick is that they don't upgrade packages arbitrarily--they'll upgrade or backport for security fixes, but not for the newest version. You'll have to wait for the next major release if you want that.
It's a nice compromise between bleeding-edge and stability. I'm sure that the process is only made more difficult by upstream developers mixing bugfixes with new features.
No, that one process gets a temporary elevation, not the user. It's not a security hole.
It depends upon how sudo is configured and many other factors. Even in the configuration to which you're referring, child processes can be elevated without a password within the time limit. I believe that parent processes can use the elevated privileges, too.
Except that this was the sneaky Desktop Buddy, just waiting for a distraction.
I think that's a level of intelligence and sophistication that we're unlikely to see in the near future. Certainly not on a wide scale. The other is far easier to accomplish.
So while Vista's version is more secure, it's not by much, and the convenience of ubuntu's way (plus that it's not needed all the time) makes it an overall win to ubuntu, in my opinion.
I think it's an overall win for Ubuntu because the user doesn't get so fed up with alerts that they disable the whole thing. I think that Microsoft might be able to win (on the user notification/authorization front) with the appropriate tweaks. For example, the same process is likely to require multiple authorizations--so why not use a timer for that, but require reauthorization if a new process needs privileges? You'll still have attacks when IPC is used with common processes to manage tasks, but it's a start. You could also profile applications, find common sequences of privilege escalation requirements, and code to allow them through with one authorization if they're executed in the same order within a small period of time. There are all sorts of things Microsoft could do to loosen the restrictions (so as not to become a burden on the user) while maintaining security.
Awesome, so all malware needs to do is stay resident as the user's process until it detects that the user has elevated privileges. Then BLAMMO, sudo rootme.
I'm not defending Vista, I'm just pointing out that it's not necessarily a good thing that the OS gives you this window. It's useful for interactive tasks, but not so great for processes that want to surreptitiously perform administrative actions--and let's face it, that's the larger problem.
Just as an example, say I download and run an executable. It's a fun little Desktop Buddy or something. It does its thing for a while. Later on, while I'm browsing, Desktop Buddy tries to perform an administrative action. Am I going to let it through? Maybe, but probably not, particularly if I don't connect the UAC dialog with anything I was actively doing.
Now, let's say I go download a different program..say a browser widget of some kind. While downloading the widget, a UAC prompt pops up saying that the widget wants access to perform an administrative action. Of course I click through--it's just another annoying Windows prompt asking if I'm sure that I want to install this program.
The great benefit to UAC is not in stopping the user from doing something. It's in stopping processes from doing something when the user isn't looking or expecting it. Adding a timer for unlimited administrative action completely negates this benefit, so we might as well do without UAC altogether.
Semantics. Almost every single game for the PC (and I dare say every shooter) in the past 8 years has used the mouse/keyboard for controls. And relatively few console games (even shooters) support that scheme. The poster wasn't bitching about the consoles not supporting mouse/keyboard; the stated preference is perfectly inline with the PC/Games vs. Console/Games control mechanisms.
Hell, the SNES had a mouse.
Yeah, in the US, you can pretty much say what you want, as long as you do it in a place where no one can hear you.
The reason that restrictions on speech correlate very well with authoritarian rule is because authoritarians don't want dissenters to be heard. It weakens their rule over the people, and threatens their power.
Free Speech Zones are public places where people are allowed to exercise their first amendment rights[1]--that is, the right to free speech. These zones tend to be away from the attendees, speakers, and mass media covering the event to be protested. This means that the protest is effectively pointless. Maybe you get a feeling that you're doing something by protesting, but by forcing you to protest where no one can see you, you're certainly not getting your message across.
So it's great and all that I can say pretty much whatever I want in the US. Seriously. I think it's awesome. But what I don't think is awesome is that political speech is effectively censored--that's the kind of speech which is linked to dissent, and which authoritarians want to quash.
[1] The government "allowing" you to exercise your rights should be a giant-old red flag.
So arrest those people. Don't arrest the ones who are peacefully protesting.
It is only at the point that I no longer have a choice and that my rights are threatened that I need the federal government to step in and protect my rights.
Actually, I think we need a netizen's bill of rights. I'd like to see Constitutional rights to privacy.
The sooner they turn the servers off, the better. The public needs to learn that DRM means that they don't own copies of the media, despite what marketing would have them think.
We agree that you don't surrender US Constitutional rights. But you may end up surrendering your laptop. It hasn't happened to me in my international travels, but it could.
Unreasonable seizure. If you are forced to surrender your laptop, then you've been forced to surrender your US Constitutional rights.
That's a bit direct (or harsh) but fairly accurate.
MySQL is useful for small- to medium-sized projects. It's easier to admin than most other database systems, and you get to balance speed and referential integrity by choosing which back-end to use. It's got the SQL syntax that so many are familiar with. The problem is that if you go for referential integrity, you lost most of the speed that MySQL is known for. You get speed closer to PostgreSQL, and the latter is more cleanly designed and has a better support structure for a relational database.
Really, though, SQLite is often a perfectly adequate replacement for MySQL. So when I'm working on something, I tend to choose between SQLite and PostgreSQL. It's just really rare that MySQL is the best fit for the overall design.
I agree that that functionality would make things a bit better. Of course, certs need to be revoked. They expire. There are all sorts of reasons why a site might use one cert today and another one tomorrow, and then you'll have people crawling out of the woodwork crying about how unfair Firefox treats changed certs.
The real truth is that trust on an anonymous network is hard. We use certificate authorities for precisely this reason. We trust them to be uninterested third parties, because we assume that their reputations are important enough to keep from breaking that trust. You'll never get the same level of trust from a self-signed certificate without some form of out-of-band validation.
Oops, you got me on Safari. Though IE7 on Vista apparently supports SNI. I guess it's not supported on XP due to library support.
The thinking behind the current browser behavior is that the while self-signed certs provide encryption, they do absolutely nothing to try to verify that the remote host is who they claim to be. Providing a lock symbol (which, over the years, security professionals have tried to train users to trust) when there is nothing even resembling validation does a disservice to the user. There is no need to make such a fuss over plain HTTP because users have been trained not to send credentials over plain HTTP. There's usually a popup that warns you about transmitting sensitive information in plaintext, anyway--and it's been like that for years.
I'm really torn on the issue. Most of the time, I think that the perception of security where there is none is worse than a blatantly obvious lack of security.
That's actually a problem with OpenSSL and mod_ssl. Check out mod_gnutls and gnutls for an approach where name-based virtual hosts can each have their own certificate that validates in most current browsers (Safari, Opera, Firefox, IE7).
If you do some digging, you can find power requirements of most components. Usually you'll need to go to the manufacturer, rather than a reseller. Intel has theirs listed on their data sheets, for example. I found this mostly because I was looking for thermal data on devices, to build a machine which was going to go into a room without good climate control.
Nope. The physical representation of American money is made of cotton and linen. The money itself is made if hopes, dreams, speculation, and trust.
64-bits is 8 bytes. That's four characters shorter than the passwords I used as examples.
Simple passwords? Heh. There are rainbow tables for common SSIDs plus all passphrases up to 12 characters. That means that your password of "n-#$-sdkj3[[" (which most people would not consider weak or simple) is cracked just as easily as your passphrase "rodentsoup11"
The coffee shop down the street from where I work uses WPA to protect its wireless so that only customers can access it. I wonder if they'll mind plugging in this second access point so I can use my DSi.
I skipped out on the DS Lite because I had a perfectly good DS. I saw no reason to "upgrade" as the differences between the two were almost wholly in case design. Compare to the GBA and GBA SP, where they added a backlight (honestly, who thought it was a good idea not to have a backlight?)
The DSi at least has new features, so it may be worth it to upgrade for some. I hope that they don't release cartridges exclusively for the DSi, though--that way, madness lies.
It looks like they corrected that.
You know, for people who are so unwilling to let us edit or delete our own posts, they sure are willing to make corrections to their stories without noting that there even was one.
From the Slashdot FAQ:
Will you delete my comment?
No. We believe that discussions in Slashdot are like discussions in real life- you can't change what you say, you only can attempt to clarify by saying more. In other words, you can't delete a comment that you've posted, you only can post a reply to yourself and attempt to clarify what you've said.
In short, you should think twice before you click that 'Submit' button because once you click it, we aren't going to let you Undo it.
Think twice, indeed.
Mac Pro, not Macbook Pro
A few of the problems with the Internet stem from the fact that we trust computers. We trust that they'll do what we tell them, when in fact, they may not be receiving instructions only from us. We trust that they are who they say they are, when spoofing is fairly simple.
The rest of the problems with the Internet have to do with the fact that people are naturally trusting of others. I trust that someone sending me mail isn't going to do something bad. I trust that you're not trying to scam me. The human condition is something that is quite difficult to address technologically.
Well, actually, yeah. Why is the federal government doing this at all? Shouldn't it be a state or local government thing?